× Cookies are disabled! This site requires cookies to be enabled to work properly
SHA256: 9d9b3d076bcc00d240abe7a49a1cc9180d670b6b5e1c9e4bbeba38be2c0acc37
File name: Z3iDss.jpg
Detection ratio: 9 / 70
Analysis date: 2018-12-10 04:51:49 UTC ( 5 months, 1 week ago ) View latest
Antivirus Result Update
Cylance Unsafe 20181210
Endgame malicious (high confidence) 20181108
Fortinet W32/GenKryptik.CNMT!tr.ransom 20181210
Sophos ML heuristic 20181128
Kaspersky UDS:DangerousObject.Multi.Generic 20181210
Microsoft Trojan:Win32/Fuerboos.C!cl 20181209
Palo Alto Networks (Known Signatures) generic.ml 20181210
Trapmine malicious.moderate.ml.score 20181205
ZoneAlarm by Check Point UDS:DangerousObject.Multi.Generic 20181210
Ad-Aware 20181210
AegisLab 20181210
AhnLab-V3 20181210
Alibaba 20180921
ALYac 20181210
Antiy-AVL 20181209
Arcabit 20181210
Avast 20181210
Avast-Mobile 20181209
AVG 20181210
Avira (no cloud) 20181209
Babable 20180918
Baidu 20181207
BitDefender 20181210
Bkav 20181208
CAT-QuickHeal 20181209
ClamAV 20181209
CMC 20181209
Comodo 20181210
CrowdStrike Falcon (ML) 20181022
Cybereason 20180225
Cyren 20181210
DrWeb 20181210
eGambit 20181210
Emsisoft 20181210
ESET-NOD32 20181210
F-Prot 20181210
F-Secure 20181210
GData 20181210
Ikarus 20181209
Jiangmin 20181210
K7AntiVirus 20181209
K7GW 20181209
Kingsoft 20181210
Malwarebytes 20181210
MAX 20181210
McAfee 20181210
McAfee-GW-Edition 20181209
eScan 20181210
NANO-Antivirus 20181210
Panda 20181209
Qihoo-360 20181210
Rising 20181210
SentinelOne (Static ML) 20181011
Sophos AV 20181210
SUPERAntiSpyware 20181205
Symantec 20181209
Symantec Mobile Insight 20181207
TACHYON 20181210
Tencent 20181210
TheHacker 20181202
TotalDefense 20181209
TrendMicro 20181210
TrendMicro-HouseCall 20181210
Trustlook 20181210
VBA32 20181207
VIPRE 20181209
ViRobot 20181209
Webroot 20181210
Yandex 20181207
Zillya 20181208
Zoner 20181207
The file being studied is a Portable Executable file! More specifically, it is a Win32 EXE file for the Windows GUI subsystem.
FileVersionInfo properties
File version 0.1.0.19
PE header basic information
Target machine Intel 386 or later processors and compatible processors
Compilation timestamp 2016-12-06 11:36:15
Entry Point 0x0000ED20
Number of sections 6
PE sections
PE imports
RegQueryValueA
RegOpenKeyExA
RegCloseKey
GetObjectA
CreateFontIndirectA
GetTextExtentPoint32A
GetStockObject
FreeLibrary
DeleteCriticalSection
GetStartupInfoA
CreateProcessA
EnterCriticalSection
InitializeCriticalSection
GetModuleHandleA
lstrcatA
WaitForSingleObject
SetEvent
GetWindowsDirectoryA
lstrcpyA
Sleep
ResetEvent
GetLogicalDrives
VirtualProtect
GetProcAddress
LoadLibraryA
LeaveCriticalSection
Ord(6197)
Ord(1775)
Ord(4080)
Ord(537)
Ord(4710)
Ord(2414)
Ord(3597)
Ord(1641)
Ord(3136)
Ord(2299)
Ord(6883)
Ord(2124)
Ord(2023)
Ord(3626)
Ord(755)
Ord(3798)
Ord(6052)
Ord(3721)
Ord(3610)
Ord(5290)
Ord(2446)
Ord(2370)
Ord(2864)
Ord(5875)
Ord(4441)
Ord(2915)
Ord(5628)
Ord(809)
Ord(795)
Ord(616)
Ord(815)
Ord(641)
Ord(5277)
Ord(2514)
Ord(909)
Ord(4425)
Ord(5199)
Ord(567)
Ord(941)
Ord(4465)
Ord(609)
Ord(2863)
Ord(5300)
Ord(1200)
Ord(3797)
Ord(1105)
Ord(4627)
Ord(1168)
Ord(3738)
Ord(4853)
Ord(348)
Ord(2982)
Ord(4234)
Ord(825)
Ord(3081)
Ord(4218)
Ord(5307)
Ord(801)
Ord(3574)
Ord(4424)
Ord(540)
Ord(4078)
Ord(2554)
Ord(556)
Ord(6376)
Ord(3584)
Ord(1727)
Ord(2365)
Ord(543)
Ord(2642)
Ord(696)
Ord(2379)
Ord(2725)
Ord(3874)
Ord(4998)
Ord(823)
Ord(5572)
Ord(656)
Ord(3749)
Ord(2512)
Ord(470)
Ord(541)
Ord(2578)
Ord(4274)
Ord(394)
Ord(6143)
Ord(2859)
Ord(3259)
Ord(4079)
Ord(1146)
Ord(3147)
Ord(2860)
Ord(6375)
Ord(324)
Ord(2621)
Ord(4398)
Ord(1088)
Ord(3262)
Ord(1576)
Ord(2614)
Ord(4353)
Ord(2575)
Ord(803)
Ord(5065)
Ord(4407)
Ord(4275)
Ord(3663)
Ord(3346)
Ord(858)
Ord(2396)
Ord(6358)
Ord(3831)
Ord(6374)
Ord(5280)
Ord(3825)
Ord(926)
Ord(1089)
Ord(2985)
Ord(3922)
Ord(2818)
Ord(4160)
Ord(4376)
Ord(3402)
Ord(3582)
Ord(800)
Ord(535)
Ord(2411)
Ord(3830)
Ord(2122)
Ord(2385)
Ord(3619)
Ord(663)
Ord(3079)
Ord(4396)
Ord(6334)
Ord(6880)
Ord(2055)
Ord(4837)
Ord(5241)
Ord(1776)
Ord(2648)
Ord(5714)
Ord(5289)
Ord(4185)
Ord(4622)
Ord(561)
Ord(5261)
Ord(2302)
Ord(924)
Ord(4486)
Ord(4698)
Ord(2976)
Ord(5163)
Ord(6055)
Ord(6199)
Ord(5265)
Ord(4673)
Ord(5302)
Ord(860)
Ord(5731)
??0Init@ios_base@std@@QAE@XZ
??1?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@XZ
??0?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@ABV?$allocator@D@1@@Z
??1_Winit@std@@QAE@XZ
??0?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@PBDABV?$allocator@D@1@@Z
??0_Winit@std@@QAE@XZ
??8std@@YA_NABV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@0@0@Z
??1Init@ios_base@std@@QAE@XZ
??9std@@YA_NABV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@0@0@Z
_except_handler3
_acmdln
_XcptFilter
__CxxFrameHandler
_setmbcp
_exit
_adjust_fdiv
memset
__p__commode
__dllonexit
_onexit
_controlfp
strcpy
__p__fmode
_mbsstr
__getmainargs
exit
_initterm
strlen
__setusermatherr
__set_app_type
ShellExecuteA
RedrawWindow
GetParent
PostMessageA
EnumWindows
ReleaseCapture
CopyIcon
KillTimer
MessageBeep
GetSystemMetrics
IsWindow
AppendMenuA
GetWindowRect
InflateRect
EnableWindow
SetCapture
DrawIcon
SetWindowLongA
GetSysColor
GetDC
DestroyCursor
ReleaseDC
SendMessageA
GetClientRect
IsIconic
InvalidateRect
SetTimer
LoadCursorA
LoadIconA
FlashWindow
GetSystemMenu
SetCursor
PtInRect
Number of PE resources by type
RT_ICON 1
RT_VERSION 1
RT_GROUP_ICON 1
Number of PE resources by language
NEUTRAL 2
CHINESE TRADITIONAL 1
PE resources
ExifTool file metadata
UninitializedDataSize
0

