× Cookies are disabled! This site requires cookies to be enabled to work properly
SHA256: 9aa75cdb5bb19eff85dc0e467fe00deb5c14885518219c6f7ed0fc1c89c23208
File name: 9aa75cdb5bb19eff85dc0e467fe00deb5c14885518219c6f7ed0fc1c89c23208
Detection ratio: 14 / 68
Analysis date: 2018-03-10 19:20:19 UTC ( 1 year, 1 month ago )
Antivirus Result Update
Avast Win32:Malware-gen 20180310
AVG Win32:Malware-gen 20180310
CrowdStrike Falcon (ML) malicious_confidence_90% (W) 20170201
Cylance Unsafe 20180310
DrWeb BackDoor.CoreBot.6 20180310
Endgame malicious (high confidence) 20180308
Sophos ML heuristic 20180121
Kaspersky Trojan.Win32.Agentb.ixww 20180310
Palo Alto Networks (Known Signatures) generic.ml 20180310
Panda Trj/GdSda.A 20180310
Rising Worm.Win32.FTP/BitCoinMiner-Botnet!1.ACDC (CLASSIC) 20180310
SentinelOne (Static ML) static engine - malicious 20180225
TrendMicro-HouseCall Suspicious_GEN.F47V0309 20180310
ZoneAlarm by Check Point Trojan.Win32.Agentb.ixww 20180310
Ad-Aware 20180310
AegisLab 20180310
AhnLab-V3 20180310
Alibaba 20180310
ALYac 20180310
Antiy-AVL 20180310
Arcabit 20180309
Avast-Mobile 20180310
Avira (no cloud) 20180310
AVware 20180310
Baidu 20180309
BitDefender 20180310
Bkav 20180310
CAT-QuickHeal 20180310
ClamAV 20180310
CMC 20180310
Comodo 20180310
Cybereason 20180225
Cyren 20180310
eGambit 20180310
Emsisoft 20180310
ESET-NOD32 20180310
F-Prot 20180310
F-Secure 20180310
Fortinet 20180310
GData 20180310
Ikarus 20180310
Jiangmin 20180310
K7AntiVirus 20180310
K7GW 20180310
Kingsoft 20180310
Malwarebytes 20180310
MAX 20180310
McAfee 20180310
McAfee-GW-Edition 20180310
Microsoft 20180310
eScan 20180310
NANO-Antivirus 20180310
nProtect 20180310
Qihoo-360 20180310
Sophos AV 20180310
SUPERAntiSpyware 20180310
Symantec 20180310
Symantec Mobile Insight 20180306
Tencent 20180310
TheHacker 20180307
TotalDefense 20180310
TrendMicro 20180310
Trustlook 20180310
VBA32 20180307
VIPRE 20180310
ViRobot 20180310
Webroot 20180310
WhiteArmor 20180223
Yandex 20180308
Zillya 20180309
Zoner 20180310
The file being studied is a Portable Executable file! More specifically, it is a Win32 EXE file for the Windows GUI subsystem.
Packers identified
F-PROT PECompact, PecBundle
PEiD PECompact 2.xx --> BitSum Technologies
PE header basic information
Target machine Intel 386 or later processors and compatible processors
Compilation timestamp 2018-03-05 23:39:18
Entry Point 0x000014C0
Number of sections 3
PE sections
PE imports
VirtualFree
LoadLibraryA
VirtualAlloc
GetProcAddress
Number of PE resources by type
RT_ICON 1
RT_GROUP_ICON 1
Number of PE resources by language
ENGLISH US 2
PE resources
ExifTool file metadata
MIMEType
application/octet-stream

Subsystem
Windows GUI

MachineType
Intel 386 or later, and compatibles

TimeStamp
2018:03:06 00:39:18+01:00

FileType
Win32 EXE

PEType
PE32

CodeSize
618496

LinkerVersion
2.24

FileTypeExtension
exe

InitializedDataSize
945152

SubsystemVersion
4.0

EntryPoint
0x14c0

OSVersion
4.0

ImageVersion
1.0

UninitializedDataSize
5632

File identification
MD5 a7ecb801dfc1b2ab3eade1802647e15c
SHA1 524e106969a316db2a85837669ef7aed6055f7e1
SHA256 9aa75cdb5bb19eff85dc0e467fe00deb5c14885518219c6f7ed0fc1c89c23208
ssdeep
6144:J8GesRCFRgK4e7UZLvi+lHWvriYaTlb+hoSh8OI5tDLexhnmp+08m8bCYtvrGQI9:K7sRsh4eiviHTiYzhNEbDKbm4vtvil9

authentihash 76914ee59c2061e49e5035b83ea387f3d91bf82ed8b5f3c123dc41c8a179363a
imphash 09d0478591d4f788cb3e5ea416c25237
File size 537.5 KB ( 550400 bytes )
File type Win32 EXE
Magic literal
PE32 executable for MS Windows (GUI) Intel 80386 32-bit

TrID Win32 Executable (generic) (42.6%)
OS/2 Executable (generic) (19.1%)
Generic Win/DOS Executable (18.9%)
DOS Executable Generic (18.9%)
VXD Driver (0.2%)
Tags
pecompact peexe

VirusTotal metadata
First submission 2018-03-09 11:30:10 UTC ( 1 year, 1 month ago )
Last submission 2018-03-10 19:20:19 UTC ( 1 year, 1 month ago )
File names TybNytskkN.exe
No comments. No VirusTotal Community member has commented on this item yet, be the first one to do so!

Leave your comment...

?
Post comment

You have not signed in. Only registered users can leave comments, sign in and have a voice!

No votes. No one has voted on this item yet, be the first one to do so!
Condensed report! The following is a condensed report of the behaviour of the file when executed in a controlled environment. The actions and events described were either performed by the file itself or by any other process launched by the executed file or subjected to code injection by the executed file.
Opened files
Read files
Created processes
Opened mutexes
Runtime DLLs