× Cookies are disabled! This site requires cookies to be enabled to work properly
SHA256: 9e2229daedf3853159f6191d8fe7f932da7aba120b32ee2a8b39e081ba304c93
File name: 9e2229daedf3853159f6191d8fe7f932da7aba120b32ee2a8b39e081ba304c93
Detection ratio: 9 / 69
Analysis date: 2018-10-07 03:04:22 UTC ( 1 month, 1 week ago ) View latest
Antivirus Result Update
CMC Trojan.Win32.Obfuscated.en!O 20181006
CrowdStrike Falcon (ML) malicious_confidence_90% (D) 20180723
Cylance Unsafe 20181007
Emsisoft Trojan.Emotet (A) 20181006
Endgame malicious (high confidence) 20180730
NANO-Antivirus Virus.Win32.Gen.ccmw 20181007
Qihoo-360 HEUR/QVM20.1.5B03.Malware.Gen 20181007
Rising Malware.Heuristic!ET#83% (RDM+:cmRtazpGjtaz2M/zwfCghLQIxhLz) 20181007
SentinelOne (Static ML) static engine - malicious 20180926
Ad-Aware 20181007
AegisLab 20181007
AhnLab-V3 20181006
Alibaba 20180921
ALYac 20181007
Antiy-AVL 20181007
Arcabit 20181007
Avast 20181007
Avast-Mobile 20181006
AVG 20181007
Avira (no cloud) 20181006
AVware 20180925
Babable 20180918
Baidu 20180930
BitDefender 20181007
Bkav 20181005
CAT-QuickHeal 20181006
ClamAV 20181006
Comodo 20181006
Cybereason 20180225
Cyren 20181007
DrWeb 20181007
eGambit 20181007
ESET-NOD32 20181007
F-Prot 20181007
F-Secure 20181007
Fortinet 20181007
GData 20181007
Ikarus 20181006
Sophos ML 20180717
Jiangmin 20181007
K7AntiVirus 20181007
K7GW 20181006
Kaspersky 20181007
Kingsoft 20181007
Malwarebytes 20181007
MAX 20181007
McAfee 20181007
McAfee-GW-Edition 20181007
Microsoft 20181007
eScan 20181007
Palo Alto Networks (Known Signatures) 20181007
Panda 20181006
Sophos AV 20181007
SUPERAntiSpyware 20181006
Symantec 20181006
Symantec Mobile Insight 20181001
TACHYON 20181006
Tencent 20181007
TheHacker 20181001
TotalDefense 20181006
TrendMicro 20181007
TrendMicro-HouseCall 20181007
Trustlook 20181007
VBA32 20181005
VIPRE 20181007
ViRobot 20181006
Webroot 20181007
Yandex 20181005
Zillya 20181005
ZoneAlarm by Check Point 20181007
Zoner 20181006
The file being studied is a Portable Executable file! More specifically, it is a Win32 EXE file for the Windows GUI subsystem.
PE header basic information
Target machine Intel 386 or later processors and compatible processors
Compilation timestamp 2018-03-01 09:39:18
Entry Point 0x00011C6F
Number of sections 4
PE sections
PE imports
InitiateSystemShutdownA
GetSidSubAuthority
IsValidSid
InitiateSystemShutdownExW
GetOldestEventLogRecord
GetSecurityDescriptorOwner
GetFileSecurityA
LogonUserExW
FreeEncryptionCertificateHashList
GetWindowsAccountDomainSid
InitializeSid
GetEventLogInformation
GetClusterFromResource
GetOpenFileNameA
GetSystemPaletteEntries
GetRandomRgn
GetDeviceCaps
DeleteDC
LineDDA
GetWorldTransform
GetMetaFileA
FillPath
GdiComment
GetTextExtentPointW
FillRgn
GetMiterLimit
EqualRgn
GetViewportExtEx
ExtCreateRegion
GdiFlush
GdiSetBatchLimit
GetCharWidthFloatA
DeleteObject
GetTextColor
ExtCreatePen
GetFontData
GetCharWidth32A
GetTextExtentPoint32W
DefineDosDeviceW
FreeConsole
GetDriveTypeW
WriteProcessMemory
GetPrivateProfileStructA
GetOverlappedResult
GetLastError
GetProfileSectionW
GetProcessTimes
GetSystemTimes
lstrcmpiW
GetStdHandle
FindFirstChangeNotificationW
GetProcessId
SetConsoleHistoryInfo
GetQueuedCompletionStatus
GetCurrentProcess
GetVolumeInformationA
FlushConsoleInputBuffer
GetFileType
GetPrivateProfileStringA
DecodePointer
WriteProfileStringA
GetCalendarInfoW
GetLogicalDrives
DeleteFileW
GetUserDefaultLCID
WriteProfileStringW
GetCurrentThread
EnumSystemCodePagesW
GetComputerNameW
GetProfileStringW
GetTempPathA
EraseTape
LocalFlags
lstrcmpA
GetFileAttributesA
FormatMessageA
lstrcpyA
FindNextVolumeMountPointW
DeleteAtom
GetVolumeNameForVolumeMountPointW
GetMailslotInfo
GetStringTypeExA
GetDynamicTimeZoneInformation
GetStringTypeW
ExpandEnvironmentStringsA
EscapeCommFunction
FindCloseChangeNotification
EnumSystemCodePagesA
LoadResource
GetCommState
VirtualFree
GetComputerNameExW
GetProfileIntA
VirtualFreeEx
GetSystemWindowsDirectoryW
LZSeek
GetRecordInfoFromTypeInfo
GetRecordInfoFromGuids
FindExecutableA
ExtractIconW
EnumerateSecurityPackagesW
DecryptMessage
GetClassInfoExW
GetCursorInfo
GetScrollRange
EnumWindows
DestroyAcceleratorTable
GetMessageW
DefWindowProcA
FindWindowA
LoadImageA
GetDlgItemTextA
DrawTextExW
GetMessageExtraInfo
GetWindowTextLengthW
DestroyCaret
GetClipboardSequenceNumber
GetMenuBarInfo
GetProcessDefaultLayout
GetTitleBarInfo
DrawIconEx
GetMenuStringW
DrawMenuBar
GetClassNameW
DrawFocusRect
GetSysColor
LoadImageW
LoadIconA
GetTopWindow
DefDlgProcA
GetWindowTextW
DeferWindowPos
GetDialogBaseUnits
FindWindowExW
GetMenuItemID
GetWindowLongW
GetWindowTextA
GetUserObjectSecurity
GetRawInputDeviceList
FindClosePrinterChangeNotification
GetPrinterW
GetStandardColorSpaceProfileW
strtol
tolower
strcspn
fwrite
memset
vfprintf
fwprintf
strcmp
GetClassFileOrMime
Number of PE resources by type
BINARY 1
Number of PE resources by language
NEUTRAL 1
PE resources
Debug information
ExifTool file metadata
MIMEType
application/octet-stream

