× Cookies are disabled! This site requires cookies to be enabled to work properly
SHA256: 95ffa0fc35d50f76947b0eae6924014e2acd436ef9430bd089d5cf5b2a56a221
File name: 95FFA0FC35D50F76947B0EAE6924014E2ACD436EF9430BD089D5CF5B2A56A221
Detection ratio: 46 / 70
Analysis date: 2019-01-09 11:48:57 UTC ( 1 month, 1 week ago ) View latest
Antivirus Result Update
Ad-Aware Gen:Variant.Midie.49962 20190109
AhnLab-V3 Malware/Win32.Generic.C2651489 20190108
ALYac Gen:Variant.Midie.49962 20190109
Antiy-AVL Trojan/Win32.Inject 20190109
Arcabit Trojan.Midie.DC32A 20190109
Avast Win32:Malware-gen 20190109
AVG Win32:Malware-gen 20190109
Avira (no cloud) TR/Crypt.XPACK.Gen 20190109
BitDefender Gen:Variant.Midie.49962 20190109
ClamAV Win.Packed.Trickbot-6622060-0 20190109
CrowdStrike Falcon (ML) malicious_confidence_80% (D) 20181022
Cybereason malicious.919aaa 20190109
Cylance Unsafe 20190109
DrWeb Trojan.DownLoader26.59711 20190109
Emsisoft Gen:Variant.Midie.49962 (B) 20190109
Endgame malicious (high confidence) 20181108
ESET-NOD32 a variant of Win32/Kryptik.GJAZ 20190109
F-Secure Gen:Variant.Midie.49962 20190109
Fortinet W32/GenKryptik.CFOA!tr 20190109
GData Gen:Variant.Midie.49962 20190109
Sophos ML heuristic 20181128
Jiangmin Trojan.Inject.aoyn 20190109
K7AntiVirus Trojan ( 005386ab1 ) 20190109
K7GW Trojan ( 005386ab1 ) 20190109
Kaspersky HEUR:Trojan.Win32.Generic 20190109
Malwarebytes Trojan.TrickBot 20190109
MAX malware (ai score=87) 20190109
McAfee Trojan-FPOJ!D72B90B919AA 20190109
McAfee-GW-Edition BehavesLike.Win32.Downloader.gh 20190109
Microsoft Trojan:Win32/MereTam.A 20190109
eScan Gen:Variant.Midie.49962 20190109
NANO-Antivirus Trojan.Win32.Inject.ffrlwj 20190109
Panda Trj/GdSda.A 20190108
Qihoo-360 HEUR/QVM07.1.6E35.Malware.Gen 20190109
Rising Trojan.Kryptik!8.8 (RDM+:cmRtazrK7tK2u29xZe/4knX9rp7X) 20190109
SentinelOne (Static ML) static engine - malicious 20181223
Sophos AV Mal/EncPk-ANZ 20190109
Symantec ML.Attribute.HighConfidence 20190109
TACHYON Trojan/W32.Inject.500224.I 20190109
Trapmine malicious.moderate.ml.score 20190103
TrendMicro TrojanSpy.Win32.TRICKBOT.SMB 20190109
TrendMicro-HouseCall TrojanSpy.Win32.TRICKBOT.SMB 20190109
VBA32 BScope.Trojan.Inject 20190108
Webroot W32.Trojan.Gen 20190109
Zillya Trojan.Inject.Win32.247772 20190108
ZoneAlarm by Check Point HEUR:Trojan.Win32.Generic 20190109
Acronis 20181227
AegisLab 20190109
Alibaba 20180921
Avast-Mobile 20190109
Babable 20180918
Baidu 20190109
Bkav 20190108
CAT-QuickHeal 20190108
CMC 20190108
Comodo 20190109
Cyren 20190109
eGambit 20190109
F-Prot 20190109
Ikarus 20190108
Kingsoft 20190109
Palo Alto Networks (Known Signatures) 20190109
SUPERAntiSpyware 20190102
Tencent 20190109
TheHacker 20190106
Trustlook 20190109
VIPRE 20190108
ViRobot 20190109
Yandex 20181229
Zoner 20190109
The file being studied is a Portable Executable file! More specifically, it is a Win32 EXE file for the Windows GUI subsystem.
FileVersionInfo properties
PE header basic information
Target machine Intel 386 or later processors and compatible processors
Compilation timestamp 2016-03-30 12:11:25
Entry Point 0x000337F0
Number of sections 4
PE sections
PE imports
RegOpenKeyExA
RegQueryValueExA
RegCloseKey
GetStartupInfoA
MapViewOfFile
GetFileSize
GetModuleHandleA
ReadFile
ExitProcess
CloseHandle
CreateFileMappingA
CreateFileA
GetTickCount
_except_handler3
__p__fmode
_acmdln
_exit
__p__commode
__setusermatherr
exit
_XcptFilter
__getmainargs
_initterm
_controlfp
_adjust_fdiv
__set_app_type
SysFreeString
SysAllocString
SetFocus
GetMessageA
UpdateWindow
SetCapture
PostQuitMessage
SetCaretPos
FindWindowA
DefWindowProcA
ShowWindow
SetClipboardViewer
GetSystemMetrics
SetScrollRange
GetWindowRect
DispatchMessageA
PostMessageA
SendDlgItemMessageW
GetWindowLongW
GetWindowPlacement
SetWindowTextW
RegisterClassA
CreateWindowExA
LoadCursorA
LoadIconA
GetWindowTextW
GetDesktopWindow
GetClassNameA
ScrollWindow
SetCursor
DestroyWindow
CoUninitialize
CoInitialize
CoCreateInstanceEx
Number of PE resources by type
RT_BITMAP 4
RT_ICON 2
RT_DIALOG 1
RT_MANIFEST 1
RT_VERSION 1
RT_GROUP_ICON 1
Number of PE resources by language
ENGLISH US 10
PE resources
ExifTool file metadata
SubsystemVersion
4.0

