× Cookies are disabled! This site requires cookies to be enabled to work properly
SHA256: 858258e5866d298c7dd2fb078ae31e5ce89167242a6b1cae81d12ede7da90a0f
File name: 8506cc66735825e1dcbb23407c5b3fce75312018
Detection ratio: 50 / 66
Analysis date: 2018-06-04 23:42:47 UTC ( 3 months, 2 weeks ago )
Antivirus Result Update
Ad-Aware Generic.Malware.SL!.F2BC0636 20180605
AegisLab Troj.W32.Generic!c 20180604
AhnLab-V3 Trojan/Win32.Generic.C2228896 20180604
ALYac Generic.Malware.SL!.F2BC0636 20180605
Antiy-AVL Trojan/Win32.AGeneric 20180604
Arcabit Generic.Malware.SL!.F2BC0636 20180604
Avast Win32:RemcosRAT-A [Trj] 20180604
AVG Win32:RemcosRAT-A [Trj] 20180604
Avira (no cloud) TR/AD.Remcos.zrglj 20180604
AVware Trojan.Win32.Generic!BT 20180604
Baidu Win32.Trojan.WisdomEyes.16070401.9500.9999 20180604
BitDefender Generic.Malware.SL!.F2BC0636 20180604
Bkav W32.DacokaDOY.Trojan 20180604
CAT-QuickHeal Trojan.Mauvaise.SL1 20180604
Cylance Unsafe 20180605
Cyren W32/Trojan.ABCQ-0539 20180604
DrWeb Trojan.PWS.Stealer.23577 20180604
Emsisoft Generic.Malware.SL!.F2BC0636 (B) 20180604
Endgame malicious (high confidence) 20180507
ESET-NOD32 Win32/Agent.SYM 20180604
F-Secure Generic.Malware.SL!.F2BC0636 20180604
Fortinet W32/Agent.RXL!tr 20180604
GData Win32.Malware.Bucaspys.B 20180604
Ikarus Trojan.Win32.Agent 20180604
Sophos ML heuristic 20180601
Jiangmin Trojan.Generic.bzhoa 20180604
K7AntiVirus Trojan ( 0051c83d1 ) 20180604
K7GW Trojan ( 0051c83d1 ) 20180604
Kaspersky HEUR:Trojan.Win32.Generic 20180604
Malwarebytes Backdoor.Remcos 20180604
MAX malware (ai score=100) 20180605
McAfee GenericRXDY-UA!099043585D35 20180604
McAfee-GW-Edition BehavesLike.Win32.Dropper.cm 20180604
Microsoft Backdoor:Win32/Rescoms.B 20180604
eScan Generic.Malware.SL!.F2BC0636 20180604
NANO-Antivirus Trojan.Win32.Ric.exotlx 20180604
Palo Alto Networks (Known Signatures) generic.ml 20180605
Panda Trj/CI.A 20180604
Qihoo-360 Win32/Trojan.8cf 20180605
SentinelOne (Static ML) static engine - malicious 20180225
Sophos AV Mal/Emogen-Y 20180604
Symantec Infostealer!im 20180604
Tencent Win32.Trojan.Generic.Gvg 20180605
TrendMicro-HouseCall BKDR_SOCMER.SM 20180604
VBA32 Trojan.Downloader 20180604
VIPRE Trojan.Win32.Generic!BT 20180604
ViRobot Trojan.Win32.Z.Agent.122880.HCJ 20180604
Webroot W32.Adware.Gen 20180605
Yandex Trojan.Agent!QnXS2GyXiCs 20180529
ZoneAlarm by Check Point HEUR:Trojan.Win32.Generic 20180604
Alibaba 20180604
Avast-Mobile 20180604
Babable 20180406
ClamAV 20180604
CMC 20180604
Comodo 20180604
CrowdStrike Falcon (ML) 20180202
Cybereason None
eGambit 20180605
F-Prot 20180604
Kingsoft 20180605
nProtect 20180604
Rising 20180604
SUPERAntiSpyware 20180604
Symantec Mobile Insight 20180601
TheHacker 20180531
TotalDefense 20180604
TrendMicro 20180604
Trustlook 20180605
Zillya 20180604
Zoner 20180605
The file being studied is a Portable Executable file! More specifically, it is a Win32 EXE file for the Windows GUI subsystem.
PE header basic information
Target machine Intel 386 or later processors and compatible processors
Compilation timestamp 2018-02-10 05:24:47
Entry Point 0x0001247F
Number of sections 5
PE sections
PE imports
RegDeleteKeyA
LookupPrivilegeValueA
RegCloseKey
RegQueryValueExA
RegCreateKeyW
OpenServiceW
QueryServiceConfigW
ControlService
RegCreateKeyExA
RegCreateKeyA
RegQueryValueExW
CloseServiceHandle
OpenProcessToken
QueryServiceStatus
RegOpenKeyExW
RegOpenKeyExA
GetUserNameW
RegEnumKeyExA
RegQueryInfoKeyA
ChangeServiceConfigW
AdjustTokenPrivileges
RegDeleteValueW
StartServiceW
RegSetValueExW
OpenSCManagerW
RegSetValueExA
EnumServicesStatusW
RegEnumValueA
OpenSCManagerA
GetDeviceCaps
CreateDCA
DeleteDC
SelectObject
StretchBlt
GetDIBits
CreateCompatibleDC
DeleteObject
CreateCompatibleBitmap
GetObjectA
CreateToolhelp32Snapshot
GetTempFileNameW
GetLastError
HeapFree
GetStdHandle
LoadLibraryA
WriteProcessMemory
VirtualAllocEx
TerminateThread
CreateFileMappingA
GetModuleFileNameW
GlobalFree
SetEvent
GetDriveTypeA
FindFirstFileW
WaitForSingleObject
GetTickCount
GlobalUnlock
GetModuleFileNameA
DeleteFileA
GetFileAttributesW
GetLocalTime
CopyFileW
Process32NextW
GetFileSize
CreatePipe
GetStartupInfoA
CreateThread
SizeofResource
PeekNamedPipe
GetLocaleInfoA
GetCurrentProcessId
OpenProcess
LockResource
ExpandEnvironmentStringsA
FindClose
ReadProcessMemory
CreateDirectoryW
DeleteFileW
lstrcatW
GetThreadContext
Process32FirstW
GetCurrentThread
OpenMutexA
