× Cookies are disabled! This site requires cookies to be enabled to work properly
SHA256: 8ddad869f3b7bfa555890ee3cf503577e02c8599dd79b51dc458862f6f2843e7
File name: tyltl.exe
Detection ratio: 15 / 65
Analysis date: 2017-08-03 10:23:11 UTC ( 1 year, 8 months ago ) View latest
Antivirus Result Update
AhnLab-V3 Trojan/Win32.Trickster.C2068989 20170802
AVware Trojan-Downloader.Win32.Upatre.tfl (v) 20170803
Baidu Win32.Trojan.WisdomEyes.16070401.9500.9995 20170803
CrowdStrike Falcon (ML) malicious_confidence_100% (D) 20170710
Cylance Unsafe 20170803
Endgame malicious (high confidence) 20170721
ESET-NOD32 a variant of Win32/GenKryptik.AQUK 20170803
Sophos ML heuristic 20170607
Palo Alto Networks (Known Signatures) generic.ml 20170803
Qihoo-360 HEUR/QVM06.1.EA19.Malware.Gen 20170803
Rising Malware.Heuristic!ET#97% (rdm+) 20170803
SentinelOne (Static ML) static engine - malicious 20170718
VIPRE Trojan-Downloader.Win32.Upatre.tfl (v) 20170803
Webroot W32.Trojan.Gen 20170803
WhiteArmor Malware.HighConfidence 20170731
Ad-Aware 20170803
AegisLab 20170803
Alibaba 20170803
ALYac 20170803
Antiy-AVL 20170803
Arcabit 20170803
Avast 20170803
AVG 20170803
Avira (no cloud) 20170803
BitDefender 20170803
Bkav 20170803
CAT-QuickHeal 20170803
ClamAV 20170803
CMC 20170803
Comodo 20170803
Cyren 20170803
DrWeb 20170803
Emsisoft 20170803
F-Prot 20170803
F-Secure 20170803
Fortinet 20170803
GData 20170803
Ikarus 20170803
Jiangmin 20170803
K7AntiVirus 20170803
K7GW 20170803
Kaspersky 20170803
Kingsoft 20170803
Malwarebytes 20170803
MAX 20170803
McAfee 20170803
McAfee-GW-Edition 20170803
Microsoft 20170803
eScan 20170803
NANO-Antivirus 20170803
nProtect 20170803
Panda 20170802
Sophos AV 20170803
SUPERAntiSpyware 20170803
Symantec 20170803
Symantec Mobile Insight 20170803
Tencent 20170803
TheHacker 20170801
TotalDefense 20170803
TrendMicro 20170803
TrendMicro-HouseCall 20170803
Trustlook 20170803
VBA32 20170801
ViRobot 20170803
Yandex 20170801
Zillya 20170803
ZoneAlarm by Check Point 20170803
Zoner 20170803
The file being studied is a Portable Executable file! More specifically, it is a Win32 EXE file for the Windows GUI subsystem.
PE header basic information
Target machine Intel 386 or later processors and compatible processors
Compilation timestamp 2016-01-18 22:00:21
Entry Point 0x00010D92
Number of sections 4
PE sections
PE imports
RegOpenKeyExA
RegQueryValueExA
RegCloseKey
InitCommonControlsEx
DeleteDC
SelectObject
GetStockObject
CreateCompatibleDC
DeleteObject
CreateCompatibleBitmap
HeapAlloc
lstrlenA
lstrcmpA
GetModuleHandleA
lstrcatA
GetLastError
GetCurrentDirectoryA
GetStartupInfoA
ExitProcess
CreateFileA
GetCommandLineA
GetProcessHeap
SetFocus
GetMessageA
BeginPaint
PostQuitMessage
DefWindowProcA
RemoveMenu
GetWindowRect
DispatchMessageA
EndPaint
RegisterClipboardFormatA
MessageBoxA
TranslateMessage
RegisterClassExA
RemovePropA
LoadStringA
ScrollWindow
SendMessageA
GetClientRect
ScreenToClient
LoadAcceleratorsA
CreateWindowExA
LoadCursorA
TranslateAcceleratorA
GetDesktopWindow
EnableWindow
DestroyWindow
ExifTool file metadata
MIMEType
application/octet-stream

Subsystem
Windows GUI

SubsystemVersion
4.0

MachineType
Intel 386 or later, and compatibles

TimeStamp
2016:01:18 23:00:21+01:00

FileType
Win32 EXE

PEType
PE32

CodeSize
159744

LinkerVersion
7.1

FileTypeExtension
exe

InitializedDataSize
372736

ImageFileCharacteristics
No relocs, Executable, No line numbers, No symbols, 32-bit

EntryPoint
0x10d92

OSVersion
4.0

ImageVersion
0.0

UninitializedDataSize
0

Compressed bundles
File identification
MD5 557a274385122584dfea6fe4078945bc
SHA1 998fb0c934fd1a098c7ad10e81b9092f803eb4d6
SHA256 8ddad869f3b7bfa555890ee3cf503577e02c8599dd79b51dc458862f6f2843e7
ssdeep
12288:18v3bywuFHQevpYntpYEnVWAuqmyUcjQce:18vLZoxItXnVWAzZUAe

authentihash 045e3f3fce3d3e94cb5dcdf84c8f32a707e6400eaedcc4d4dbef0d9ef50bfdce
imphash 64bde87347ffa8eb95b518e6fe83c48d
File size 524.0 KB ( 536576 bytes )
File type Win32 EXE
Magic literal
PE32 executable for MS Windows (GUI) Intel 80386 32-bit

TrID Win32 Executable MS Visual C++ (generic) (41.0%)
Win64 Executable (generic) (36.3%)
Win32 Dynamic Link Library (generic) (8.6%)
Win32 Executable (generic) (5.9%)
OS/2 Executable (generic) (2.6%)
Tags
peexe

VirusTotal metadata
First submission 2017-08-03 10:23:11 UTC ( 1 year, 8 months ago )
Last submission 2018-10-23 21:46:33 UTC ( 5 months, 3 weeks ago )
File names VirusShare_557a274385122584dfea6fe4078945bc
tyltl.exe
Samp(33)(1).vir.rename
logo.png
sxksk.exe
8ddad869f3b7bfa555890ee3cf503577e02c8599dd79b51dc458862f6f2843e7.bin
sxksk.exe
tyltl.exe
Trickbot-binary-from-carriereiserphotography.com.exe
Advanced heuristic and reputation engines
No comments. No VirusTotal Community member has commented on this item yet, be the first one to do so!

Leave your comment...

?
Post comment

You have not signed in. Only registered users can leave comments, sign in and have a voice!

No votes. No one has voted on this item yet, be the first one to do so!
Condensed report! The following is a condensed report of the behaviour of the file when executed in a controlled environment. The actions and events described were either performed by the file itself or by any other process launched by the executed file or subjected to code injection by the executed file.
Opened files
Read files
Written files
Copied files
Created processes
Created mutexes
Opened mutexes
Runtime DLLs
HTTP requests
DNS requests
TCP connections
UDP communications