× Cookies are disabled! This site requires cookies to be enabled to work properly
SHA256: 9f9dffef337e0f54efb93b9600a221a416a6cce804faa3a8430a4c9850585324
File name: p.exe
Detection ratio: 24 / 68
Analysis date: 2018-09-17 08:30:51 UTC ( 6 months ago ) View latest
Antivirus Result Update
AhnLab-V3 Trojan/Win32.Gandcrab.C2718743 20180917
BitDefender Gen:Variant.Graftor.518028 20180917
CrowdStrike Falcon (ML) malicious_confidence_80% (D) 20180723
Cybereason malicious.4c9818 20180225
Cylance Unsafe 20180917
Cyren W32/Trojan.SYCZ-7065 20180917
Emsisoft Gen:Variant.Graftor.518028 (B) 20180917
Endgame malicious (high confidence) 20180730
ESET-NOD32 a variant of Win32/GenKryptik.CLHC 20180917
GData Gen:Variant.Graftor.518028 20180917
Ikarus Trojan-PWS.Win32.Zbot 20180917
Sophos ML heuristic 20180717
Kaspersky Trojan.Win32.Chapak.auiq 20180917
MAX malware (ai score=83) 20180917
McAfee RDN/Generic.hra 20180917
McAfee-GW-Edition BehavesLike.Win32.Generic.ch 20180917
Microsoft Trojan:Win32/Vigorf.A 20180916
eScan Gen:Variant.Graftor.518028 20180917
Palo Alto Networks (Known Signatures) generic.ml 20180917
Qihoo-360 Win32/Trojan.Dropper.dd5 20180917
Rising Downloader.Vigorf!8.F626 (CLOUD) 20180917
Symantec ML.Attribute.HighConfidence 20180917
TrendMicro-HouseCall Suspicious_GEN.F47V0916 20180917
ZoneAlarm by Check Point Trojan.Win32.Chapak.auiq 20180917
Ad-Aware 20180913
AegisLab 20180917
Alibaba 20180713
ALYac 20180917
Antiy-AVL 20180916
Arcabit 20180917
Avast 20180917
Avast-Mobile 20180917
AVG 20180917
Avira (no cloud) 20180917
AVware 20180917
Babable 20180907
Baidu 20180914
Bkav 20180915
CAT-QuickHeal 20180917
ClamAV 20180917
CMC 20180916
Comodo 20180917
DrWeb 20180917
eGambit 20180917
F-Prot 20180917
F-Secure 20180917
Fortinet 20180917
Jiangmin 20180917
K7AntiVirus 20180917
K7GW 20180917
Kingsoft 20180917
Malwarebytes 20180917
NANO-Antivirus 20180917
Panda 20180916
SentinelOne (Static ML) 20180830
Sophos AV 20180917
SUPERAntiSpyware 20180907
Symantec Mobile Insight 20180911
TACHYON 20180917
Tencent 20180917
TheHacker 20180914
TotalDefense 20180915
TrendMicro 20180917
Trustlook 20180917
VBA32 20180914
VIPRE 20180917
ViRobot 20180917
Webroot 20180917
Yandex 20180915
Zillya 20180914
Zoner 20180916
The file being studied is a Portable Executable file! More specifically, it is a Win32 EXE file for the Windows GUI subsystem.
FileVersionInfo properties
PE header basic information
Target machine Intel 386 or later processors and compatible processors
Compilation timestamp 2018-01-19 14:53:21
Entry Point 0x000022CA
Number of sections 5
PE sections
PE imports
ReportEventA
FillPath
SetViewportOrgEx
GetLastError
InitializeCriticalSectionAndSpinCount
HeapFree
GetStdHandle
EnterCriticalSection
LCMapStringW
FindFirstChangeNotificationA
GetModuleFileNameW
GlobalFree
GetOEMCP
QueryPerformanceCounter
IsDebuggerPresent
GetTickCount
TlsAlloc
VirtualProtect
GetModuleFileNameA
RtlUnwind
IsProcessorFeaturePresent
HeapSetInformation
GetStartupInfoA
GetStartupInfoW
GetEnvironmentStringsW
HeapSize
LocalAlloc
AddAtomA
GetCPInfo
UnhandledExceptionFilter
TlsGetValue
MultiByteToWideChar
EnumTimeFormatsA
FillConsoleOutputCharacterA
SetHandleCount
GetCommandLineA
GetProcAddress
EncodePointer
GetFileType
RaiseException
WideCharToMultiByte
LoadLibraryW
TlsFree
FreeEnvironmentStringsW
DeleteCriticalSection
SetUnhandledExceptionFilter
lstrcpyA
GetCurrentProcess
DecodePointer
GetSystemTimeAsFileTime
TerminateProcess
GetACP
HeapReAlloc
GetStringTypeW
GetModuleHandleW
HeapAlloc
GetSystemTimeAdjustment
GlobalMemoryStatus
FindCloseChangeNotification
IsValidCodePage
HeapCreate
WriteFile
GlobalAlloc
FindAtomA
InterlockedDecrement
Sleep
FindNextChangeNotification
TlsSetValue
ExitProcess
GetCurrentThreadId
LeaveCriticalSection
GetCurrentProcessId
SetLastError
InterlockedIncrement
ExtractIconW
GetDesktopWindow
GetMenuState
GetAltTabInfoW
Number of PE resources by type
RT_DIALOG 2
RT_BITMAP 1
YEFEPUWAHUJECU 1
Number of PE resources by language
TURKISH NEUTRAL 4
PE resources
ExifTool file metadata
MIMEType
application/octet-stream

