× Cookies are disabled! This site requires cookies to be enabled to work properly
SHA256: 892f5f4c3b5b3c64a56fa7c2945f4e83abe44478e794e2c883f6650977ba8c41
File name: MEAYKDXUVTFY.EXE
Detection ratio: 30 / 69
Analysis date: 2018-10-03 11:17:46 UTC ( 7 months, 2 weeks ago ) View latest
Antivirus Result Update
Ad-Aware Gen:Variant.Graftor.520221 20181003
ALYac Gen:Variant.Graftor.520221 20181003
Arcabit Trojan.Graftor.D7F01D 20181003
Avast Win32:Malware-gen 20181003
AVG Win32:Malware-gen 20181003
BitDefender Gen:Variant.Graftor.520221 20181003
Comodo Packed.Win32.MUPX.Gen 20181003
CrowdStrike Falcon (ML) malicious_confidence_90% (D) 20180723
Cylance Unsafe 20181003
DrWeb Trojan.PWS.Stealer.24403 20181003
Emsisoft Gen:Variant.Graftor.520221 (B) 20181003
Endgame malicious (moderate confidence) 20180730
ESET-NOD32 a variant of Win32/Kryptik.GLCC 20181003
F-Secure Gen:Variant.Graftor.520221 20181003
Fortinet W32/Kryptik.GLCC!tr 20181003
GData Gen:Variant.Graftor.520221 20181003
Ikarus Trojan.Win32.Crypt 20181003
K7AntiVirus Trojan ( 0053d5101 ) 20181003
K7GW Trojan ( 0053d5101 ) 20181003
Kaspersky Trojan-PSW.Win32.Coins.lqq 20181003
McAfee RDN/Generic PWS.y 20181003
McAfee-GW-Edition BehavesLike.Win32.Dropper.gc 20181003
eScan Gen:Variant.Graftor.520221 20181003
NANO-Antivirus Trojan.Win32.Coins.fiofci 20181003
Palo Alto Networks (Known Signatures) generic.ml 20181003
Panda Trj/CI.A 20181002
Rising Trojan.Kryptik!8.8 (CLOUD) 20181003
Symantec ML.Attribute.HighConfidence 20181003
TrendMicro-HouseCall TROJ_GEN.R002H0DJ218 20181003
VIPRE Trojan.Win32.Generic!BT 20181003
AegisLab 20181003
AhnLab-V3 20181003
Alibaba 20180921
Antiy-AVL 20181003
Avast-Mobile 20181003
Avira (no cloud) 20181003
AVware 20180925
Babable 20180918
Baidu 20180930
Bkav 20181003
CAT-QuickHeal 20181001
ClamAV 20181003
CMC 20181003
Cybereason 20180225
Cyren 20181003
eGambit 20181003
F-Prot 20181003
Sophos ML 20180717
Jiangmin 20181003
Kingsoft 20181003
Malwarebytes 20181003
MAX 20181003
Microsoft 20181003
Qihoo-360 20181003
SentinelOne (Static ML) 20180926
Sophos AV 20181003
SUPERAntiSpyware 20180907
Symantec Mobile Insight 20181001
TACHYON 20181003
Tencent 20181003
TheHacker 20181001
TotalDefense 20181003
TrendMicro 20181003
Trustlook 20181003
VBA32 20181003
ViRobot 20181002
Webroot 20181003
Yandex 20180927
Zillya 20181002
ZoneAlarm by Check Point 20180925
Zoner 20181002
The file being studied is a Portable Executable file! More specifically, it is a Win32 EXE file for the Windows GUI subsystem.
FileVersionInfo properties
Copyright
UBTECH Robotics (C)

