× Cookies are disabled! This site requires cookies to be enabled to work properly
SHA256: 9b01266634202e07193010e99e12e3d0bc140d66c5a7c0faac962fecfbd22f9d
File name: 29bda6f176aac3ba87b18546115854e9
Detection ratio: 40 / 70
Analysis date: 2019-01-18 02:29:13 UTC ( 2 months ago ) View latest
Antivirus Result Update
Ad-Aware Trojan.GenericKD.31526919 20190118
AhnLab-V3 Trojan/Win32.Gandcrab.C2925184 20190118
ALYac Trojan.GenericKD.31526919 20190118
Antiy-AVL Trojan[Ransom]/Win32.Chapak.a 20190118
Arcabit Trojan.Generic.D1E11007 20190118
Avast Win32:CrypterX-gen [Trj] 20190118
AVG Win32:CrypterX-gen [Trj] 20190118
BitDefender Trojan.GenericKD.31526919 20190118
CrowdStrike Falcon (ML) malicious_confidence_90% (W) 20181023
Cylance Unsafe 20190118
Cyren W32/Trojan.KSZT-5392 20190118
Emsisoft Trojan.GenericKD.31526919 (B) 20190117
Endgame malicious (high confidence) 20181108
ESET-NOD32 a variant of Win32/Kryptik.GOPM 20190117
F-Prot W32/Kryptik.PC.gen!Eldorado 20190117
F-Secure Trojan.GenericKD.31526919 20190117
Fortinet W32/Kryptik.GOOR!tr 20190117
GData Trojan.GenericKD.31526919 20190117
Ikarus Trojan.Win32.Crypt 20190117
Sophos ML heuristic 20181128
K7GW Trojan ( 005458981 ) 20190117
Kaspersky Backdoor.Win32.Androm.qzun 20190117
Malwarebytes Trojan.MalPack 20190117
McAfee Trojan-FPST!29BDA6F176AA 20190117
McAfee-GW-Edition Trojan-FPST!29BDA6F176AA 20190117
Microsoft Trojan:Win32/Injeber.A!bit 20190117
eScan Trojan.GenericKD.31526919 20190117
Palo Alto Networks (Known Signatures) generic.ml 20190118
Panda Trj/GdSda.A 20190117
Qihoo-360 Win32/Backdoor.ee0 20190118
Rising Backdoor.Androm!8.113 (CLOUD) 20190117
Sophos AV Mal/Generic-S 20190117
Symantec Trojan.Gen.2 20190117
Tencent Win32.Trojan.Inject.Auto 20190118
Trapmine malicious.high.ml.score 20190103
TrendMicro TROJ_GEN.R061C0WAF19 20190117
TrendMicro-HouseCall TROJ_GEN.R061C0WAF19 20190118
VBA32 BScope.Trojan.Diple 20190117
Webroot W32.Trojan.Gen 20190118
ZoneAlarm by Check Point Backdoor.Win32.Androm.qzun 20190118
Acronis 20190117
AegisLab 20190118
Alibaba 20180921
Avast-Mobile 20190117
Avira (no cloud) 20190117
Babable 20180918
Baidu 20190117
Bkav 20190117
CAT-QuickHeal 20190117
ClamAV 20190117
CMC 20190117
Comodo 20190118
Cybereason 20190109
DrWeb 20190118
eGambit 20190118
Jiangmin 20190117
K7AntiVirus 20190117
Kingsoft 20190118
MAX 20190118
NANO-Antivirus 20190117
SentinelOne (Static ML) 20181223
SUPERAntiSpyware 20190116
TACHYON 20190118
TheHacker 20190115
TotalDefense 20190117
Trustlook 20190118
ViRobot 20190117
Yandex 20190117
Zillya 20190117
Zoner 20190118
The file being studied is a Portable Executable file! More specifically, it is a Win32 EXE file for the Windows GUI subsystem.
FileVersionInfo properties
PE header basic information
Target machine Intel 386 or later processors and compatible processors
Compilation timestamp 2017-08-22 05:48:09
Entry Point 0x00002CCA
Number of sections 5
PE sections
PE imports
SetPixelV
CreateDiscardableBitmap
CreateCompatibleDC
SetStretchBltMode
GetStdHandle
GetConsoleOutputCP
HeapDestroy
FreeEnvironmentStringsA
DeleteCriticalSection
GetCurrentProcess
GetConsoleMode
GetLocaleInfoA
FreeEnvironmentStringsW
GetLocaleInfoW
SetStdHandle
GetCPInfo
GetStringTypeA
InterlockedExchange
FindResourceExW
GetSystemTimeAsFileTime
HeapReAlloc
GetStringTypeW
FreeLibrary
InterlockedDecrement
SetLastError
IsDebuggerPresent
HeapAlloc
GetModuleFileNameA
FillConsoleOutputCharacterW
EnumSystemLocalesA
SetConsoleCtrlHandler
UnhandledExceptionFilter
TlsGetValue
MultiByteToWideChar
FatalAppExitA
SetUnhandledExceptionFilter
ExitThread
SetEnvironmentVariableA
TerminateProcess
FindCloseChangeNotification
WriteConsoleA
GetCurrentThreadId
InterlockedIncrement
WriteConsoleW
InitializeCriticalSectionAndSpinCount
HeapFree
EnterCriticalSection
SetHandleCount
LoadLibraryW
GetOEMCP
QueryPerformanceCounter
GetTickCount
TlsAlloc
VirtualProtect
FlushFileBuffers
LoadLibraryA
RtlUnwind
GetStartupInfoA
GetDateFormatA
AddAtomA
GetStartupInfoW
FindActCtxSectionGuid
GetProcAddress
GetComputerNameW
CompareStringW
CompareStringA
IsValidLocale
GetUserDefaultLCID
GetTimeZoneInformation
GetFileType
TlsSetValue
CreateFileA
ExitProcess
LeaveCriticalSection
GetLastError
LCMapStringW
FindFirstChangeNotificationA
GlobalFree
GetConsoleCP
LCMapStringA
SetProcessShutdownParameters
GetEnvironmentStringsW
GetEnvironmentStrings
GetCurrentProcessId
GetCurrentDirectoryA
HeapSize
GetCommandLineA
GetCurrentThread
RaiseException
TlsFree
SetFilePointer
CloseHandle
GetACP
GetModuleHandleW
GetSystemTimeAdjustment
WideCharToMultiByte
IsValidCodePage
HeapCreate
WriteFile
VirtualFree
Sleep
VirtualAlloc
GetTimeFormatA
ShellAboutA
ShellExecuteW
DragQueryFileW
BeginPaint
CallMsgFilterA
MapVirtualKeyExA
PeekMessageA
CloseClipboard
GetNextDlgTabItem
GetClipboardSequenceNumber
OpenClipboard
Number of PE resources by type
RT_DIALOG 2
RT_BITMAP 2
RT_ICON 1
RT_STRING 1
RT_VERSION 1
RT_GROUP_ICON 1
Number of PE resources by language
SERBIAN DEFAULT 8
PE resources
ExifTool file metadata
UninitializedDataSize
0

