× Cookies are disabled! This site requires cookies to be enabled to work properly
SHA256: 8429e7dd5ae9225d7be50bc3d36e33e551fe9bc051c535b996f0d533f6804dcd
File name: gf54rt32t.exe
Detection ratio: 49 / 67
Analysis date: 2018-04-27 11:02:20 UTC ( 1 year ago )
Antivirus Result Update
Ad-Aware Trojan.GenericKD.30555889 20180427
AegisLab Packer.W32.Hrup.lGXn 20180427
ALYac Trojan.Agent.155648 20180427
Antiy-AVL Trojan/Win32.Exdek 20180427
Arcabit Trojan.Generic.D1D23EF1 20180427
Avast Win32:Malware-gen 20180427
AVG Win32:Malware-gen 20180427
Avira (no cloud) TR/Crypt.ZPACK.hrjtq 20180427
AVware Virtool.Win32.Obfuscator.as!a (v) 20180427
BitDefender Trojan.GenericKD.30555889 20180427
Bkav W32.eHeur.Malware03 20180426
CAT-QuickHeal Trojan.Tiggre 20180427
CrowdStrike Falcon (ML) malicious_confidence_90% (W) 20180418
Cybereason malicious.19b6fd 20180225
Cylance Unsafe 20180427
Cyren W32/Trojan.QKJU-2988 20180427
DrWeb Trojan.DownLoad4.2424 20180427
Emsisoft Trojan.GenericKD.30555889 (B) 20180427
Endgame malicious (high confidence) 20180403
ESET-NOD32 a variant of Win32/GenKryptik.GX 20180427
F-Secure Trojan.GenericKD.30555889 20180427
Fortinet W32/GenKryptik.GX!tr 20180427
GData Trojan.GenericKD.30555889 20180427
Ikarus Trojan.Win32.Krypt 20180427
Sophos ML heuristic 20180121
K7AntiVirus Trojan ( 0052cf581 ) 20180427
K7GW Trojan ( 0052cf581 ) 20180427
Kaspersky Trojan.Win32.Exdek.qh 20180427
Malwarebytes Trojan.Crypt 20180427
MAX malware (ai score=94) 20180427
McAfee RDN/Generic.grp 20180427
McAfee-GW-Edition BehavesLike.Win32.Ransomware.ch 20180425
Microsoft Trojan:Win32/Occamy.C 20180427
eScan Trojan.GenericKD.30555889 20180427
Palo Alto Networks (Known Signatures) generic.ml 20180427
Panda Trj/GdSda.A 20180426
Rising Trojan.GenKryptik!8.AA55 (TFE:5:UC7PIogMalT) 20180427
SentinelOne (Static ML) static engine - malicious 20180225
Sophos AV Mal/Generic-S 20180427
Symantec W32.Suviapen 20180427
Tencent Win32.Trojan.Exdek.Aihr 20180427
TrendMicro TROJ_GEN.R011C0WD918 20180427
TrendMicro-HouseCall TROJ_GEN.R011C0WD918 20180427
VBA32 Trojan.Exdek 20180426
VIPRE Virtool.Win32.Obfuscator.as!a (v) 20180427
ViRobot Trojan.Win32.S.Agent.155648.BWX 20180427
Webroot W32.Trojan.Gen 20180427
Yandex Trojan.Exdek! 20180427
ZoneAlarm by Check Point Trojan.Win32.Exdek.qh 20180427
AhnLab-V3 20180426
Alibaba 20180427
Avast-Mobile 20180426
Babable 20180406
Baidu 20180426
ClamAV 20180427
CMC 20180427
Comodo 20180427
eGambit 20180427
F-Prot 20180427
Jiangmin 20180427
Kingsoft 20180427
NANO-Antivirus 20180427
nProtect 20180427
Qihoo-360 20180427
SUPERAntiSpyware 20180427
Symantec Mobile Insight 20180424
TheHacker 20180426
Trustlook 20180427
Zillya 20180426
Zoner 20180426
The file being studied is a Portable Executable file! More specifically, it is a Win32 EXE file for the Windows GUI subsystem.
PE header basic information
Target machine Intel 386 or later processors and compatible processors
Compilation timestamp 2018-04-05 17:13:02
Entry Point 0x000027A6
Number of sections 4
PE sections
PE imports
GetLastError
IsValidCodePage
HeapFree
GetStdHandle
GetCurrentThread
LCMapStringW
SetHandleCount
GetModuleFileNameW
WaitForSingleObject
SetEvent
LCMapStringA
TlsSetValue
CompareStringW
ExitProcess
IsBadWritePtr
TlsAlloc
GetEnvironmentStringsW
GetVersionExA
LoadLibraryA
RtlUnwind
GetModuleFileNameA
FreeEnvironmentStringsA
DeleteCriticalSection
GetStartupInfoA
EnumSystemLocalesA
EnterCriticalSection
GetEnvironmentStrings
GetLocaleInfoA
LocalAlloc
GetCPInfo
UnhandledExceptionFilter
GetEnvironmentVariableA
MultiByteToWideChar
FatalAppExitA
FreeEnvironmentStringsW
GetCommandLineA
GetUserDefaultLCID
SetEnvironmentVariableA
TlsFree
GetLocaleInfoW
LeaveCriticalSection
GetModuleHandleA
HeapAlloc
InitializeCriticalSection
WideCharToMultiByte
GetStringTypeA
SetFilePointer
InterlockedExchange
WriteFile
GetCurrentProcess
CompareStringA
IsValidLocale
GetACP
HeapReAlloc
GetStringTypeW
GetModuleHandleW
HeapDestroy
GetOEMCP
LocalFree
TerminateProcess
LocalSize
InterlockedDecrement
GetTimeZoneInformation
HeapCreate
VirtualFree
TlsGetValue
Sleep
GetFileType
SetConsoleCtrlHandler
GetCurrentThreadId
GetVersion
GetProcAddress
VirtualAlloc
SetLastError
InterlockedIncrement
CreateWindowExA
CheckMenuItem
SendMessageW
UnregisterClassA
DestroyWindow
PtInRect
SetMenuItemInfoA
ShowWindowAsync
LoadStringW
DefWindowProcW
SetWindowLongW
CreateWindowExW
TrackPopupMenu
PostMessageW
GetMenuStringW
GetKeyState
Number of PE resources by type
RT_STRING 1
RT_DIALOG 1
Number of PE resources by language
ENGLISH US 2
PE resources
ExifTool file metadata
MIMEType
application/octet-stream

