× Cookies are disabled! This site requires cookies to be enabled to work properly
SHA256: 84e416050ffc15c50482b03dd365e299c0b08ea43ac5762f5c9c83c6be76988a
File name: 4f44e9ced323f6a50f733a2eafabed058497fe3b
Detection ratio: 33 / 70
Analysis date: 2019-01-04 11:32:09 UTC ( 1 month, 2 weeks ago ) View latest
Antivirus Result Update
Ad-Aware Trojan.Autoruns.GenericKDS.31438909 20190104
ALYac Trojan.Autoruns.GenericKDS.31438909 20190104
Arcabit Trojan.Autoruns.GenericS.D1DFB83D 20190104
Avast Win32:Malware-gen 20190104
AVG Win32:Malware-gen 20190104
Avira (no cloud) TR/Spy.Banker.cmlyr 20190104
BitDefender Trojan.Autoruns.GenericKDS.31438909 20190104
CrowdStrike Falcon (ML) malicious_confidence_100% (D) 20181022
Cybereason malicious.c39077 20180225
Cylance Unsafe 20190104
Emsisoft Trojan.Autoruns.GenericKDS.31438909 (B) 20190104
Endgame malicious (high confidence) 20181108
ESET-NOD32 a variant of Win32/GenKryptik.CVCL 20190104
F-Secure Trojan.Autoruns.GenericKDS.31438909 20190104
Fortinet W32/Trickster.AFT!tr 20190104
GData Trojan.Autoruns.GenericKDS.31438909 20190104
Sophos ML heuristic 20181128
K7AntiVirus Trojan ( 00544c901 ) 20190104
K7GW Trojan ( 00544c901 ) 20190104
Kaspersky Trojan-Banker.Win32.Trickster.aft 20190104
MAX malware (ai score=81) 20190104
McAfee-GW-Edition BehavesLike.Win32.Ransomware.hh 20190104
Microsoft Trojan:Win32/Fuerboos.B!cl 20190104
eScan Trojan.Autoruns.GenericKDS.31438909 20190104
Panda Trj/GdSda.A 20190103
Qihoo-360 HEUR/QVM10.1.5212.Malware.Gen 20190104
Rising Trojan.GenKryptik!8.AA55/N3#91% (RDM+:cmRtazoYtviSMgBRtpdgJMlXEKH0) 20190104
Symantec ML.Attribute.HighConfidence 20190104
Trapmine malicious.high.ml.score 20190103
TrendMicro Mal_Swizzor 20190104
TrendMicro-HouseCall Mal_Swizzor 20190104
Webroot W32.Trojan.Gen 20190104
ZoneAlarm by Check Point Trojan-Banker.Win32.Trickster.aft 20190104
Acronis 20181227
AegisLab 20190104
AhnLab-V3 20190104
Alibaba 20180921
Antiy-AVL 20190104
Avast-Mobile 20190103
Babable 20180918
Baidu 20190104
Bkav 20190103
CAT-QuickHeal 20190103
ClamAV 20190104
CMC 20190103
Comodo 20190104
Cyren 20190104
DrWeb 20190104
eGambit 20190104
F-Prot 20190104
Ikarus 20190104
Jiangmin 20190104
Kingsoft 20190104
Malwarebytes 20190104
McAfee 20190104
NANO-Antivirus 20190104
Palo Alto Networks (Known Signatures) 20190104
SentinelOne (Static ML) 20181223
Sophos AV 20190104
SUPERAntiSpyware 20190102
TACHYON 20190104
Tencent 20190104
TheHacker 20181230
TotalDefense 20190104
Trustlook 20190104
VBA32 20190104
ViRobot 20190104
Yandex 20181229
Zillya 20190103
Zoner 20190104
The file being studied is a Portable Executable file! More specifically, it is a Win32 EXE file for the Windows GUI subsystem.
FileVersionInfo properties
PE header basic information
Target machine Intel 386 or later processors and compatible processors
Compilation timestamp 2018-12-21 12:43:41
Entry Point 0x0000AAC3
Number of sections 4
PE sections
PE imports
RegOpenKeyExA
InitCommonControlsEx
CreateFontIndirectW
CreateRectRgnIndirect
CombineRgn
SetStretchBltMode
ExcludeClipRect
OffsetViewportOrgEx
DeleteDC
SetBkMode
StretchBlt
IntersectClipRect
BitBlt
CreateDIBSection
SetTextColor
GetStockObject
EnumFontFamiliesExW
CreateRoundRectRgn
CreateCompatibleDC
CreateFontW
CreateRectRgn
SelectObject
GetTextColor
CreateSolidBrush
SetBkColor
GetTextExtentPoint32W
CreateCompatibleBitmap
GetStdHandle
GetOverlappedResult
WaitForSingleObject
HeapDestroy
EncodePointer
GetFileAttributesW
DisconnectNamedPipe
GetCurrentProcess
GetConsoleMode
GetLocaleInfoA
GetVolumeInformationW
SetErrorMode
FreeEnvironmentStringsW
GetLocaleInfoW
SetStdHandle