CreateMutexA
lstrlenA
ExitThread
RemoveDirectoryW
SetFilePointer
FindNextFileW
FindFirstFileA
GetTempPathW
GetCurrentProcess
ReadFile
lstrcpynA
FindNextFileA
DuplicateHandle
HeapCreate
GlobalLock
GetLongPathNameW
SetThreadContext
TerminateProcess
ResumeThread
CreateProcessA
GetLogicalDriveStringsA
GetProcAddress
LoadResource
WriteFile
CreateFileW
GlobalAlloc
CreateProcessW
CreateEventA
AllocConsole
Sleep
SetFileAttributesW
ExitProcess
MapViewOfFileEx
FindResourceA
VirtualAlloc
LocalAlloc
GetModuleHandleA
CloseHandle
?rfind@?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@QBEIGI@Z
?replace@?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@QAEAAV12@IIPBG@Z
?find@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QBEIDI@Z
?c_str@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QBEPBDXZ
?close@?$basic_ofstream@DU?$char_traits@D@std@@@std@@QAEXXZ
?begin@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QBEPBDXZ
?find_last_of@?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@QBEIPBGI@Z
?end@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEPADXZ
?find@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QBEIABV12@I@Z
??1out_of_range@std@@UAE@XZ
??4?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@QAEAAV01@PBG@Z
??9std@@YA_NABV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@0@PBD@Z
??0?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@IDABV?$allocator@D@1@@Z
??Hstd@@YA?AV?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@0@PBGABV10@@Z
?c_str@?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@QBEPBGXZ
??4?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEAAV01@PBD@Z
??0_Winit@std@@QAE@XZ
?size@?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@QBEIXZ
??0?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@QAE@PBGIABV?$allocator@G@1@@Z
??0out_of_range@std@@QAE@ABV01@@Z
??0logic_error@std@@QAE@ABV01@@Z
??Hstd@@YA?AV?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@0@ABV10@G@Z
??8std@@YA_NABV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@0@0@Z
?empty@?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@QBE_NXZ
??1Init@ios_base@std@@QAE@XZ
??Hstd@@YA?AV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@0@PBDABV10@@Z
?size@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QBEIXZ
??Y?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEAAV01@D@Z
?begin@?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@QAEPAGXZ
?is_open@?$basic_ofstream@DU?$char_traits@D@std@@@std@@QBE_NXZ
??4?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@QAEAAV01@ABV01@@Z
??0out_of_range@std@@QAE@ABV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@1@@Z
??0?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@QAE@ABV?$allocator@G@1@@Z
??0Init@ios_base@std@@QAE@XZ
??6std@@YAAAV?$basic_ostream@DU?$char_traits@D@std@@@0@AAV10@PBD@Z
??0?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@ABV?$allocator@D@1@@Z
??0?$basic_ofstream@DU?$char_traits@D@std@@@std@@QAE@PBDH@Z
??Y?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@QAEAAV01@PBG@Z
??Hstd@@YA?AV?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@0@ABV10@0@Z
?find_last_of@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QBEIDI@Z
?rfind@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QBEIDI@Z
?npos@?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@2IB
??1?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@XZ
??0?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@PBDIABV?$allocator@D@1@@Z
??8std@@YA_NABV?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@0@0@Z
?find@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QBEIPBDI@Z
??Y?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEAAV01@PBD@Z
??6std@@YAAAV?$basic_ostream@DU?$char_traits@D@std@@@0@AAV10@ABV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@0@@Z
?assign@?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@QAEAAV12@ABV12@@Z
?end@?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@QAEPAGXZ
?resize@?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@QAEXI@Z
??Hstd@@YA?AV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@0@ABV10@PBD@Z
?find@?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@QBEIPBGI@Z
?assign@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEAAV12@PBDI@Z
?length@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QBEIXZ
??0?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@QAE@IGABV?$allocator@G@1@@Z
