× Cookies are disabled! This site requires cookies to be enabled to work properly
SHA256: a34845bc8c0c5e01c6d60201345afb935c65557c99a20a7d4952cc40c3204d4e
File name: 392542118633288.exe
Detection ratio: 15 / 67
Analysis date: 2018-06-22 06:28:00 UTC ( 9 months ago ) View latest
Antivirus Result Update
Avast FileRepMalware 20180622
AVG FileRepMalware 20180622
Baidu Win32.Trojan.WisdomEyes.16070401.9500.9997 20180622
Bkav W32.eHeur.Malware08 20180621
CrowdStrike Falcon (ML) malicious_confidence_90% (D) 20180530
Cybereason malicious.83e0cc 20180225
Cylance Unsafe 20180622
Endgame malicious (high confidence) 20180612
Sophos ML heuristic 20180601
Kaspersky UDS:DangerousObject.Multi.Generic 20180622
Qihoo-360 HEUR/QVM10.1.0242.Malware.Gen 20180622
Symantec ML.Attribute.HighConfidence 20180621
TrendMicro TSPY_EMOTET.SMB1 20180622
TrendMicro-HouseCall TSPY_EMOTET.SMB1 20180622
ZoneAlarm by Check Point UDS:DangerousObject.Multi.Generic 20180622
Ad-Aware 20180622
AegisLab 20180622
AhnLab-V3 20180621
Alibaba 20180622
ALYac 20180622
Antiy-AVL 20180622
Arcabit 20180622
Avast-Mobile 20180621
Avira (no cloud) 20180621
AVware 20180621
Babable 20180406
BitDefender 20180622
CAT-QuickHeal 20180621
ClamAV 20180622
CMC 20180621
Comodo 20180622
Cyren 20180622
DrWeb 20180622
eGambit 20180622
Emsisoft 20180622
ESET-NOD32 20180622
F-Prot 20180622
F-Secure 20180622
Fortinet 20180622
GData 20180622
Ikarus 20180621
Jiangmin 20180622
K7AntiVirus 20180621
K7GW 20180622
Kingsoft 20180622
MAX 20180622
McAfee 20180622
McAfee-GW-Edition 20180622
Microsoft 20180622
eScan 20180622
NANO-Antivirus 20180622
Palo Alto Networks (Known Signatures) 20180622
Panda 20180621
Rising 20180622
SentinelOne (Static ML) 20180618
Sophos AV 20180622
SUPERAntiSpyware 20180622
Symantec Mobile Insight 20180619
TACHYON 20180622
Tencent 20180622
TheHacker 20180621
TotalDefense 20180621
Trustlook 20180622
VBA32 20180621
VIPRE 20180622
ViRobot 20180622
Webroot 20180622
Yandex 20180621
Zillya 20180621
Zoner 20180621
The file being studied is a Portable Executable file! More specifically, it is a Win32 EXE file for the Windows GUI subsystem.
FileVersionInfo properties
PE header basic information
Target machine Intel 386 or later processors and compatible processors
Compilation timestamp 2018-06-21 21:56:02
Entry Point 0x000039F0
Number of sections 5
PE sections
PE imports
GetLastError
InitializeCriticalSection
HeapFree
IsProcessorFeaturePresent
EnterCriticalSection
LCMapStringW
SetHandleCount
TerminateThread
LoadLibraryW
GetOEMCP
QueryPerformanceCounter
IsDebuggerPresent
GetTickCount
SetProcessShutdownParameters
TlsAlloc
IsValidLocale
GetEnvironmentStringsW
GetLocaleInfoW
FillConsoleOutputCharacterW
RtlUnwind
GetACP
GetStdHandle
DeleteCriticalSection
GetCurrentProcess
EnumSystemLocalesA
GetLocaleInfoA
GetCurrentProcessId
UnhandledExceptionFilter
GetModuleHandleW
GetCPInfo
ExitProcess
TerminateProcess
MultiByteToWideChar
HeapSize
FreeEnvironmentStringsW
InitializeCriticalSectionAndSpinCount
GetCommandLineA
GetUserDefaultLCID
GetStartupInfoW
RaiseException
WideCharToMultiByte
GetModuleFileNameW
TlsFree
HeapSetInformation
SetUnhandledExceptionFilter
WriteFile
GetSystemTimeAsFileTime
FindAtomW
GetSystemTimes
HeapReAlloc
DecodePointer
GetProcAddress
HeapAlloc
GlobalMemoryStatus
GetModuleFileNameA
TlsGetValue
GetProcessShutdownParameters
IsValidCodePage
HeapCreate
GetStringTypeW
InterlockedDecrement
Sleep
GetFileType
TlsSetValue
GetProcessVersion
EncodePointer
GetCurrentThreadId
LeaveCriticalSection
VirtualAlloc
SetLastError
InterlockedIncrement
ShellAboutA
FindExecutableA
DragQueryFileA
SendDlgItemMessageA
EndPaint
GetRawInputDeviceList
GetRawInputBuffer
RegisterRawInputDevices
GetAltTabInfoA
GetNextDlgGroupItem
GetAltTabInfoW
Number of PE resources by type
SGJPXM 1
ZIKAFUPO 1
NINEXAWUVOFAPEXAWIXUSUKAZE 1
SUSUTIMEVUMAVIZASEHA 1
BUBAJOCEJEDAMACAVIYEYOJELEFUWA 1
RT_BITMAP 1
RT_VERSION 1
SUYIYOFAKITAWEVILERETIXAHA 1
Number of PE resources by language
NEUTRAL 6
DANISH DEFAULT 1
ITALIAN 1
PE resources
ExifTool file metadata
UninitializedDataSize
0

