× Cookies are disabled! This site requires cookies to be enabled to work properly
SHA256: a5a1fdb5f8716a0e072eb540793bca697c823f40ce3524db3cf03d5fae4e08d9
File name: mt.exe
Detection ratio: 10 / 66
Analysis date: 2018-02-05 05:13:09 UTC ( 1 year, 2 months ago ) View latest
Antivirus Result Update
CrowdStrike Falcon (ML) malicious_confidence_90% (D) 20170201
Cylance Unsafe 20180205
eGambit Unsafe.AI_Score_97% 20180205
Endgame malicious (moderate confidence) 20171130
ESET-NOD32 a variant of Win32/Injector.DVPD 20180205
Ikarus Trojan-Banker.Win32.Banbra 20180204
Sophos ML heuristic 20180121
Kaspersky not-a-virus:HEUR:AdWare.Win32.Generic 20180205
SentinelOne (Static ML) static engine - malicious 20180115
ZoneAlarm by Check Point not-a-virus:HEUR:AdWare.Win32.Generic 20180205
Ad-Aware 20180205
AegisLab 20180205
AhnLab-V3 20180204
Alibaba 20180205
ALYac 20180205
Antiy-AVL 20180205
Arcabit 20180205
Avast 20180205
Avast-Mobile 20180204
AVG 20180205
Avira (no cloud) 20180204
AVware 20180205
Baidu 20180202
BitDefender 20180205
Bkav 20180202
CAT-QuickHeal 20180204
ClamAV 20180205
CMC 20180204
Comodo 20180205
Cybereason 20171103
Cyren 20180205
DrWeb 20180205
Emsisoft 20180205
F-Prot 20180205
Fortinet 20180205
GData 20180205
Jiangmin 20180205
K7AntiVirus 20180205
K7GW 20180204
Kingsoft 20180205
Malwarebytes 20180205
MAX 20180205
McAfee 20180205
McAfee-GW-Edition 20180205
Microsoft 20180205
eScan 20180205
NANO-Antivirus 20180204
nProtect 20180205
Palo Alto Networks (Known Signatures) 20180205
Panda 20180204
Qihoo-360 20180205
Rising 20180205
Sophos AV 20180205
SUPERAntiSpyware 20180204
Symantec 20180204
Symantec Mobile Insight 20180202
Tencent 20180205
TheHacker 20180202
TotalDefense 20180204
TrendMicro 20180205
TrendMicro-HouseCall 20180205
Trustlook 20180205
VBA32 20180202
VIPRE 20180205
ViRobot 20180205
Webroot 20180205
Yandex 20180204
Zillya 20180202
Zoner 20180205
The file being studied is a Portable Executable file! More specifically, it is a Win32 EXE file for the Windows GUI subsystem.
FileVersionInfo properties
Copyright
© 2>

Original name .exe
Internal name fl
File version 4a
Description faerator
Packers identified
F-PROT UPX
PE header basic information
Target machine Intel 386 or later processors and compatible processors
Compilation timestamp 1992-03-03 09:34:11
Entry Point 0x000DF6A0
Number of sections 3
PE sections
PE imports
VirtualFree
ExitProcess
VirtualProtect
LoadLibraryA
VirtualAlloc
GetProcAddress
RegCloseKey
ImageList_Add
SaveDC
OleDraw
VariantCopy
VerQueryValueA
Number of PE resources by type
RT_RCDATA 61
RT_STRING 17
RT_BITMAP 11
RT_GROUP_CURSOR 7
RT_CURSOR 7
RT_DIALOG 1
RT_VERSION 1
Number of PE resources by language
ENGLISH US 59
NEUTRAL 46
PE resources
ExifTool file metadata
CodeSize
552960

UninitializedDataSize
360448

LinkerVersion
2.25

ImageVersion
0.0

FileVersionNumber
2.5.4.1

LanguageCode
English (U.S.)

FileFlagsMask
0x003f

FileDescription
faerator

ImageFileCharacteristics
No relocs, Executable, No line numbers, No symbols, Bytes reversed lo, 32-bit, Bytes reversed hi

CharacterSet
Windows, Latin1

InitializedDataSize
8192

EntryPoint
0xdf6a0

OriginalFileName
.exe

MIMEType
application/octet-stream

LegalCopyright
2>

FileVersion
4a

License
CoRegents of th

TimeStamp
1992:03:03 10:34:11+01:00

FileType
Win32 EXE

PEType
PE32

InternalName
fl

ProductVersion
2.5a

SubsystemVersion
4.0

OSVersion
4.0

FileOS
Win32

Subsystem
Windows GUI

MachineType
Intel 386 or later, and compatibles

CompanyName
Grg>

LegalTrademarks
N

FileSubtype
0

ProductVersionNumber
2.5.4.1

FileTypeExtension
exe

ObjectFileType
Executable application

File identification
MD5 48aaab4ed4778bad5a15024dde1c7e92
SHA1 c6c0085a3aa82b34f45f252598857bc2c8fce8e9
SHA256 a5a1fdb5f8716a0e072eb540793bca697c823f40ce3524db3cf03d5fae4e08d9
ssdeep
12288:k2AVvwiXWdlvnICEw60MNXyZSQ7xLFGFiYR3Q4S2ZIjvkRtA:9UvmPvICEw6RhsHxLApR3QAmkfA

authentihash 1cc8acb42b9f2d25b657db5a3e3b6f4713920fbc29c38bc3ae1399252946cb55
imphash 5ab46afeddc553bcd2265d97f7c7260f
File size 546.5 KB ( 559616 bytes )
File type Win32 EXE
Magic literal
PE32 executable for MS Windows (GUI) Intel 80386 32-bit

TrID UPX compressed Win32 Executable (37.1%)
Win32 EXE Yoda's Crypter (36.4%)
Win32 Dynamic Link Library (generic) (9.0%)
Win32 Executable (generic) (6.1%)
Win16/32 Executable Delphi generic (2.8%)
Tags
peexe upx

VirusTotal metadata
First submission 2018-02-05 05:13:09 UTC ( 1 year, 2 months ago )
Last submission 2018-02-05 08:08:26 UTC ( 1 year, 2 months ago )
File names mt.exe
fl
.exe
No comments. No VirusTotal Community member has commented on this item yet, be the first one to do so!

Leave your comment...

?
Post comment

You have not signed in. Only registered users can leave comments, sign in and have a voice!

No votes. No one has voted on this item yet, be the first one to do so!
Condensed report! The following is a condensed report of the behaviour of the file when executed in a controlled environment. The actions and events described were either performed by the file itself or by any other process launched by the executed file or subjected to code injection by the executed file.
Opened files
Read files
Written files
Created processes
Code injections in the following processes
Opened mutexes
Runtime DLLs