× Cookies are disabled! This site requires cookies to be enabled to work properly
SHA256: 8f8446ffd8125933c8199dbbfcec45d332488998281d91a818cee3f25a56e22d
File name: XXX.exe
Detection ratio: 11 / 67
Analysis date: 2018-08-31 02:45:12 UTC ( 8 months, 3 weeks ago ) View latest
Antivirus Result Update
Antiy-AVL Trojan[PSW]/Win32.Fareit 20180831
Avast Win32:Malware-gen 20180831
AVG Win32:Malware-gen 20180831
Baidu Win32.Trojan.WisdomEyes.16070401.9500.9636 20180830
CrowdStrike Falcon (ML) malicious_confidence_80% (D) 20180723
Endgame malicious (high confidence) 20180730
Sophos ML heuristic 20180717
Jiangmin Trojan.PSW.Fareit.unj 20180830
McAfee-GW-Edition BehavesLike.Win32.Generic.dc 20180830
Microsoft Trojan:Win32/Fuerboos.C!cl 20180831
Qihoo-360 HEUR/QVM41.1.8B3D.Malware.Gen 20180831
Ad-Aware 20180830
AegisLab 20180831
AhnLab-V3 20180830
Alibaba 20180713
ALYac 20180831
Arcabit 20180831
Avast-Mobile 20180830
Avira (no cloud) 20180831
AVware 20180823
Babable 20180822
BitDefender 20180831
Bkav 20180831
CAT-QuickHeal 20180830
ClamAV 20180830
CMC 20180830
Comodo 20180830
Cybereason 20180225
Cylance 20180831
Cyren 20180831
DrWeb 20180831
eGambit 20180831
Emsisoft 20180831
ESET-NOD32 20180831
F-Prot 20180831
F-Secure 20180831
Fortinet 20180831
GData 20180831
Ikarus 20180830
K7AntiVirus 20180829
K7GW 20180830
Kaspersky 20180831
Kingsoft 20180831
Malwarebytes 20180831
MAX 20180831
McAfee 20180831
eScan 20180831
NANO-Antivirus 20180831
Palo Alto Networks (Known Signatures) 20180831
Panda 20180830
Rising 20180831
SentinelOne (Static ML) 20180830
Sophos AV 20180831
SUPERAntiSpyware 20180831
Symantec 20180830
Symantec Mobile Insight 20180829
TACHYON 20180831
Tencent 20180831
TheHacker 20180829
TotalDefense 20180830
TrendMicro 20180831
TrendMicro-HouseCall 20180831
Trustlook 20180831
VBA32 20180830
VIPRE 20180830
ViRobot 20180830
Webroot 20180831
Yandex 20180830
ZoneAlarm by Check Point 20180830
Zoner 20180830
The file being studied is a Portable Executable file! More specifically, it is a Win32 EXE file for the Windows GUI subsystem.
FileVersionInfo properties
Packers identified
F-PROT ZIP
PE header basic information
Target machine Intel 386 or later processors and compatible processors
Compilation timestamp 2016-02-03 19:38:31
Entry Point 0x00011CBC
Number of sections 4
PE sections
Overlays
MD5 ae2cab6d81c60b1cec85d6bbd5e1b632
File type application/zip
Offset 257024
Size 733970
Entropy 8.00
PE imports
GetStdHandle
GetConsoleOutputCP
FileTimeToSystemTime
WaitForSingleObject
GetFileAttributesW
GetLocalTime
FreeEnvironmentStringsA
DeleteCriticalSection
GetCurrentProcess
OpenFileMappingW
GetConsoleMode
GetLocaleInfoA
LocalAlloc
FreeEnvironmentStringsW
GetLocaleInfoW
SetStdHandle
GetCPInfo
GetStringTypeA
InterlockedExchange
WriteFile
GetSystemTimeAsFileTime
HeapReAlloc
GetStringTypeW
GetExitCodeProcess
AllocConsole
TlsGetValue
MoveFileW
SetFileAttributesW
SetLastError
GetModuleFileNameW
IsDebuggerPresent
HeapAlloc
GetModuleFileNameA
FindClose
UnhandledExceptionFilter
InterlockedDecrement
MultiByteToWideChar
FoldStringW
GetModuleHandleA
GetFullPathNameW
SetEnvironmentVariableW
MoveFileExW
GetSystemDirectoryW
SetUnhandledExceptionFilter
TzSpecificLocalTimeToSystemTime
TerminateProcess
WriteConsoleA
SetCurrentDirectoryW
GlobalAlloc
LocalFileTimeToFileTime
SetEndOfFile
GetCurrentThreadId
InterlockedIncrement
GetNumberFormatW
WriteConsoleW
InitializeCriticalSectionAndSpinCount
HeapFree
EnterCriticalSection
SetHandleCount
LoadLibraryW
GetVersionExW
FreeLibrary
QueryPerformanceCounter
GetTickCount
TlsAlloc
FlushFileBuffers
LoadLibraryA
RtlUnwind
GetStartupInfoA
GetDateFormatW
CreateDirectoryW
DeleteFileW
GetProcAddress
CreateFileMappingW
GetTimeFormatW
ExpandEnvironmentStringsW
FindNextFileW
FreeConsole
FindFirstFileW
CreateFileW
GetFileType
TlsSetValue
CreateFileA
ExitProcess
LeaveCriticalSection
GetLastError
AttachConsole
SystemTimeToFileTime
LCMapStringW
UnmapViewOfFile
GetConsoleCP
FindResourceW
LCMapStringA
CompareStringW
GetEnvironmentStringsW
IsDBCSLeadByte
FileTimeToLocalFileTime
GetEnvironmentStrings
GetCurrentDirectoryW
GetCurrentProcessId
SetFileTime
GetCommandLineW
WideCharToMultiByte
HeapSize
GetCommandLineA
RaiseException
MapViewOfFile
TlsFree
SetFilePointer
ReadFile
CloseHandle
GetACP
GetModuleHandleW
IsValidCodePage
HeapCreate
GetTempPathW
VirtualFree
Sleep
VirtualAlloc
GetOEMCP
Number of PE resources by type
RT_STRING 10
RT_DIALOG 6
RT_ICON 4
RT_GROUP_ICON 4
RT_MANIFEST 1
RT_BITMAP 1
Number of PE resources by language
ENGLISH US 20
NEUTRAL 6
PE resources
Debug information
ExifTool file metadata
MIMEType
application/octet-stream

