× Cookies are disabled! This site requires cookies to be enabled to work properly
SHA256: 91a1122ed7497815e96fdbb70ea31b381b5243e2b7d81750bf6f6c5ca12d3cee
File name: 2.exe
Detection ratio: 45 / 70
Analysis date: 2018-12-23 01:19:57 UTC ( 1 month, 4 weeks ago ) View latest
Antivirus Result Update
Ad-Aware DeepScan:Generic.Malware.V!w.8433D514 20181222
AhnLab-V3 Malware/Win32.Generic.C2823119 20181222
ALYac DeepScan:Generic.Malware.V!w.8433D514 20181222
Arcabit DeepScan:Generic.Malware.V!w.8433D514 20181222
Avast Win32:Malware-gen 20181222
AVG Win32:Malware-gen 20181222
Avira (no cloud) TR/Qhost.lawkr 20181222
BitDefender DeepScan:Generic.Malware.V!w.8433D514 20181222
Bkav W32.QhostTA.Trojan 20181221
Comodo Malware@#36h74thetydc6 20181223
CrowdStrike Falcon (ML) malicious_confidence_60% (W) 20181022
Cybereason malicious.2ad446 20180225
Cylance Unsafe 20181223
DrWeb Trojan.MulDrop8.58040 20181223
Emsisoft DeepScan:Generic.Malware.V!w.8433D514 (B) 20181223
Endgame malicious (high confidence) 20181108
F-Secure DeepScan:Generic.Malware.V!w.8433D514 20181223
Fortinet W32/Hosts2!tr 20181223
GData DeepScan:Generic.Malware.V!w.8433D514 20181223
Ikarus Trojan.Win32.Qhost 20181223
Sophos ML heuristic 20181128
Jiangmin Trojan.Hosts2.buq 20181223
K7AntiVirus Riskware ( 0040eff71 ) 20181222
K7GW Riskware ( 0040eff71 ) 20181222
Kaspersky Trojan.Win32.Hosts2.gen 20181223
MAX malware (ai score=100) 20181223
McAfee GenericR-OET!4009EE32AD44 20181222
McAfee-GW-Edition BehavesLike.Win32.PWSZbot.cm 20181222
Microsoft Trojan:Win32/Qhost 20181222
eScan DeepScan:Generic.Malware.V!w.8433D514 20181222
NANO-Antivirus Trojan.Win32.Hosts2.fkfday 20181222
Palo Alto Networks (Known Signatures) generic.ml 20181223
Panda Generic Malware 20181222
Qihoo-360 Win32/Trojan.503 20181223
Rising Trojan.Hosts2!8.2FB (CLOUD) 20181222
SentinelOne (Static ML) static engine - malicious 20181011
Sophos AV Mal/Generic-S 20181222
Symantec Trojan.Gen.2 20181222
TrendMicro TROJ_GEN.R039C0DLH18 20181222
TrendMicro-HouseCall TROJ_GEN.R039C0DLH18 20181222
VBA32 Win32.Trojan.Hoster.Heur 20181222
Webroot W32.Trojan.Gen 20181223
Yandex Trojan.Agent!TiwU9vSVCvU 20181221
Zillya Trojan.Hosts2.Win32.2988 20181222
ZoneAlarm by Check Point Trojan.Win32.Hosts2.gen 20181222
Acronis 20181222
AegisLab 20181222
Alibaba 20180921
Antiy-AVL 20181222
Avast-Mobile 20181222
Babable 20180918
Baidu 20181207
CAT-QuickHeal 20181222
ClamAV 20181223
CMC 20181223
Cyren 20181223
eGambit 20181223
ESET-NOD32 20181222
F-Prot 20181223
Kingsoft 20181223
Malwarebytes 20181223
SUPERAntiSpyware 20181220
Symantec Mobile Insight 20181215
TACHYON 20181222
Tencent 20181223
TheHacker 20181220
TotalDefense 20181222
Trapmine 20181205
Trustlook 20181223
ViRobot 20181222
Zoner 20181222
The file being studied is a Portable Executable file! More specifically, it is a Win32 EXE file for the Windows GUI subsystem.
FileVersionInfo properties
PE header basic information
Target machine Intel 386 or later processors and compatible processors
Compilation timestamp 2018-11-07 09:31:02
Entry Point 0x00002350
Number of sections 5
PE sections
PE imports
GetLastError
InitializeCriticalSectionAndSpinCount
HeapFree
GetSystemTimeAsFileTime
EnterCriticalSection
LCMapStringW
GetModuleFileNameW
GetConsoleCP
FreeLibrary
QueryPerformanceCounter
IsDebuggerPresent
EncodePointer
TlsAlloc
GetOEMCP
GetEnvironmentStringsW
FlushFileBuffers
RtlUnwind
FindFirstFileExW
GetStdHandle
DeleteCriticalSection
GetCurrentProcess
GetStartupInfoW
GetConsoleMode
DecodePointer
GetFileSize
GetCommandLineW
GetCPInfo
UnhandledExceptionFilter
LoadLibraryExW
MultiByteToWideChar
HeapSize
SetFilePointerEx
FreeEnvironmentStringsW
GetCommandLineA
GetProcAddress
InitializeSListHead
GetProcessHeap
SetStdHandle
RaiseException
WideCharToMultiByte
TlsFree
SetFilePointer
FindNextFileW
SetUnhandledExceptionFilter
WriteFile
CloseHandle
IsProcessorFeaturePresent
GetACP
HeapReAlloc
GetStringTypeW
GetModuleHandleW
HeapAlloc
TerminateProcess
GetModuleHandleExW
IsValidCodePage
SetLastError
CreateFileW
FindClose
TlsGetValue
GetFileType
TlsSetValue
ExitProcess
GetCurrentThreadId
GetCurrentProcessId
WriteConsoleW
LeaveCriticalSection
SHGetFolderPathW
PathAppendW
MessageBoxA
Number of PE resources by type
RT_ICON 18
RT_GROUP_ICON 2
RT_DIALOG 1
RT_MANIFEST 1
RT_STRING 1
RT_MENU 1
RT_ACCELERATOR 1
Number of PE resources by language
RUSSIAN 24
ENGLISH US 1
PE resources
Debug information
ExifTool file metadata
MIMEType
application/octet-stream

