× Cookies are disabled! This site requires cookies to be enabled to work properly
SHA256: 9ec60c8e57ba5388b83f14d5f4ef5872a1475d8b6f619be002f4cc744ebfd4c5
File name: bd50907180cf6229afd94e736e1fb9d1
Detection ratio: 50 / 66
Analysis date: 2018-08-11 12:05:19 UTC ( 1 month, 1 week ago )
Antivirus Result Update
Ad-Aware Gen:Variant.Zusy.138181 20180811
AhnLab-V3 Malware/Win32.Generic.C824234 20180811
ALYac Gen:Variant.Zusy.138181 20180811
Antiy-AVL Trojan[Banker]/Win32.Tinba 20180811
Arcabit Trojan.Zusy.D21BC5 20180811
Avira (no cloud) TR/Crypt.ZPACK.Gen7 20180811
AVware Trojan.Win32.Carberp.i (v) 20180811
Baidu Win32.Trojan.WisdomEyes.16070401.9500.9999 20180810
BitDefender Gen:Variant.Zusy.138181 20180811
CAT-QuickHeal Trojan.Generic.S1562979 20180811
ClamAV Win.Trojan.Zusy-6417556-0 20180811
Comodo TrojWare.Win32.Tinba.CZBS 20180811
CrowdStrike Falcon (ML) malicious_confidence_100% (D) 20180723
Cybereason malicious.180cf6 20180225
Cylance Unsafe 20180811
Cyren W32/S-4c9d71b4!Eldorado 20180811
DrWeb Trojan.PWS.Tinba 20180811
Emsisoft Gen:Variant.Zusy.138181 (B) 20180811
Endgame malicious (high confidence) 20180730
ESET-NOD32 Win32/Tinba.BF 20180811
F-Prot W32/S-4c9d71b4!Eldorado 20180811
F-Secure Gen:Variant.Zusy.138181 20180811
Fortinet W32/Glupteba.M!tr 20180811
GData Gen:Variant.Zusy.138181 20180811
Ikarus Trojan.Win32.Crypt 20180811
Sophos ML heuristic 20180717
K7AntiVirus Trojan ( 004b5de91 ) 20180811
K7GW Trojan ( 004b5de91 ) 20180811
Kaspersky HEUR:Trojan.Win32.Generic 20180811
Malwarebytes Trojan.Agent.ALTV 20180811
MAX malware (ai score=83) 20180811
McAfee Packed-DG!BD50907180CF 20180811
McAfee-GW-Edition BehavesLike.Win32.Dropper.cm 20180811
Microsoft Trojan:Win32/Tinba.F 20180811
eScan Gen:Variant.Zusy.138181 20180811
NANO-Antivirus Trojan.Win32.Tinba.dohmvu 20180811
Qihoo-360 HEUR/QVM07.1.1CF7.Malware.Gen 20180811
Rising Trojan.Kryptik!1.AE58 (CLASSIC) 20180811
SentinelOne (Static ML) static engine - malicious 20180701
Sophos AV Troj/Glupteba-F 20180811
SUPERAntiSpyware Trojan.Agent/Gen-Malagent 20180811
Symantec Trojan.Gen.2 20180810
TheHacker Trojan/Kryptik.czbs 20180807
VBA32 TrojanPSW.Tinba 20180810
VIPRE Trojan.Win32.Carberp.i (v) 20180811
ViRobot Trojan.Win32.Inject.177900 20180811
Webroot W32.Trojan.Gen 20180811
Yandex Trojan.PWS.Tinba! 20180810
Zillya Trojan.Kryptik.Win32.1265704 20180810
ZoneAlarm by Check Point HEUR:Trojan.Win32.Generic 20180811
AegisLab 20180811
Avast-Mobile 20180811
Babable 20180725
Bkav 20180810
CMC 20180811
eGambit 20180811
Jiangmin 20180811
Kingsoft 20180811
Palo Alto Networks (Known Signatures) 20180811
Panda 20180811
Symantec Mobile Insight 20180809
TACHYON 20180811
Tencent 20180811
TotalDefense 20180811
TrendMicro 20180811
TrendMicro-HouseCall 20180811
Trustlook 20180811
Zoner 20180810
The file being studied is a Portable Executable file! More specifically, it is a Win32 EXE file.
PE header basic information
Target machine Intel 386 or later processors and compatible processors
Compilation timestamp 2014-12-20 21:50:39
Entry Point 0x00018256
Number of sections 4
PE sections
Overlays
MD5 49d528fb2d92e5ca192784fab09742df
File type data
Offset 135168
Size 36902
Entropy 3.87
PE imports
RegDeleteKeyA
OpenServiceA
QueryServiceConfigA
GetExplicitEntriesFromAclW
AllocateAndInitializeSid
GetServiceKeyNameA
RegFlushKey
ChangeServiceConfig2W
OpenProcessToken
MakeAbsoluteSD
SetServiceStatus
OpenEventLogA
ObjectDeleteAuditAlarmW
SetServiceObjectSecurity
ChangeServiceConfig2A
LookupAccountNameW
CloseEventLog
LsaSetInformationPolicy
RegQueryMultipleValuesA
GetTokenInformation
GetKernelObjectSecurity
IsValidSid
ImpersonateSelf
LsaAddAccountRights
GetUserNameA
BuildExplicitAccessWithNameW
GetAuditedPermissionsFromAclA
AccessCheckAndAuditAlarmA
SetEntriesInAclW
RegSetValueExW
MakeSelfRelativeSD
ReportEventW
BackupEventLogA
LogonUserA
GetSecurityDescriptorSacl
GetTrusteeNameW
LsaDeleteTrustedDomain
GetClusterNodeKey
OpenCluster
ClusterGroupControl
SetClusterName
CloseClusterNode
ClusterNodeControl
CloseCluster
ClusterNetworkEnum
DrawStatusTextW
ImageList_BeginDrag
ImageList_Destroy
ImageList_Create
FlatSB_GetScrollRange
FlatSB_GetScrollProp
ImageList_GetDragImage
ImageList_DragLeave
Ord(16)
