× Cookies are disabled! This site requires cookies to be enabled to work properly
SHA256: aadf0f5c2090c2005943b067d51a2f05398045ccecf524064ed7c0a1cde4d85e
File name: b10492388c79d16d3c4498602f2aded5369c982f
Detection ratio: 35 / 67
Analysis date: 2018-11-13 01:47:13 UTC ( 4 months, 1 week ago ) View latest
Antivirus Result Update
Ad-Aware Gen:Variant.Strictor.177159 20181112
AhnLab-V3 Trojan/Win32.Infostealer.C2823347 20181112
ALYac Gen:Variant.Strictor.177159 20181113
Arcabit Trojan.Strictor.D2B407 20181112
Avast Win32:MalwareX-gen [Trj] 20181113
AVG Win32:MalwareX-gen [Trj] 20181113
BitDefender Gen:Variant.Strictor.177159 20181112
Bkav W32.eHeur.Malware10 20181110
CrowdStrike Falcon (ML) malicious_confidence_90% (W) 20181022
Cybereason malicious.612105 20180225
Cylance Unsafe 20181113
DrWeb Trojan.PWS.Stealer.24943 20181112
Emsisoft Gen:Variant.Strictor.177159 (B) 20181112
Endgame malicious (high confidence) 20181108
ESET-NOD32 a variant of Win32/Kryptik.GMOB 20181113
F-Secure Gen:Variant.Strictor.177159 20181112
Fortinet W32/Kryptik.GMNQ!tr 20181113
GData Gen:Variant.Strictor.177159 20181112
Sophos ML heuristic 20181108
Jiangmin Trojan.Banker.NeutrinoPOS.hd 20181112
Kaspersky Trojan-Banker.Win32.NeutrinoPOS.djy 20181112
Malwarebytes Trojan.MalPack.GS 20181113
MAX malware (ai score=85) 20181113
McAfee GenericRXGO-TV!C80E31261210 20181113
McAfee-GW-Edition BehavesLike.Win32.Generic.dt 20181112
Microsoft Trojan:Win32/Vigorf.A 20181113
eScan Gen:Variant.Strictor.177159 20181113
Panda Trj/GdSda.A 20181112
Qihoo-360 HEUR/QVM10.1.2B21.Malware.Gen 20181113
Rising Malware.Heuristic!ET#92% (RDM+:cmRtazoX63KVK8v9CSl09SxvpdGT) 20181113
Sophos AV Mal/Generic-S 20181112
Symantec Trojan.Gen.2 20181112
TrendMicro-HouseCall TROJ_GEN.R015H0CKB18 20181113
VBA32 BScope.TrojanBanker.NeutrinoPOS 20181112
ZoneAlarm by Check Point Trojan-Banker.Win32.NeutrinoPOS.djy 20181113
AegisLab 20181113
Alibaba 20180921
Antiy-AVL 20181113
Avast-Mobile 20181112
Avira (no cloud) 20181113
Babable 20180918
Baidu 20181112
CAT-QuickHeal 20181112
ClamAV 20181112
CMC 20181112
Cyren 20181113
F-Prot 20181113
Ikarus 20181112
K7AntiVirus 20181112
K7GW 20181112
Kingsoft 20181113
NANO-Antivirus 20181113
Palo Alto Networks (Known Signatures) 20181113
SentinelOne (Static ML) 20181011
SUPERAntiSpyware 20181107
Symantec Mobile Insight 20181108
TACHYON 20181112
Tencent 20181113
TheHacker 20181108
TotalDefense 20181112
TrendMicro 20181112
Trustlook 20181113
VIPRE 20181113
ViRobot 20181112
Webroot 20181113
Yandex 20181112
Zillya 20181112
Zoner 20181113
The file being studied is a Portable Executable file! More specifically, it is a Win32 EXE file for the Windows GUI subsystem.
PE header basic information
Target machine Intel 386 or later processors and compatible processors
Compilation timestamp 2017-08-16 03:59:05
Entry Point 0x00003337
Number of sections 5
PE sections
PE imports
ReportEventW
SetStretchBltMode
SetPolyFillMode
CreateDiscardableBitmap
SetViewportOrgEx
SetPixel
SetPixelV
StretchBlt
CreateCompatibleDC
CreateCompatibleBitmap
SetTextColor
StretchDIBits
GetLastError
InitializeCriticalSectionAndSpinCount
HeapFree
GetStdHandle
EnterCriticalSection
GetConsoleOutputCP
SetHandleCount
TerminateThread
GetConsoleCP
GetOEMCP
GetEnvironmentStringsW
IsDebuggerPresent
ExitProcess
TlsAlloc
VirtualProtect
FlushFileBuffers
LoadLibraryA
RtlUnwind
GetModuleFileNameA
FindFirstChangeNotificationW
FreeEnvironmentStringsA
DeleteCriticalSection
EnumTimeFormatsW
GetEnvironmentStrings
GetCurrentDirectoryW
GetConsoleMode
GetLocaleInfoA
GetCurrentProcessId
LCMapStringW
LCMapStringA
GetCurrentProcess
UnhandledExceptionFilter
TlsGetValue
MultiByteToWideChar
HeapSize
FreeEnvironmentStringsW
GetCommandLineA
GetProcAddress
AddAtomW
GetFileType
SetStdHandle
GetCPInfo
WriteConsoleA
TlsFree
SetFilePointer
LocalFree
ReadFile
SetUnhandledExceptionFilter
WriteFile
GetStartupInfoA
GetStringTypeA
CloseHandle
GetSystemTimeAsFileTime
GetThreadTimes
FindAtomW
GetACP
HeapReAlloc
GetStringTypeW
GetModuleHandleW
GetSystemTimeAdjustment
TerminateProcess
FindCloseChangeNotification
QueryPerformanceCounter
WideCharToMultiByte
IsValidCodePage
HeapCreate
GlobalAlloc
VirtualFree
WriteConsoleOutputCharacterA
InterlockedDecrement
Sleep
SetLastError
GetTickCount
TlsSetValue
CreateFileA
HeapAlloc
GetCurrentThreadId
LeaveCriticalSection
VirtualAlloc
WriteConsoleW
InterlockedIncrement
GradientFill
CreateWindowExA
PeekMessageW
GetMenuInfo
SetParent
LookupIconIdFromDirectory
LoadIconW
ScrollWindow
SetThreadDesktop
GetNextDlgTabItem
WinHttpCloseHandle
Number of PE resources by type
RT_ICON 2
PUCA 1
RT_DIALOG 1
XAROZUHIFURAJODACIRARICIVUPOSA 1
RT_STRING 1
RT_ACCELERATOR 1
RT_BITMAP 1
RT_VERSION 1
RT_GROUP_ICON 1
Number of PE resources by language
SERBIAN DEFAULT 10
PE resources
ExifTool file metadata
UninitializedDataSize
0

