× Cookies are disabled! This site requires cookies to be enabled to work properly
SHA256: 9293434107ba6fbe585984c63f399f290946942ac157176bed9456332380e4aa
File name: e597364eafa1ddfe0ed7d6fdb088367aa79a1d1e
Detection ratio: 20 / 66
Analysis date: 2018-01-01 06:01:55 UTC ( 1 year, 3 months ago ) View latest
Antivirus Result Update
AegisLab Troj.W32.Delikle!c 20180101
Baidu Win32.Trojan.WisdomEyes.16070401.9500.9996 20171227
CrowdStrike Falcon (ML) malicious_confidence_90% (W) 20171016
Cylance Unsafe 20180101
eGambit Unsafe.AI_Score_79% 20180101
Endgame malicious (high confidence) 20171130
ESET-NOD32 a variant of Win32/Kryptik.GBAZ 20180101
Fortinet W32/Kryptik.GBAZ!tr 20180101
Sophos ML heuristic 20170914
Kaspersky Trojan.Win32.Delikle.bvc 20180101
Malwarebytes Trojan.MalPack.Generic 20180101
McAfee Artemis!F272C7D2DE5A 20180101
McAfee-GW-Edition BehavesLike.Win32.Ransom.dc 20180101
Palo Alto Networks (Known Signatures) generic.ml 20180101
Qihoo-360 Win32/Trojan.cf3 20180101
Rising Malware.Obscure/Heur!1.A89E (CLASSIC) 20171230
Sophos AV Mal/Generic-S 20180101
Tencent Suspicious.Heuristic.Gen.b.0 20180101
VBA32 BScope.Malware-Cryptor.Hlux 20171229
ZoneAlarm by Check Point Trojan.Win32.Delikle.bvc 20180101
Ad-Aware 20171225
Alibaba 20171229
ALYac 20180101
Antiy-AVL 20180101
Arcabit 20180101
Avast 20180101
Avast-Mobile 20171231
AVG 20180101
Avira (no cloud) 20171231
BitDefender 20180101
Bkav 20171229
CAT-QuickHeal 20180101
ClamAV 20180101
CMC 20180101
Comodo 20180101
Cybereason 20171103
Cyren 20180101
DrWeb 20180101
Emsisoft 20180101
F-Prot 20180101
F-Secure 20180101
GData 20180101
Ikarus 20171231
Jiangmin 20180101
K7AntiVirus 20180101
K7GW 20180101
Kingsoft 20180101
MAX 20180101
Microsoft 20171231
eScan 20180101
NANO-Antivirus 20180101
nProtect 20171231
Panda 20171231
SentinelOne (Static ML) 20171224
SUPERAntiSpyware 20180101
Symantec 20171231
TheHacker 20171229
TotalDefense 20180101
TrendMicro 20180101
TrendMicro-HouseCall 20180101
Trustlook 20180101
VIPRE 20180101
ViRobot 20180101
Webroot 20180101
WhiteArmor 20171226
Yandex 20171229
Zillya 20171231
Zoner 20180101
The file being studied is a Portable Executable file! More specifically, it is a Win32 EXE file for the Windows GUI subsystem.
FileVersionInfo properties
Copyright
Copyright (C) 2017, dfgdhfjk