WideCharToMultiByte
GetStringTypeA
WriteFile
GetSystemTimeAsFileTime
GlobalMemoryStatusEx
HeapReAlloc
GetStringTypeW
ConnectNamedPipe
SetEvent
FormatMessageW
ResumeThread
LoadResource
GetLogicalDriveStringsW
FindClose
TlsGetValue
MoveFileW
SetFileAttributesW
GetEnvironmentVariableW
SetLastError
PeekNamedPipe
DeviceIoControl
CopyFileW
OutputDebugStringW
GetModuleFileNameW
IsDebuggerPresent
ExitProcess
GetModuleFileNameA
UnhandledExceptionFilter
LoadLibraryExW
MultiByteToWideChar
SetFilePointerEx
GetFullPathNameW
CreateSemaphoreA
CreateThread
MoveFileExW
DeleteCriticalSection
SetNamedPipeHandleState
SetUnhandledExceptionFilter
MulDiv
IsProcessorFeaturePresent
DecodePointer
SetEnvironmentVariableA
FindAtomW
WriteConsoleA
GetModuleHandleExW
GlobalAlloc
LocalFileTimeToFileTime
SetEndOfFile
GetCurrentThreadId
WriteConsoleW
InitializeCriticalSectionAndSpinCount
HeapFree
EnterCriticalSection
GetSystemTime
SetHandleCount
TerminateThread
lstrcmpiA
OpenThread
GetOEMCP
QueryPerformanceCounter
TlsAlloc
FlushFileBuffers
lstrcmpiW
RtlUnwind
GlobalFindAtomW
GetStartupInfoA
GetDateFormatA
OpenProcess
GetStartupInfoW
GlobalLock
AddAtomW
GetProcessHeap
CompareStringW
lstrcpyW
GetFileSizeEx
RemoveDirectoryW
ExpandEnvironmentStringsW
lstrcmpA
FindNextFileW
GetTimeFormatA
FindFirstFileW
TerminateProcess
lstrcmpW
WaitForMultipleObjects
GetProcAddress
CreateEventW
CreateFileW
CreateEventA
GetFileType
TlsSetValue
HeapAlloc
LeaveCriticalSection
GetLastError
SystemTimeToFileTime
LCMapStringW
GetAtomNameW
CreateNamedPipeW
lstrlenA
GlobalFree
GetConsoleCP
LCMapStringA
GetSystemWindowsDirectoryW
GetEnvironmentStringsW
GlobalUnlock
SizeofResource
GetCurrentProcessId
LockResource
ProcessIdToSessionId
GetCPInfo
HeapSize
GetCommandLineA
CancelIo
WritePrivateProfileStringW
RaiseException
ReleaseSemaphore
TlsFree
GetModuleHandleA
DeleteAtom
CloseHandle
OpenMutexW
GetACP
GetModuleHandleW
IsValidCodePage
HeapCreate
FindResourceW
VirtualFree
Sleep
OpenEventA
VirtualAlloc
ResetEvent
RedrawWindow
GetForegroundWindow
SetWindowRgn
LoadBitmapW
DestroyMenu
PostQuitMessage
DrawStateW
SetWindowPos
ScreenToClient
WindowFromPoint
SetMenuItemInfoW
SetActiveWindow
GetDC
GetCursorPos
ReleaseDC
SendMessageW
UnregisterClassA
GetClientRect
CreateAcceleratorTableW
DrawTextW
LoadImageW
TrackPopupMenu
GetActiveWindow
GetWindowTextW
PostThreadMessageW
GetWindowTextLengthW
InvalidateRgn
DestroyWindow
GetClassInfoExW
UpdateWindow
EnumWindows
GetMessageW
ShowWindow
PeekMessageW
EnableWindow
TranslateMessage
GetWindow
LoadStringW
GetKeyboardLayoutList
IsDialogMessageW
FillRect
MonitorFromPoint
CopyRect
GetWindowLongW
CharNextW
IsChild
MapWindowPoints
RegisterWindowMessageW
GetMonitorInfoW
BeginPaint
OffsetRect
DefWindowProcW
keybd_event
KillTimer
GetSystemMetrics
SetWindowLongW
GetWindowRect
SetCapture
ReleaseCapture
PostMessageW
CreatePopupMenu
CheckMenuItem
GetClassLongW
PtInRect
DrawIconEx
SetWindowTextW
GetDlgItem
ClientToScreen
GetKeyboardState
DialogBoxIndirectParamW
AttachThreadInput
DestroyAcceleratorTable
LoadCursorW
DispatchMessageW
SetForegroundWindow
ExitWindowsEx
IntersectRect
EndDialog
FindWindowW
GetCapture
SetFocus
GetWindowThreadProcessId
MessageBoxW
RegisterClassExW
MoveWindow
AppendMenuW
GetWindowDC
AdjustWindowRectEx
GetSysColor
DestroyIcon
IsWindowVisible
MonitorFromWindow
SetRect
InvalidateRect
CallWindowProcW
GetClassNameW
GetFocus
wsprintfW
SetCursor
CoTaskMemFree
CoInitialize
OleInitialize
CoTaskMemAlloc
Number of PE resources by type
RT_DIALOG 9
RT_MANIFEST 1
RT_MENU 1
Number of PE resources by language
NEUTRAL 11
PE resources
ExifTool file metadata
MIMEType
application/octet-stream

