× Cookies are disabled! This site requires cookies to be enabled to work properly
SHA256: 98743faa9c3bb61402a8b4308f4b879aea4b715bcb69f23dd35bfd6c9615e9bb
File name: b06374f45f1d4dd69d536391c7406f5d.virus
Detection ratio: 45 / 72
Analysis date: 2019-01-10 17:52:47 UTC ( 1 month, 1 week ago ) View latest
Antivirus Result Update
Ad-Aware Gen:Variant.Ursu.258767 20190110
AhnLab-V3 Malware/Win32.Generic.C2651489 20190110
ALYac Gen:Variant.Ursu.258767 20190110
Antiy-AVL Trojan/Win32.Inject 20190110
Arcabit Trojan.Ursu.D3F2CF 20190110
Avast Win32:Malware-gen 20190110
AVG Win32:Malware-gen 20190110
Avira (no cloud) TR/Crypt.XPACK.Gen 20190110
BitDefender Gen:Variant.Ursu.258767 20190110
ClamAV Win.Packed.Trickbot-6622060-0 20190110
CrowdStrike Falcon (ML) malicious_confidence_100% (W) 20181023
Cybereason malicious.45f1d4 20190109
Cylance Unsafe 20190110
Cyren W32/Trojan.GLIK-5061 20190110
DrWeb Trojan.Trick.46146 20190110
Emsisoft Gen:Variant.Ursu.258767 (B) 20190110
Endgame malicious (high confidence) 20181108
ESET-NOD32 a variant of Win32/Kryptik.GJAZ 20190110
F-Secure Gen:Variant.Ursu.258767 20190110
Fortinet W32/GenKryptik.CFOA!tr 20190110
GData Gen:Variant.Ursu.258767 20190110
Sophos ML heuristic 20181128
Jiangmin Trojan.Generic.cprpj 20190110
K7AntiVirus Trojan ( 005386ab1 ) 20190110
K7GW Trojan ( 005386ab1 ) 20190110
Kaspersky HEUR:Trojan.Win32.Generic 20190110
Malwarebytes Trojan.MalPack 20190110
MAX malware (ai score=85) 20190110
McAfee Trojan-FPOJ!B06374F45F1D 20190110
McAfee-GW-Edition BehavesLike.Win32.Malware.gh 20190110
eScan Gen:Variant.Ursu.258767 20190110
NANO-Antivirus Trojan.Win32.Inject.ffpdfa 20190110
Panda Trj/Genetic.gen 20190109
Qihoo-360 HEUR/QVM07.1.754D.Malware.Gen 20190110
Rising Trojan.Kryptik!8.8 (RDM+:cmRtazo6kN0/S/zMvnrcGzYpNeBp) 20190110
SentinelOne (Static ML) static engine - malicious 20181223
Sophos AV Mal/EncPk-ANZ 20190110
Symantec ML.Attribute.HighConfidence 20190110
TACHYON Trojan/W32.Inject.500736.H 20190110
Trapmine malicious.moderate.ml.score 20190103
TrendMicro TrojanSpy.Win32.TRICKBOT.SMB 20190110
TrendMicro-HouseCall TrojanSpy.Win32.TRICKBOT.SMB 20190110
VBA32 BScope.Trojan.Inject 20190110
Zillya Trojan.Kryptik.Win32.1477689 20190109
ZoneAlarm by Check Point HEUR:Trojan.Win32.Generic 20190110
Acronis 20190110
AegisLab 20190110
Alibaba 20180921
Avast-Mobile 20190110
AVware 20180925
Babable 20180918
Baidu 20190110
Bkav 20190108
CAT-QuickHeal 20190110
CMC 20190110
Comodo 20190110
eGambit 20190110
F-Prot 20190110
Ikarus 20190110
Kingsoft 20190110
Microsoft 20190110
Palo Alto Networks (Known Signatures) 20190110
SUPERAntiSpyware 20190109
Tencent 20190110
TheHacker 20190106
TotalDefense 20190110
Trustlook 20190110
VIPRE 20190110
ViRobot 20190110
Webroot 20190110
Yandex 20190110
Zoner 20190110
The file being studied is a Portable Executable file! More specifically, it is a Win32 EXE file for the Windows GUI subsystem.
FileVersionInfo properties
PE header basic information
Target machine Intel 386 or later processors and compatible processors
Compilation timestamp 2017-09-16 00:36:20
Entry Point 0x00032D30
Number of sections 4
PE sections
PE imports
RegOpenKeyExA
RegQueryValueExA
RegCloseKey
GetStartupInfoA
WideCharToMultiByte
MapViewOfFile
GetFileSize
GetModuleHandleA
UnmapViewOfFile
ReadFile
ExitProcess
CloseHandle
CreateFileMappingA
CreateFileA
GetTickCount
_except_handler3
__p__fmode
_acmdln
_exit
__p__commode
__setusermatherr
exit
_XcptFilter
__getmainargs
_initterm
_controlfp
_adjust_fdiv
__set_app_type
SysFreeString
SysAllocString
SetFocus
GetMessageA
UpdateWindow
GetScrollRange
PostMessageA
PostQuitMessage
GetMessageW
SetCaretPos
ShowWindow
DefWindowProcA
FindWindowA
SetClipboardViewer
GetSystemMetrics
SetScrollRange
GetWindowRect
DispatchMessageA
SetCapture
SendDlgItemMessageW
GetDC
GetWindowLongW
IsWindowVisible
GetWindowPlacement
SetWindowTextW
IsWindow
RegisterClassA
CreateWindowExA
LoadCursorA
LoadIconA
TranslateAcceleratorA
GetWindowTextW
GetDesktopWindow
GetClassNameA
ScrollWindow
DestroyWindow
SetCursor
CoUninitialize
CoInitialize
CoCreateInstanceEx
Number of PE resources by type
RT_BITMAP 4
RT_ICON 2
RT_DIALOG 1
RT_MANIFEST 1
RT_VERSION 1
RT_GROUP_ICON 1
Number of PE resources by language
ENGLISH US 10
PE resources
ExifTool file metadata
UninitializedDataSize
0