Subsystem
Windows GUI

MachineType
Intel 386 or later, and compatibles

TimeStamp
2018:04:05 18:13:02+01:00

FileType
Win32 EXE

PEType
PE32

CodeSize
53248

LinkerVersion
7.1

FileTypeExtension
exe

InitializedDataSize
98304

SubsystemVersion
4.0

EntryPoint
0x27a6

OSVersion
4.0

ImageVersion
0.0

UninitializedDataSize
0

File identification
MD5 e3574773425d41e8c2b5a3b1319c401d
SHA1 717c50919b6fddaebf9615815d6ab90b825902a5
SHA256 8429e7dd5ae9225d7be50bc3d36e33e551fe9bc051c535b996f0d533f6804dcd
ssdeep
3072:ZxEzSgF4QdcwoPck9iGpbCXUi3WSmhGVUVTZj+:ZxgSQ4nwoniGpyUCqwm

authentihash a8a6467e4fcc62c389f3a07079c12e6129d378eba1cad5ac1b9ef2ec560bca6a
imphash 021e66bef5c9180e6bf544956ebbcf05
File size 152.0 KB ( 155648 bytes )
File type Win32 EXE
Magic literal
PE32 executable for MS Windows (GUI) Intel 80386 32-bit

TrID Win32 Executable MS Visual C++ (generic) (41.0%)
Win64 Executable (generic) (36.3%)
Win32 Dynamic Link Library (generic) (8.6%)
Win32 Executable (generic) (5.9%)
OS/2 Executable (generic) (2.6%)
Tags
peexe

VirusTotal metadata
First submission 2018-04-06 09:04:57 UTC ( 1 year, 1 month ago )
Last submission 2018-04-27 11:02:20 UTC ( 1 year ago )
File names gf54rt32t.exe
No comments. No VirusTotal Community member has commented on this item yet, be the first one to do so!

Leave your comment...

?
Post comment

You have not signed in. Only registered users can leave comments, sign in and have a voice!

No votes. No one has voted on this item yet, be the first one to do so!
Condensed report! The following is a condensed report of the behaviour of the file when executed in a controlled environment. The actions and events described were either performed by the file itself or by any other process launched by the executed file or subjected to code injection by the executed file.
Runtime DLLs
DNS requests