× Cookies are disabled! This site requires cookies to be enabled to work properly
SHA256: 9af5e2ddb14e02897ca039ced231e5f1a277e26f9be31ec92e633bc7d8733bea
File name: TFRBB88.exe
Detection ratio: 3 / 68
Analysis date: 2019-02-02 20:34:06 UTC ( 3 months, 3 weeks ago ) View latest
Antivirus Result Update
CrowdStrike Falcon (ML) malicious_confidence_80% (D) 20181023
Cylance Unsafe 20190202
VBA32 TScope.Malware-Cryptor.SB 20190201
Acronis 20190130
Ad-Aware 20190202
AegisLab 20190202
AhnLab-V3 20190202
Alibaba 20180921
ALYac 20190202
Antiy-AVL 20190202
Arcabit 20190202
Avast 20190202
Avast-Mobile 20190202
AVG 20190202
Avira (no cloud) 20190202
Babable 20180918
Baidu 20190202
BitDefender 20190202
Bkav 20190201
CAT-QuickHeal 20190202
ClamAV 20190202
CMC 20190202
Comodo 20190202
Cybereason 20190109
Cyren 20190202
DrWeb 20190202
eGambit 20190202
Emsisoft 20190202
Endgame 20181108
ESET-NOD32 20190202
F-Prot 20190202
F-Secure 20190202
Fortinet 20190201
GData 20190202
Ikarus 20190202
Sophos ML 20181128
Jiangmin 20190202
K7AntiVirus 20190202
K7GW 20190202
Kaspersky 20190202
Kingsoft 20190202
Malwarebytes 20190202
MAX 20190202
McAfee 20190202
McAfee-GW-Edition 20190202
Microsoft 20190202
eScan 20190202
NANO-Antivirus 20190202
Palo Alto Networks (Known Signatures) 20190202
Panda 20190202
Qihoo-360 20190202
Rising 20190202
SentinelOne (Static ML) 20190124
Sophos AV 20190202
SUPERAntiSpyware 20190130
Symantec 20190202
TACHYON 20190202
Tencent 20190202
TheHacker 20190131
Trapmine 20190123
TrendMicro-HouseCall 20190202
Trustlook 20190202
ViRobot 20190201
Webroot 20190202
Yandex 20190201
Zillya 20190201
ZoneAlarm by Check Point 20190202
Zoner 20190202
The file being studied is a Portable Executable file! More specifically, it is a Win32 EXE file for the Windows command line subsystem.
FileVersionInfo properties
PE header basic information
Target machine Intel 386 or later processors and compatible processors
Compilation timestamp 2019-01-14 18:59:48
Entry Point 0x00001DDB
Number of sections 5
PE sections
PE imports
CreateToolhelp32Snapshot
IsProcessorFeaturePresent
WriteProcessMemory
OpenProcess
QueryPerformanceCounter
IsDebuggerPresent
LoadLibraryA
Process32Next
CreateRemoteThread
GetCurrentProcess
GetCurrentProcessId
Process32First
UnhandledExceptionFilter
VirtualAllocEx
GetProcAddress
InitializeSListHead
SetUnhandledExceptionFilter
SetConsoleTitleA
CloseHandle
GetSystemTimeAsFileTime
GetModuleHandleW
TerminateProcess
Sleep
GetCurrentThreadId
?uncaught_exception@std@@YA_NXZ
?sputc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@QAEHD@Z
?cout@std@@3V?$basic_ostream@DU?$char_traits@D@std@@@1@A
?_Osfx@?$basic_ostream@DU?$char_traits@D@std@@@std@@QAEXXZ
?sputn@?$basic_streambuf@DU?$char_traits@D@std@@@std@@QAE_JPBD_J@Z
?flush@?$basic_ostream@DU?$char_traits@D@std@@@std@@QAEAAV12@XZ
?setstate@?$basic_ios@DU?$char_traits@D@std@@@std@@QAEXH_N@Z
_CxxThrowException
memmove
__std_exception_copy
memset
__CxxFrameHandler3
_except_handler4_common
__std_terminate
__std_exception_destroy
malloc
_callnewh
_set_new_mode
free
_cexit
_configure_narrow_argv
_c_exit
_set_app_type
terminate
_get_initial_narrow_environment
_invalid_parameter_noinfo_noreturn
_register_onexit_function
__p___argc
_seh_filter_exe
_controlfp_s
exit
_register_thread_local_exe_atexit_callback
_initialize_onexit_table
_initialize_narrow_environment
_exit
__p___argv
_initterm_e
_initterm
_crt_atexit
__stdio_common_vfprintf
__p__commode
_set_fmode
__acrt_iob_func
Number of PE resources by type
RT_MANIFEST 1
Number of PE resources by language
ENGLISH US 1
PE resources
Debug information
ExifTool file metadata
MIMEType
application/octet-stream

Subsystem
Windows command line

MachineType
Intel 386 or later, and compatibles

FileTypeExtension
exe

TimeStamp
2019:01:14 19:59:48+01:00

FileType
Win32 EXE

PEType
PE32

CodeSize
6656

LinkerVersion
14.16

ImageFileCharacteristics
Executable, 32-bit

EntryPoint
0x1ddb

InitializedDataSize
8192

SubsystemVersion
6.0

ImageVersion
0.0

OSVersion
6.0

UninitializedDataSize
0

File identification
MD5 72501bf23338a9233ccdc303475f9a9b
SHA1 c91b2e2ef23b63c89ce1d6d9717652251a1c20e5
SHA256 9af5e2ddb14e02897ca039ced231e5f1a277e26f9be31ec92e633bc7d8733bea
ssdeep
384:4k5gIsl3Tiuw6evP8JtkXQK9276jm9Mo5:4hrIP8rkXQK076a9v

authentihash a4786b10f7b66c788ce62884854bd4ca9a8a662406366f367150be2926512920
imphash 4efab9dab814e1f1498b571087a6a9fb
File size 15.0 KB ( 15360 bytes )
File type Win32 EXE
Magic literal
PE32 executable for MS Windows (console) Intel 80386 32-bit

TrID Win32 Executable MS Visual C++ (generic) (41.0%)
Win64 Executable (generic) (36.3%)
Win32 Dynamic Link Library (generic) (8.6%)
Win32 Executable (generic) (5.9%)
OS/2 Executable (generic) (2.6%)
Tags
peexe

VirusTotal metadata
First submission 2019-02-02 20:34:06 UTC ( 3 months, 3 weeks ago )
Last submission 2019-02-02 20:34:06 UTC ( 3 months, 3 weeks ago )
File names TFRBB88.exe
No comments. No VirusTotal Community member has commented on this item yet, be the first one to do so!

Leave your comment...

?
Post comment

You have not signed in. Only registered users can leave comments, sign in and have a voice!

No votes. No one has voted on this item yet, be the first one to do so!