× Cookies are disabled! This site requires cookies to be enabled to work properly
SHA256: ad23c7930dae02de1ea3c6836091b5fb3c62a89bf2bcfb83b4b39ede15904910
File name: b92149f046f00bb69de329b8457d32c24726ee00_haslo.ex
Detection ratio: 48 / 67
Analysis date: 2018-10-15 20:41:05 UTC ( 12 minutes ago )
Antivirus Result Update
Ad-Aware Trojan.GenericKD.4048694 20181015
AegisLab Trojan.Win32.Generic.j!c 20181015
AhnLab-V3 Trojan/Win32.Industroyer.R202380 20181015
ALYac Trojan.Agent.Endowerpo 20181015
Antiy-AVL Trojan/Win32.CrashOverride 20181015
Arcabit Trojan.Generic.D3DC736 20181015
Avast Win32:Malware-gen 20181015
AVG Win32:Malware-gen 20181015
Avira (no cloud) HEUR/AGEN.1004094 20181015
BitDefender Trojan.GenericKD.4048694 20181015
CAT-QuickHeal Trojan.Dynamer 20181013
CrowdStrike Falcon (ML) malicious_confidence_100% (W) 20180723
Cybereason malicious.86dbb0 20180225
Cylance Unsafe 20181015
DrWeb Trojan.Industroyer.7 20181015
Emsisoft Trojan.GenericKD.4048694 (B) 20181015
Endgame malicious (high confidence) 20180730
ESET-NOD32 a variant of Win32/Industroyer.A 20181015
F-Secure Trojan.GenericKD.4048694 20181015
Fortinet W32/Industroyer.A!tr 20181015
GData Win32.Backdoor.Industroyer.A 20181015
Ikarus Trojan.Industroyer 20181015
Jiangmin Trojan.Generic.cjgjd 20181015
K7AntiVirus Trojan ( 00501d9b1 ) 20181015
K7GW Trojan ( 00501d9b1 ) 20181015
Kaspersky Trojan.Win32.Industroyer.d 20181015
MAX malware (ai score=100) 20181015
McAfee Ransomware-GBK!7A7ACE486DBB 20181015
McAfee-GW-Edition BehavesLike.Win32.AdwareConvertAd.lh 20181015
Microsoft Trojan:Win32/CrashOverride.A!dha 20181015
eScan Trojan.GenericKD.4048694 20181015
NANO-Antivirus Trojan.Win32.DelFile.ekrlub 20181015
Palo Alto Networks (Known Signatures) generic.ml 20181015
Panda Trj/GdSda.A 20181015
Qihoo-360 Win32/Trojan.698 20181015
Sophos AV Troj/Idtroyer-B 20181015
Symantec Backdoor.Industroyer 20181015
TACHYON Trojan/W32.Industroyer.76800 20181015
Tencent Win32.Trojan.Industroyer.Ajcc 20181015
TrendMicro TROJ_INDUSTROYER.A 20181015
TrendMicro-HouseCall TROJ_INDUSTROYER.A 20181015
VBA32 Trojan.Industroyer 20181015
VIPRE Trojan.Win32.Generic!BT 20181015
ViRobot Trojan.Win32.Industroyer.76800.A 20181015
Webroot W32.Trojan.Gen 20181015
Yandex Trojan.Gen!BD+iipslBGQ 20181015
Zillya Trojan.Industroyer.Win32.1 20181015
ZoneAlarm by Check Point Trojan.Win32.Industroyer.d 20181015
Alibaba 20180921
Avast-Mobile 20181015
Baidu 20181015
Bkav 20181014
ClamAV 20181015
CMC 20181015
Comodo 20181015
Cyren 20181015
eGambit 20181015
F-Prot 20181015
Sophos ML 20180717
Kingsoft 20181015
Malwarebytes 20181015
Rising 20181015
SentinelOne (Static ML) 20181011
SUPERAntiSpyware 20181015
Symantec Mobile Insight 20181001
TheHacker 20181015
TotalDefense 20181015
Trustlook 20181015
Zoner 20181014
The file being studied is a Portable Executable file! More specifically, it is a Win32 EXE file for the Windows GUI subsystem.
PE header basic information
Target machine Intel 386 or later processors and compatible processors
Entry Point 0x000019F9
Number of sections 6
PE sections
PE imports
RegCloseKey
RegOpenKeyExW
RegEnumKeyW
RegSetValueExW
CreateToolhelp32Snapshot
HeapSize
GetLastError
InitializeCriticalSectionAndSpinCount
HeapFree
GetSystemTimeAsFileTime
EnterCriticalSection
LCMapStringW
GetModuleFileNameW
GetConsoleCP
FreeLibrary
QueryPerformanceCounter
HeapReAlloc
IsDebuggerPresent
ExitProcess
TlsAlloc
GetOEMCP
GetEnvironmentStringsW
FlushFileBuffers
RtlUnwind
lstrlenW
GetStdHandle
Process32NextW
DeleteCriticalSection
GetCurrentProcess
GetConsoleMode
GetStringTypeW
GetFileSize
OpenProcess
GetCommandLineW
WideCharToMultiByte
UnhandledExceptionFilter
LoadLibraryExW
MultiByteToWideChar
GetStartupInfoW
SetFilePointerEx
FreeEnvironmentStringsW
GetCPInfo
GetCommandLineA
WaitForMultipleObjects
InitializeSListHead
Process32FirstW
GetFileType
SetStdHandle
RaiseException
CreateThread
TlsFree
GetProcessHeap
FindNextFileW
SetUnhandledExceptionFilter
WriteFile
CloseHandle
IsProcessorFeaturePresent
FindFirstFileW
ExitThread
FindFirstFileExW
DecodePointer
GetModuleHandleW
GetACP
TerminateProcess
GetModuleHandleExW
IsValidCodePage
CreateFileW
FindClose
TlsGetValue
SetLastError
TlsSetValue
HeapAlloc
GetCurrentThreadId
GetProcAddress
GetCurrentProcessId
WriteConsoleW
LeaveCriticalSection
EnumProcesses
StrCmpW
PathCombineW
wsprintfW
PE exports
Number of PE resources by type
RT_MANIFEST 1
Number of PE resources by language
ENGLISH US 1
PE resources
Debug information
ExifTool file metadata
MIMEType
application/octet-stream

