× Cookies are disabled! This site requires cookies to be enabled to work properly
SHA256: 9ae512036ab9a30279a945916502f95b87fc8c5e2f7b640010ebc88df6de1ff7
File name: bad1d58ba0b4a92a14debb24afe3a8db
Detection ratio: 16 / 71
Analysis date: 2018-12-24 12:03:18 UTC ( 5 months ago ) View latest
Antivirus Result Update
Avast Win32:Malware-gen 20181224
AVG FileRepMalware 20181224
CrowdStrike Falcon (ML) malicious_confidence_70% (W) 20181022
Endgame malicious (moderate confidence) 20181108
ESET-NOD32 a variant of Win32/GenKryptik.CUYO 20181224
Kaspersky UDS:DangerousObject.Multi.Generic 20181224
McAfee Packed-FPJ!BAD1D58BA0B4 20181224
McAfee-GW-Edition Packed-FPJ!BAD1D58BA0B4 20181224
Microsoft Trojan:Win32/Fuerboos.C!cl 20181224
Palo Alto Networks (Known Signatures) generic.ml 20181224
Rising Malware.Obscure/Heur!1.9E03 (CLOUD) 20181224
Symantec ML.Attribute.HighConfidence 20181224
Trapmine malicious.moderate.ml.score 20181205
VBA32 BScope.Trojan.Chapak 20181222
Webroot W32.Trojan.Gen 20181224
ZoneAlarm by Check Point Trojan.Win32.Vilsel.dplo 20181224
Acronis 20181224
Ad-Aware 20181224
AegisLab 20181224
AhnLab-V3 20181223
Alibaba 20180921
ALYac 20181224
Antiy-AVL 20181223
Arcabit 20181224
Avast-Mobile 20181223
Avira (no cloud) 20181223
AVware 20180925
Babable 20180918
Baidu 20181207
BitDefender 20181224
Bkav 20181221
CAT-QuickHeal 20181223
ClamAV 20181224
CMC 20181223
Comodo 20181224
Cybereason 20180225
Cyren 20181224
DrWeb 20181224
eGambit 20181224
Emsisoft 20181224
F-Prot 20181224
F-Secure 20181224
Fortinet 20181224
GData 20181224
Ikarus 20181224
Sophos ML 20181128
Jiangmin 20181224
K7AntiVirus 20181224
K7GW 20181224
Kingsoft 20181224
Malwarebytes 20181224
MAX 20181224
eScan 20181224
NANO-Antivirus 20181224
Panda 20181224
Qihoo-360 20181224
SentinelOne (Static ML) 20181223
Sophos AV 20181224
SUPERAntiSpyware 20181220
Symantec Mobile Insight 20181215
TACHYON 20181224
Tencent 20181224
TheHacker 20181220
TotalDefense 20181223
TrendMicro 20181224
TrendMicro-HouseCall 20181224
Trustlook 20181224
VIPRE 20181224
ViRobot 20181223
Yandex 20181223
Zillya 20181222
Zoner 20181224
The file being studied is a Portable Executable file! More specifically, it is a Win32 EXE file for the Windows GUI subsystem.
FileVersionInfo properties
PE header basic information
Target machine Intel 386 or later processors and compatible processors
Compilation timestamp 2018-05-27 21:02:03
Entry Point 0x000051AB
Number of sections 5
PE sections
PE imports
GetSecurityDescriptorDacl
GetStdHandle
GetConsoleOutputCP
GetProcessId
FreeEnvironmentStringsA
DeleteCriticalSection
GetCurrentProcess
GetConsoleMode
GetLocaleInfoA
GetFileInformationByHandle
SetStdHandle
GetCPInfo
GetStringTypeA
WriteFile
GetSystemTimeAsFileTime
HeapReAlloc
GetStringTypeW
FatalExit
InterlockedDecrement
SetLastError
IsDebuggerPresent
HeapAlloc
GetModuleFileNameA
UnhandledExceptionFilter
TlsGetValue
MultiByteToWideChar
GetModuleHandleA
SetUnhandledExceptionFilter
SetHandleInformation
TerminateProcess
WriteConsoleA
GetProcessShutdownParameters
GlobalAlloc
GetCurrentThreadId
LeaveCriticalSection
WriteConsoleW
InitializeCriticalSectionAndSpinCount
HeapFree
EnterCriticalSection
SetHandleCount
TerminateThread
GetOEMCP
QueryPerformanceCounter
GetTickCount
SetConsoleTextAttribute
TlsAlloc
FlushFileBuffers
LoadLibraryA
RtlUnwind
GetStartupInfoA
GetProcAddress
lstrcpyW
FreeEnvironmentStringsW
lstrcpyA
GetProcessWorkingSetSize
DuplicateHandle
EscapeCommFunction
GetProcessAffinityMask
GetFileType
TlsSetValue
CreateFileA
ExitProcess
InterlockedIncrement
GetLastError
LCMapStringW
HeapCreate
GetConsoleCP
LCMapStringA
GetProcessTimes
GetEnvironmentStringsW
GetCommTimeouts
GetEnvironmentStrings
CompareFileTime
GetCurrentProcessId
WideCharToMultiByte
HeapSize
GetCommandLineA
RaiseException
TlsFree
SetFilePointer
ReadFile
CloseHandle
GetACP
GetModuleHandleW
GetProcessHandleCount
IsValidCodePage
SetComputerNameExA
VirtualFree
Sleep
VirtualAlloc
TransparentBlt
Ord(180)
ShellExecuteA
ShellAboutW
LoadImageA
GetFocus
PE exports
Number of PE resources by type
RT_ICON 13
RT_STRING 3
RT_GROUP_ICON 2
RT_VERSION 1
Number of PE resources by language
ENGLISH US 19
PE resources
ExifTool file metadata
UninitializedDataSize
0

