× Cookies are disabled! This site requires cookies to be enabled to work properly
SHA256: 8b978dcd327d62aedf0c6a6c9e730ee6699d5df68457e8b5fc0fad9c277aca31
File name: 4d8cb1b6ea79a76dcfe4a98a037f64074f1969e8
Detection ratio: 31 / 65
Analysis date: 2018-06-02 09:19:33 UTC ( 8 months, 2 weeks ago ) View latest
Antivirus Result Update
Ad-Aware Trojan.GenericKD.30907516 20180602
AegisLab Uds.Dangerousobject.Multi!c 20180602
Antiy-AVL Trojan[Ransom]/Win32.GandCrypt 20180602
Arcabit Trojan.Generic.D1D79C7C 20180602
Avast FileRepMalware 20180602
AVG FileRepMalware 20180602
Baidu Win32.Trojan.WisdomEyes.16070401.9500.9999 20180601
BitDefender Trojan.GenericKD.30907516 20180602
Cylance Unsafe 20180602
Cyren W32/Trojan.BQJD-3229 20180601
Emsisoft Trojan.GenericKD.30907516 (B) 20180601
Endgame malicious (high confidence) 20180507
ESET-NOD32 a variant of Win32/Kryptik.GHHE 20180602
Fortinet W32/GandCrab.B!tr 20180601
GData Win32.Trojan.Agent.XV897P 20180601
Sophos ML heuristic 20180601
K7AntiVirus Trojan ( 005332691 ) 20180602
K7GW Trojan ( 005332691 ) 20180602
Kaspersky Backdoor.Win32.Mokes.xhs 20180602
Malwarebytes Trojan.MalPack 20180602
McAfee RDN/Generic.dx 20180602
McAfee-GW-Edition BehavesLike.Win32.Generic.dh 20180602
eScan Trojan.GenericKD.30907516 20180602
NANO-Antivirus Trojan.Win32.GandCrypt.fdeeni 20180602
Palo Alto Networks (Known Signatures) generic.ml 20180602
Panda Trj/CI.A 20180601
Sophos AV Mal/GandCrab-B 20180602
Symantec Packed.Generic.525 20180602
TrendMicro Possible_HPGen-37b 20180602
TrendMicro-HouseCall Suspicious_GEN.F47V0601 20180601
ZoneAlarm by Check Point Backdoor.Win32.Mokes.xhs 20180602
AhnLab-V3 20180601
Alibaba 20180601
Avast-Mobile 20180601
Avira (no cloud) 20180601
AVware 20180602
Babable 20180406
Bkav 20180601
CAT-QuickHeal 20180601
ClamAV 20180602
CMC 20180601
Comodo 20180601
CrowdStrike Falcon (ML) 20180202
Cybereason None
DrWeb 20180601
eGambit 20180602
F-Prot 20180601
F-Secure 20180601
Ikarus 20180601
Jiangmin 20180601
Kingsoft 20180602
MAX 20180602
Microsoft 20180602
nProtect 20180602
Qihoo-360 20180602
Rising 20180602
SentinelOne (Static ML) 20180225
SUPERAntiSpyware 20180602
Symantec Mobile Insight 20180601
Tencent 20180602
TheHacker 20180531
TotalDefense 20180602
Trustlook 20180602
VBA32 20180601
VIPRE 20180602
ViRobot 20180602
Webroot 20180602
Yandex 20180529
Zillya 20180601
Zoner 20180602
The file being studied is a Portable Executable file! More specifically, it is a Win32 EXE file for the Windows GUI subsystem.
PE header basic information
Target machine Intel 386 or later processors and compatible processors
Compilation timestamp 2018-05-31 15:09:46
Entry Point 0x000070A5
Number of sections 6
PE sections
PE imports
ReportEventW
GetLastError
InitializeCriticalSectionAndSpinCount
HeapFree
IsProcessorFeaturePresent
EnterCriticalSection
LCMapStringW
GetStartupInfoW
lstrlenA
LoadLibraryW
GetConsoleCP
SetEvent
QueryPerformanceCounter
IsDebuggerPresent
EncodePointer
TlsAlloc
IsValidLocale
GetEnvironmentStringsW
FlushFileBuffers
GetModuleFileNameA
WaitForSingleObjectEx
RtlUnwind
GetStdHandle
DeleteCriticalSection
GetCurrentProcess
AddConsoleAliasA
GetFileType
GetConsoleMode
GetStringTypeW
GetCurrentProcessId
GetUserDefaultLCID
EnumSystemLocalesW
GetCommandLineW
GetCPInfo
UnhandledExceptionFilter
LoadLibraryExW
MultiByteToWideChar
HeapSize
SetFilePointerEx
FreeEnvironmentStringsW
GetCommandLineA
GetProcAddress
InitializeSListHead
GetLocaleInfoW
SetStdHandle
GetOEMCP
RaiseException
EraseTape
WideCharToMultiByte
TlsFree
FindFirstFileExA
SetUnhandledExceptionFilter
WriteFile
PulseEvent
CloseHandle
GetSystemTimeAsFileTime
FindNextFileA
GetSystemTimes
GetACP
HeapReAlloc
DecodePointer
GetModuleHandleW
ExitProcess
FreeLibrary
TerminateProcess
GetThreadPriority
CreateEventW
ResetEvent
GetModuleHandleExW
IsValidCodePage
FindFirstVolumeMountPointW
CreateFileW
FindClose
TlsGetValue
SetLastError
TlsSetValue
HeapAlloc
GetCurrentThreadId
GetProcessHeap
VirtualAlloc
WriteConsoleW
LeaveCriticalSection
GetWindowTextLengthA
GetLastInputInfo
PostMessageA
DestroyCursor
GetWindow
SetMenuInfo
DrawCaption
SetWindowsHookA
DeleteMenu
MapVirtualKeyW
Number of PE resources by type
RT_STRING 46
COBN 1
Number of PE resources by language
NEUTRAL 47
PE resources
Debug information
ExifTool file metadata
MIMEType
application/octet-stream