Internal name hrtoeruy.exe
File version 1.0.0.0
PE header basic information
Target machine Intel 386 or later processors and compatible processors
Compilation timestamp 2017-12-29 16:13:12
Entry Point 0x00002F2B
Number of sections 5
PE sections
PE imports
GetUserNameA
InitiateSystemShutdownA
GetSecurityDescriptorControl
OpenEventLogA
LookupPrivilegeNameW
HeapSize
GetLastError
InitializeCriticalSectionAndSpinCount
HeapFree
GetStdHandle
EnterCriticalSection
SetStdHandle
SetHandleCount
LoadLibraryW
GetConsoleCP
GetOEMCP
QueryPerformanceCounter
IsDebuggerPresent
GetProcessTimes
TlsAlloc
FlushFileBuffers
GetEnvironmentStringsW
GetLocaleInfoW
GetModuleFileNameA
RtlUnwind
GetACP
FreeLibrary
HeapSetInformation
GetCurrentProcess
EnumSystemLocalesA
GetConsoleMode
GetLocaleInfoA
LocalAlloc
AddAtomA
lstrcatA
WriteConsoleW
GetModuleHandleW
WideCharToMultiByte
UnhandledExceptionFilter
TlsGetValue
MultiByteToWideChar
GetStartupInfoW
FreeEnvironmentStringsW
GetCommandLineA
GetUserDefaultLCID
GetCurrentThread
ExitProcess
LCMapStringW
RaiseException
GetCPInfo
GetModuleFileNameW
TlsFree
SetFilePointer
GetSystemTimeAsFileTime
DeleteCriticalSection
InterlockedExchange
SetUnhandledExceptionFilter
WriteFile
SetConsoleCtrlHandler
CloseHandle
IsProcessorFeaturePresent
GetProcessWorkingSetSize
SetProcessAffinityMask
ExitThread
HeapReAlloc
DecodePointer
GetProcAddress
HeapAlloc
TerminateProcess
InterlockedDecrement
IsValidCodePage
HeapCreate
CreateFileW
IsValidLocale
GetStringTypeW
FatalAppExitA
HeapDestroy
Sleep
GetFileType
GetTickCount
TlsSetValue
EncodePointer
GetCurrentThreadId
InterlockedIncrement
GetCurrentProcessId
SetLastError
LeaveCriticalSection
AlphaBlend
TransparentBlt
GradientFill
Number of PE resources by type
RT_ICON 2
PXLXQP 1
RT_ACCELERATOR 1
RT_BITMAP 1
RT_VERSION 1
RT_GROUP_ICON 1
Number of PE resources by language
NEUTRAL 5
ENGLISH UK 2
PE resources
ExifTool file metadata
UninitializedDataSize
0

LinkerVersion
10.0

ImageVersion
0.0

FileVersionNumber
1.0.0.0

LanguageCode
English (British)

FileFlagsMask
0x003f

ImageFileCharacteristics
Executable, 32-bit

CharacterSet
Unicode

InitializedDataSize
1192960

EntryPoint
0x2f2b

MIMEType
application/octet-stream

LegalCopyright
Copyright (C) 2017, dfgdhfjk

FileVersion
1.0.0.0

TimeStamp
2017:12:29 17:13:12+01:00

FileType
Win32 EXE

PEType
PE32

InternalName
hrtoeruy.exe

ProductVersion
1.0.0.0

SubsystemVersion
5.1

OSVersion
5.1

FileOS
Windows NT 32-bit

Subsystem
Windows GUI

MachineType
Intel 386 or later, and compatibles

CodeSize
131584

FileSubtype
0

ProductVersionNumber
1.0.0.0

FileTypeExtension
exe

ObjectFileType
Executable application

Compressed bundles
File identification
MD5 f272c7d2de5a4a3baba8352382bc202d
SHA1 b421e01c56a4f9a3abdcd5f17913164babc6308a
SHA256 9293434107ba6fbe585984c63f399f290946942ac157176bed9456332380e4aa
ssdeep
6144:j9HcH8ycD2InePWTNL95VCfgZltsSLUwBh/uie:hHcH8ycD5nPJhsgZltsSLUwBh/uie

authentihash dbbd20f9d74f17fbe34be3e9ae40351199e3dfb927d28b070ab51493de4a3172
imphash 45c5bcb9e922da8c59452b5210a41198
File size 256.5 KB ( 262656 bytes )
File type Win32 EXE
Magic literal
PE32 executable for MS Windows (GUI) Intel 80386 32-bit

TrID Win32 Executable MS Visual C++ (generic) (41.0%)
Win64 Executable (generic) (36.3%)
Win32 Dynamic Link Library (generic) (8.6%)
Win32 Executable (generic) (5.9%)
OS/2 Executable (generic) (2.6%)
Tags
peexe

VirusTotal metadata
First submission 2018-01-01 01:09:17 UTC ( 1 year, 3 months ago )
Last submission 2018-01-01 01:09:17 UTC ( 1 year, 3 months ago )
File names hrtoeruy.exe
e597364eafa1ddfe0ed7d6fdb088367aa79a1d1e
1007-b421e01c56a4f9a3abdcd5f17913164babc6308a
No comments. No VirusTotal Community member has commented on this item yet, be the first one to do so!

Leave your comment...

?
Post comment

You have not signed in. Only registered users can leave comments, sign in and have a voice!

No votes. No one has voted on this item yet, be the first one to do so!
Condensed report! The following is a condensed report of the behaviour of the file when executed in a controlled environment. The actions and events described were either performed by the file itself or by any other process launched by the executed file or subjected to code injection by the executed file.
Opened files
Read files
Written files
Created processes
Created mutexes
Opened mutexes
Runtime DLLs