× Cookies are disabled! This site requires cookies to be enabled to work properly
SHA256: 840e12174c6104feed04e45ba371a8ff926e4cfa870062922b7b6b0508e0f09c
File name: 1810_update_10cr8.exe
Detection ratio: 29 / 66
Analysis date: 2018-10-27 17:29:54 UTC ( 6 months, 3 weeks ago ) View latest
Antivirus Result Update
Ad-Aware Trojan.GenericKD.31314421 20181027
ALYac Trojan.GenericKD.31314421 20181027
Arcabit Trojan.Generic.D1DDD1F5 20181027
Avast Win32:Malware-gen 20181027
AVG Win32:Malware-gen 20181027
Avira (no cloud) TR/AD.MoksSteal.iagcl 20181027
BitDefender Trojan.GenericKD.31314421 20181027
CrowdStrike Falcon (ML) malicious_confidence_60% (W) 20181022
Cyren W32/Trojan.NWRF-6249 20181027
Emsisoft Trojan.GenericKD.31314421 (B) 20181027
Endgame malicious (moderate confidence) 20180730
ESET-NOD32 a variant of Win32/GenKryptik.COKV 20181027
F-Secure Trojan.GenericKD.31314421 20181027
Fortinet W32/GandCrab.D!tr.ransom 20181027
Ikarus Trojan.Win32.Krypt 20181027
Sophos ML heuristic 20180717
K7AntiVirus Trojan ( 0053fad41 ) 20181027
Kaspersky Trojan-Spy.Win32.Stealer.bkz 20181027
McAfee RDN/Generic.com 20181027
McAfee-GW-Edition RDN/Generic.com 20181027
Microsoft Trojan:Win32/Skeeyah.A!rfn 20181027
eScan Trojan.GenericKD.31314421 20181027
Palo Alto Networks (Known Signatures) generic.ml 20181027
Panda Trj/GdSda.A 20181027
Qihoo-360 Win32/Trojan.Spy.70e 20181027
Sophos AV Mal/Generic-S 20181027
Symantec Trojan Horse 20181026
Tencent Win32.Trojan-spy.Stealer.Lnnt 20181027
ZoneAlarm by Check Point Trojan-Spy.Win32.Stealer.bkz 20181027
AegisLab 20181027
AhnLab-V3 20181027
Alibaba 20180921
Antiy-AVL 20181027
Avast-Mobile 20181027
Babable 20180918
Baidu 20181026
Bkav 20181025
CAT-QuickHeal 20181027
ClamAV 20181026
CMC 20181027
Cybereason 20180225
Cylance 20181027
DrWeb 20181027
eGambit 20181027
F-Prot 20181027
GData 20181027
Jiangmin 20181027
K7GW 20181025
Kingsoft 20181027
Malwarebytes 20181027
MAX 20181027
NANO-Antivirus 20181027
Rising 20181027
SentinelOne (Static ML) 20181011
SUPERAntiSpyware 20181022
Symantec Mobile Insight 20181026
TACHYON 20181027
TheHacker 20181025
TotalDefense 20181027
TrendMicro 20181027
TrendMicro-HouseCall 20181027
VBA32 20181026
VIPRE 20181027
ViRobot 20181027
Webroot 20181027
Yandex 20181026
Zillya 20181026
Zoner 20181026
The file being studied is a Portable Executable file! More specifically, it is a Win32 EXE file for the Windows GUI subsystem.
FileVersionInfo properties
Copyright
Copyright ©. All rights reserved. LaKala