Subsystem
Windows GUI

MachineType
Intel 386 or later, and compatibles

FileTypeExtension
exe

TimeStamp
2018:05:31 16:09:46+01:00

FileType
Win32 EXE

PEType
PE32

CodeSize
124928

LinkerVersion
14.0

ImageFileCharacteristics
Executable, 32-bit

EntryPoint
0x70a5

InitializedDataSize
58103808

SubsystemVersion
5.1

ImageVersion
0.0

OSVersion
5.1

UninitializedDataSize
0

File identification
MD5 70c23b1530b914a33b77923bf7682ead
SHA1 886d0d17a27dc1460d3b7e35c966b799c77f3a9b
SHA256 8b978dcd327d62aedf0c6a6c9e730ee6699d5df68457e8b5fc0fad9c277aca31
ssdeep
3072:t7+Q/C41jifT1qVJOxB5dnQR6yjGReLqXAg0Fujo6KAypAUPoRDZTNKX:t7FtE1q+9dQR6fAOBXkLkZ0

authentihash 72098f95d045b373404f640c002fa4db14097f2b09e0f26036cdaad8c1e793e2
imphash 42f69a2fb6545ca647a85b9e1271562c
File size 241.5 KB ( 247296 bytes )
File type Win32 EXE
Magic literal
PE32 executable for MS Windows (GUI) Intel 80386 32-bit

TrID Win32 Executable MS Visual C++ (generic) (44.9%)
Win64 Executable (generic) (39.8%)
Win32 Executable (generic) (6.4%)
OS/2 Executable (generic) (2.9%)
Generic Win/DOS Executable (2.8%)
Tags
peexe

VirusTotal metadata
First submission 2018-06-01 04:35:18 UTC ( 8 months, 2 weeks ago )
Last submission 2018-06-23 00:10:27 UTC ( 7 months, 4 weeks ago )
File names 4d8cb1b6ea79a76dcfe4a98a037f64074f1969e8
loader.exe
No comments. No VirusTotal Community member has commented on this item yet, be the first one to do so!

Leave your comment...

?
Post comment

You have not signed in. Only registered users can leave comments, sign in and have a voice!

No votes. No one has voted on this item yet, be the first one to do so!
Condensed report! The following is a condensed report of the behaviour of the file when executed in a controlled environment. The actions and events described were either performed by the file itself or by any other process launched by the executed file or subjected to code injection by the executed file.
Runtime DLLs