× Cookies are disabled! This site requires cookies to be enabled to work properly
SHA256: 82c13476e1b1f8ea95b1e15de48c3e570d498567832e538f64f772a6f2fc4936
File name: output.111853101.txt
Detection ratio: 44 / 65
Analysis date: 2017-09-17 15:55:26 UTC ( 1 year, 5 months ago ) View latest
Antivirus Result Update
Ad-Aware Trojan.GenericKD.12067011 20170917
AegisLab Troj.Dropper.W32.Autoit!c 20170917
AhnLab-V3 Trojan/Win32.Bandra.C2027534 20170917
ALYac Trojan.GenericKD.12067011 20170917
Antiy-AVL Trojan[Dropper]/Win32.Autoit 20170917
Arcabit Trojan.Generic.DB820C3 20170917
Avast Win32:Malware-gen 20170917
AVG Win32:Malware-gen 20170917
Avira (no cloud) TR/Kryptik.uobtb 20170917
AVware Trojan.Win32.Generic!BT 20170917
Baidu Win32.Trojan.WisdomEyes.16070401.9500.9992 20170915
BitDefender Trojan.GenericKD.12067011 20170917
CAT-QuickHeal TrojanDropper.Autoit 20170916
Cylance Unsafe 20170917
Cyren W32/Trojan.SLIP-7914 20170917
Emsisoft Trojan.GenericKD.12067011 (B) 20170917
ESET-NOD32 a variant of Win32/GenKryptik.AQDI 20170917
F-Secure Trojan.GenericKD.12067011 20170917
Fortinet W32/Autoit.ABCEXL!tr 20170917
GData Trojan.GenericKD.12067011 20170917
Ikarus Trojan.Win32.Krypt 20170917
Sophos ML heuristic 20170914
Jiangmin TrojanDropper.Autoit.cir 20170917
K7AntiVirus Trojan ( 005132621 ) 20170917
K7GW Trojan ( 005132621 ) 20170917
Kaspersky Trojan-Dropper.Win32.Autoit.abcexl 20170917
MAX malware (ai score=100) 20170917
McAfee Artemis!A9F20836D0B2 20170917
McAfee-GW-Edition Artemis!Trojan 20170917
Microsoft Trojan:Win32/Skeeyah.A!bit 20170917
eScan Trojan.GenericKD.12067011 20170917
NANO-Antivirus Trojan.Win32.Kryptik.eriqfg 20170917
Palo Alto Networks (Known Signatures) generic.ml 20170917
Panda Trj/CI.A 20170917
Qihoo-360 Win32/Trojan.Dropper.cec 20170917
Rising Dropper.Autoit!8.38C (cloud:dq9Cwl89wDS) 20170917
Sophos AV Troj/Mdrop-HYL 20170917
Symantec Trojan.Gen.2 20170916
Tencent Win32.Trojan-dropper.Autoit.Lqoo 20170917
TrendMicro TROJ_GEN.R00XC0RGU17 20170917
TrendMicro-HouseCall TROJ_GEN.R00XC0RGU17 20170917
VBA32 TrojanDropper.Autoit 20170915
VIPRE Trojan.Win32.Generic!BT 20170917
ZoneAlarm by Check Point Trojan-Dropper.Win32.Autoit.abcexl 20170917
Alibaba 20170911
Avast-Mobile 20170829
ClamAV 20170917
CMC 20170917
Comodo 20170917
CrowdStrike Falcon (ML) 20170804
DrWeb 20170917
Endgame 20170821
F-Prot 20170917
Kingsoft 20170917
Malwarebytes 20170917
nProtect 20170917
SentinelOne (Static ML) 20170806
SUPERAntiSpyware 20170917
Symantec Mobile Insight 20170917
TheHacker 20170916
TotalDefense 20170917
Trustlook 20170917
ViRobot 20170917
Webroot 20170917
WhiteArmor 20170829
Yandex 20170908
Zillya 20170916
Zoner 20170917
The file being studied is a Portable Executable file! More specifically, it is a Win32 EXE file for the Windows GUI subsystem.
FileVersionInfo properties
File version 1.0.0.0
Signature verification The digital signature of the object did not verify.
Signing date 9:41 PM 9/9/2018
PE header basic information
Target machine Intel 386 or later processors and compatible processors
Compilation timestamp 2017-07-26 18:17:28
Entry Point 0x009D2000
Number of sections 5
PE sections
Overlays
MD5 ceb038a92461e3ad829610daa9d9a032
File type data
Offset 2867213
Size 1427539
Entropy 8.00
PE imports
RegQueryValueExW
ImageList_LoadImageW
GetModuleHandleA
MessageBoxA
Number of PE resources by type
RT_STRING 46
RT_BITMAP 38
RT_RCDATA 11
RT_GROUP_CURSOR 7
RT_CURSOR 7
RT_ICON 6
RT_MANIFEST 1
RT_VERSION 1
RT_GROUP_ICON 1
Number of PE resources by language
ENGLISH US 62
NEUTRAL 56
PE resources
ExifTool file metadata
UninitializedDataSize
0