LinkerVersion
9.0

ImageVersion
0.0

FileVersionNumber
1.0.0.0

LanguageCode
Unknown (457A)

FileFlagsMask
0x004f

ImageFileCharacteristics
Executable, Large address aware, 32-bit

CharacterSet
Unknown (A56B)

InitializedDataSize
133632

EntryPoint
0x2cca

MIMEType
application/octet-stream

Subsystem
Windows GUI

FileVersion
4.5.2.35

TimeStamp
2017:08:21 22:48:09-07:00

FileType
Win32 EXE

PEType
PE32

InternalName
subopeyovi.exe

SubsystemVersion
5.0

OSVersion
5.0

FileOS
Unknown (0x40534)

LegalCopyright
Copyright (C) 2018, vofihi

MachineType
Intel 386 or later, and compatibles

CodeSize
148992

FileSubtype
0

ProductVersionNumber
1.0.0.0

FileTypeExtension
exe

ObjectFileType
Executable application

Execution parents
File identification
MD5 29bda6f176aac3ba87b18546115854e9
SHA1 e79758d8f344337c9aaa6c3cb150db5760804b6d
SHA256 9b01266634202e07193010e99e12e3d0bc140d66c5a7c0faac962fecfbd22f9d
ssdeep
3072:ngYo+VvgnXMr+Jie84DjcykDoUS5MvnZE:ngsVY8McykDlrB

authentihash dd0fb8b50b3354d7360741fd9a31b793ecd3576832d30ac17b18351c0badf977
imphash 58e7f0f98ee06a849a6082ba7ae3bd7a
File size 259.5 KB ( 265728 bytes )
File type Win32 EXE
Magic literal
PE32 executable for MS Windows (GUI) Intel 80386 32-bit

TrID Win32 Executable MS Visual C++ (generic) (41.0%)
Win64 Executable (generic) (36.3%)
Win32 Dynamic Link Library (generic) (8.6%)
Win32 Executable (generic) (5.9%)
OS/2 Executable (generic) (2.6%)
Tags
peexe

VirusTotal metadata
First submission 2019-01-14 20:40:47 UTC ( 2 months ago )
Last submission 2019-01-14 20:40:47 UTC ( 2 months ago )
File names 6c01.tmp.exe
kKFCrw85HM.exe
No comments. No VirusTotal Community member has commented on this item yet, be the first one to do so!

Leave your comment...

?
Post comment

You have not signed in. Only registered users can leave comments, sign in and have a voice!

No votes. No one has voted on this item yet, be the first one to do so!
Condensed report! The following is a condensed report of the behaviour of the file when executed in a controlled environment. The actions and events described were either performed by the file itself or by any other process launched by the executed file or subjected to code injection by the executed file.
Opened files
Read files
Created processes
Opened mutexes
Runtime DLLs