× Cookies are disabled! This site requires cookies to be enabled to work properly
SHA256: a8b42d749ae03a8dd90a3eab7dd7b412007552922722db05d57b6e0520e12bc1
File name: c156303f0e130469419ab3308f328ec859abb2ad
Detection ratio: 38 / 68
Analysis date: 2018-06-13 09:40:54 UTC ( 11 months, 1 week ago ) View latest
Antivirus Result Update
Ad-Aware Trojan.GenericKD.30963808 20180613
AegisLab Troj.W32.Agent!c 20180613
ALYac Trojan.GenericKD.30963808 20180613
Arcabit Trojan.Generic.D1D87860 20180613
Avast Win32:Malware-gen 20180613
AVG Win32:Malware-gen 20180613
AVware Trojan.Win32.Generic!BT 20180613
Baidu Win32.Trojan.WisdomEyes.16070401.9500.9999 20180612
BitDefender Trojan.GenericKD.30963808 20180613
CrowdStrike Falcon (ML) malicious_confidence_90% (W) 20180530
Cybereason malicious.eb3ccf 20180225
Cyren W32/Trojan.IPTC-2487 20180613
DrWeb Trojan.PWS.Stealer.23950 20180613
Emsisoft Trojan.GenericKD.30963808 (B) 20180613
Endgame malicious (high confidence) 20180612
ESET-NOD32 Win32/PSW.Delf.OSF 20180613
F-Secure Trojan.GenericKD.30961900 20180613
Fortinet W32/InjectorGen.DYQA!tr 20180613
GData Trojan.GenericKD.30963808 20180613
Ikarus Trojan.NSIS.Agent 20180613
Sophos ML heuristic 20180601
K7AntiVirus Trojan ( 005344d61 ) 20180613
K7GW Trojan ( 005344d61 ) 20180613
Kaspersky HEUR:Trojan.Win32.Agent.gen 20180613
Malwarebytes Spyware.AzorUlt 20180613
MAX malware (ai score=96) 20180613
McAfee Artemis!70111012BB70 20180613
McAfee-GW-Edition BehavesLike.Win32.ObfusRansom.dc 20180613
eScan Trojan.GenericKD.30963808 20180613
Palo Alto Networks (Known Signatures) generic.ml 20180613
Panda Trj/CI.A 20180612
Qihoo-360 Win32/Trojan.74b 20180613
Sophos AV Mal/Generic-S 20180613
Symantec Packed.NSISPacker!g6 20180613
TrendMicro TROJ_FRS.VSN0CF18 20180613
TrendMicro-HouseCall TROJ_FRS.VSN0CF18 20180613
Webroot W32.Trojan.Gen 20180613
ZoneAlarm by Check Point HEUR:Trojan.Win32.Agent.gen 20180613
AhnLab-V3 20180612
Alibaba 20180613
Antiy-AVL 20180613
Avast-Mobile 20180612
Avira (no cloud) 20180613
Babable 20180406
Bkav 20180612
CAT-QuickHeal 20180613
ClamAV 20180613
CMC 20180612
Comodo 20180613
Cylance 20180613
eGambit 20180613
F-Prot 20180613
Jiangmin 20180613
Kingsoft 20180613
Microsoft 20180613
NANO-Antivirus 20180613
Rising 20180613
SentinelOne (Static ML) 20180225
SUPERAntiSpyware 20180613
Symantec Mobile Insight 20180605
TACHYON 20180613
Tencent 20180613
TheHacker 20180608
TotalDefense 20180613
Trustlook 20180613
VBA32 20180612
VIPRE 20180613
ViRobot 20180613
Yandex 20180613
Zillya 20180612
Zoner 20180612
The file being studied is a Portable Executable file! More specifically, it is a Win32 EXE file for the Windows GUI subsystem.
FileVersionInfo properties
Packers identified
F-PROT NSIS
PE header basic information
Target machine Intel 386 or later processors and compatible processors
Compilation timestamp 2014-05-11 20:03:39
Entry Point 0x0000335A
Number of sections 5
PE sections
Overlays
MD5 02d7e24314db87335fef0af3e038192f
File type data
Offset 51712
Size 184036
Entropy 8.00
PE imports
RegCreateKeyExW
RegDeleteValueW
RegCloseKey
RegSetValueExW
RegEnumValueW
RegOpenKeyExW
RegEnumKeyW
RegDeleteKeyW
RegQueryValueExW
ImageList_Create
Ord(17)
ImageList_Destroy
ImageList_AddMasked
GetDeviceCaps
CreateFontIndirectW
SelectObject
CreateBrushIndirect
SetBkMode
SetBkColor
DeleteObject
SetTextColor
SetFilePointer
GetLastError
WriteFile
CopyFileW
GetShortPathNameW
LoadLibraryA
lstrlenA
GetModuleFileNameW
GlobalFree
WaitForSingleObject
GetExitCodeProcess
ExitProcess
GlobalUnlock
GetFileAttributesW
GetCommandLineW
lstrlenW
GetCurrentProcess
CompareFileTime
GetFileSize
SetFileTime
GetModuleHandleW
GetWindowsDirectoryW
SetErrorMode
MultiByteToWideChar
CreateDirectoryW
DeleteFileW
GlobalLock
ReadFile
GetPrivateProfileStringW
WritePrivateProfileStringW
GetTempFileNameW
lstrcpynW
RemoveDirectoryW
GetModuleHandleA
lstrcpyW
SetFileAttributesW
lstrcmpiA
CreateThread
SetEnvironmentVariableW
ExpandEnvironmentStringsW
GetSystemDirectoryW
GetDiskFreeSpaceW
FindNextFileW
lstrcpyA
CloseHandle
FindFirstFileW
lstrcmpW
lstrcatW
FreeLibrary
LoadLibraryW
SearchPathW
WideCharToMultiByte
lstrcmpiW
SetCurrentDirectoryW
GetTempPathW
CreateFileW
GlobalAlloc
CreateProcessW
FindClose
Sleep
MoveFileW
GetFullPathNameW
GetTickCount
GetVersion
GetProcAddress
LoadLibraryExW
MulDiv
SHBrowseForFolderW
SHFileOperationW
ShellExecuteW
SHGetPathFromIDListW
SHGetSpecialFolderLocation
SHGetFileInfoW
EmptyClipboard
GetMessagePos
EndPaint
EndDialog
LoadBitmapW
SetClassLongW
DefWindowProcW
CharPrevW
PostQuitMessage
SendMessageTimeoutW
SetWindowPos
GetSystemMetrics
SetWindowLongW
IsWindow
PeekMessageW
GetWindowRect
EnableWindow
SetWindowTextW
DialogBoxParamW
AppendMenuW
IsWindowEnabled
GetDlgItemTextW
MessageBoxIndirectW
GetSysColor
CheckDlgButton
DispatchMessageW
CreateDialogParamW
ReleaseDC
BeginPaint
CreatePopupMenu
GetDC
SendMessageW
ShowWindow
SetClipboardData
GetWindowLongW
FindWindowExW
IsWindowVisible
DestroyWindow
GetClientRect
GetDlgItem
SetForegroundWindow
SystemParametersInfoW
LoadImageW
EnableMenuItem
ScreenToClient
InvalidateRect
wsprintfA
SetTimer
CallWindowProcW
TrackPopupMenu
RegisterClassW
FillRect
OpenClipboard
CharNextA
SetDlgItemTextW
LoadCursorW
GetSystemMenu
GetClassInfoW
CreateWindowExW
wsprintfW
CloseClipboard
DrawTextW
CharNextW
ExitWindowsEx
SetCursor
VerQueryValueW
GetFileVersionInfoW
GetFileVersionInfoSizeW
CoTaskMemFree
OleUninitialize
CoCreateInstance
OleInitialize
Number of PE resources by type
RT_ICON 7
RT_DIALOG 5
RT_BITMAP 1
RT_MANIFEST 1
RT_GROUP_ICON 1
Number of PE resources by language
ENGLISH US 15
PE resources
ExifTool file metadata
MIMEType
application/octet-stream