Subsystem
Windows GUI

SubsystemVersion
5.0

MachineType
Intel 386 or later, and compatibles

TimeStamp
2018:03:01 10:39:18+01:00

FileType
Win32 EXE

PEType
PE32

CodeSize
520192

LinkerVersion
12.0

FileTypeExtension
exe

InitializedDataSize
77824

ImageFileCharacteristics
No relocs, Executable, 32-bit

EntryPoint
0x11c6f

OSVersion
5.0

ImageVersion
0.0

UninitializedDataSize
0

File identification
MD5 7cdd9a07223f5ce975884ef3fb90ad87
SHA1 cbaba405d1744b6ee2c8f9655cecdb7f3a9b6823
SHA256 9e2229daedf3853159f6191d8fe7f932da7aba120b32ee2a8b39e081ba304c93
ssdeep
6144:tU2eJDOlwIi3zYn8YCApmDSfDW3nEB/p:tTeJz3k8YCApql3gp

authentihash 1e4356ef6093feb210b408819134f3e3df04f159b702495869dcf0741ffc267f
imphash f2e0aee1b39ee6423412518e98650e7c
File size 584.0 KB ( 598016 bytes )
File type Win32 EXE
Magic literal
PE32 executable for MS Windows (GUI) Intel 80386 32-bit

TrID Win32 Executable (generic) (42.7%)
OS/2 Executable (generic) (19.2%)
Generic Win/DOS Executable (18.9%)
DOS Executable Generic (18.9%)
Tags
peexe

VirusTotal metadata
First submission 2018-10-07 03:04:22 UTC ( 1 month, 1 week ago )
Last submission 2018-10-07 03:04:22 UTC ( 1 month, 1 week ago )
File names KkwSE4MPAsx.exe
Egz0Ay3pm.exe
Dle6t6eLxC.exe
DEy5AKuxbIx8.exe
fltrbundle.exe
5ISweQOOqcq6.exe
lOJBCmpYl.exe
No comments. No VirusTotal Community member has commented on this item yet, be the first one to do so!

Leave your comment...

?
Post comment

You have not signed in. Only registered users can leave comments, sign in and have a voice!

No votes. No one has voted on this item yet, be the first one to do so!