× Cookies are disabled! This site requires cookies to be enabled to work properly
SHA256: a4dfd173610d318acb4784645cf5e712d552b51d0c8cf10b2c4414d0486af27d
File name: a4dfd173610d318acb4784645cf5e712d552b51d0c8cf10b2c4414d0486af27d.bin
Detection ratio: 52 / 65
Analysis date: 2019-03-14 14:17:32 UTC ( 1 month, 1 week ago )
Antivirus Result Update
Acronis suspicious 20190313
Ad-Aware Trojan.GenericKD.3598332 20190314
AegisLab Trojan.Win32.Injector.4!c 20190314
AhnLab-V3 Trojan/Win32.Cerber.C1597924 20190314
ALYac Backdoor.Agent.Trickbot 20190314
Arcabit Trojan.Generic.D36E7FC 20190314
Avast Win32:Trojan-gen 20190314
AVG Win32:Trojan-gen 20190314
Avira (no cloud) TR/AD.Inject.tnwpu 20190314
BitDefender Trojan.GenericKD.3598332 20190314
Bkav W32.CirematASE.Trojan 20190314
CAT-QuickHeal Trojan.Dynamer.S7 20190314
Comodo Malware@#2yi8kj2u3lyjp 20190314
CrowdStrike Falcon (ML) win/malicious_confidence_90% (W) 20190212
Cybereason malicious.c31ede 20190109
Cyren W32/Injector.HHOC-4653 20190314
DrWeb Trojan.DownLoader22.63008 20190314
Emsisoft Trojan-Dropper.Win32.Injector (A) 20190314
Endgame malicious (high confidence) 20190215
ESET-NOD32 Win32/TrickBot.A 20190314
F-Prot W32/Injector.DAC 20190314
F-Secure Trojan.TR/AD.Inject.tnwpu 20190314
Fortinet W32/Injector.DGDX!tr 20190314
GData Win32.Trojan.Agent.XY9XN2 20190314
Ikarus Trojan.Win32.Trickbot 20190314
Sophos ML heuristic 20190313
Jiangmin TrojanDropper.Injector.bkgm 20190314
K7AntiVirus Riskware ( 0040eff71 ) 20190314
K7GW Riskware ( 0040eff71 ) 20190314
Kaspersky Trojan-Dropper.Win32.Injector.prcm 20190314
MAX malware (ai score=100) 20190314
McAfee Generic.aaf 20190314
McAfee-GW-Edition Generic.aaf 20190314
Microsoft Trojan:Win32/Totbrick.A 20190314
eScan Trojan.GenericKD.3598332 20190314
NANO-Antivirus Trojan.Win32.DownLoader22.eopqid 20190314
Palo Alto Networks (Known Signatures) generic.ml 20190314
Panda Generic Malware 20190314
Qihoo-360 HEUR/QVM07.1.7049.Malware.Gen 20190314
Rising Trojan.Win32.Injector.nd (CLOUD) 20190314
SentinelOne (Static ML) DFI - Malicious PE 20190311
Sophos AV Troj/TrickLd-A 20190314
TACHYON Trojan/W32.TrickBot.412160 20190314
Tencent Win32.Trojan.Inject.Auto 20190314
TheHacker Trojan/Agent.yep 20190308
Trapmine malicious.high.ml.score 20190301
TrendMicro-HouseCall TSPY_TRICKLOAD.F 20190314
VBA32 Trojan.Trickster 20190314
ViRobot Trojan.Win32.Cerber.412160 20190314
Zillya Dropper.Injector.Win32.78924 20190313
ZoneAlarm by Check Point Trojan-Dropper.Win32.Injector.prcm 20190314
Zoner Trojan.Win32.47162 20190314
Alibaba 20190306
Antiy-AVL 20190314
Avast-Mobile 20190314
Babable 20180918
Baidu 20190306
ClamAV 20190314
CMC 20190314
eGambit 20190314
Kingsoft 20190314
Malwarebytes 20190314
SUPERAntiSpyware 20190314
Symantec Mobile Insight 20190220
TotalDefense 20190314
Trustlook 20190314
The file being studied is a Portable Executable file! More specifically, it is a Win32 EXE file for the Windows GUI subsystem.
FileVersionInfo properties
Packers identified
PEiD InstallShield 2000
PE header basic information
Target machine Intel 386 or later processors and compatible processors
Compilation timestamp 2015-03-09 00:49:04
Entry Point 0x000034E0
Number of sections 4
PE sections
PE imports
GetLastError
HeapFree
GetStdHandle
EnterCriticalSection
SetHandleCount
lstrlenA
GetOEMCP
HeapDestroy
HeapAlloc
TlsAlloc
GetEnvironmentStringsW
FlushFileBuffers
LoadLibraryA
RtlUnwind
GetModuleFileNameA
FreeEnvironmentStringsA
DeleteCriticalSection
GetCurrentProcess
GetEnvironmentStrings
WideCharToMultiByte
UnhandledExceptionFilter
FreeEnvironmentStringsW
GetCommandLineA
GetProcAddress
SetStdHandle
GetModuleHandleA
GetCPInfo
ExitProcess
SetFilePointer
lstrcmpA
WriteFile
GetStartupInfoA
CloseHandle
GetACP
GetModuleHandleW
TerminateProcess
GetVersion
InitializeCriticalSection
HeapCreate
CreateFileW
VirtualFree
TlsGetValue
GetFileType
TlsSetValue
GetTickCount
GetCurrentThreadId
VirtualAlloc
SleepEx
SetLastError
LeaveCriticalSection
ExtractIconW
RedrawWindow
UpdateWindow
GetScrollRange
EndDialog
LoadBitmapW
DefWindowProcW
SetMenuItemInfoA
GetDlgCtrlID
GetMessageW
PostQuitMessage
ShowWindow
SetScrollRange
GetWindowRect
EndPaint
SetMenu
PostMessageA
MoveWindow
DialogBoxParamW
GetDlgItemTextA
GetClassNameA
TranslateMessage
GetDlgItemInt
DispatchMessageW
BeginPaint
SendMessageW
LoadStringA
PtInRect
LoadStringW
GetScrollPos
FrameRect
GetActiveWindow
LoadMenuA
GetDesktopWindow
LoadCursorW
LoadIconW
GetFocus
CreateWindowExW
RegisterClassExW
TranslateAcceleratorW
DestroyWindow
Number of PE resources by type
RT_BITMAP 3
RT_GROUP_CURSOR 2
RT_CURSOR 2
RT_MENU 1
RT_MANIFEST 1
Number of PE resources by language
ENGLISH US 9
PE resources
ExifTool file metadata
MIMEType
application/octet-stream

