× Cookies are disabled! This site requires cookies to be enabled to work properly
SHA256: 8aa3638c5a771173213748193451e501cd5661573908e46140b2abb128967f96
Detection ratio: 47 / 69
Analysis date: 2018-12-12 11:22:30 UTC ( 10 hours, 22 minutes ago )
Antivirus Result Update
Ad-Aware Gen:Variant.Ulise.545 20181212
AhnLab-V3 Malware/Gen.Generic.C2805666 20181212
ALYac Gen:Variant.Ulise.545 20181212
Arcabit Trojan.Ulise.545 20181212
Avast Win32:MalwareX-gen [Trj] 20181212
AVG Win32:MalwareX-gen [Trj] 20181212
BitDefender Gen:Variant.Ulise.545 20181212
CAT-QuickHeal Trojan.IGENERIC 20181211
Comodo TrojWare.Win32.PSW.Coins.AB@7x7ynm 20181212
CrowdStrike Falcon (ML) malicious_confidence_90% (W) 20181022
Cybereason malicious.6d4cbd 20180225
Cylance Unsafe 20181212
Cyren W32/Trojan.MOVD-6806 20181212
Emsisoft Gen:Variant.Ulise.545 (B) 20181212
Endgame malicious (high confidence) 20181108
ESET-NOD32 a variant of Win32/Kryptik.GMIL 20181212
F-Secure Gen:Variant.Ulise.545 20181212
Fortinet W32/Kryptik.GMIL!tr 20181212
GData Gen:Variant.Ulise.545 20181212
Ikarus Trojan-Ransom.GandCrab 20181212
Sophos ML heuristic 20181128
Jiangmin TrojanDropper.Sysn.ekq 20181212
K7AntiVirus Trojan ( 00516fdf1 ) 20181212
K7GW Trojan ( 00516fdf1 ) 20181212
Kaspersky Trojan-Spy.Win32.Stealer.cqa 20181212
Malwarebytes Trojan.MalPack.GS 20181212
MAX malware (ai score=81) 20181212
McAfee GenericRXGO-MQ!DF2255E6D4CB 20181212
McAfee-GW-Edition BehavesLike.Win32.Imali.dh 20181212
Microsoft Trojan:Win32/Skeeyah.A!rfn 20181212
eScan Gen:Variant.Ulise.545 20181212
NANO-Antivirus Trojan.Win32.GenKryptik.fjvqmu 20181212
Palo Alto Networks (Known Signatures) generic.ml 20181212
Panda Trj/Genetic.gen 20181211
Qihoo-360 HEUR/QVM10.2.FC47.Malware.Gen 20181212
Rising Spyware.Stealer!8.3090 (CLOUD) 20181212
Sophos AV Mal/Generic-S 20181211
Symantec Packed.Generic.525 20181212
Trapmine malicious.high.ml.score 20181205
TrendMicro TROJ_GEN.R002C0DK618 20181212
TrendMicro-HouseCall TROJ_GEN.R002C0DK618 20181212
VBA32 Trojan.MTA.01158 20181212
VIPRE BehavesLike.Win32.Malware (v) 20181212
ViRobot Trojan.Win32.GandCrab.259072 20181212
Webroot W32.Adware.Installcore 20181212
Zillya Trojan.Stealer.Win32.1721 20181211
ZoneAlarm by Check Point Trojan-Spy.Win32.Stealer.cqa 20181212
AegisLab 20181212
Alibaba 20180921
Antiy-AVL 20181212
Avast-Mobile 20181211
Avira (no cloud) 20181211
Babable 20180918
Baidu 20181207
Bkav 20181211
ClamAV 20181212
CMC 20181212
DrWeb 20181212
eGambit 20181212
F-Prot 20181212
Kingsoft 20181212
SentinelOne (Static ML) 20181011
SUPERAntiSpyware 20181212
Symantec Mobile Insight 20181207
TACHYON 20181212
Tencent 20181212
TheHacker 20181210
TotalDefense 20181212
Trustlook 20181212
Zoner 20181212
The file being studied is a Portable Executable file! More specifically, it is a Win32 EXE file for the Windows GUI subsystem.
PE header basic information
Target machine Intel 386 or later processors and compatible processors
Compilation timestamp 2017-06-11 19:14:41
Entry Point 0x000017AD
Number of sections 5
PE sections
PE imports
SetViewportOrgEx
GetSystemTime
GetLastError
InitializeCriticalSectionAndSpinCount
HeapFree
GetStdHandle
EnterCriticalSection
LCMapStringW
ReadFile
FindFirstChangeNotificationA
LoadLibraryW
GetConsoleCP
GetOEMCP
LCMapStringA
IsDebuggerPresent
GetTickCount
TlsAlloc
GetEnvironmentStringsW
FlushFileBuffers
GetModuleFileNameA
RtlUnwind
LoadLibraryA
FreeEnvironmentStringsA
DeleteCriticalSection
GetStartupInfoA
GetEnvironmentStrings
GetCurrentDirectoryW
GetConsoleMode
GetLocaleInfoA
LocalAlloc
GetConsoleOutputCP
SetHandleCount
WriteConsoleW
WideCharToMultiByte
UnhandledExceptionFilter
InterlockedDecrement
MultiByteToWideChar
HeapSize
SetStdHandle
FreeEnvironmentStringsW
GetCommandLineA
GetProcAddress
QueryPerformanceCounter
AddAtomW
GetProcessHeap
ExitProcess
GetCPInfo
GetStringTypeA
SetFilePointer
GetExitCodeThread
GetCurrentThreadId
SetUnhandledExceptionFilter
lstrcpyA
GetCurrentProcess
CloseHandle
GetSystemTimeAsFileTime
GetACP
HeapReAlloc
GetStringTypeW
GetModuleHandleW
TlsFree
GetThreadSelectorEntry
TerminateProcess
FindCloseChangeNotification
WriteConsoleOutputCharacterW
WriteConsoleA
IsValidCodePage
HeapCreate
WriteFile
FatalExit
VirtualFree
TlsGetValue
Sleep
GetFileType
SetEndOfFile
TlsSetValue
CreateFileA
HeapAlloc
SetMailslotInfo
InterlockedIncrement
VirtualAlloc
GetCurrentProcessId
SetLastError
LeaveCriticalSection
GetMonitorInfoW
CreateWindowExA
PeekMessageW
LookupIconIdFromDirectoryEx
LoadCursorFromFileA
LoadStringW
LoadImageA
GetDlgCtrlID
ScrollWindow
GetUpdateRect
SetThreadDesktop
LoadIconA
Number of PE resources by type
RT_BITMAP 3
RT_STRING 1
RT_ICON 1
RT_VERSION 1
RT_GROUP_ICON 1
Number of PE resources by language
ENGLISH US 4
KAZAK DEFAULT 3
PE resources
ExifTool file metadata
UninitializedDataSize
0