??0?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@PBDABV?$allocator@D@1@@Z
??4?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEAAV01@ABV01@@Z
??0?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@QAE@ABV01@@Z
??0?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@QAE@PBGABV?$allocator@G@1@@Z
??8std@@YA_NABV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@0@PBD@Z
?resize@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEXID@Z
?find@?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@QBEIABV12@I@Z
??_D?$basic_ofstream@DU?$char_traits@D@std@@@std@@QAEXXZ
?npos@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@2IB
?find@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QBEIPBDII@Z
??Hstd@@YA?AV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@0@DABV10@@Z
?substr@?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@QBE?AV12@II@Z
?empty@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QBE_NXZ
??9std@@YA_NABV?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@0@PBG@Z
?data@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QBEPBDXZ
?begin@?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@QBEPBGXZ
??1_Winit@std@@QAE@XZ
??Hstd@@YA?AV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@0@ABV10@D@Z
??8std@@YA_NABV?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@0@PBG@Z
?length@?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@QBEIXZ
?resize@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEXI@Z
?substr@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QBE?AV12@II@Z
??A?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEAADI@Z
?end@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QBEPBDXZ
?begin@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEPADXZ
?end@?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@QBEPBGXZ
??Y?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@QAEAAV01@ABV01@@Z
??Hstd@@YA?AV?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@0@ABV10@PBG@Z
??Y?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@QAEAAV01@G@Z
??0?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@ABV01@@Z
??Y?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEAAV01@ABV01@@Z
??8std@@YA_NPBGABV?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@0@@Z
?append@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEAAV12@PBDI@Z
??Hstd@@YA?AV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@0@ABV10@0@Z
??1?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@QAE@XZ
strncmp
__p__fmode
malloc
??0exception@@QAE@ABV0@@Z
rand
??1type_info@@UAE@XZ
srand
__dllonexit
swprintf
toupper
printf
wcscpy
_except_handler3
wcslen
_wgetenv
??2@YAPAXI@Z
__p__commode
_onexit
_wrename
wcscmp
exit
_XcptFilter
_itow
__setusermatherr
_controlfp
sprintf
_acmdln
_CxxThrowException
tolower
_itoa
_adjust_fdiv
free
getenv
wcscat
atoi
__getmainargs
_initterm
__CxxFrameHandler
localtime
_wsystem
_ftol
freopen
time
_exit
__set_app_type
_EH_prolog
strftime
_iob
ExtractIconA
ShellExecuteExA
ShellExecuteW
Shell_NotifyIconA
PathFileExistsW
StrToIntA
PathFileExistsA
EmptyClipboard
GetForegroundWindow
GetKeyboardLayoutNameA
EnumWindows
SendInput
DefWindowProcA
FindWindowA
CreatePopupMenu
ShowWindow
GetClipboardData
GetWindowThreadProcessId
MessageBoxW
AppendMenuA
DispatchMessageA
UnhookWindowsHookEx
DrawIcon
TranslateMessage
GetKeyState
GetCursorPos
GetIconInfo
SetClipboardData
IsWindowVisible
GetWindowTextA
CloseWindow
SetForegroundWindow
SystemParametersInfoW
CallNextHookEx
GetWindowTextLengthA
CreateWindowExA
TrackPopupMenu
SetWindowsHookExA
GetKeyboardLayout
GetWindowTextW
CloseClipboard
RegisterClassExA
GetMessageA
ExitWindowsEx
OpenClipboard
InternetReadFile
InternetOpenUrlA
InternetCloseHandle
InternetOpenA
waveInOpen
waveInPrepareHeader
waveInAddBuffer
waveInClose
waveInUnprepareHeader
waveInStop
waveInStart
socket
recv
send
WSAStartup
gethostbyname
connect
inet_ntoa
htons
closesocket
WSAGetLastError
GdipLoadImageFromStreamICM
GdipSaveImageToStream
GdipGetImageEncoders
GdipLoadImageFromStream
GdipFree
GdipSaveImageToFile
GdipAlloc
GdipDisposeImage
GdipCloneImage
GdiplusStartup
GdipGetImageEncodersSize
URLOpenBlockingStreamW
URLDownloadToFileW
Number of PE resources by type
RT_ICON 1
RT_RCDATA 1
RT_GROUP_ICON 1
Number of PE resources by language
ENGLISH US 2
NEUTRAL 1
PE resources
ExifTool file metadata
MIMEType
application/octet-stream