LinkerVersion
10.0

ImageVersion
0.0

FileVersionNumber
11.0.0.0

LanguageCode
Unknown (4678)

FileFlagsMask
0x003f

ImageFileCharacteristics
Executable, 32-bit

CharacterSet
Unknown (323B0)

InitializedDataSize
72704

EntryPoint
0x39f0

MIMEType
application/octet-stream

TimeStamp
2018:06:21 23:56:02+02:00

FileType
Win32 EXE

PEType
PE32

ProductVersion
2.13.5.66

SubsystemVersion
5.1

OSVersion
5.1

FileOS
Unknown (0x588891)

Subsystem
Windows GUI

MachineType
Intel 386 or later, and compatibles

CodeSize
72192

FileSubtype
0

ProductVersionNumber
12.0.0.0

FileTypeExtension
exe

ObjectFileType
VxD

Compressed bundles
File identification
MD5 b74ad6183e0cc5471a219b4925c7e339
SHA1 026cb7f84608583919bdfbbe591b9416a6229232
SHA256 a34845bc8c0c5e01c6d60201345afb935c65557c99a20a7d4952cc40c3204d4e
ssdeep
3072:VFrWxYKFDnqvffIg0nStcBNJcw2A82atuVA:VF0YKZSYxnSSD187uVA

authentihash 4e4f5dd794fb01b875a04c0598d2c22311c5ad0949d76142156b5cebe136171a
imphash 55c369dd0f95824b70f2ca3110842832
File size 134.0 KB ( 137216 bytes )
File type Win32 EXE
Magic literal
PE32 executable for MS Windows (GUI) Intel 80386 32-bit

TrID Win32 Executable MS Visual C++ (generic) (41.0%)
Win64 Executable (generic) (36.3%)
Win32 Dynamic Link Library (generic) (8.6%)
Win32 Executable (generic) (5.9%)
OS/2 Executable (generic) (2.6%)
Tags
peexe

VirusTotal metadata
First submission 2018-06-22 06:00:12 UTC ( 9 months ago )
Last submission 2018-06-22 06:00:12 UTC ( 9 months ago )
File names 392542118633288.exe
No comments. No VirusTotal Community member has commented on this item yet, be the first one to do so!

Leave your comment...

?
Post comment

You have not signed in. Only registered users can leave comments, sign in and have a voice!

No votes. No one has voted on this item yet, be the first one to do so!
Condensed report! The following is a condensed report of the behaviour of the file when executed in a controlled environment. The actions and events described were either performed by the file itself or by any other process launched by the executed file or subjected to code injection by the executed file.
Opened files
Copied files
Deleted files
Created processes
Created mutexes
Opened mutexes
Runtime DLLs
DNS requests