Product Strengthened
Original name Strengthened.exe
Internal name Strengthened
File version 8.7.6.3
Description Dxdllregx86 Accidently Bad 10 Warning
Comments Dxdllregx86 Accidently Bad 10 Warning
PE header basic information
Target machine Intel 386 or later processors and compatible processors
Compilation timestamp 2018-10-18 19:55:27
Entry Point 0x000218F0
Number of sections 4
PE sections
PE imports
RegDeleteKeyA
RegOpenKeyA
RegCloseKey
OpenProcessToken
RegSetValueExA
RegQueryValueA
RegQueryValueExA
RegEnumKeyA
RegCreateKeyExA
RegOpenKeyExA
AVIStreamWrite
ImageList_Create
ImageList_ReplaceIcon
ImageList_Add
DCICreateOverlay
DCIBeginAccess
SetMapMode
SaveDC
TextOutA
LineTo
GetTextMetricsA
CreateRectRgnIndirect
GetClipBox
GetDeviceCaps
OffsetViewportOrgEx
DeleteDC
RestoreDC
DeleteObject
CreateHatchBrush
ChoosePixelFormat
GetObjectA
MoveToEx
CreateBitmap
RectVisible
GetStockObject
SetViewportOrgEx
ScaleWindowExtEx
ExtTextOutA
PtVisible
SetTextAlign
SelectClipRgn
ScaleViewportExtEx
SelectObject
GetTextExtentPoint32A
SetWindowExtEx
CreateSolidBrush
SetTextColor
Escape
SetBkColor
SetViewportExtEx
GetStdHandle
GetConsoleOutputCP
FileTimeToSystemTime
WaitForSingleObject
HeapDestroy
FreeEnvironmentStringsA
DeleteCriticalSection
GetCurrentProcess
GetConsoleMode
GetLocaleInfoA
LocalAlloc
SetErrorMode
FreeEnvironmentStringsW
SetStdHandle
GetCPInfo
GetStringTypeA
InterlockedExchange
WriteFile
GetSystemTimeAsFileTime
EnumResourceLanguagesA
GlobalMemoryStatusEx
HeapReAlloc
GetStringTypeW
SetEvent
LocalFree
ResumeThread
InitializeCriticalSection
LoadResource
GlobalHandle
InterlockedDecrement
SetLastError
GetModuleFileNameW
GlobalFindAtomA
ExitProcess
FlushFileBuffers
GetModuleFileNameA
SetThreadPriority
UnhandledExceptionFilter
TlsGetValue
MultiByteToWideChar
GetModuleHandleA
CreateThread
DisconnectNamedPipe
GlobalAddAtomA
SetUnhandledExceptionFilter
ConvertDefaultLocale
MulDiv
ExitThread
SetEnvironmentVariableA
TerminateProcess
WriteConsoleA
GlobalAlloc
SetEndOfFile
GetCurrentThreadId
InterlockedIncrement
WriteConsoleW
HeapFree
EnterCriticalSection
SetHandleCount
GetOEMCP
QueryPerformanceCounter
GetTickCount
TlsAlloc
GetVersionExA
LoadLibraryA
RtlUnwind
FreeLibrary
GetStartupInfoA
GlobalDeleteAtom
GetProcAddress
GetProcessHeap
CompareStringW
GlobalReAlloc
lstrcmpA
lstrcpyA
CompareStringA
GetProcessWorkingSetSize
lstrcmpW
GlobalLock
CreateFileW
CreateEventA
IsDebuggerPresent
GetFileType
TlsSetValue
CreateFileA
HeapAlloc
LeaveCriticalSection
GetLastError
LocalReAlloc
LCMapStringW
lstrlenA
GlobalFree
GetConsoleCP
LCMapStringA
GlobalGetAtomNameA
GetThreadLocale
GetEnvironmentStringsW
GlobalUnlock
FileTimeToLocalFileTime
GetEnvironmentStrings
WritePrivateProfileStringA
GetCurrentProcessId
LockResource
WideCharToMultiByte
HeapSize
GetCommandLineA
GetCurrentThread
SuspendThread
RaiseException
TlsFree
SetFilePointer
ReadFile
GlobalFlags
CloseHandle
lstrcpynA
GetACP
GetVersion
FreeResource
SizeofResource
IsValidCodePage
HeapCreate
VirtualFree
Sleep
FindResourceA
VirtualAlloc
acmDriverDetailsA
OleCreatePictureIndirect
VariantChangeType
VariantClear
VariantInit
SHGetSpecialFolderLocation
SHGetMalloc
SHGetDesktopFolder
StrRetToBufA
PathStripToRootW
PathFindExtensionA
PathFindFileNameA
PathStripToRootA
MapWindowPoints
GetForegroundWindow
SetMenuItemBitmaps
DestroyMenu
PostQuitMessage
GetMessagePos
LoadBitmapA
SetWindowPos
IsWindow
DispatchMessageA
EndPaint
GrayStringA
GetMessageTime
SetActiveWindow
GetMenuItemID
GetCursorPos
DrawTextA
GetDlgCtrlID
GetClassInfoA
GetMenu
UnregisterClassA
SendMessageA
GetClientRect
GetNextDlgTabItem
CallNextHookEx
ClientToScreen
GetActiveWindow
LoadImageA
GetTopWindow
GetWindowTextA
DestroyWindow
GetMessageA
GetParent
UpdateWindow
SetPropA
AttachThreadInput
EnumWindows
GetClassInfoExA
ShowWindow
SetClassLongA
DrawFrameControl
GetDesktopWindow
EnableWindow
PeekMessageA
TranslateMessage
IsWindowEnabled
GetWindow
GetIconInfo
GetWindowPlacement
IsIconic
RegisterClassA
TabbedTextOutA
GetWindowLongA
CreateWindowExA
FillRect
CopyRect
GetSysColorBrush
GetSubMenu
IsDialogMessageA
SetFocus
BeginPaint
RegisterWindowMessageA
DefWindowProcA
SendDlgItemMessageA
GetSystemMetrics
EnableMenuItem
GetWindowRect
GetCursorInfo
PostMessageA
DrawIcon
SetWindowLongA
RemovePropA
SetWindowTextA
CheckMenuItem
DrawFocusRect
GetLastActivePopup
PtInRect
GetDlgItem
GetMenuCheckMarkDimensions
ScreenToClient
GetClassLongA
GetCapture
FindWindowExA
LoadCursorA
LoadIconA
SetWindowsHookExA
GetMenuItemCount
IsDlgButtonChecked
GetMenuState
GetDC
SetForegroundWindow
ReleaseDC
GetScrollRange
EndDialog
LoadMenuA
CreateDialogIndirectParamA
FindWindowA
DrawTextExA
GetWindowThreadProcessId
GetPropA
LookupIconIdFromDirectory
MessageBoxA
ChangeClipboardChain
AdjustWindowRectEx
GetSysColor
GetKeyState
SystemParametersInfoA
DestroyIcon
IsWindowVisible
WinHelpA
InvalidateRect
ValidateRect
CallWindowProcA
GetClassNameA
GetFocus
ModifyMenuA
UnhookWindowsHookEx
SetCursor
OpenPrinterA
DocumentPropertiesA
ClosePrinter
WICMapGuidToShortName
GetOpenFileNameA
Ord(144)
CreateStreamOnHGlobal
OleUninitialize
OleInitialize
ReleaseStgMedium
StgOpenStorage
GetHGlobalFromStream
OleGetClipboard
Number of PE resources by type
RT_BITMAP 13
Struct(240) 10
RT_GROUP_CURSOR 8
RT_ICON 6
REGISTRY 6
RT_RCDATA 6
RT_MENU 5
RT_CURSOR 5
TYPELIB 2
TXT 2
RT_DIALOG 1
RT_MANIFEST 1
RT_VERSION 1
RT_GROUP_ICON 1
Number of PE resources by language
ENGLISH US 67
PE resources
Debug information
ExifTool file metadata
CodeSize
221184