LinkerVersion
2.25

ImageVersion
6.0

FileSubtype
0

FileVersionNumber
1.0.0.6

LanguageCode
Unknown (3013)

FileFlagsMask
0x0000

FileDescription
Xanif Ltd. Gui application

ImageFileCharacteristics
No relocs, Executable, No line numbers, No symbols, Bytes reversed lo, 32-bit, Bytes reversed hi

CharacterSet
Unknown (B090)

InitializedDataSize
252928

EntryPoint
0x32d30

OriginalFileName
Xanif

MIMEType
application/octet-stream

LegalCopyright
Xanif. All rights reserved. 2017

FileVersion
1.0.0.6

TimeStamp
2017:09:16 01:36:20+01:00

FileType
Win32 EXE

PEType
PE32

InternalName
Xanifer

ProductVersion
1.0.0.6

SubsystemVersion
4.0

OSVersion
1.0

FileOS
Win32

Subsystem
Windows GUI

MachineType
Intel 386 or later, and compatibles

CompanyName
Xanif Ltd.

CodeSize
248320

ProductName
Xanif Inform

ProductVersionNumber
1.0.0.6

FileTypeExtension
exe

ObjectFileType
Executable application

File identification
MD5 b06374f45f1d4dd69d536391c7406f5d
SHA1 3db96f5320df711f6f16f93ef9a6f4f50496e78c
SHA256 98743faa9c3bb61402a8b4308f4b879aea4b715bcb69f23dd35bfd6c9615e9bb
ssdeep
12288:sqVYpCC6bzyEkODldNDYJLhF4VQTTQSVrS:tYv6beEHljYm+I0

authentihash 302c50d66976832a423d9b24a33463920f9fc28db04558de2d5fc9dc1eb62575
imphash 0bfa28a641de99832990b204da98eb11
File size 489.0 KB ( 500736 bytes )
File type Win32 EXE
Magic literal
PE32 executable for MS Windows (GUI) Intel 80386 32-bit

TrID Win32 Executable (generic) (35.7%)
Win16/32 Executable Delphi generic (16.4%)
OS/2 Executable (generic) (16.0%)
Generic Win/DOS Executable (15.8%)
DOS Executable Generic (15.8%)
Tags
peexe

VirusTotal metadata
First submission 2019-01-10 17:52:47 UTC ( 1 month, 1 week ago )
Last submission 2019-01-10 17:52:47 UTC ( 1 month, 1 week ago )
File names b06374f45f1d4dd69d536391c7406f5d.virus
No comments. No VirusTotal Community member has commented on this item yet, be the first one to do so!

Leave your comment...

?
Post comment

You have not signed in. Only registered users can leave comments, sign in and have a voice!

No votes. No one has voted on this item yet, be the first one to do so!
Condensed report! The following is a condensed report of the behaviour of the file when executed in a controlled environment. The actions and events described were either performed by the file itself or by any other process launched by the executed file or subjected to code injection by the executed file.
Opened files
Read files
Written files
Copied files
Created processes
Created mutexes
Opened mutexes
Searched windows
Opened service managers
Opened services
Runtime DLLs
HTTP requests
DNS requests
TCP connections