× Cookies are disabled! This site requires cookies to be enabled to work properly
SHA256: a96f64969c77cb5b40b9cc24819897dae0f72f0f90eb83676e90ae51677f6591
File name: UPDATE.EXE
Detection ratio: 24 / 71
Analysis date: 2019-01-01 01:36:22 UTC ( 4 months, 2 weeks ago ) View latest
Antivirus Result Update
Ad-Aware Trojan.GenericKD.40895105 20190101
Avast Win32:TrojanX-gen [Trj] 20181231
AVG Win32:TrojanX-gen [Trj] 20181231
CrowdStrike Falcon (ML) malicious_confidence_90% (W) 20181022
Cylance Unsafe 20190101
Endgame malicious (moderate confidence) 20181108
ESET-NOD32 a variant of Win32/Kryptik.GOFM 20181231
GData Win32.Packed.Kryptik.0SBX5Q 20181231
Sophos ML heuristic 20181128
Kaspersky Trojan-Spy.Win32.Ursnif.agdh 20181231
Malwarebytes Trojan.MalPack.GS 20181231
McAfee RDN/Generic.grp 20181231
McAfee-GW-Edition BehavesLike.Win32.Injector.dm 20181231
Microsoft Trojan:Win32/Zpevdo.B 20181231
eScan Trojan.GenericKD.40895105 20181231
Palo Alto Networks (Known Signatures) generic.ml 20190101
Qihoo-360 Win32/Trojan.Spy.9cd 20190101
Rising Trojan.GenKryptik!8.AA55 (CLOUD) 20181231
Symantec ML.Attribute.HighConfidence 20181231
Tencent Win32.Trojan-spy.Ursnif.Wnct 20190101
Trapmine malicious.high.ml.score 20181205
VBA32 BScope.Trojan.Chapak 20181229
Webroot W32.Adware.Installcore 20190101
ZoneAlarm by Check Point Trojan-Spy.Win32.Ursnif.agdh 20181231
Acronis 20181227
AegisLab 20181231
Alibaba 20180921
ALYac 20190101
Antiy-AVL 20181231
Arcabit 20181231
Avast-Mobile 20181231
Avira (no cloud) 20181231
AVware 20180925
Babable 20180918
Baidu 20181207
BitDefender 20181231
Bkav 20181227
CAT-QuickHeal 20181231
ClamAV 20181231
CMC 20181231
Comodo 20181231
Cybereason 20180225
Cyren 20181231
DrWeb 20181231
eGambit 20190101
Emsisoft 20181231
F-Prot 20181231
F-Secure 20181231
Fortinet 20181231
Ikarus 20181231
Jiangmin 20181231
K7AntiVirus 20181231
K7GW 20181231
Kingsoft 20190101
MAX 20190101
NANO-Antivirus 20181231
Panda 20181231
SentinelOne (Static ML) 20181223
Sophos AV 20181231
SUPERAntiSpyware 20181226
TACHYON 20181231
TheHacker 20181230
TotalDefense 20181231
TrendMicro 20181231
TrendMicro-HouseCall 20190101
Trustlook 20190101
VIPRE 20181231
ViRobot 20190101
Yandex 20181229
Zillya 20181231
Zoner 20181231
The file being studied is a Portable Executable file! More specifically, it is a Win32 EXE file for the Windows GUI subsystem.
FileVersionInfo properties
PE header basic information
Target machine Intel 386 or later processors and compatible processors
Compilation timestamp 2017-11-05 21:56:22
Entry Point 0x000043CB
Number of sections 7
PE sections
PE imports
CreateToolhelp32Snapshot
GetLastError
InitializeCriticalSectionAndSpinCount
HeapFree
GetStdHandle
EnterCriticalSection
GetConsoleOutputCP
GetStartupInfoA
LoadLibraryA
LoadLibraryW
GetConsoleCP
GetOEMCP
LCMapStringA
IsDebuggerPresent
GetTickCount
SetConsoleTextAttribute
TlsAlloc
GetEnvironmentStringsW
FlushFileBuffers
GetModuleFileNameA
RtlUnwind
GetACP
FreeEnvironmentStringsA
HeapAlloc
GetCommTimeouts
GetEnvironmentStrings
GetLocaleInfoA
GetConsoleMode
GetStringTypeW
LocalAlloc
LCMapStringW
lstrcatA
GetCPInfo
UnhandledExceptionFilter
InterlockedDecrement
MultiByteToWideChar
HeapSize
GetFileInformationByHandle
GetCommandLineA
GetProcAddress
TlsFree
GetFileType
SetStdHandle
SetFilePointer
lstrcpyW
RaiseException
WideCharToMultiByte
GetStringTypeA
FreeEnvironmentStringsW
DeleteCriticalSection
SetUnhandledExceptionFilter
WriteFile
GetCurrentProcess
CloseHandle
GetSystemTimeAsFileTime
DuplicateHandle
HeapReAlloc
SetHandleInformation
GetModuleHandleW
EscapeCommFunction
TerminateProcess
QueryPerformanceCounter
WriteConsoleA
SetHandleCount
IsValidCodePage
HeapCreate
GlobalAlloc
VirtualFree
TlsGetValue
Sleep
SetLastError
TlsSetValue
CreateFileA
ExitProcess
GetCurrentThreadId
InterlockedIncrement
VirtualAlloc
GetCurrentProcessId
WriteConsoleW
LeaveCriticalSection
SendMessageA
PE exports
Number of PE resources by type
RT_ICON 4
RT_ACCELERATOR 1
RT_GROUP_ICON 1
Number of PE resources by language
PORTUGUESE BRAZILIAN 6
PE resources
ExifTool file metadata
MIMEType
application/octet-stream