Product DefeatedRewritten
Original name DefeatedRewritten
Internal name DefeatedRewritten
File version 4.3.6.243
Description Intellimuse Stylesheeta Ports Discernible Argos
Comments Intellimuse Stylesheeta Ports Discernible Argos
Packers identified
F-PROT UPX
PE header basic information
Target machine Intel 386 or later processors and compatible processors
Compilation timestamp 2018-09-24 19:52:52
Entry Point 0x000ABD40
Number of sections 3
PE sections
PE imports
OpenProcessToken
AVIStreamStart
Ord(413)
Escape
ImmIsIME
VirtualProtect
LoadLibraryA
ExitProcess
GetProcAddress
acmMetrics
NetWkstaUserGetInfo
SHBrowseForFolderA
AcquireCredentialsHandleA
WinHttpDetectAutoProxyConfigUrl
mmioClose
closesocket
WICMapSchemaToName
Number of PE resources by type
RT_RCDATA 11
RT_STRING 11
Struct(800) 8
RT_GROUP_CURSOR 7
AFX_DIALOG_LAYOUT 7
RT_BITMAP 6
RT_ICON 5
RT_MANIFEST 1
RT_VERSION 1
RT_GROUP_ICON 1
Number of PE resources by language
ENGLISH US 58
PE resources
ExifTool file metadata
CodeSize
368640

SubsystemVersion
4.0

Comments
Intellimuse Stylesheeta Ports Discernible Argos

Languages
English

InitializedDataSize
61440

ImageVersion
0.0

FileSubtype
0

FileVersionNumber
4.3.6.243

LanguageCode
English (U.S.)

FileFlagsMask
0x003f

FileDescription
Intellimuse Stylesheeta Ports Discernible Argos

ImageFileCharacteristics
No relocs, Executable, 32-bit

CharacterSet
Unicode

LinkerVersion
8.0

PrivateBuild
4.3.6.243

EntryPoint
0xabd40

OriginalFileName
DefeatedRewritten

MIMEType
application/octet-stream

LegalCopyright
UBTECH Robotics (C)

FileVersion
4.3.6.243

TimeStamp
2018:09:24 20:52:52+01:00

FileType
Win32 EXE

PEType
PE32

InternalName
DefeatedRewritten

ProductVersion
4.3.6.243

UninitializedDataSize
331776

OSVersion
4.0

FileOS
Windows NT 32-bit

Subsystem
Windows GUI

MachineType
Intel 386 or later, and compatibles

CompanyName
UBTECH Robotics

LegalTrademarks
UBTECH Robotics (C)

ProductName
DefeatedRewritten

ProductVersionNumber
4.3.6.243

FileTypeExtension
exe

ObjectFileType
Executable application

AssemblyVersion
4.3.6.243

File identification
MD5 4d1f416809143d6a79c82e0ab591627a
SHA1 0aabea4a104ab0d6452b0fbf48fc64b1c51c0975
SHA256 892f5f4c3b5b3c64a56fa7c2945f4e83abe44478e794e2c883f6650977ba8c41
ssdeep
6144:Q7Jg7ugeBODY/lx5n6JSHC3ce/8ZLufgT+VsGSnm4vpLPzAUjCBZ69z7Nm2DFV:Q7JGZeBl/LtSSHCMK8NKPqxLPsUj+y

authentihash aa623293764239c364659168719643e9bff557dd2de5eecd0c0b20b87b3e47c5
imphash 5aa8078f92ccf79cf435854dcf88a32f
File size 419.0 KB ( 429056 bytes )
File type Win32 EXE
Magic literal
PE32 executable for MS Windows (GUI) Intel 80386 32-bit

TrID Win64 Executable (generic) (37.4%)
UPX compressed Win32 Executable (36.6%)
Win32 Dynamic Link Library (generic) (8.9%)
Win32 Executable (generic) (6.1%)
OS/2 Executable (generic) (2.7%)
Tags
peexe upx

VirusTotal metadata
First submission 2018-10-02 19:54:03 UTC ( 7 months, 2 weeks ago )
Last submission 2018-10-02 19:54:03 UTC ( 7 months, 2 weeks ago )
File names skype.exe
MEAYKDXUVTFY.EXE
DefeatedRewritten
Advanced heuristic and reputation engines
No comments. No VirusTotal Community member has commented on this item yet, be the first one to do so!

Leave your comment...

?
Post comment

You have not signed in. Only registered users can leave comments, sign in and have a voice!

No votes. No one has voted on this item yet, be the first one to do so!
Condensed report! The following is a condensed report of the behaviour of the file when executed in a controlled environment. The actions and events described were either performed by the file itself or by any other process launched by the executed file or subjected to code injection by the executed file.
Opened files
Read files
Code injections in the following processes
Created mutexes
Opened mutexes
Opened service managers
Opened services
Runtime DLLs
HTTP requests
DNS requests
TCP connections
UDP communications