× Cookies are disabled! This site requires cookies to be enabled to work properly
SHA256: 9865832d5fb7c3b3b5353c50d8e602d10b1d8152c441178026157992f554f970
File name: 8b02bef795df2b42e342c6c407d24d72
Detection ratio: 20 / 59
Analysis date: 2017-04-18 04:11:50 UTC ( 2 years ago ) View latest
Antivirus Result Update
Ad-Aware Gen:Variant.Graftor.369624 20170418
Baidu Win32.Trojan.WisdomEyes.16070401.9500.9999 20170417
BitDefender Gen:Variant.Graftor.369624 20170418
CrowdStrike Falcon (ML) malicious_confidence_100% (W) 20170130
Emsisoft Gen:Variant.Graftor.369624 (B) 20170418
Endgame malicious (high confidence) 20170413
ESET-NOD32 a variant of Win32/Kryptik.FRHW 20170418
F-Secure Gen:Variant.Graftor.369624 20170418
GData Trojan.GenericKD.4876583 20170418
Ikarus Win32.Outbreak 20170417
Sophos ML trojandropper.win32.stuxnet.a 20170413
Kaspersky UDS:DangerousObject.Multi.Generic 20170418
McAfee Ransomware-FMJ!8B02BEF795DF 20170418
McAfee-GW-Edition BehavesLike.Win32.Ransomware.fc 20170418
Palo Alto Networks (Known Signatures) generic.ml 20170418
Qihoo-360 HEUR/QVM19.1.8DD0.Malware.Gen 20170418
Rising Malware.Generic.6!tfe (cloud:lfvjgRlwoiK) 20170418
SentinelOne (Static ML) static engine - malicious 20170330
Symantec Trojan.Gen.8!cloud 20170417
ZoneAlarm by Check Point UDS:DangerousObject.Multi.Generic 20170418
AegisLab 20170418
AhnLab-V3 20170417
Alibaba 20170418
ALYac 20170418
Antiy-AVL 20170418
Arcabit 20170418
Avast 20170418
AVG 20170418
Avira (no cloud) 20170417
AVware 20170417
Bkav 20170415
CAT-QuickHeal 20170417
ClamAV 20170417
CMC 20170417
Comodo 20170418
Cyren 20170418
DrWeb 20170418
F-Prot 20170418
Fortinet 20170418
Jiangmin 20170418
K7AntiVirus 20170418
K7GW 20170418
Kingsoft 20170418
Malwarebytes 20170418
Microsoft 20170417
eScan 20170418
NANO-Antivirus 20170416
nProtect 20170418
Panda 20170417
Sophos AV 20170418
SUPERAntiSpyware 20170418
Symantec Mobile Insight 20170414
Tencent 20170418
TheHacker 20170416
TrendMicro-HouseCall 20170418
Trustlook 20170418
VBA32 20170417
VIPRE 20170418
ViRobot 20170418
WhiteArmor 20170409
Yandex 20170417
Zillya 20170414
Zoner 20170418
The file being studied is a Portable Executable file! More specifically, it is a Win32 EXE file for the Windows GUI subsystem.
PE header basic information
Target machine Intel 386 or later processors and compatible processors
Compilation timestamp 2015-10-19 03:22:40
Entry Point 0x0000375B
Number of sections 4
PE sections
PE imports
RegUnLoadKeyA
IsValidAcl
RegDeleteValueW
RegSaveKeyA
RegRestoreKeyW
IsValidSid
ReadEventLogA
RegEnumKeyW
RegCreateKeyExA
OpenEventLogW
CryptSignHashA
GetSystemTime
WriteProcessMemory
UpdateResourceW
WaitForSingleObject
CreateMailslotW
CreateJobObjectW
CopyFileA
GetEnvironmentStringsW
GetShortPathNameA
GetCurrentProcess
GetVolumeInformationA
GetPrivateProfileStringA
CompareStringW
CreateDirectoryA
GetCommandLineW
OpenFileMappingA
SetErrorMode
GetProcAddress
ExpandEnvironmentStringsW
lstrcpyW
GetModuleHandleA
GetTempPathW
CreateMutexW
lstrcmpi
FindAtomW
SetCurrentDirectoryW
OpenSemaphoreA
GetLogicalDriveStringsW
InterlockedDecrement
GetFullPathNameW
CreateFileA
GetCurrentThreadId
GetNumberFormatW
CPGenKey
CPCreateHash
PathIsSlowA
ShellMessageBoxW
SHQueryRecycleBinW
SHCreateDirectoryExW
SHBrowseForFolderW
SHDefExtractIconA
ExtractIconA
DragQueryFileA
SHGetNewLinkInfoA
SHGetDriveMedia
SHGetDataFromIDListA
DllCanUnloadNow
SHGetFolderPathA
SHGetMalloc
StrRChrW
PE exports
Number of PE resources by type
JUIK 2
RT_MANIFEST 1
Number of PE resources by language
NEUTRAL 3
PE resources
ExifTool file metadata
MIMEType
application/octet-stream

