× Cookies are disabled! This site requires cookies to be enabled to work properly
SHA256: 936ea464f68d2f559cbbd9a415b3ded6a6f2ebb51fc04d2669392c5b2135376d
File name: g2F78.tmp
Detection ratio: 43 / 61
Analysis date: 2017-05-03 20:56:06 UTC ( 3 months, 2 weeks ago )
Antivirus Result Update
Ad-Aware Trojan.Generic.20350958 20170503
AegisLab Ml.Attribute.Veryhighconfidence.[Suspicious!c 20170503
AhnLab-V3 Trojan/Win32.Wdfload.C1773993 20170503
Antiy-AVL Trojan/Win32.BTSGeneric 20170503
Arcabit Trojan.Generic.D13687EE 20170503
Avast Win32:Malware-gen 20170503
AVG Atros4.CCXL 20170503
Avira (no cloud) TR/Wdfload.crqun 20170503
AVware Trojan.Win32.Generic!BT 20170503
Baidu Win32.Trojan.WisdomEyes.16070401.9500.9714 20170503
BitDefender Trojan.Generic.20350958 20170503
CAT-QuickHeal Trojan.Wdfload 20170503
Comodo ApplicUnwnt 20170503
Cyren W32/Trojan.ZIMO-3855 20170503
Emsisoft Trojan.Generic.20350958 (B) 20170503
Endgame malicious (high confidence) 20170503
ESET-NOD32 a variant of Win32/Wdfload.G 20170503
F-Secure Trojan.Generic.20350958 20170503
Fortinet W32/Wdfload.G!tr 20170503
GData Trojan.Generic.20350958 20170503
Ikarus Trojan.Win32.Wdfload 20170503
Jiangmin Trojan.Wdfload.e 20170503
K7AntiVirus Trojan ( 00502e171 ) 20170503
K7GW Trojan ( 00502e171 ) 20170426
Kaspersky Trojan.Win32.Wdfload.f 20170503
Malwarebytes Adware.Elex 20170503
McAfee RDN/Generic.dx 20170503
McAfee-GW-Edition RDN/Generic.dx 20170503
eScan Trojan.Generic.20350958 20170503
NANO-Antivirus Trojan.Win32.Wdfload.eksxdq 20170503
Palo Alto Networks (Known Signatures) generic.ml 20170503
Panda Trj/CI.A 20170503
Sophos AV Mal/Generic-S 20170503
Symantec Trojan.Gen 20170503
Tencent Win32.Trojan.Wdfload.Dvpo 20170503
TheHacker Trojan/Wdfload.g 20170429
TrendMicro-HouseCall TROJ_GEN.R08OC0EAN17 20170503
VBA32 Trojan.Wdfload 20170503
VIPRE Trojan.Win32.Generic!BT 20170503
ViRobot Trojan.Win32.Z.Wdfload.248832[h] 20170503
Webroot W32.Adware.Gen 20170503
Yandex Trojan.Wdfload! 20170503
ZoneAlarm by Check Point Trojan.Win32.Wdfload.f 20170503
Alibaba 20170503
ALYac 20170503
Bkav 20170503
CMC 20170503
CrowdStrike Falcon (ML) 20170130
DrWeb 20170503
F-Prot 20170503
Sophos ML 20170413
Kingsoft 20170503
Microsoft 20170503
nProtect 20170503
Qihoo-360 20170503
Rising 20170503
SentinelOne (Static ML) 20170330
SUPERAntiSpyware 20170503
Symantec Mobile Insight 20170503
TotalDefense 20170426
TrendMicro 20170503
WhiteArmor 20170502
Zillya 20170503
Zoner 20170503
The file being studied is a Portable Executable file! More specifically, it is a Win32 EXE file for the Windows GUI subsystem.
PE header basic information
Target machine Intel 386 or later processors and compatible processors
Compilation timestamp 2017-01-15 22:30:53
Entry Point 0x000014C0
Number of sections 9
PE sections
PE imports
RegSaveKeyA
OpenProcessToken
BackupEventLogA
RegSetValueExA
RegDeleteValueA
RegCreateKeyExA
AbortSystemShutdownA
RegSetKeySecurity
GetLastError
EnterCriticalSection
FreeLibrary
QueryPerformanceCounter
GetTickCount
VirtualProtect
LoadLibraryA
GetModuleFileNameA
DeleteCriticalSection
GetCurrentProcess
GetCurrentProcessId
DeleteFileA
UnhandledExceptionFilter
GetProcAddress
RegisterWaitForSingleObject
WideCharToMultiByte
GetModuleHandleA
SetUnhandledExceptionFilter
GetStartupInfoA
CloseHandle
GetSystemTimeAsFileTime
GetCurrentThreadId
SetEvent
LocalFree
TerminateProcess
InitializeCriticalSection
VirtualQuery
CreateEventA
TlsGetValue
Sleep
IsBadStringPtrA
PrepareTape
SetCurrentDirectoryA
LeaveCriticalSection
VarMonthName
SafeArrayGetLBound
SystemTimeToVariantTime
SysStringByteLen
DosDateTimeToVariantTime
VariantCopyInd
VariantClear
SafeArrayCreate
SafeArrayAllocDescriptorEx
BstrFromVector
VariantTimeToSystemTime
GetRecordInfoFromTypeInfo
SysAllocStringByteLen
SafeArrayLock
VarParseNumFromStr
CommandLineToArgvW
CharPrevA
GetMessageA
CreateIconIndirect
CreateCaret
ClipCursor
PostQuitMessage
DefWindowProcA
CheckMenuRadioItem
BeginDeferWindowPos
DispatchMessageA
TranslateMessage
DestroyCaret
CreateCursor
CreatePopupMenu
SendMessageA
SetTimer
RegisterClassA
FindWindowExA
CreateWindowExA
LoadCursorA
LoadIconA
CreateIconFromResource
PostThreadMessageA
DestroyWindow
WSASocketA
WSAInstallServiceClassA
WSAGetServiceClassNameByClassIdA
WSAStringToAddressA
WSARecvFrom
WSAResetEvent
WSANtohs
strncmp
__lconv_init
malloc
fread
fclose
__dllonexit
_cexit
abort
fprintf
fopen
_fmode
_amsg_exit
fwrite
_lock
_onexit
__initenv
exit
tmpnam
__setusermatherr
_acmdln
_unlock
free
vfprintf
__getmainargs
calloc
strlen
memcpy
signal
remove
_initterm
__set_app_type
_iob
CoUnmarshalHresult
CoTaskMemAlloc
CoLockObjectExternal
CoCreateGuid
CoImpersonateClient
CreateBindCtx
CoIsHandlerConnected
CoCopyProxy
CoReleaseMarshalData
CoTaskMemFree
CoRevokeMallocSpy
Number of PE resources by type
RT_ICON 8
RT_MANIFEST 1
RT_GROUP_ICON 1
Number of PE resources by language
NEUTRAL 10
PE resources
ExifTool file metadata
MIMEType
application/octet-stream