InitializedDataSize
251904

ImageVersion
6.0

ProductName
Xanif Inform

FileVersionNumber
1.0.0.6

UninitializedDataSize
0

LanguageCode
Unknown (3013)

FileFlagsMask
0x0000

ImageFileCharacteristics
No relocs, Executable, No line numbers, No symbols, Bytes reversed lo, 32-bit, Bytes reversed hi

CharacterSet
Unknown (B090)

LinkerVersion
2.25

FileTypeExtension
exe

OriginalFileName
Xanif

MIMEType
application/octet-stream

Subsystem
Windows GUI

FileVersion
1.0.0.6

TimeStamp
2016:03:30 13:11:25+01:00

FileType
Win32 EXE

PEType
PE32

InternalName
Xanifer

ProductVersion
1.0.0.6

FileDescription
Xanif Ltd. Gui application

OSVersion
1.0

FileOS
Win32

LegalCopyright
Xanif. All rights reserved. 2017

MachineType
Intel 386 or later, and compatibles

CompanyName
Xanif Ltd.

CodeSize
248832

FileSubtype
0

ProductVersionNumber
1.0.0.6

EntryPoint
0x337f0

ObjectFileType
Executable application

Compressed bundles
File identification
MD5 d72b90b919aaadb99a428757bcde4d9f
SHA1 769e6340a32cdef0c69f5ec98e76a0c9ca1f5da4
SHA256 95ffa0fc35d50f76947b0eae6924014e2acd436ef9430bd089d5cf5b2a56a221
ssdeep
6144:YNI4Aqwpq50z3nHrTScaVygVQZD4FK4+fhitFZkR35Hf5fFHWq9MuIg:otKpqeDrTx2ygVQZ4FK4+kMH1qg

authentihash 7457ea091e06cca2b645025ac3928d29e676fd71684bea1b58d1ecf9f8c04366
imphash f9a0e94d0bec4c191de0c0acbce9901d
File size 488.5 KB ( 500224 bytes )
File type Win32 EXE
Magic literal
PE32 executable for MS Windows (GUI) Intel 80386 32-bit

TrID Win32 Executable (generic) (35.7%)
Win16/32 Executable Delphi generic (16.4%)
OS/2 Executable (generic) (16.0%)
Generic Win/DOS Executable (15.8%)
DOS Executable Generic (15.8%)
Tags
peexe

VirusTotal metadata
First submission 2019-01-09 11:48:48 UTC ( 1 month, 1 week ago )
Last submission 2019-01-09 11:48:48 UTC ( 1 month, 1 week ago )
No comments. No VirusTotal Community member has commented on this item yet, be the first one to do so!

Leave your comment...

?
Post comment

You have not signed in. Only registered users can leave comments, sign in and have a voice!

No votes. No one has voted on this item yet, be the first one to do so!
Condensed report! The following is a condensed report of the behaviour of the file when executed in a controlled environment. The actions and events described were either performed by the file itself or by any other process launched by the executed file or subjected to code injection by the executed file.
Opened files
Read files
Written files
Copied files
Created processes
Code injections in the following processes
Created mutexes
Opened mutexes
Searched windows
Opened service managers
Opened services
Runtime DLLs
HTTP requests
DNS requests
TCP connections