Subsystem
Windows GUI

MachineType
Intel 386 or later, and compatibles

FileTypeExtension
exe

TimeStamp
2016:02:03 20:38:31+01:00

FileType
Win32 EXE

PEType
PE32

CodeSize
117760

LinkerVersion
9.0

ImageFileCharacteristics
No relocs, Executable, 32-bit

EntryPoint
0x11cbc

InitializedDataSize
325632

SubsystemVersion
5.0

ImageVersion
0.0

OSVersion
5.0

UninitializedDataSize
0

File identification
MD5 15c69ca1106082922dbb85df06685cee
SHA1 6bdaf1f1f04e393bf36a4a6d4ee0182761276c19
SHA256 8f8446ffd8125933c8199dbbfcec45d332488998281d91a818cee3f25a56e22d
ssdeep
24576:nDTLDz+ErXxii3zof01AXFZaO6U3Ql7arRah+I:HImoHH36irR7I

authentihash 32c09fc4f2c1b5d5d386bfd3a2eb09e0ab5d33121775fa41c34a295586c5ec9d
imphash 0b53c587d92252505a138d0d9f3f823f
File size 967.8 KB ( 990994 bytes )
File type Win32 EXE
Magic literal
PE32 executable for MS Windows (GUI) Intel 80386 32-bit

TrID WinRAR Self Extracting archive (4.x-5.x) (91.4%)
Win32 Executable MS Visual C++ (generic) (3.4%)
Win64 Executable (generic) (3.0%)
Win32 Dynamic Link Library (generic) (0.7%)
Win32 Executable (generic) (0.5%)
Tags
peexe overlay

VirusTotal metadata
First submission 2018-08-31 02:45:12 UTC ( 8 months, 3 weeks ago )
Last submission 2018-08-31 02:45:12 UTC ( 8 months, 3 weeks ago )
File names XXX.exe
Advanced heuristic and reputation engines
No comments. No VirusTotal Community member has commented on this item yet, be the first one to do so!

Leave your comment...

?
Post comment

You have not signed in. Only registered users can leave comments, sign in and have a voice!

No votes. No one has voted on this item yet, be the first one to do so!
Condensed report! The following is a condensed report of the behaviour of the file when executed in a controlled environment. The actions and events described were either performed by the file itself or by any other process launched by the executed file or subjected to code injection by the executed file.
Opened files
Read files
Runtime DLLs