× Cookies are disabled! This site requires cookies to be enabled to work properly
SHA256: 885d8576f2e803d38b3d8a754711ade1923232260ae763856b721d29a2994a28
File name: 23de279aa59ae37f9fb05e9d056339220a134400
Detection ratio: 42 / 64
Analysis date: 2018-03-28 12:12:03 UTC ( 1 year ago ) View latest
Antivirus Result Update
Ad-Aware Trojan.GenericKD.40128775 20180328
AegisLab Troj.Generickd!c 20180328
AhnLab-V3 Trojan/Win32.Agent.C2444132 20180328
ALYac Trojan.GenericKD.40128775 20180328
Avast Win32:Malware-gen 20180328
Avira (no cloud) TR/AD.Inject.vwiqt 20180328
AVware Trojan.Win32.Generic!BT 20180328
Baidu Win32.Trojan.WisdomEyes.16070401.9500.9999 20180328
BitDefender Trojan.GenericKD.40128775 20180328
CrowdStrike Falcon (ML) malicious_confidence_100% (W) 20170201
Cybereason malicious.7d5c8c 20180225
Cylance Unsafe 20180328
DrWeb Trojan.Trick.45194 20180328
eGambit Unsafe.AI_Score_88% 20180328
Emsisoft Trojan.GenericKD.40128775 (B) 20180328
Endgame malicious (high confidence) 20180316
ESET-NOD32 a variant of Win32/GenKryptik.BQCS 20180328
F-Secure Trojan.GenericKD.40128775 20180328
Fortinet W32/GenKryptik.BQCS!tr 20180328
GData Trojan.GenericKD.40128775 20180328
Ikarus Trojan.Win32.Mansabo 20180328
Sophos ML heuristic 20180121
K7AntiVirus Trojan ( 005276991 ) 20180328
K7GW Trojan ( 005276991 ) 20180328
Malwarebytes Trojan.TrickBot 20180328
McAfee GenericRXEB-UB!9A163FA52D9C 20180328
McAfee-GW-Edition BehavesLike.Win32.Sality.gc 20180328
Microsoft Trojan:Win32/Tiggre!rfn 20180328
eScan Trojan.GenericKD.40128775 20180328
NANO-Antivirus Trojan.Win32.Trick.eydtpz 20180328
Palo Alto Networks (Known Signatures) generic.ml 20180328
Panda Trj/GdSda.A 20180328
SentinelOne (Static ML) static engine - malicious 20180225
Sophos AV Mal/Trickbt-A 20180328
Symantec Trojan.Gen.2 20180328
Tencent Win32.Trojan.Generic.Hssc 20180328
TrendMicro TROJ_GEN.R002C0PBO18 20180328
TrendMicro-HouseCall TROJ_GEN.R002C0PBO18 20180328
VIPRE Trojan.Win32.Generic!BT 20180328
ViRobot Trojan.Win32.Z.Trick.436736 20180328
WhiteArmor Malware.HighConfidence 20180324
Yandex Trojan.GenKryptik! 20180328
Alibaba 20180328
Antiy-AVL 20180328
Arcabit 20180328
Avast-Mobile 20180328
AVG 20180328
Bkav 20180328
CAT-QuickHeal 20180327
ClamAV 20180328
CMC 20180328
Comodo 20180328
Cyren 20180328
F-Prot 20180328
Jiangmin 20180328
Kaspersky 20180328
Kingsoft 20180328
MAX 20180328
nProtect 20180328
Qihoo-360 20180328
Rising 20180328
SUPERAntiSpyware 20180328
Symantec Mobile Insight 20180311
TheHacker 20180327
TotalDefense 20180328
Trustlook 20180328
VBA32 20180328
Zoner 20180327
The file being studied is a Portable Executable file! More specifically, it is a Win32 EXE file for the Windows GUI subsystem.
PE header basic information
Target machine Intel 386 or later processors and compatible processors
Compilation timestamp 2015-11-09 07:17:57
Entry Point 0x000266B0
Number of sections 4
PE sections
PE imports
GetStartupInfoA
GetFileSize
lstrlenA
lstrcatA
GetCurrentDirectoryA
WriteFile
CloseHandle
GetSystemInfo
GetModuleHandleA
GetProcessHeap
__p__fmode
fgetc
memset
fclose
_controlfp
__p__acmdln
fprintf
fflush
_except_handler3
fputc
wcslen
exit
_XcptFilter
memcmp
__setusermatherr
__p__commode
_exit
_adjust_fdiv
wcsncmp
__getmainargs
memcpy
memmove
_initterm
__set_app_type
SetFocus
GetMessageA
UpdateWindow
BeginPaint
DrawIcon
PostQuitMessage
DefWindowProcA
ShowWindow
SetPropW
IsWindow
SetWindowLongA
GetWindowRect
DispatchMessageA
EndPaint
SetMenu
PostMessageA
SetMenuItemInfoA
GetDlgItemTextA
WindowFromPoint
GetClipboardData
TranslateMessage
RegisterClassExA
DrawTextA
LoadMenuA
SetWindowTextA
LoadStringA
SetParent
IsWindowVisible
SendMessageA
CreateWindowExA
GetDCEx
LoadAcceleratorsA
SetTimer
LoadCursorA
LoadIconA
GetActiveWindow
GetFocus
IsDialogMessageA
DestroyWindow
Number of PE resources by type
RT_GROUP_CURSOR 4
RT_CURSOR 4
RT_BITMAP 3
RT_DIALOG 1
RT_MANIFEST 1
Number of PE resources by language
FRENCH 13
PE resources
ExifTool file metadata
MIMEType
application/octet-stream