Subsystem
Windows GUI

SubsystemVersion
4.0

MachineType
Intel 386 or later, and compatibles

TimeStamp
2015:10:19 04:22:40+01:00

FileType
Win32 EXE

PEType
PE32

CodeSize
24576

LinkerVersion
5.0

FileTypeExtension
exe

InitializedDataSize
335872

ImageFileCharacteristics
No relocs, Executable, 32-bit

EntryPoint
0x375b

OSVersion
4.0

ImageVersion
0.0

UninitializedDataSize
0

File identification
MD5 8b02bef795df2b42e342c6c407d24d72
SHA1 d378f3c21cbf8ade882d83540907b620fd43d359
SHA256 9865832d5fb7c3b3b5353c50d8e602d10b1d8152c441178026157992f554f970
ssdeep
6144:YUAUUp3WRM3ijn4t/QYrmVZL+iIOdyKgn1ZoTOB4yjSSNwn2yeGxTdeSWtzEzaIZ:YUAUUpyEHt/QyuZq2dyr1mip6BeyTcSR

authentihash a1512a5580d738fa796f4320f703495f255ad42d5a239cfad5e66710d2f91d88
imphash e37e62c5f9606a43b5470d82bb118fa5
File size 356.0 KB ( 364544 bytes )
File type Win32 EXE
Magic literal
PE32 executable for MS Windows (GUI) Intel 80386 32-bit

TrID Win32 Dynamic Link Library (generic) (38.4%)
Win32 Executable (generic) (26.3%)
OS/2 Executable (generic) (11.8%)
Generic Win/DOS Executable (11.6%)
DOS Executable Generic (11.6%)
Tags
peexe

VirusTotal metadata
First submission 2017-04-17 23:59:13 UTC ( 2 years ago )
Last submission 2018-07-06 04:21:39 UTC ( 9 months, 3 weeks ago )
File names 9865832d5fb7c3b3b5353c50d8e602d10b1d8152c441178026157992f554f970
E M S ( 320950286501108 ) . PDF.exe
aa
PDF.exe
VirusShare_8b02bef795df2b42e342c6c407d24d72
EMS(320950286501108).PDF.exe_
E M S ( 320950286501108 ) . PDF.exe11
8b02bef795df2b42e342c6c407d24d72.exe
E M S ( 320950286501108 ) . PDF.exe
oaWKHC5fx.ini
E M S ( 320950286501108 ) . PDF.exe_
8b02bef795df2b42e342c6c407d24d72
Behaviour characterization
Zemana
dll-injection

No comments. No VirusTotal Community member has commented on this item yet, be the first one to do so!

Leave your comment...

?
Post comment

You have not signed in. Only registered users can leave comments, sign in and have a voice!

No votes. No one has voted on this item yet, be the first one to do so!