Subsystem
Windows GUI

MachineType
Intel 386 or later, and compatibles

FileTypeExtension
exe

TimeStamp
2014:05:11 22:03:39+02:00

FileType
Win32 EXE

PEType
PE32

CodeSize
24576

LinkerVersion
6.0

ImageFileCharacteristics
No relocs, Executable, No line numbers, No symbols, 32-bit

EntryPoint
0x335a

InitializedDataSize
141824

SubsystemVersion
4.0

ImageVersion
6.0

OSVersion
4.0

UninitializedDataSize
2048

File identification
MD5 70111012bb702b4cc13c52f7ceb3df91
SHA1 9fff338eb3ccf5aa46f5708736c57d7314888df3
SHA256 a8b42d749ae03a8dd90a3eab7dd7b412007552922722db05d57b6e0520e12bc1
ssdeep
6144:VlJZf2zUvZ/20m/6Lx9+7bkGMZyRmIt1xXK:Vl+z4Y/6Lv+PkGEgPx6

authentihash 682cd200ffac2266265ae4f0fdff6eb0184f962be9f978a16aa33b913647659e
imphash e221f4f7d36469d53810a4b5f9fc8966
File size 230.2 KB ( 235748 bytes )
File type Win32 EXE
Magic literal
PE32 executable for MS Windows (GUI) Intel 80386 32-bit

TrID Win32 Executable MS Visual C++ (generic) (41.0%)
Win64 Executable (generic) (36.3%)
Win32 Dynamic Link Library (generic) (8.6%)
Win32 Executable (generic) (5.9%)
OS/2 Executable (generic) (2.6%)
Tags
nsis peexe overlay

VirusTotal metadata
First submission 2018-06-12 07:45:14 UTC ( 11 months, 1 week ago )
Last submission 2018-09-14 02:23:06 UTC ( 8 months, 1 week ago )
File names KEYS.exe
(24)01.exe
ROQ.exe
c156303f0e130469419ab3308f328ec859abb2ad
KEY.exe
newmarch.exe
ProtectedAZ.exe
Advanced heuristic and reputation engines
No comments. No VirusTotal Community member has commented on this item yet, be the first one to do so!

Leave your comment...

?
Post comment

You have not signed in. Only registered users can leave comments, sign in and have a voice!

No votes. No one has voted on this item yet, be the first one to do so!
Condensed report! The following is a condensed report of the behaviour of the file when executed in a controlled environment. The actions and events described were either performed by the file itself or by any other process launched by the executed file or subjected to code injection by the executed file.
Opened files
Read files
Written files
Deleted files
Runtime DLLs