Subsystem
Windows GUI

MachineType
Intel 386 or later, and compatibles

FileTypeExtension
exe

TimeStamp
2017:01:15 23:30:53+01:00

FileType
Win32 EXE

PEType
PE32

CodeSize
70144

LinkerVersion
2.27

EntryPoint
0x14c0

InitializedDataSize
247808

SubsystemVersion
4.0

ImageVersion
1.0

OSVersion
4.0

UninitializedDataSize
1536

Execution parents
File identification
MD5 13408fa9db4a7e858c44044cdd7ef711
SHA1 1e024c1281b760bf26e7988fe35b14faf73210c8
SHA256 936ea464f68d2f559cbbd9a415b3ded6a6f2ebb51fc04d2669392c5b2135376d
ssdeep
1536:Q8CLcYdOe7F4aYgvZqEhNZl3Dgc7ctbbAG9LggI7XjFTbmZ7JJYpolp3t7owTW:ObOUcWZqkZFfgtbbLa7BTwXY2b3t7g

authentihash 5ff7ceef9833eb2a3bdcfd0bb6e304b71f6b95406fabdcdcf08859fed8b64812
imphash 53bf4af1e40c9fbf57c357c082b0d925
File size 243.0 KB ( 248832 bytes )
File type Win32 EXE
Magic literal
PE32 executable for MS Windows (GUI) Intel 80386 32-bit

TrID Win32 Executable MS Visual C++ (generic) (67.3%)
Win32 Dynamic Link Library (generic) (14.1%)
Win32 Executable (generic) (9.7%)
Generic Win/DOS Executable (4.3%)
DOS Executable Generic (4.3%)
Tags
peexe

VirusTotal metadata
First submission 2017-01-15 22:55:52 UTC ( 7 months, 1 week ago )
Last submission 2017-03-22 06:00:00 UTC ( 5 months ago )
File names g514C.tmp.exe
g12BF.tmp.exe
g95.tmp.exe
gB05B.tmp.exe
13408fa9db4a7e858c44044cdd7ef711.exe
g9a76.tmp.exe
g4D9D.tmp.exe
gB75E.tmp.exe
gFAB7.tmp.exe
gBC52.tmp.exe
g7.tmp.exe
g4ABC.tmp.exe
g2F78.tmp
gB242.tmp.exe
13408fa9.exe
g7781.tmp.exe
g18F0.tmp.exe
gD9CD.tmp.exe
g9BE2.tmp.exe
gC4E5.tmp.exe
936ea464f68d2f559cbbd9a415b3ded6a6f2ebb51fc04d2669392c5b2135376d.bin
gF585.tmp.exe
gB3EC.tmp.exe
g841D.tmp.exe
g58AB.tmp.exe
No comments. No VirusTotal Community member has commented on this item yet, be the first one to do so!

Leave your comment...

?
Post comment

You have not signed in. Only registered users can leave comments, sign in and have a voice!

No votes. No one has voted on this item yet, be the first one to do so!
Condensed report! The following is a condensed report of the behaviour of the file when executed in a controlled environment. The actions and events described were either performed by the file itself or by any other process launched by the executed file or subjected to code injection by the executed file.
Opened files
Written files
Runtime DLLs
UDP communications