× Cookies are disabled! This site requires cookies to be enabled to work properly
SHA256: abff9203d6256b10549e2279091788ce251df688a4aac1d15247c3e644ac58a7
File name: f40faf90a8813310dddaff23a89f6187.virus
Detection ratio: 35 / 68
Analysis date: 2017-11-15 22:02:52 UTC ( 1 year, 3 months ago ) View latest
Antivirus Result Update
Ad-Aware Gen:Variant.Zusy.264108 20171115
ALYac Gen:Variant.Graftor.424569 20171115
Antiy-AVL Trojan/Win32.Refinka 20171115
Arcabit Trojan.Zusy.D407AC 20171115
Avast Win32:Malware-gen 20171115
AVG Win32:Malware-gen 20171115
Baidu Win32.Trojan.Kryptik.rb 20171115
BitDefender Gen:Variant.Zusy.264108 20171115
CrowdStrike Falcon (ML) malicious_confidence_100% (D) 20171016
Cylance Unsafe 20171115
eGambit Unsafe.AI_Score_93% 20171115
Emsisoft Gen:Variant.Zusy.264108 (B) 20171115
Endgame malicious (high confidence) 20171024
ESET-NOD32 a variant of Win32/Kryptik.FYXL 20171115
F-Secure Gen:Variant.Zusy.264108 20171115
Fortinet W32/GenKryptik.BCIL!tr.ransom 20171115
GData Gen:Variant.Zusy.264108 20171115
Ikarus Trojan.Win32.Crypt 20171115
Sophos ML heuristic 20170914
Kaspersky Trojan.Win32.Refinka.jol 20171115
Malwarebytes Backdoor.Tofsee 20171115
MAX malware (ai score=81) 20171115
McAfee GenericRXDE-JZ!F40FAF90A881 20171115
McAfee-GW-Edition BehavesLike.Win32.Downloader.cc 20171115
Microsoft Trojan:Win32/Krilog.A 20171115
eScan Gen:Variant.Zusy.264108 20171115
Panda Trj/CI.A 20171115
Qihoo-360 HEUR/QVM20.1.35F1.Malware.Gen 20171115
Rising Trojan.Kryptik!1.AE8C (CLASSIC) 20171115
SentinelOne (Static ML) static engine - malicious 20171113
Sophos AV Mal/Generic-S 20171115
Symantec Packed.Generic.493 20171115
Tencent Suspicious.Heuristic.Gen.b.0 20171115
WhiteArmor Malware.HighConfidence 20171104
ZoneAlarm by Check Point Trojan.Win32.Refinka.jol 20171115
AegisLab 20171115
AhnLab-V3 20171115
Alibaba 20170911
Avast-Mobile 20171115
Avira (no cloud) 20171115
AVware 20171115
Bkav 20171115
CAT-QuickHeal 20171115
ClamAV 20171115
CMC 20171109
Comodo 20171115
Cybereason 20171103
Cyren 20171115
DrWeb 20171115
F-Prot 20171115
Jiangmin 20171115
K7AntiVirus 20171115
K7GW 20171115
Kingsoft 20171115
NANO-Antivirus 20171115
nProtect 20171115
Palo Alto Networks (Known Signatures) 20171115
SUPERAntiSpyware 20171115
Symantec Mobile Insight 20171115
TheHacker 20171112
TotalDefense 20171115
TrendMicro 20171115
TrendMicro-HouseCall 20171115
Trustlook 20171115
VBA32 20171115
VIPRE 20171115
ViRobot 20171115
Webroot 20171115
Yandex 20171114
Zillya 20171115
Zoner 20171115
The file being studied is a Portable Executable file! More specifically, it is a Win32 EXE file for the Windows GUI subsystem.
PE header basic information
Target machine Intel 386 or later processors and compatible processors
Compilation timestamp 2015-12-22 11:25:57
Entry Point 0x0000A8E8
Number of sections 4
PE sections
PE imports
RegUnLoadKeyA
IsValidAcl
RegReplaceKeyA
RegSaveKeyA
RegCreateKeyExA
IsValidSid
RegDeleteValueW
RegEnumKeyW
InitializeAcl
RegLoadKeyW
RegRestoreKeyW
OpenEventLogW
ReadEventLogA
CryptSignHashA
CheckADsError
FindSheet
CrackName
IsBadStringPtrW
ReadConsoleA
GetStartupInfoA
LoadLibraryExA
SearchPathW
GetCurrentProcessId
GetModuleHandleA
GetSystemDirectoryW
WaitForSingleObject
lstrcat
GetCommandLineA
GetFileSize
MoveFileW
CreateMailslotA
FindNextFileA
DeleteFileW
GetVersion
GetProcAddress
GetCurrentThreadId
GetExpandedNameA
drvGetDefaultCommConfigA
CountryRunOnce
InvokeControlPanel
drvSetDefaultCommConfigA
drvCommConfigDialogA
Chkdsk
FormatEx
Recover
SetFocus
wsprintfA
DispatchMessageA
LoadBitmapW
GetClassLongW
LoadStringW
IsCharUpperW
DialogBoxParamA
SetClassLongA
LoadMenuW
IsDialogMessageA
Number of PE resources by type
RT_RCDATA 2
Number of PE resources by language
NEUTRAL 2
PE resources
ExifTool file metadata
MIMEType
application/octet-stream