ImageList_SetOverlayImage
ImageList_DragEnter
CreatePatternBrush
GetFontLanguageInfo
ImmGetIMEFileNameA
GetCPInfo
GetStartupInfoA
GetModuleHandleA
GetConsoleOutputCP
_except_handler3
__p__fmode
_acmdln
_adjust_fdiv
__setusermatherr
__p__commode
exit
_XcptFilter
__getmainargs
_initterm
_exit
_controlfp
__set_app_type
SafeArrayUnaccessData
SafeArrayUnlock
VarDateFromI2
BstrFromVector
LoadTypeLibEx
VarR4FromStr
QueryPathOfRegTypeLib
VarCyFromUI2
RasGetConnectStatusA
RasGetEntryDialParamsW
ResUtilVerifyPropertyTable
ResUtilGetProperty
ResUtilResourcesEqual
ResUtilVerifyService
ResUtilStopService
ResUtilFreeParameterBlock
ResUtilGetMultiSzProperty
ResUtilGetPrivateProperties
ResUtilEnumResources
ResUtilSetSzValue
ResUtilSetPropertyTable
ResUtilGetBinaryValue
ResUtilPropertyListFromParameterBlock
ResUtilVerifyResourceService
ResUtilEnumPrivateProperties
ResUtilGetSzProperty
SetupAddToSourceListW
SetupDiOpenDeviceInfoA
SetupDiLoadClassIcon
SetupSetSourceListA
SetupDiCancelDriverInfoSearch
SetupDiUnremoveDevice
SetupDiSelectOEMDrv
SetupGetMultiSzFieldA
SetupDiSetDeviceRegistryPropertyW
SetupRemoveFileLogEntryW
SetupDiGetSelectedDevice
SetupDiDeleteDevRegKey
SetupDiGetDeviceInterfaceDetailA
SetupInstallFileExW
SetupDiGetDeviceInterfaceAlias
SetupGetInfFileListA
SetupOpenAppendInfFileW
SetupDiCallClassInstaller
SetupPromptForDiskA
SetupDiGetHwProfileListExA
SetupDecompressOrCopyFileA
SetupCopyErrorA
SetupDiSetClassInstallParamsW
SetupInstallFromInfSectionW
SetupInstallServicesFromInfSectionW
SetupAdjustDiskSpaceListA
SetupOpenFileQueue
SetupDiInstallDriverFiles
SetupSetDirectoryIdW
SetupQueueCopySectionW
SetupDiGetHwProfileFriendlyNameExA
SetupQueueDeleteSectionA
SetupDiGetDriverInstallParamsA
SetupDiGetClassInstallParamsA
SetupInstallFromInfSectionA
SetupDiSetSelectedDriverA
SetupGetFileCompressionInfoW
SetupScanFileQueueA
SetupDiSetDeviceInstallParamsA
SetupDiRemoveDevice
SetupGetInfInformationW
SetupCommitFileQueueA
SetupDiGetActualSectionToInstallW
SetupDiGetDeviceInstallParamsW
SetupDiOpenDeviceInterfaceW
SetupDefaultQueueCallbackA
SetupDiEnumDeviceInfo
SetupGetLineCountA
SetupDiClassGuidsFromNameA
SetupDiCreateDevRegKeyA
SetupGetSourceFileLocationA
SetupLogErrorA
SetupDiGetClassImageListExA
SetupQueueDeleteA
SetupTermDefaultQueueCallback
SetupCreateDiskSpaceListA
SetupGetLineByIndexA
SetupDiSelectBestCompatDrv
SetupQueueRenameA
SetupPromptReboot
SetupLogErrorW
SetupQueryDrivesInDiskSpaceListW
SetupDiGetClassImageListExW
SetupRemoveInstallSectionFromDiskSpaceListW
SetupDiGetClassDevPropertySheetsW
SetupDiChangeState
SetupQueueDeleteW
SetupLogFileW
SHBrowseForFolderA
GetClipboardViewer
DrawAnimatedRects
CountClipboardFormats
UnregisterHotKey
GetDialogBaseUnits
CreateDialogParamA
GetWindowTextA
GetDC
DrawCaption
FtpFindFirstFileA
HttpOpenRequestA
RetrieveUrlCacheEntryFileA
InternetGetConnectedState
CreateUrlCacheEntryW
HttpEndRequestA
GetUrlCacheEntryInfoExA
SetUrlCacheEntryInfoW
GopherOpenFileA
GopherFindFirstFileW
InternetWriteFile
InternetCloseHandle
RetrieveUrlCacheEntryStreamA
InternetGetCookieA
InternetQueryOptionA
InternetGetLastResponseInfoW
FtpRenameFileW
FindFirstUrlCacheEntryExW
InternetLockRequestFile
InternetTimeToSystemTime
CommitUrlCacheEntryW
InternetCheckConnectionA
InternetFindNextFileA
HttpAddRequestHeadersW
CommitUrlCacheEntryA
FindFirstUrlCacheEntryA
FtpRenameFileA
InternetCrackUrlA
GopherGetAttributeA
waveInGetDevCapsA
mciGetErrorStringA
mixerMessage
timeBeginPeriod
PrintDlgA
FindTextA
ChooseFontA
CoLockObjectExternal
CoCreateGuid
StgOpenStorage
CoFreeAllLibraries
CoDisconnectObject
OleMetafilePictFromIconAndLabel
CoMarshalInterface
OleQueryCreateFromData
CoRevokeMallocSpy
URLOpenPullStreamW
HlinkGoForward
FindMediaType
CoInternetCompareUrl
CreateURLMoniker
URLDownloadToCacheFileW
SetSoftwareUpdateAdvertisementState
CoInternetGetProtocolFlags
Number of PE resources by type
RT_VERSION 1
Number of PE resources by language
RUSSIAN 1
PE resources
File identification
MD5 bd50907180cf6229afd94e736e1fb9d1
SHA1 3a8001640bdd1d23fa64cbdb6522db7cad12b9cf
SHA256 9ec60c8e57ba5388b83f14d5f4ef5872a1475d8b6f619be002f4cc744ebfd4c5
ssdeep
3072:h+//K1KJAR6KtqDSB8NojBOryOIy4IwiyO+//K1KJR3l:WKkmVtqWB8NojgrvIy4RiypKkfl