Subsystem
Windows GUI

SubsystemVersion
4.0

MachineType
Intel 386 or later, and compatibles

TimeStamp
2015:11:09 08:17:57+01:00

FileType
Win32 EXE

PEType
PE32

CodeSize
194560

LinkerVersion
6.0

FileTypeExtension
exe

InitializedDataSize
242688

ImageFileCharacteristics
No relocs, Executable, No line numbers, No symbols, 32-bit

EntryPoint
0x266b0

OSVersion
4.0

ImageVersion
0.0

UninitializedDataSize
0

Execution parents
File identification
MD5 9a163fa52d9cdd9f9c5e7b1549233b4d
SHA1 4dbc1b57d5c8c39bfc1cec2f1c20d13602b7fcc8
SHA256 885d8576f2e803d38b3d8a754711ade1923232260ae763856b721d29a2994a28
ssdeep
6144:FWK8I0IFvepdL97Px57/iUHY9fL6qkRW+bc8mD0pePrcNfP8QpsnuYQGEDHg:gKnDQLd7LbWqmTrcGQpFbg

authentihash f56f31de4f838b41165413b486df726f87dde1d763b762f8321dd56ea9d60793
imphash 45d3387859fc2ab8c71104f3a2a4ec3f
File size 426.5 KB ( 436736 bytes )
File type Win32 EXE
Magic literal
PE32 executable for MS Windows (GUI) Intel 80386 32-bit

TrID Win32 Executable MS Visual C++ (generic) (41.0%)
Win64 Executable (generic) (36.3%)
Win32 Dynamic Link Library (generic) (8.6%)
Win32 Executable (generic) (5.9%)
OS/2 Executable (generic) (2.6%)
Tags
peexe

VirusTotal metadata
First submission 2018-02-15 19:45:24 UTC ( 1 year, 2 months ago )
Last submission 2018-05-03 17:47:02 UTC ( 11 months, 3 weeks ago )
File names setup.exe
banana.png
mjmgjvmhu.exe
23de279aa59ae37f9fb05e9d056339220a134400
No comments. No VirusTotal Community member has commented on this item yet, be the first one to do so!

Leave your comment...

?
Post comment

You have not signed in. Only registered users can leave comments, sign in and have a voice!

No votes. No one has voted on this item yet, be the first one to do so!
Condensed report! The following is a condensed report of the behaviour of the file when executed in a controlled environment. The actions and events described were either performed by the file itself or by any other process launched by the executed file or subjected to code injection by the executed file.
Opened files
Read files
Copied files
Created processes
Opened mutexes
Runtime DLLs