Subsystem
Windows GUI

MachineType
Intel 386 or later, and compatibles

FileTypeExtension
exe

TimeStamp
2017:11:05 13:56:22-08:00

FileType
Win32 EXE

PEType
PE32

CodeSize
104448

LinkerVersion
9.0

ImageFileCharacteristics
Executable, Large address aware, 32-bit

EntryPoint
0x43cb

InitializedDataSize
121344

SubsystemVersion
5.1

ImageVersion
0.0

OSVersion
5.1

UninitializedDataSize
0

File identification
MD5 627ba09c59524c5e232d8632630f6758
SHA1 6f94b8b2de89c15b9819a454f0dd60b3924e19d5
SHA256 a96f64969c77cb5b40b9cc24819897dae0f72f0f90eb83676e90ae51677f6591
ssdeep
3072:0McBdKte+yB5V4l+yvW/Yd1rvC4GztDV1a8J59zpHp:0McLjX6W/ka9pzxp

authentihash 81965b61c654dda0ad6e778cd3af443d968d0bb6da493479e3071a48690a4405
imphash 2a2e786251c1c588f835016ba8e80777
File size 214.5 KB ( 219648 bytes )
File type Win32 EXE
Magic literal
PE32 executable for MS Windows (GUI) Intel 80386 32-bit

TrID Win32 EXE PECompact compressed (generic) (35.3%)
Win32 Executable MS Visual C++ (generic) (26.5%)
Win64 Executable (generic) (23.5%)
Win32 Dynamic Link Library (generic) (5.5%)
Win32 Executable (generic) (3.8%)
Tags
peexe

VirusTotal metadata
First submission 2018-12-31 05:52:06 UTC ( 4 months, 3 weeks ago )
Last submission 2018-12-31 05:52:06 UTC ( 4 months, 3 weeks ago )
File names UPDATE.EXE
update.exe
No comments. No VirusTotal Community member has commented on this item yet, be the first one to do so!

Leave your comment...

?
Post comment

You have not signed in. Only registered users can leave comments, sign in and have a voice!

No votes. No one has voted on this item yet, be the first one to do so!
Condensed report! The following is a condensed report of the behaviour of the file when executed in a controlled environment. The actions and events described were either performed by the file itself or by any other process launched by the executed file or subjected to code injection by the executed file.
Opened files
Read files
Written files
Deleted files
Created processes
Shell commands
Opened mutexes
Runtime DLLs
HTTP requests
DNS requests
TCP connections
UDP communications