InitializedDataSize
118784

ImageVersion
0.0

FileVersionNumber
0.1.0.19

LanguageCode
Chinese (Traditional)

FileFlagsMask
0x003f

ImageFileCharacteristics
No relocs, Executable, No line numbers, No symbols, 32-bit

CharacterSet
Windows, Taiwan (Big5)

LinkerVersion
6.0

FileTypeExtension
exe

MIMEType
application/octet-stream

FileVersion
0.1.0.19

TimeStamp
2016:12:06 03:36:15-08:00

FileType
Win32 EXE

PEType
PE32

ProductVersion
1.0.0.0

SubsystemVersion
4.0

OSVersion
4.0

FileOS
Win32

Subsystem
Windows GUI

MachineType
Intel 386 or later, and compatibles

CompanyName
ASUSTeK Computer Inc.

CodeSize
61440

FileSubtype
0

ProductVersionNumber
0.1.0.19

EntryPoint
0xed20

ObjectFileType
Executable application

File identification
MD5 d404080222d2281802982fe927416290
SHA1 c0c6466fee1840922ae1df603c1b38d36841f1e8
SHA256 9d9b3d076bcc00d240abe7a49a1cc9180d670b6b5e1c9e4bbeba38be2c0acc37
ssdeep
3072:R4vhjxMapBECJj+iqM8dTxoze71zPjVPd4ySKeXLLrrMuZw7k/M9S:R4vhjxMapBHjvl2Txoze71zPjVPd4y1p

authentihash eb50f60c410cc9bd4d8a358066d45126cff78f5bf9757a357d048edb56d88220
imphash 9510ff1fadb140d5ef11ef34d3a1d018
File size 180.0 KB ( 184320 bytes )
File type Win32 EXE
Magic literal
PE32 executable for MS Windows (GUI) Intel 80386 32-bit

TrID Win32 Executable MS Visual C++ (generic) (33.7%)
Win64 Executable (generic) (29.8%)
Microsoft Visual C++ compiled executable (generic) (17.8%)
Win32 Dynamic Link Library (generic) (7.1%)
Win32 Executable (generic) (4.8%)
Tags
peexe via-tor

VirusTotal metadata
First submission 2018-12-10 04:51:49 UTC ( 5 months, 1 week ago )
Last submission 2018-12-22 05:59:53 UTC ( 5 months ago )
File names d404080222d2281802982fe927416290
d404080222d2281802982fe927416290
Z3iDss.jpg
No comments. No VirusTotal Community member has commented on this item yet, be the first one to do so!

Leave your comment...

?
Post comment

You have not signed in. Only registered users can leave comments, sign in and have a voice!

No votes. No one has voted on this item yet, be the first one to do so!
Condensed report! The following is a condensed report of the behaviour of the file when executed in a controlled environment. The actions and events described were either performed by the file itself or by any other process launched by the executed file or subjected to code injection by the executed file.
Opened files
Read files
Written files
Created processes
Code injections in the following processes
Opened mutexes
Runtime DLLs