Subsystem
Windows GUI

SubsystemVersion
4.0

MachineType
Intel 386 or later, and compatibles

TimeStamp
2015:03:09 01:49:04+01:00

FileType
Win32 EXE

PEType
PE32

CodeSize
221696

LinkerVersion
6.0

FileTypeExtension
exe

InitializedDataSize
195584

ImageFileCharacteristics
No relocs, Executable, No line numbers, No symbols, 32-bit

EntryPoint
0x34e0

OSVersion
4.0

ImageVersion
0.0

UninitializedDataSize
0

File identification
MD5 f26649fc31ede7594b18f8cd7cdbbc15
SHA1 684e440a55f77d5f2559b10d21e9cff251d7fa83
SHA256 a4dfd173610d318acb4784645cf5e712d552b51d0c8cf10b2c4414d0486af27d
ssdeep
3072:U4mtj9F/MBJ0h291ei3Y5qFKsl5kBgCOyBcTeh25ryfEQj7ZbGi0GjbrlfFv6gmb:qn/3s9kvEwsl5pMBESRh9vxZGD

authentihash ccf14fe544fc3f8e99b27c789d7cd68db9c0c67a957e61dd899dbce6ff925ffd
imphash 556bdfd35548767b29ab00f0f25f6b32
File size 402.5 KB ( 412160 bytes )
File type Win32 EXE
Magic literal
PE32 executable for MS Windows (GUI) Intel 80386 32-bit

TrID Win32 Executable MS Visual C++ (generic) (41.0%)
Win64 Executable (generic) (36.3%)
Win32 Dynamic Link Library (generic) (8.6%)
Win32 Executable (generic) (5.9%)
OS/2 Executable (generic) (2.6%)
Tags
peexe installshield

VirusTotal metadata
First submission 2016-10-13 13:33:40 UTC ( 2 years, 6 months ago )
Last submission 2019-03-14 14:17:32 UTC ( 1 month, 1 week ago )
File names flash (1) (1) (1) (1) (1) (1) (3) (2) (1) (1) (1).exe
f26649fc31ede7594b18f8cd7cdbbc15
YEP.exe
a4dfd173610d318acb4784645cf5e712d552b51d0c8cf10b2c4414d0486af27d
1.exe
flash (1).exe
1.exe
690914
a4dfd173610d318acb4784645cf5e712d552b51d0c8cf10b2c4414d0486af27d.bin
flash(1).exe
387986
flash2.exe
1.exe
No comments. No VirusTotal Community member has commented on this item yet, be the first one to do so!

Leave your comment...

?
Post comment

You have not signed in. Only registered users can leave comments, sign in and have a voice!

No votes. No one has voted on this item yet, be the first one to do so!
Condensed report! The following is a condensed report of the behaviour of the file when executed in a controlled environment. The actions and events described were either performed by the file itself or by any other process launched by the executed file or subjected to code injection by the executed file.
Opened files
Read files
Written files
Copied files
Deleted files
Created processes
Terminated processes
Created mutexes
Opened mutexes
Opened service managers
Opened services
Runtime DLLs
HTTP requests
DNS requests
TCP connections
UDP communications