Subsystem
Windows GUI

SubsystemVersion
5.1

MachineType
Intel 386 or later, and compatibles

TimeStamp
2018:01:19 06:53:21-08:00

FileType
Win32 EXE

PEType
PE32

CodeSize
70656

LinkerVersion
10.0

FileTypeExtension
exe

InitializedDataSize
40448

ImageFileCharacteristics
Executable, 32-bit

EntryPoint
0x22ca

OSVersion
5.1

ImageVersion
0.0

UninitializedDataSize
0

Execution parents
File identification
MD5 70063e9aa756e48c16fe8ace6085d1ca
SHA1 60ec3014c9818ac1608d20da9fd97e70afd2f162
SHA256 9f9dffef337e0f54efb93b9600a221a416a6cce804faa3a8430a4c9850585324
ssdeep
1536:8g0oEv9hDje7YkbCvkfnftus+lQZMFOpFd/gMfS1CTkA6MBNij/rF8o:+99JxdsudRFy8MHTPHBNij/

authentihash 91fe7d1431a3960521adc354690cee401e4508240fac4a79f0f2c360ffea4fec
imphash d2cdc3419a0235a5752ed5a935ac9b21
File size 106.0 KB ( 108544 bytes )
File type Win32 EXE
Magic literal
PE32 executable for MS Windows (GUI) Intel 80386 32-bit

TrID Win32 Executable MS Visual C++ (generic) (41.0%)
Win64 Executable (generic) (36.3%)
Win32 Dynamic Link Library (generic) (8.6%)
Win32 Executable (generic) (5.9%)
OS/2 Executable (generic) (2.6%)
Tags
peexe

VirusTotal metadata
First submission 2018-09-16 22:08:01 UTC ( 6 months, 1 week ago )
Last submission 2018-09-16 22:08:01 UTC ( 6 months, 1 week ago )
File names winsvcs.exe
winsvcs.exe
p.exe
No comments. No VirusTotal Community member has commented on this item yet, be the first one to do so!

Leave your comment...

?
Post comment

You have not signed in. Only registered users can leave comments, sign in and have a voice!

No votes. No one has voted on this item yet, be the first one to do so!
Condensed report! The following is a condensed report of the behaviour of the file when executed in a controlled environment. The actions and events described were either performed by the file itself or by any other process launched by the executed file or subjected to code injection by the executed file.
Moved files
Deleted files
Searched windows
Runtime DLLs