LinkerVersion
9.0

ImageVersion
0.0

FileVersionNumber
7.0.0.0

LanguageCode
Unknown (457A)

FileFlagsMask
0x004f

ImageFileCharacteristics
Executable, Large address aware, 32-bit, System file

CharacterSet
Unknown (A56B)

InitializedDataSize
333312

EntryPoint
0x3337

MIMEType
application/octet-stream

LegalCopyright
Copyright (C) 2018, iimexhyusno

FileVersion
1.0.0.1

TimeStamp
2017:08:16 04:59:05+01:00

FileType
Win32 EXE

PEType
PE32

InternalName
shadbfiasdbfi

ProductVersion
1.0.0.1

SubsystemVersion
5.0

OSVersion
5.0

FileOS
Unknown (0x40534)

Subsystem
Windows GUI

MachineType
Intel 386 or later, and compatibles

CodeSize
40960

FileSubtype
0

ProductVersionNumber
3.0.0.0

FileTypeExtension
exe

ObjectFileType
Executable application

File identification
MD5 c80e3126121053e9112b400242381fb5
SHA1 b10492388c79d16d3c4498602f2aded5369c982f
SHA256 aadf0f5c2090c2005943b067d51a2f05398045ccecf524064ed7c0a1cde4d85e
ssdeep
1536:UAV97uvKVf30Zt/oFupwBT5Vb/9iEM8fh9khWAp2KOJUlP0CwIkGY2yONUwt0fZ9:3VNuvKK7MT5Vb/22hi0Ap0APLEOiwtc

authentihash 467b3f16b59f2690d50ac50bc17cf5eb5e80a6feba0f16ba73f23b4da569c01d
imphash 9a9f780d8ff27039d8fe9dd6681ff89e
File size 209.5 KB ( 214528 bytes )
File type Win32 EXE
Magic literal
PE32 executable for MS Windows (GUI) Intel 80386 32-bit system file

TrID Win32 Executable MS Visual C++ (generic) (41.0%)
Win64 Executable (generic) (36.3%)
Win32 Dynamic Link Library (generic) (8.6%)
Win32 Executable (generic) (5.9%)
OS/2 Executable (generic) (2.6%)
Tags
peexe

VirusTotal metadata
First submission 2018-11-13 01:47:13 UTC ( 4 months, 1 week ago )
Last submission 2018-11-13 01:47:13 UTC ( 4 months, 1 week ago )
No comments. No VirusTotal Community member has commented on this item yet, be the first one to do so!

Leave your comment...

?
Post comment

You have not signed in. Only registered users can leave comments, sign in and have a voice!

No votes. No one has voted on this item yet, be the first one to do so!
Condensed report! The following is a condensed report of the behaviour of the file when executed in a controlled environment. The actions and events described were either performed by the file itself or by any other process launched by the executed file or subjected to code injection by the executed file.
Runtime DLLs