Subsystem
Windows GUI

MachineType
Intel 386 or later, and compatibles

FileTypeExtension
exe

TimeStamp
2018:11:07 10:31:02+01:00

FileType
Win32 EXE

PEType
PE32

CodeSize
53760

LinkerVersion
14.15

ImageFileCharacteristics
Executable, 32-bit

EntryPoint
0x2350

InitializedDataSize
134656

SubsystemVersion
6.0

ImageVersion
0.0

OSVersion
6.0

UninitializedDataSize
0

File identification
MD5 4009ee32ad44697619cee80616220782
SHA1 d6d5c6de08e3a68cc64a5f8258e0ad46511a1af5
SHA256 91a1122ed7497815e96fdbb70ea31b381b5243e2b7d81750bf6f6c5ca12d3cee
ssdeep
3072:xLhuMU5azUoeYUbMZdislQRkm97Czjw3:xLhG1Zg0v90E3

authentihash 205dd3ab7c0a377dbf5b03b217d21a260a246a13625996964e31cb38d42c51df
imphash af0ebbe5540f0f27dc9c73953ed798f7
File size 182.0 KB ( 186368 bytes )
File type Win32 EXE
Magic literal
PE32 executable for MS Windows (GUI) Intel 80386 32-bit

TrID Win64 Executable (generic) (61.7%)
Win32 Dynamic Link Library (generic) (14.7%)
Win32 Executable (generic) (10.0%)
OS/2 Executable (generic) (4.5%)
Generic Win/DOS Executable (4.4%)
Tags
peexe

VirusTotal metadata
First submission 2018-12-18 23:34:39 UTC ( 2 months ago )
Last submission 2018-12-20 00:12:14 UTC ( 2 months ago )
File names 2.exe
2.exe
2.exe
2.exe
2.exe
2.exe
2.exe
2.exe
No comments. No VirusTotal Community member has commented on this item yet, be the first one to do so!

Leave your comment...

?
Post comment

You have not signed in. Only registered users can leave comments, sign in and have a voice!

No votes. No one has voted on this item yet, be the first one to do so!