Subsystem
Windows GUI

MachineType
Intel 386 or later, and compatibles

FileTypeExtension
exe

TimeStamp
2015:12:22 12:25:57+01:00

FileType
Win32 EXE

PEType
PE32

CodeSize
59392

LinkerVersion
10.0

ImageFileCharacteristics
No relocs, Executable, Aggressive working-set trim, 32-bit, No debug

EntryPoint
0xa8e8

InitializedDataSize
121856

SubsystemVersion
5.1

ImageVersion
0.0

OSVersion
5.1

UninitializedDataSize
0

Compressed bundles
File identification
MD5 f40faf90a8813310dddaff23a89f6187
SHA1 12322e97b0351f6024c3bd5a7a83375f4c4242a2
SHA256 abff9203d6256b10549e2279091788ce251df688a4aac1d15247c3e644ac58a7
ssdeep
3072:WQcnntvYP9aPf+YXCCLTvq1qiJNRBvylcsHda/JEo:zcnntvqwPfPXCCLTvq1qiJZyuSEhE

authentihash 445b0728389688f97e9a8d10a1de238201c88db251ef2e3a011084ed0a005694
imphash a4dd7f4c125698c8f9c0d70b0bab3a7e
File size 178.0 KB ( 182272 bytes )
File type Win32 EXE
Magic literal
PE32 executable for MS Windows (GUI) Intel 80386 32-bit

TrID Win32 Dynamic Link Library (generic) (34.2%)
Win32 Executable (generic) (23.4%)
Win16/32 Executable Delphi generic (10.7%)
OS/2 Executable (generic) (10.5%)
Generic Win/DOS Executable (10.4%)
Tags
peexe

VirusTotal metadata
First submission 2017-11-15 22:02:52 UTC ( 1 year, 3 months ago )
Last submission 2017-11-15 22:02:52 UTC ( 1 year, 3 months ago )
File names f40faf90a8813310dddaff23a89f6187.virus
1032-12322e97b0351f6024c3bd5a7a83375f4c4242a2
No comments. No VirusTotal Community member has commented on this item yet, be the first one to do so!

Leave your comment...

?
Post comment

You have not signed in. Only registered users can leave comments, sign in and have a voice!

No votes. No one has voted on this item yet, be the first one to do so!
Condensed report! The following is a condensed report of the behaviour of the file when executed in a controlled environment. The actions and events described were either performed by the file itself or by any other process launched by the executed file or subjected to code injection by the executed file.
Opened files
Read files
Written files
Deleted files
Created processes
Created mutexes
Opened mutexes
Runtime DLLs