× Cookies are disabled! This site requires cookies to be enabled to work properly
SHA256: 9674118de8b6b86a6e9905552cb2ae912129ca6879b586747e17734b0911e4df
File name: iNzqB.exe
Detection ratio: 13 / 62
Analysis date: 2017-07-27 05:47:45 UTC ( 1 year, 9 months ago ) View latest
Antivirus Result Update
Baidu Win32.Trojan.WisdomEyes.16070401.9500.9998 20170727
CrowdStrike Falcon (ML) malicious_confidence_100% (D) 20170710
Endgame malicious (high confidence) 20170721
Fortinet W32/GenKryptik.AOSV!tr 20170727
Sophos ML heuristic 20170607
Kaspersky UDS:DangerousObject.Multi.Generic 20170727
McAfee Emotet-FAL!C0559A840430 20170727
Palo Alto Networks (Known Signatures) generic.ml 20170727
Qihoo-360 HEUR/QVM10.1.C1C7.Malware.Gen 20170727
Rising Malware.Heuristic!ET#100% (rdm+) 20170727
SentinelOne (Static ML) static engine - malicious 20170718
Symantec ML.Attribute.HighConfidence 20170727
ZoneAlarm by Check Point UDS:DangerousObject.Multi.Generic 20170727
Ad-Aware 20170727
AegisLab 20170727
AhnLab-V3 20170726
Alibaba 20170727
ALYac 20170727
Antiy-AVL 20170727
Arcabit 20170727
Avast 20170727
AVG 20170727
Avira (no cloud) 20170726
AVware 20170721
BitDefender 20170727
Bkav 20170726
CAT-QuickHeal 20170727
ClamAV 20170727
CMC 20170727
Comodo 20170727
Cyren 20170727
DrWeb 20170727
Emsisoft 20170727
ESET-NOD32 20170727
F-Prot 20170727
F-Secure 20170727
GData 20170727
Ikarus 20170726
Jiangmin 20170727
K7AntiVirus 20170727
K7GW 20170727
Kingsoft 20170727
Malwarebytes 20170727
MAX 20170727
McAfee-GW-Edition 20170726
Microsoft 20170727
eScan 20170727
NANO-Antivirus 20170727
nProtect 20170726
Panda 20170725
Sophos AV 20170727
SUPERAntiSpyware 20170727
Symantec Mobile Insight 20170727
Tencent 20170727
TheHacker 20170724
TrendMicro 20170727
TrendMicro-HouseCall 20170727
Trustlook 20170727
VBA32 20170725
VIPRE 20170727
ViRobot 20170727
Webroot 20170727
Yandex 20170726
Zillya 20170726
Zoner 20170727
The file being studied is a Portable Executable file! More specifically, it is a Win32 EXE file for the Windows GUI subsystem.
PE header basic information
Target machine Intel 386 or later processors and compatible processors
Compilation timestamp 2017-07-25 10:08:56
Entry Point 0x0000143D
Number of sections 4
PE sections
PE imports
GetLastError
InitializeCriticalSectionAndSpinCount
HeapFree
GetStdHandle
EnterCriticalSection
GetConsoleOutputCP
SetHandleCount
GetConsoleCP
GetOEMCP
QueryPerformanceCounter
IsDebuggerPresent
HeapAlloc
TlsAlloc
GetEnvironmentStringsW
FlushFileBuffers
GetModuleFileNameA
RtlUnwind
LoadLibraryA
FreeEnvironmentStringsA
DeleteCriticalSection
GetStartupInfoA
GetEnvironmentStrings
GetConsoleMode
GetLocaleInfoA
GetCurrentProcessId
LCMapStringW
WriteConsoleW
GetCPInfo
UnhandledExceptionFilter
InterlockedDecrement
MultiByteToWideChar
HeapSize
FreeEnvironmentStringsW
GetCommandLineA
GetProcAddress
GetStringTypeA
SetStdHandle
SetFilePointer
RaiseException
WideCharToMultiByte
TlsFree
GetModuleHandleA
GetSystemTimeAsFileTime
SetUnhandledExceptionFilter
WriteFile
GetCurrentProcess
CloseHandle
GetMailslotInfo
GetACP
HeapReAlloc
GetStringTypeW
GetModuleHandleW
TerminateProcess
LCMapStringA
WriteConsoleA
IsValidCodePage
HeapCreate
GlobalAlloc
VirtualFree
TlsGetValue
Sleep
GetFileType
GetTickCount
TlsSetValue
CreateFileA
ExitProcess
GetCurrentThreadId
InterlockedIncrement
VirtualAlloc
SetLastError
LeaveCriticalSection
SHGetDiskFreeSpaceExW
GetCaretPos
GetMessageExtraInfo
Number of PE resources by type
RT_ICON 8
RT_STRING 4
RT_MENU 4
RT_ACCELERATOR 1
RT_BITMAP 1
RT_GROUP_ICON 1
Number of PE resources by language
NEUTRAL 19
PE resources
ExifTool file metadata
MIMEType
application/octet-stream

Subsystem
Windows GUI

MachineType
Intel 386 or later, and compatibles

FileTypeExtension
exe

TimeStamp
2017:07:25 11:08:56+01:00

FileType
Win32 EXE

PEType
PE32

CodeSize
55296

LinkerVersion
9.0

EntryPoint
0x143d

InitializedDataSize
129024

SubsystemVersion
5.0

ImageVersion
0.0

OSVersion
5.0

UninitializedDataSize
0

Compressed bundles
File identification
MD5 c0559a8404301dfb212b7d8885f3edb0
SHA1 b41853a1eee9774c4169c5e4bc0bae2c8b881f0a
SHA256 9674118de8b6b86a6e9905552cb2ae912129ca6879b586747e17734b0911e4df
ssdeep
3072:JP6xiX9BNiyC5QO+GFDuMo9AxTCYJU9+mWOX3a+x:tUiXDrjoqFke+NsZ

authentihash f4c8b10ac10837483857efdf17f32455eb11d3e2887b4c3202a51ef8435f8a59
imphash 501845a59aa74cab8128b7c66a43b719
File size 171.0 KB ( 175104 bytes )
File type Win32 EXE
Magic literal
PE32 executable for MS Windows (GUI) Intel 80386 32-bit

TrID Win32 Executable MS Visual C++ (generic) (41.0%)
Win64 Executable (generic) (36.3%)
Win32 Dynamic Link Library (generic) (8.6%)
Win32 Executable (generic) (5.9%)
OS/2 Executable (generic) (2.6%)
Tags
peexe

VirusTotal metadata
First submission 2017-07-27 05:43:14 UTC ( 1 year, 9 months ago )
Last submission 2018-03-26 18:42:48 UTC ( 1 year ago )
File names MMNr.exe
c0559a8404301dfb212b7d8885f3edb0.virobj
iNzqB.exe
37415368.EXE
d0ec699037be337e48f8d3124a1c9469143b96d3
Afrr.exe
Mky.exe
iNzqB.exe
bfs.exe
No comments. No VirusTotal Community member has commented on this item yet, be the first one to do so!

Leave your comment...

?
Post comment

You have not signed in. Only registered users can leave comments, sign in and have a voice!

No votes. No one has voted on this item yet, be the first one to do so!
Condensed report! The following is a condensed report of the behaviour of the file when executed in a controlled environment. The actions and events described were either performed by the file itself or by any other process launched by the executed file or subjected to code injection by the executed file.
Created processes
Opened mutexes
Runtime DLLs