× Cookies are disabled! This site requires cookies to be enabled to work properly
SHA256: 94a92c6118e2eb93bbfac27d56c33dc8cf59632a5deb3dac0e641f7f1a00ee34
File name: 44783m8uh77g8l8_nkubyhu5vfxxbh878xo6hlttkppzf28tsdu5kwppk_11c1jl.exe
Detection ratio: 11 / 68
Analysis date: 2019-01-08 17:19:00 UTC ( 1 month, 1 week ago ) View latest
Antivirus Result Update
Avira (no cloud) TR/Dropper.Gen 20190108
CrowdStrike Falcon (ML) malicious_confidence_60% (D) 20181022
Cybereason malicious.40ca03 20180225
Endgame malicious (high confidence) 20181108
Ikarus Trojan-Banker.TrickBot 20190108
Kaspersky UDS:DangerousObject.Multi.Generic 20190108
Palo Alto Networks (Known Signatures) generic.ml 20190108
Qihoo-360 HEUR/QVM20.1.69E1.Malware.Gen 20190108
Rising Trojan.GenKryptik!8.AA55/N3#99% (RDM+:cmRtazqfMCFWLXJvbKHko4X5VZoe) 20190108
Webroot W32.Trojan.Trickbot 20190108
ZoneAlarm by Check Point UDS:DangerousObject.Multi.Generic 20190108
Acronis 20181227
Ad-Aware 20190108
AegisLab 20190108
AhnLab-V3 20190108
Alibaba 20180921
ALYac 20190108
Antiy-AVL 20190108
Arcabit 20190108
Avast 20190108
Avast-Mobile 20190108
AVG 20190108
Babable 20180918
Baidu 20190108
BitDefender 20190108
Bkav 20190108
CAT-QuickHeal 20190107
ClamAV 20190108
CMC 20190107
Comodo 20190108
Cyren 20190108
DrWeb 20190108
eGambit 20190108
Emsisoft 20190108
ESET-NOD32 20190108
F-Prot 20190108
F-Secure 20190108
Fortinet 20190108
GData 20190108
Sophos ML 20181128
Jiangmin 20190108
K7AntiVirus 20190108
K7GW 20190108
Kingsoft 20190108
Malwarebytes 20190108
MAX 20190108
McAfee 20190108
McAfee-GW-Edition 20190108
Microsoft 20190108
eScan 20190108
NANO-Antivirus 20190108
Panda 20190108
SentinelOne (Static ML) 20181223
Sophos AV 20190108
SUPERAntiSpyware 20190102
Symantec 20190108
TACHYON 20190108
Tencent 20190108
TheHacker 20190106
Trapmine 20190103
TrendMicro 20190108
TrendMicro-HouseCall 20190108
Trustlook 20190108
VBA32 20190108
ViRobot 20190108
Yandex 20181229
Zillya 20190105
Zoner 20190108
The file being studied is a Portable Executable file! More specifically, it is a Win32 EXE file for the Windows GUI subsystem.
FileVersionInfo properties
PE header basic information
Target machine Intel 386 or later processors and compatible processors
Compilation timestamp 2019-01-08 15:03:04
Entry Point 0x000014C0
Number of sections 16
PE sections
Overlays
MD5 83bf64241cc5430483fa63f94983e108
File type data
Offset 293376
Size 28601
Entropy 3.75
PE imports
CryptStringToBinaryA
DeleteCriticalSection
GetCurrentProcess
TerminateProcess
EnterCriticalSection
InitializeCriticalSection
TlsGetValue
GetCurrentProcessId
GetModuleHandleA
GetLastError
SetUnhandledExceptionFilter
QueryPerformanceCounter
UnhandledExceptionFilter
GetStartupInfoA
GetTickCount
GetSystemTimeAsFileTime
VirtualProtect
Sleep
GetCurrentThreadId
VirtualQuery
GetProcAddress
LeaveCriticalSection
strncmp
__lconv_init
malloc
__dllonexit
_cexit
abort
fprintf
_fmode
_amsg_exit
fwrite
_lock
_onexit
__initenv
exit
__setusermatherr
_acmdln
_unlock
free
vfprintf
__getmainargs
calloc
strlen
memcpy
signal
_initterm
__set_app_type
_iob
Number of PE resources by type
RT_ICON 2
RT_GROUP_ICON 1
Number of PE resources by language
ENGLISH US 3
PE resources
ExifTool file metadata
MIMEType
application/octet-stream

Subsystem
Windows GUI

SubsystemVersion
4.0

MachineType
Intel 386 or later, and compatibles

TimeStamp
2019:01:08 16:03:04+01:00

FileType
Win32 EXE

PEType
PE32

CodeSize
7168

LinkerVersion
2.24

FileTypeExtension
exe

InitializedDataSize
219136

ImageFileCharacteristics
No relocs, Executable, No line numbers, 32-bit

EntryPoint
0x14c0

OSVersion
4.0

ImageVersion
1.0

UninitializedDataSize
1536

Execution parents
File identification
MD5 2438121546756bc979e52c01aecd4cb3
SHA1 acd84f840ca037fd00560fec679daca177c84e4f
SHA256 94a92c6118e2eb93bbfac27d56c33dc8cf59632a5deb3dac0e641f7f1a00ee34
ssdeep
6144:2OO2waW/OYcSJ/3iVh7SNMZc4fuF2nD+UzZbBTn1xrksoULK:zKwV0qVFS+9GFCS4bBDssoj

authentihash 8a562e2f3831a93d38ba1efaa11c5c896d664897f9ee05eaf4635df8c3985c42
imphash 5fa9b851265101699d3dcb9c18f79743
File size 314.4 KB ( 321977 bytes )
File type Win32 EXE
Magic literal
PE32 executable for MS Windows (GUI) Intel 80386 32-bit

TrID Win64 Executable (generic) (45.0%)
Microsoft Visual C++ compiled executable (generic) (26.9%)
Win32 Dynamic Link Library (generic) (10.7%)
Win32 Executable (generic) (7.3%)
OS/2 Executable (generic) (3.3%)
Tags
peexe overlay

VirusTotal metadata
First submission 2019-01-08 17:19:00 UTC ( 1 month, 1 week ago )
Last submission 2019-01-08 17:19:00 UTC ( 1 month, 1 week ago )
File names 44783m8uh77g8l8_nkubyhu5vfxxbh878xo6hlttkppzf28tsdu5kwppk_11c1jl.exe
table.png
gkezmtlt.exe
evdvgsj.exe
<SAMPLE.EXE>
Advanced heuristic and reputation engines
No comments. No VirusTotal Community member has commented on this item yet, be the first one to do so!

Leave your comment...

?
Post comment

You have not signed in. Only registered users can leave comments, sign in and have a voice!

No votes. No one has voted on this item yet, be the first one to do so!
Condensed report! The following is a condensed report of the behaviour of the file when executed in a controlled environment. The actions and events described were either performed by the file itself or by any other process launched by the executed file or subjected to code injection by the executed file.
Opened files
Read files
Copied files
Created processes
Opened mutexes
Opened service managers
Opened services
Runtime DLLs