× Cookies are disabled! This site requires cookies to be enabled to work properly
SHA256: adb5aa933593cfe12d072bf96a8a9338a245a74610acec48c1f297625512a280
File name: 5E49B820DDBA9E4DF61B3B166A474163.exe
Detection ratio: 37 / 71
Analysis date: 2019-01-24 10:14:17 UTC ( 1 month, 3 weeks ago ) View latest
Antivirus Result Update
Ad-Aware Trojan.GenericKD.40976662 20190124
ALYac Trojan.GenericKD.40976662 20190124
Arcabit Trojan.Generic.D2714116 20190124
Avast Win32:Trojan-gen 20190124
AVG Win32:Trojan-gen 20190124
BitDefender Trojan.GenericKD.40976662 20190124
CrowdStrike Falcon (ML) malicious_confidence_90% (W) 20181023
Cybereason malicious.9b0427 20190109
Cylance Unsafe 20190124
eGambit Unsafe.AI_Score_88% 20190124
Emsisoft Trojan.GenericKD.40976662 (B) 20190124
Endgame malicious (high confidence) 20181108
ESET-NOD32 Win32/Spy.Ursnif.CB 20190124
F-Secure Trojan.GenericKD.40976662 20190124
Fortinet W32/Malicious_Behavior.VEX 20190124
GData Trojan.GenericKD.40976662 20190124
Ikarus Packed.Win32.Crypt 20190124
Sophos ML heuristic 20181128
K7AntiVirus Riskware ( 0040eff71 ) 20190124
K7GW Riskware ( 0040eff71 ) 20190124
Kaspersky Trojan-Spy.Win32.Ursnif.aglj 20190124
McAfee Artemis!5E49B820DDBA 20190124
McAfee-GW-Edition BehavesLike.Win32.Emotet.gh 20190124
Microsoft Trojan:Win32/Azden.A!cl 20190124
eScan Trojan.GenericKD.40976662 20190124
Palo Alto Networks (Known Signatures) generic.ml 20190124
Rising Malware.Heuristic.MLite(80%) (AI-LITE:+4ovyR0rpWXU6QgYazbSGw) 20190124
Sophos AV Mal/Generic-S 20190124
Symantec Trojan.Gen.2 20190124
Tencent Win32.Trojan-spy.Ursnif.Sxor 20190124
Trapmine malicious.high.ml.score 20190123
TrendMicro Mal_MiliCry-1c 20190124
TrendMicro-HouseCall Mal_MiliCry-1c 20190124
VBA32 BScope.Backdoor.Androm 20190124
ViRobot Trojan.Win32.Z.Highconfidence.430080.B 20190124
Webroot W32.Trojan.Gen 20190124
ZoneAlarm by Check Point Trojan-Spy.Win32.Ursnif.aglj 20190124
Acronis 20190124
AegisLab 20190124
AhnLab-V3 20190124
Alibaba 20180921
Antiy-AVL 20190124
Avast-Mobile 20190124
Avira (no cloud) 20190124
Babable 20180918
Baidu 20190124
Bkav 20190124
CAT-QuickHeal 20190123
ClamAV 20190124
CMC 20190124
Comodo 20190124
Cyren 20190124
DrWeb 20190124
F-Prot 20190124
Jiangmin 20190124
Kingsoft 20190124
Malwarebytes 20190124
MAX 20190124
NANO-Antivirus 20190124
Panda 20190123
Qihoo-360 20190124
SentinelOne (Static ML) 20190118
SUPERAntiSpyware 20190123
TACHYON 20190124
TheHacker 20190118
TotalDefense 20190124
Trustlook 20190124
VIPRE 20190124
Yandex 20190124
Zillya 20190123
Zoner 20190124
The file being studied is a Portable Executable file! More specifically, it is a Win32 EXE file for the Windows GUI subsystem.
FileVersionInfo properties
Copyright
Copyright ©.