SubsystemVersion
4.0

Comments
Dxdllregx86 Accidently Bad 10 Warning

Languages
English

InitializedDataSize
401408

ImageVersion
0.0

FileSubtype
0

FileVersionNumber
8.7.6.3

LanguageCode
English (U.S.)

FileFlagsMask
0x003f

FileDescription
Dxdllregx86 Accidently Bad 10 Warning

ImageFileCharacteristics
No relocs, Executable, 32-bit

CharacterSet
Unicode

LinkerVersion
8.0

PrivateBuild
8.7.6.3

EntryPoint
0x218f0

OriginalFileName
Strengthened.exe

MIMEType
application/octet-stream

LegalCopyright
Copyright . All rights reserved. LaKala

FileVersion
8.7.6.3

TimeStamp
2018:10:18 12:55:27-07:00

FileType
Win32 EXE

PEType
PE32

InternalName
Strengthened

ProductVersion
8.7.6.3

UninitializedDataSize
0

OSVersion
4.0

FileOS
Windows NT 32-bit

Subsystem
Windows GUI

MachineType
Intel 386 or later, and compatibles

CompanyName
LaKala

LegalTrademarks
Copyright . All rights reserved. LaKala

ProductName
Strengthened

ProductVersionNumber
8.7.6.3

FileTypeExtension
exe

ObjectFileType
Executable application

File identification
MD5 aa610a0f9bfb8716d092dfb6c4e1bf02
SHA1 64759e49747c73b4b497ba4631334213a3693913
SHA256 840e12174c6104feed04e45ba371a8ff926e4cfa870062922b7b6b0508e0f09c
ssdeep
6144:uQ7RZrpUqC/6hnKlL2487dnt0hhktCmfNQ3+4YKFhBpfFUyJW/P9MK0DmCD7SHe:uQ7RZ02487dtN14+DIBptpe9F0KCHS+

authentihash 69b760900747a31059c32610360a2109a79549f7fc623a03dbbec4a5fc028da8
imphash 5484788780c0b86103f7855b387a4cc0
File size 612.0 KB ( 626688 bytes )
File type Win32 EXE
Magic literal
PE32 executable for MS Windows (GUI) Intel 80386 32-bit

TrID Win32 Executable MS Visual C++ (generic) (41.0%)
Win64 Executable (generic) (36.3%)
Win32 Dynamic Link Library (generic) (8.6%)
Win32 Executable (generic) (5.9%)
OS/2 Executable (generic) (2.6%)
Tags
peexe

VirusTotal metadata
First submission 2018-10-25 15:41:58 UTC ( 6 months, 3 weeks ago )
Last submission 2018-10-25 15:41:58 UTC ( 6 months, 3 weeks ago )
File names Strengthened
1810_update_10cr8.exe
Strengthened.exe
No comments. No VirusTotal Community member has commented on this item yet, be the first one to do so!

Leave your comment...

?
Post comment

You have not signed in. Only registered users can leave comments, sign in and have a voice!

No votes. No one has voted on this item yet, be the first one to do so!
Condensed report! The following is a condensed report of the behaviour of the file when executed in a controlled environment. The actions and events described were either performed by the file itself or by any other process launched by the executed file or subjected to code injection by the executed file.
Opened files
Read files
Created mutexes
Opened mutexes
Searched windows
Opened service managers
Opened services
Hooking activity
Runtime DLLs
Additional details
The file installs an application-defined hook procedure into a hook chain. You would install a hook procedure to monitor the system for certain types of events. These events are associated either with a specific thread or with all threads in the same desktop as the calling thread. This is done making use of the SetWindowsHook Windows API function.
HTTP requests
TCP connections