× Cookies are disabled! This site requires cookies to be enabled to work properly
SHA256: 9d722a8f090855a0befbddb3122b568cf965117e24f15fefea24ea9338c0d23d
File name: tekex.exe
Detection ratio: 19 / 68
Analysis date: 2018-07-16 06:54:52 UTC ( 8 months, 1 week ago ) View latest
Antivirus Result Update
AhnLab-V3 Trojan/Win32.Fynloski.R231067 20180715
Babable Malware.HighConfidence 20180406
Comodo TrojWare.Win32.TrojanDownloader.Delf.gen 20180716
CrowdStrike Falcon (ML) malicious_confidence_100% (D) 20180530
Cybereason malicious.c1b24b 20180225
Cylance Unsafe 20180716
Endgame malicious (high confidence) 20180711
Ikarus Trojan-Spy.LokiBot 20180715
Sophos ML heuristic 20180601
K7AntiVirus Trojan ( 0052d4b21 ) 20180716
K7GW Trojan ( 0052d4b21 ) 20180716
Kaspersky HEUR:Trojan.Win32.Generic 20180716
Malwarebytes Trojan.PasswordStealer.ICO.Generic 20180716
Microsoft PWS:Win32/Pony.S 20180716
Palo Alto Networks (Known Signatures) generic.ml 20180716
SentinelOne (Static ML) static engine - malicious 20180701
Symantec Packed.Generic.532 20180716
VBA32 BScope.Backdoor.Remcos 20180713
ZoneAlarm by Check Point HEUR:Trojan.Win32.Generic 20180716
Ad-Aware 20180716
AegisLab 20180716
Alibaba 20180713
ALYac 20180716
Antiy-AVL 20180716
Arcabit 20180716
Avast 20180716
Avast-Mobile 20180716
AVG 20180716
Avira (no cloud) 20180716
AVware 20180716
Baidu 20180716
BitDefender 20180716
Bkav 20180713
CAT-QuickHeal 20180714
ClamAV 20180716
CMC 20180714
Cyren 20180716
DrWeb 20180716
eGambit 20180716
Emsisoft 20180716
ESET-NOD32 20180716
F-Prot 20180716
F-Secure 20180716
Fortinet 20180716
GData 20180716
Jiangmin 20180716
Kingsoft 20180716
MAX 20180716
McAfee 20180716
McAfee-GW-Edition 20180715
eScan 20180716
NANO-Antivirus 20180716
Panda 20180715
Qihoo-360 20180716
Rising 20180716
Sophos AV 20180716
SUPERAntiSpyware 20180715
TACHYON 20180716
Tencent 20180716
TheHacker 20180716
TrendMicro 20180716
TrendMicro-HouseCall 20180716
Trustlook 20180716
VIPRE 20180716
ViRobot 20180716
Webroot 20180716
Yandex 20180713
Zillya 20180713
Zoner 20180715
The file being studied is a Portable Executable file! More specifically, it is a Win32 EXE file for the Windows GUI subsystem.
Packers identified
F-PROT PE_Patch, Aspack
PEiD ASProtect v1.23 RC1
PE header basic information
Target machine Intel 386 or later processors and compatible processors
Compilation timestamp 1992-06-19 22:22:17
Entry Point 0x00001000
Number of sections 10
PE sections
PE imports
RegQueryValueExA
ImageList_SetIconSize
UnrealizeObject
GetProcAddress
GetModuleHandleA
LoadLibraryA
RaiseException
SysFreeString
SafeArrayPtrOfIndex
VariantChangeTypeEx
ShellExecuteA
SHGetFolderPathA
URLDownloadToFileA
CreateWindowExA
GetKeyboardType
VerQueryValueA
Number of PE resources by type
RT_STRING 17
RT_BITMAP 11
RT_GROUP_CURSOR 7
RT_CURSOR 7
RT_RCDATA 3
RT_ICON 2
RT_GROUP_ICON 2
Number of PE resources by language
NEUTRAL 46
RUSSIAN 2
ENGLISH US 1
PE resources
ExifTool file metadata
MIMEType
application/octet-stream

Subsystem
Windows GUI

MachineType
Intel 386 or later, and compatibles

FileTypeExtension
exe

TimeStamp
1992:06:19 23:22:17+01:00

FileType
Win32 EXE

PEType
PE32

CodeSize
388608

LinkerVersion
2.25

EntryPoint
0x1000

InitializedDataSize
465920

SubsystemVersion
4.0

ImageVersion
0.0

OSVersion
4.0

UninitializedDataSize
0

File identification
MD5 d987dcb2869c40f84082d523cd77262b
SHA1 484dcbac1b24bef0f828bff9e993e47b244dad7a
SHA256 9d722a8f090855a0befbddb3122b568cf965117e24f15fefea24ea9338c0d23d
ssdeep
12288:b+lvKv9JDupxX0dALSNWB3ZjDWMbr21+esTCmJJjQuA6V:a5Kv9Ape9e3dWMbiw2m7RA6

authentihash 8f0ee5394a18bb1d05f44599142ca23ce8320deba8e6c9e556005952d891c41d
imphash 7558ca226f81953fd416f6cf3869eb2b
File size 827.0 KB ( 846848 bytes )
File type Win32 EXE
Magic literal
PE32 executable for MS Windows (GUI) Intel 80386 32-bit

TrID Win32 Executable (generic) (35.7%)
Win16/32 Executable Delphi generic (16.4%)
OS/2 Executable (generic) (16.0%)
Generic Win/DOS Executable (15.8%)
DOS Executable Generic (15.8%)
Tags
peexe asprotect aspack

VirusTotal metadata
First submission 2018-07-16 06:54:52 UTC ( 8 months, 1 week ago )
Last submission 2018-07-18 06:50:17 UTC ( 8 months, 1 week ago )
File names d987dcb2.gxe
tekex.exe
No comments. No VirusTotal Community member has commented on this item yet, be the first one to do so!

Leave your comment...

?
Post comment

You have not signed in. Only registered users can leave comments, sign in and have a voice!

No votes. No one has voted on this item yet, be the first one to do so!
Condensed report! The following is a condensed report of the behaviour of the file when executed in a controlled environment. The actions and events described were either performed by the file itself or by any other process launched by the executed file or subjected to code injection by the executed file.
Opened files
Copied files
Deleted files
Created processes
Terminated processes
Opened mutexes
Runtime DLLs