× Cookies are disabled! This site requires cookies to be enabled to work properly
SHA256: a1f8f0ab6bfe9b4d893c1c032b6ae2541ea82401aae9077acbe74686446e8b8b
File name: 82B963D4FF7892929A0A8E9555D13B76.mlw
Detection ratio: 15 / 70
Analysis date: 2019-01-17 08:16:35 UTC ( 2 months ago ) View latest
Antivirus Result Update
Avast FileRepMalware 20190117
AVG FileRepMalware 20190117
CrowdStrike Falcon (ML) malicious_confidence_60% (D) 20181023
Cylance Unsafe 20190117
Endgame malicious (high confidence) 20181108
Kaspersky UDS:DangerousObject.Multi.Generic 20190117
Microsoft Trojan:Win32/Fuerboos.C!cl 20190117
Palo Alto Networks (Known Signatures) generic.ml 20190117
Qihoo-360 HEUR/QVM10.2.9A37.Malware.Gen 20190117
Rising Malware.Heuristic.MLite(94%) (AI-LITE:Xlw1UpBAJa0vKfN6mQQPLw) 20190117
Symantec ML.Attribute.HighConfidence 20190117
Trapmine suspicious.low.ml.score 20190103
VBA32 BScope.Trojan.Fuery 20190116
Webroot W32.Adware.Installcore 20190117
ZoneAlarm by Check Point UDS:DangerousObject.Multi.Generic 20190117
Acronis 20190116
Ad-Aware 20190117
AegisLab 20190117
AhnLab-V3 20190117
Alibaba 20180921
ALYac 20190117
Antiy-AVL 20190116
Arcabit 20190117
Avast-Mobile 20190117
Avira (no cloud) 20190117
Babable 20180918
Baidu 20190117
BitDefender 20190117
Bkav 20190116
CAT-QuickHeal 20190116
ClamAV 20190117
CMC 20190116
Comodo 20190117
Cybereason 20190109
Cyren 20190117
DrWeb 20190117
eGambit 20190117
Emsisoft 20190117
ESET-NOD32 20190117
F-Prot 20190117
F-Secure 20190117
Fortinet 20190117
GData 20190117
Ikarus 20190116
Sophos ML 20181128
Jiangmin 20190117
K7AntiVirus 20190117
K7GW 20190117
Kingsoft 20190117
MAX 20190117
McAfee 20190117
McAfee-GW-Edition 20190117
eScan 20190117
NANO-Antivirus 20190117
Panda 20190116
SentinelOne (Static ML) 20181223
Sophos AV 20190117
SUPERAntiSpyware 20190116
TACHYON 20190117
Tencent 20190117
TheHacker 20190115
TotalDefense 20190117
TrendMicro 20190117
TrendMicro-HouseCall 20190117
Trustlook 20190117
VIPRE 20190116
ViRobot 20190117
Yandex 20190117
Zillya 20190116
Zoner 20190117
The file being studied is a Portable Executable file! More specifically, it is a Win32 EXE file for the Windows GUI subsystem.
FileVersionInfo properties
PE header basic information
Target machine Intel 386 or later processors and compatible processors
Compilation timestamp 2018-01-22 04:43:45
Entry Point 0x00005072
Number of sections 5
PE sections
PE imports
GetLastError
IsValidCodePage
HeapFree
TlsAlloc
EnterCriticalSection
LCMapStringW
SetHandleCount
GetModuleFileNameW
GlobalGetAtomNameW
GetOEMCP
LCMapStringA
IsDebuggerPresent
HeapAlloc
SetProcessShutdownParameters
SetFileApisToANSI
GetEnvironmentStringsW
GetLocaleInfoW
LoadLibraryA
RtlUnwind
GetModuleFileNameA
GetStdHandle
VirtualFree
DeleteCriticalSection
GetCurrentProcess
EnumSystemLocalesA
GetCPInfoExW
GetLocaleInfoA
SetConsoleCtrlHandler
LocalAlloc
AddAtomA
GetCommandLineW
WideCharToMultiByte
UnhandledExceptionFilter
TlsGetValue
MultiByteToWideChar
GetStartupInfoW
FreeEnvironmentStringsW
GetCPInfo
GetProcAddress
GetUserDefaultLCID
AddAtomW
HeapSize
EnumResourceLanguagesW
CompareStringW
RaiseException
GlobalReAlloc
TlsFree
SetUnhandledExceptionFilter
WriteFile
GetStartupInfoA
GetStringTypeA
CloseHandle
GetSystemTimeAsFileTime
IsValidLocale
GetACP
HeapReAlloc
GetStringTypeW
GetModuleHandleW
LocalFree
TerminateProcess
QueryPerformanceCounter
InitializeCriticalSectionAndSpinCount
InitializeCriticalSection
HeapCreate
GlobalAlloc
CreateProcessW
InterlockedDecrement
Sleep
GetFileType
GetTickCount
TlsSetValue
ExitProcess
GetCurrentThreadId
LeaveCriticalSection
VirtualAlloc
GetCurrentProcessId
SetLastError
InterlockedIncrement
Number of PE resources by type
RT_STRING 15
RT_ICON 9
RT_GROUP_ICON 2
Struct(241) 1
RT_ACCELERATOR 1
RT_VERSION 1
Number of PE resources by language
ENGLISH US 29
PE resources
ExifTool file metadata
UninitializedDataSize
0