Subsystem
Windows GUI

MachineType
Intel 386 or later, and compatibles

FileTypeExtension
exe

TimeStamp
2018:02:10 06:24:47+01:00

FileType
Win32 EXE

PEType
PE32

CodeSize
73728

LinkerVersion
6.0

EntryPoint
0x1247f

InitializedDataSize
45056

SubsystemVersion
4.0

ImageVersion
0.0

OSVersion
4.0

UninitializedDataSize
0

File identification
MD5 099043585d35ea7fb27e9a2ea7cee516
SHA1 df879a479d6b9b184f9d6e9e2975ba75fd0b290e
SHA256 858258e5866d298c7dd2fb078ae31e5ce89167242a6b1cae81d12ede7da90a0f
ssdeep
3072:zXWbmc+bQOfWUXV42nqZbgzE6jQg2X9zP/lGWu2x5+zt3Yyrd:zmbtCQOfWsV42nqZczFQ1X9zP/lGWu2K

authentihash 0878bc51581f747e929efd5998113b48f89e46d3e17dd67da7928d7b8bb245a8
imphash 27c26358507490ee39a6c32c85e5402a
File size 120.0 KB ( 122880 bytes )
File type Win32 EXE
Magic literal
PE32 executable for MS Windows (GUI) Intel 80386 32-bit

TrID Win32 Executable MS Visual C++ (generic) (41.0%)
Win64 Executable (generic) (36.3%)
Win32 Dynamic Link Library (generic) (8.6%)
Win32 Executable (generic) (5.9%)
OS/2 Executable (generic) (2.6%)
Tags
peexe

VirusTotal metadata
First submission 2018-04-29 17:48:46 UTC ( 4 months, 3 weeks ago )
Last submission 2018-05-14 23:49:48 UTC ( 4 months, 1 week ago )
File names 8506cc66735825e1dcbb23407c5b3fce75312018
mummy.exe
No comments. No VirusTotal Community member has commented on this item yet, be the first one to do so!

Leave your comment...

?
Post comment

You have not signed in. Only registered users can leave comments, sign in and have a voice!

No votes. No one has voted on this item yet, be the first one to do so!
Condensed report! The following is a condensed report of the behaviour of the file when executed in a controlled environment. The actions and events described were either performed by the file itself or by any other process launched by the executed file or subjected to code injection by the executed file.
Opened files
Read files
Written files
Copied files
Deleted files
Created processes
Shell commands
Created mutexes
Opened mutexes
Runtime DLLs
DNS requests