LinkerVersion
9.0

ImageVersion
0.0

FileVersionNumber
7.0.0.0

LanguageCode
Unknown (457A)

FileFlagsMask
0x004f

ImageFileCharacteristics
Executable, 32-bit

CharacterSet
Unknown (A56B)

InitializedDataSize
5305344

EntryPoint
0x17ad

MIMEType
application/octet-stream

FileVersion
1.0.5.2

TimeStamp
2017:06:11 20:14:41+01:00

FileType
Win32 EXE

PEType
PE32

InternalName
errase.exe

ProductVersion
1.0.0.1

SubsystemVersion
5.0

OSVersion
5.0

FileOS
Unknown (0x40534)

Subsystem
Windows GUI

MachineType
Intel 386 or later, and compatibles

CodeSize
47104

FileSubtype
0

ProductVersionNumber
3.0.0.0

FileTypeExtension
exe

ObjectFileType
Executable application

File identification
MD5 df2255e6d4cbdec77dc7ce7dfa69ea32
SHA1 b4867b1a540f98b561e8517e622d2fd89fe9fdc8
SHA256 8aa3638c5a771173213748193451e501cd5661573908e46140b2abb128967f96
ssdeep
6144:r66MRkYSDlofhr0r/ibh79kJkgmIVi1pciq:Etugs/ibQJkgdVig

authentihash 25cb9d361e5a82ffbcedaa204b3354d43b652a66ce57cb9c4198f1f2882fa418
imphash 9cfae23580adf22971164a3b0a228743
File size 221.5 KB ( 226816 bytes )
File type Win32 EXE
Magic literal
PE32 executable for MS Windows (GUI) Intel 80386 32-bit

TrID Win32 Executable MS Visual C++ (generic) (41.0%)
Win64 Executable (generic) (36.3%)
Win32 Dynamic Link Library (generic) (8.6%)
Win32 Executable (generic) (5.9%)
OS/2 Executable (generic) (2.6%)
Tags
peexe nxdomain

VirusTotal metadata
First submission 2018-11-04 22:09:47 UTC ( 1 month, 1 week ago )
Last submission 2018-11-04 22:09:47 UTC ( 1 month, 1 week ago )
No comments. No VirusTotal Community member has commented on this item yet, be the first one to do so!

Leave your comment...

?
Post comment

You have not signed in. Only registered users can leave comments, sign in and have a voice!

No votes. No one has voted on this item yet, be the first one to do so!
Condensed report! The following is a condensed report of the behaviour of the file when executed in a controlled environment. The actions and events described were either performed by the file itself or by any other process launched by the executed file or subjected to code injection by the executed file.
Opened files
Read files
Written files
Deleted files
Created processes
Shell commands
Created mutexes
Opened mutexes
Opened service managers
Opened services
Runtime DLLs
HTTP requests
DNS requests
TCP connections