LinkerVersion
9.0

ImageVersion
0.0

FileVersionNumber
7.0.0.0

LanguageCode
Unknown (457A)

FileFlagsMask
0x004f

ImageFileCharacteristics
Executable, Large address aware, 32-bit

CharacterSet
Unknown (A56B)

InitializedDataSize
521728

EntryPoint
0x51ab

MIMEType
application/octet-stream

Subsystem
Windows GUI

TimeStamp
2018:05:27 23:02:03+02:00

FileType
Win32 EXE

PEType
PE32

SubsystemVersion
5.1

OSVersion
5.1

FileOS
Unknown (0x40534)

LegalCopyright
Copyright (C) 2018, yorizusuzideco

MachineType
Intel 386 or later, and compatibles

CodeSize
77824

FileSubtype
0

ProductVersionNumber
3.0.0.0

FileTypeExtension
exe

ObjectFileType
Executable application

File identification
MD5 bad1d58ba0b4a92a14debb24afe3a8db
SHA1 3c8b72a4afa3f518c30334d86d31a19b4124a9dd
SHA256 9ae512036ab9a30279a945916502f95b87fc8c5e2f7b640010ebc88df6de1ff7
ssdeep
3072:+Jrr6j/4vVgMks/6SVQ950UKtULRhKf3Z7Mpji:krrCebi0QkltQm4ji

authentihash d11ad39f22c9e99ed9626f34d54d8a52ce8e3d679bc9e4fed13c01761db57fad
imphash 1131c4238672950f2bb768f487a09efb
File size 579.5 KB ( 593408 bytes )
File type Win32 EXE
Magic literal
PE32 executable for MS Windows (GUI) Intel 80386 32-bit

TrID Win32 EXE PECompact compressed (generic) (35.3%)
Win32 Executable MS Visual C++ (generic) (26.5%)
Win64 Executable (generic) (23.5%)
Win32 Dynamic Link Library (generic) (5.5%)
Win32 Executable (generic) (3.8%)
Tags
suspicious-dns peexe nxdomain

VirusTotal metadata
First submission 2018-12-24 09:15:51 UTC ( 5 months ago )
Last submission 2019-05-10 11:37:34 UTC ( 2 weeks, 2 days ago )
File names winsvcs.exe
winsvcs.exe
t.exe
1123326414.exe
package350_VirusShare_bad1d58ba0b4a92a14debb24afe3a8db
1.exe
output.114779926.txt
3489140473.exe
bad1d58ba0b4a92a14debb24afe3a8db
1[1].exe
winsvcs.exe
No comments. No VirusTotal Community member has commented on this item yet, be the first one to do so!

Leave your comment...

?
Post comment

You have not signed in. Only registered users can leave comments, sign in and have a voice!

No votes. No one has voted on this item yet, be the first one to do so!
Condensed report! The following is a condensed report of the behaviour of the file when executed in a controlled environment. The actions and events described were either performed by the file itself or by any other process launched by the executed file or subjected to code injection by the executed file.
Opened files
Read files
Written files
Copied files
Deleted files
Created processes
Code injections in the following processes
Terminated processes
Created mutexes
Opened mutexes
Opened service managers
Opened services
Runtime DLLs
HTTP requests
DNS requests
TCP connections