Subsystem
Windows GUI

SubsystemVersion
5.0

MachineType
Intel 386 or later, and compatibles

TimeStamp
2018:12:21 13:43:41+01:00

FileType
Win32 EXE

PEType
PE32

CodeSize
83456

LinkerVersion
118.0

FileTypeExtension
exe

InitializedDataSize
686080

ImageFileCharacteristics
No relocs, Executable, 32-bit

EntryPoint
0xaac3

OSVersion
5.0

ImageVersion
0.0

UninitializedDataSize
0

File identification
MD5 1394299c39077ff4b27c756ed7d42f23
SHA1 4f44e9ced323f6a50f733a2eafabed058497fe3b
SHA256 84e416050ffc15c50482b03dd365e299c0b08ea43ac5762f5c9c83c6be76988a
ssdeep
6144:dVCvouSNOVBTDlkiGTa+pRiYCCKH2RyDsT8RV6SyU3bdrVe0fs3YMKYdT+nmlaGb:d07nD6iGDRiZAw8ZWrzeswdCmlaG9

authentihash 7739ed8cff455f6ac3c3985815b55ff273bd4219774d824637c8171c011a41bf
imphash e322d0d5d3f48e59344aaf9f495049d4
File size 588.5 KB ( 602624 bytes )
File type Win32 EXE
Magic literal
PE32 executable for MS Windows (GUI) Intel 80386 32-bit

TrID Win32 Executable MS Visual C++ (generic) (41.0%)
Win64 Executable (generic) (36.3%)
Win32 Dynamic Link Library (generic) (8.6%)
Win32 Executable (generic) (5.9%)
OS/2 Executable (generic) (2.6%)
Tags
peexe

VirusTotal metadata
First submission 2019-01-04 11:32:09 UTC ( 1 month, 2 weeks ago )
Last submission 2019-01-04 11:32:09 UTC ( 1 month, 2 weeks ago )
No comments. No VirusTotal Community member has commented on this item yet, be the first one to do so!

Leave your comment...

?
Post comment

You have not signed in. Only registered users can leave comments, sign in and have a voice!

No votes. No one has voted on this item yet, be the first one to do so!
Condensed report! The following is a condensed report of the behaviour of the file when executed in a controlled environment. The actions and events described were either performed by the file itself or by any other process launched by the executed file or subjected to code injection by the executed file.
Created processes
Opened mutexes
Runtime DLLs