Subsystem
Windows GUI

MachineType
Intel 386 or later, and compatibles

FileTypeExtension
exe

TimeStamp
0000:00:00 00:00:00

FileType
Win32 EXE

PEType
PE32

CodeSize
44032

LinkerVersion
14.0

ImageFileCharacteristics
Executable, 32-bit

EntryPoint
0x19f9

InitializedDataSize
434688

SubsystemVersion
5.1

ImageVersion
0.0

OSVersion
5.1

UninitializedDataSize
0

Compressed bundles
File identification
MD5 7a7ace486dbb046f588331a08e869d58
SHA1 b92149f046f00bb69de329b8457d32c24726ee00
SHA256 ad23c7930dae02de1ea3c6836091b5fb3c62a89bf2bcfb83b4b39ede15904910
ssdeep
1536:txjX3k9R4Bdde5eFN73+WmS3UJ64b69AQJRCsWmcd2jjGVjpU:jddewFVO1S3I64LwRg2jjGJK

authentihash 7c2b324028a9fe0a7cf949721512b64cefe0d0be560a1208a79dff2337037017
imphash 36d59bffd5fdfe21575c7b0fbc2bf51d
File size 75.0 KB ( 76800 bytes )
File type Win32 EXE
Magic literal
PE32 executable for MS Windows (GUI) Intel 80386 32-bit

TrID Win64 Executable (generic) (61.7%)
Win32 Dynamic Link Library (generic) (14.7%)
Win32 Executable (generic) (10.0%)
OS/2 Executable (generic) (4.5%)
Generic Win/DOS Executable (4.4%)
Tags
peexe

VirusTotal metadata
First submission 2016-12-19 09:58:43 UTC ( 1 year, 10 months ago )
Last submission 2018-05-08 00:12:08 UTC ( 5 months, 1 week ago )
File names haslo.exe
b92149f046f00bb69de329b8457d32c24726ee00_haslo.ex
No comments. No VirusTotal Community member has commented on this item yet, be the first one to do so!

Leave your comment...

?
Post comment

You have not signed in. Only registered users can leave comments, sign in and have a voice!

No votes. No one has voted on this item yet, be the first one to do so!
Condensed report! The following is a condensed report of the behaviour of the file when executed in a controlled environment. The actions and events described were either performed by the file itself or by any other process launched by the executed file or subjected to code injection by the executed file.
Opened files
Written files
Terminated processes
UDP communications