authentihash c57bf8433ee17902b574083cf6e7a5d4339e8fe0028a95387833d8c408d8c75c
imphash be86c10d4d453d99dbab89cf2316e087
File size 168.0 KB ( 172070 bytes )
File type Win32 EXE
Magic literal
PE32 executable for MS Windows (GUI) Intel 80386 32-bit

TrID Win32 Executable MS Visual C++ (generic) (41.0%)
Win64 Executable (generic) (36.3%)
Win32 Dynamic Link Library (generic) (8.6%)
Win32 Executable (generic) (5.9%)
OS/2 Executable (generic) (2.6%)
Tags
peexe overlay

VirusTotal metadata
First submission 2018-08-11 12:05:19 UTC ( 1 month, 1 week ago )
Last submission 2018-08-11 12:05:19 UTC ( 1 month, 1 week ago )
No comments. No VirusTotal Community member has commented on this item yet, be the first one to do so!

Leave your comment...

?
Post comment

You have not signed in. Only registered users can leave comments, sign in and have a voice!

No votes. No one has voted on this item yet, be the first one to do so!
Condensed report! The following is a condensed report of the behaviour of the file when executed in a controlled environment. The actions and events described were either performed by the file itself or by any other process launched by the executed file or subjected to code injection by the executed file.
Opened files
Read files
Written files
Created processes
Opened mutexes
Runtime DLLs