LinkerVersion
9.0

ImageVersion
0.0

FileVersionNumber
1.45.8.4

LanguageCode
English (British)

FileFlagsMask
0x003f

ImageFileCharacteristics
Executable, Large address aware, 32-bit

CharacterSet
Unicode

InitializedDataSize
166400

EntryPoint
0x5072

MIMEType
application/octet-stream

FileVersion
9.0.7.51

TimeStamp
2018:01:22 05:43:45+01:00

FileType
Win32 EXE

PEType
PE32

ProductVersion
9.0.7.51

SubsystemVersion
5.0

OSVersion
5.0

FileOS
Windows NT 32-bit

Subsystem
Windows GUI

MachineType
Intel 386 or later, and compatibles

CodeSize
65536

FileSubtype
0

ProductVersionNumber
7.32.568.0

FileTypeExtension
exe

ObjectFileType
Executable application

File identification
MD5 82b963d4ff7892929a0a8e9555d13b76
SHA1 c0f8650840d84b013336946ef4642033f409e200
SHA256 a1f8f0ab6bfe9b4d893c1c032b6ae2541ea82401aae9077acbe74686446e8b8b
ssdeep
3072:IS8A2lLhFlnm5+tYqG1Vl+3EaF0PM9FzO2YdIWkCvw:I8MLh7hVG/lwnO2YdsC

authentihash f70ec3d6465fd81dca25a6a5173a2bdb18399763f680a963c52e65f80da8eb1a
imphash 20b4990e12a52f90f787adee4909b893
File size 223.5 KB ( 228864 bytes )
File type Win32 EXE
Magic literal
PE32 executable for MS Windows (GUI) Intel 80386 32-bit

TrID Win32 Executable MS Visual C++ (generic) (41.0%)
Win64 Executable (generic) (36.3%)
Win32 Dynamic Link Library (generic) (8.6%)
Win32 Executable (generic) (5.9%)
OS/2 Executable (generic) (2.6%)
Tags
suspicious-dns peexe nxdomain

VirusTotal metadata
First submission 2019-01-17 08:16:35 UTC ( 2 months ago )
Last submission 2019-01-17 09:36:44 UTC ( 2 months ago )
File names 1.exe
winsvcs(106).gxe
82B963D4FF7892929A0A8E9555D13B76.mlw
No comments. No VirusTotal Community member has commented on this item yet, be the first one to do so!

Leave your comment...

?
Post comment

You have not signed in. Only registered users can leave comments, sign in and have a voice!

No votes. No one has voted on this item yet, be the first one to do so!
Condensed report! The following is a condensed report of the behaviour of the file when executed in a controlled environment. The actions and events described were either performed by the file itself or by any other process launched by the executed file or subjected to code injection by the executed file.
Opened files
Read files
Written files
Copied files
Deleted files
Created processes
Created mutexes
Opened mutexes
Opened service managers
Opened services
Runtime DLLs
HTTP requests
DNS requests
TCP connections