Product Pessimistic
Description Parentchild Broadcast Salesperson Score
PE header basic information
Target machine Intel 386 or later processors and compatible processors
Compilation timestamp 2019-01-22 12:54:04
Entry Point 0x0000D9AB
Number of sections 5
PE sections
PE imports
LookupPrivilegeValueA
CryptReleaseContext
OpenProcessToken
CryptAcquireContextA
DeregisterEventSource
GetOldestEventLogRecord
CryptGenRandom
OpenEventLogA
AdjustTokenPrivileges
RegisterEventSourceA
GetNumberOfEventLogRecords
ReportEventA
CryptGenKey
capGetDriverDescriptionA
Ord(17)
ImageList_GetIconSize
CreatePalette
SwapBuffers
SelectObject
GetTextExtentPoint32A
CreatePen
CreateBrushIndirect
AddFontResourceExW
CreateSolidBrush
CombineRgn
CreateFontW
Rectangle
GetStdHandle
FileTimeToSystemTime
GetOverlappedResult
EncodePointer
CreatePipe
GetCurrentProcess
GetConsoleMode
LocalAlloc
UnhandledExceptionFilter
ExpandEnvironmentStringsA
FreeEnvironmentStringsW
InitializeSListHead
GetLocaleInfoW
SetStdHandle
GetFileTime
GetCPInfo
WriteFile
GetSystemTimeAsFileTime
HeapReAlloc
GetStringTypeW
FreeLibrary
FindClose
TlsGetValue
EnumDateFormatsA
SetLastError
GetSystemTime
IsDebuggerPresent
ExitProcess
GetVersionExA
GetModuleFileNameA
SetConsoleScreenBufferSize
GetVolumeInformationA
AllocConsole
EnumSystemLocalesW
LoadLibraryExW
MultiByteToWideChar
SetFilePointerEx
SetFilePointer
DeleteCriticalSection
SetUnhandledExceptionFilter
IsProcessorFeaturePresent
SetHandleInformation
TerminateProcess
GetModuleHandleExW
GlobalAlloc
SetEndOfFile
GetCurrentThreadId
WriteConsoleW
InitializeCriticalSectionAndSpinCount
HeapFree
EnterCriticalSection
GetOEMCP
QueryPerformanceCounter
GetTickCount
TlsAlloc
FlushFileBuffers
RtlUnwind
DecodePointer
GetFileSize
DeleteFileA
GetStartupInfoW
GetUserDefaultLCID
GetConsoleScreenBufferInfo
GetProcessHeap
FindFirstFileExA
CreateFileMappingA
FindNextFileA
IsValidLocale
GetProcAddress
ReadConsoleW
CreateEventW
CreateFileW
GetConsoleWindow
GetFileType
TlsSetValue
CreateFileA
HeapAlloc
LeaveCriticalSection
GetLastError
LCMapStringW
GetSystemInfo
GlobalFree
GetConsoleCP
GetEnvironmentStringsW
GlobalUnlock
GetCommState
OpenFile
FileTimeToLocalFileTime
GetCurrentProcessId
CreateIoCompletionPort
GetCommandLineW
WideCharToMultiByte
HeapSize
GetCommandLineA
RaiseException
MapViewOfFile
TlsFree
GetModuleHandleA
ReadFile
CloseHandle
GetACP
GlobalLock
GetModuleHandleW
SwitchToThread
IsValidCodePage
UnmapViewOfFile
GetTempPathW
VirtualAlloc
acmDriverDetailsA
acmDriverOpen
VarDecMul
VarRound
VarCmp
wglGetCurrentDC
UuidToStringA
UuidCreate
PathIsUNCW
ColorRGBToHLS
PathCompactPathA
EmptyClipboard
MapVirtualKeyA
GetClassInfoExW
UpdateWindow
GetParent
GetWindowThreadProcessId
SetScrollRange
GetWindowRect
SetMenu
MoveWindow
EnumChildWindows
MessageBoxA
AppendMenuW
GetDC
ReleaseDC
SetWindowTextA
GetKeyNameTextA
SetClipboardData
GetWindowTextA
GetClientRect
GetDlgItem
SetScrollPos
GetDesktopWindow
IsWindowUnicode
CloseClipboard
DestroyWindow
ScrollWindowEx
OpenClipboard
WinHttpConnect
WinHttpQueryHeaders
WinHttpReadData
WinHttpCloseHandle
WinHttpQueryDataAvailable
WinHttpCrackUrl
WinHttpReceiveResponse
WinHttpOpen
WinHttpOpenRequest
WinHttpSendRequest
InternetConnectA
HttpOpenRequestA
HttpSendRequestA
InternetCloseHandle
InternetOpenA
MiniDumpWriteDump
MiniDumpReadDumpStream
OleUninitialize
OleInitialize
OleFlushClipboard
ReleaseStgMedium
StgOpenStorage
OleSetClipboard
PdhBrowseCountersA
ObtainUserAgentString
Number of PE resources by type
RT_DIALOG 15
RT_CURSOR 11
RT_GROUP_CURSOR 10
RT_STRING 9
REGISTRY 8
RT_ICON 6
PNG 5
RT_RCDATA 4
RCDATA 1
RT_MANIFEST 1
TXT 1
RT_VERSION 1
RT_GROUP_ICON 1
Number of PE resources by language
ENGLISH US 73
PE resources
Debug information
ExifTool file metadata
UninitializedDataSize
0