LinkerVersion
2.25

ImageVersion
0.0

FileVersionNumber
1.0.0.0

LanguageCode
English (U.S.)

FileFlagsMask
0x003f

ImageFileCharacteristics
No relocs, Executable, 32-bit

CharacterSet
Windows, Latin1

InitializedDataSize
3597312

EntryPoint
0x9d2000

MIMEType
application/octet-stream

FileVersion
1.0.0.0

TimeStamp
2017:07:26 19:17:28+01:00

FileType
Win32 EXE

PEType
PE32

ProductVersion
1.0.0.0

SubsystemVersion
5.0

OSVersion
5.0

FileOS
Win32

Subsystem
Windows GUI

MachineType
Intel 386 or later, and compatibles

CodeSize
3438080

FileSubtype
0

ProductVersionNumber
1.0.0.0

FileTypeExtension
exe

ObjectFileType
Executable application

File identification
MD5 a9f20836d0b22795dd8c5b471351f1c6
SHA1 58beac26898259b8dba3ebca0f825ab998d151df
SHA256 82c13476e1b1f8ea95b1e15de48c3e570d498567832e538f64f772a6f2fc4936
ssdeep
49152:qLyj4vmzMNUimD4tm8S+0VrCFOp6C8cVQCM16ja+ezkL+Ds70u8Nk33Cr8/TGb35:qfWXzD4tO7Wi8cV+1uj+DNw2blye+C

authentihash ad0fe8a8a8bea45f4d7385eded420b3312f67d85bdae12d04a7605ef82733a86
imphash 5a533a73b8f395fd14a33af2c49d8a62
File size 4.1 MB ( 4294752 bytes )
File type Win32 EXE
Magic literal
PE32 executable for MS Windows (GUI) Intel 80386 32-bit

TrID DOS Executable Generic (100.0%)
Tags
peexe overlay

VirusTotal metadata
First submission 2017-07-27 15:17:48 UTC ( 1 year, 6 months ago )
Last submission 2018-05-26 02:25:05 UTC ( 9 months ago )
File names nengKL.jpg
output.111853101.txt
VirusShare_a9f20836d0b22795dd8c5b471351f1c6
nengKL.jpg
No comments. No VirusTotal Community member has commented on this item yet, be the first one to do so!

Leave your comment...

?
Post comment

You have not signed in. Only registered users can leave comments, sign in and have a voice!

No votes. No one has voted on this item yet, be the first one to do so!
Condensed report! The following is a condensed report of the behaviour of the file when executed in a controlled environment. The actions and events described were either performed by the file itself or by any other process launched by the executed file or subjected to code injection by the executed file.
Opened files
Read files
Runtime DLLs