LinkerVersion
14.16

ImageVersion
0.0

FileSubtype
0

FileVersionNumber
3.2.4.4

LanguageCode
English (U.S.)

FileFlagsMask
0x003f

FileDescription
Parentchild Broadcast Salesperson Score

ImageFileCharacteristics
No relocs, Executable, 32-bit

CharacterSet
Unicode

InitializedDataSize
258560

PrivateBuild
3.2.4.4

EntryPoint
0xd9ab

MIMEType
application/octet-stream

LegalCopyright
Copyright .

TimeStamp
2019:01:22 13:54:04+01:00

FileType
Win32 EXE

PEType
PE32

ProductVersion
3.2.4.4

SubsystemVersion
5.1

OSVersion
5.1

FileOS
Windows NT 32-bit

Subsystem
Windows GUI

MachineType
Intel 386 or later, and compatibles

CompanyName
DivX, LLC

CodeSize
170496

ProductName
Pessimistic

ProductVersionNumber
3.2.4.4

FileTypeExtension
exe

ObjectFileType
Executable application

File identification
MD5 5e49b820ddba9e4df61b3b166a474163
SHA1 a57d5789b0427043c81b792ed6b288de83418204
SHA256 adb5aa933593cfe12d072bf96a8a9338a245a74610acec48c1f297625512a280
ssdeep
6144:dNdaKIdzWaTaPZgcofP2KpAO89HpT9GDyNUNr1K6ynH0qXNDJTgTezhu4:dNdKFWaTWOci2KpWpcDyNc204eezhu4

authentihash c1ca5fae8a9215141c8740d15ea171abfa2a85fca2919468b8b4eee9de0d58a8
imphash 0df869b4b900e84e0388d9b3dbdce7fd
File size 420.0 KB ( 430080 bytes )
File type Win32 EXE
Magic literal
PE32 executable for MS Windows (GUI) Intel 80386 32-bit

TrID Win64 Executable (generic) (72.3%)
Win32 Executable (generic) (11.8%)
OS/2 Executable (generic) (5.3%)
Generic Win/DOS Executable (5.2%)
DOS Executable Generic (5.2%)
Tags
peexe

VirusTotal metadata
First submission 2019-01-22 20:21:37 UTC ( 1 month, 4 weeks ago )
Last submission 2019-01-22 20:21:37 UTC ( 1 month, 4 weeks ago )
File names 5E49B820DDBA9E4DF61B3B166A474163.exe
No comments. No VirusTotal Community member has commented on this item yet, be the first one to do so!

Leave your comment...

?
Post comment

You have not signed in. Only registered users can leave comments, sign in and have a voice!

No votes. No one has voted on this item yet, be the first one to do so!
Condensed report! The following is a condensed report of the behaviour of the file when executed in a controlled environment. The actions and events described were either performed by the file itself or by any other process launched by the executed file or subjected to code injection by the executed file.
Opened files
Read files
Written files
Deleted files
Created processes
Shell commands
Code injections in the following processes
Opened mutexes
Runtime DLLs
HTTP requests
DNS requests
TCP connections