× Cookies are disabled! This site requires cookies to be enabled to work properly
SHA256: adcced3025b513fd907f595357182d66c630ebcad3d0720851230ec93a81fa27
File name: 98wugf56
Detection ratio: 14 / 64
Analysis date: 2017-07-31 11:44:29 UTC ( 1 year, 8 months ago ) View latest
Antivirus Result Update
AegisLab Ml.Attribute.Gen!c 20170731
Baidu Win32.Trojan.WisdomEyes.16070401.9500.9953 20170728
CrowdStrike Falcon (ML) malicious_confidence_100% (D) 20170710
Cylance Unsafe 20170731
Endgame malicious (high confidence) 20170721
Fortinet W32/Kryptik.FUFJ!tr 20170731
Sophos ML heuristic 20170607
McAfee-GW-Edition BehavesLike.Win32.RansomTescrypt.dh 20170731
Palo Alto Networks (Known Signatures) generic.ml 20170731
Rising Malware.Heuristic!ET#100% (rdm+) 20170731
SentinelOne (Static ML) static engine - malicious 20170718
Sophos AV Mal/Emotet-E 20170731
Symantec ML.Attribute.HighConfidence 20170731
Tencent Win32.Trojan.Raas.Auto 20170731
Ad-Aware 20170731
AhnLab-V3 20170731
Alibaba 20170731
ALYac 20170731
Antiy-AVL 20170731
Arcabit 20170731
Avast 20170731
AVG 20170731
Avira (no cloud) 20170731
AVware 20170731
BitDefender 20170731
Bkav 20170731
CAT-QuickHeal 20170731
ClamAV 20170731
CMC 20170731
Comodo 20170731
Cyren 20170731
DrWeb 20170731
Emsisoft 20170731
ESET-NOD32 20170731
F-Prot 20170731
F-Secure 20170731
GData 20170731
Ikarus 20170731
Jiangmin 20170731
K7AntiVirus 20170731
K7GW 20170731
Kaspersky 20170731
Kingsoft 20170731
Malwarebytes 20170731
MAX 20170731
McAfee 20170731
Microsoft 20170731
eScan 20170731
NANO-Antivirus 20170731
nProtect 20170731
Panda 20170731
Qihoo-360 20170731
SUPERAntiSpyware 20170731
Symantec Mobile Insight 20170730
TheHacker 20170730
TrendMicro 20170731
TrendMicro-HouseCall 20170731
Trustlook 20170731
VBA32 20170731
VIPRE 20170731
ViRobot 20170731
Webroot 20170731
WhiteArmor 20170731
Yandex 20170728
Zillya 20170731
ZoneAlarm by Check Point 20170731
Zoner 20170731
The file being studied is a Portable Executable file! More specifically, it is a Win32 EXE file for the Windows GUI subsystem.
PE header basic information
Target machine Intel 386 or later processors and compatible processors
Compilation timestamp 2017-07-31 02:34:12
Entry Point 0x00001FAD
Number of sections 4
PE sections
PE imports
GetLastError
InitializeCriticalSectionAndSpinCount
HeapFree
GetStdHandle
EnterCriticalSection
LCMapStringW
SetHandleCount
lstrlenA
GetModuleFileNameW
GetPrivateProfileSectionNamesA
GetOEMCP
GetEnvironmentStringsW
IsDebuggerPresent
ExitProcess
TlsAlloc
VirtualProtect
RtlUnwind
GetACP
HeapSetInformation
GetCurrentProcess
GetStringTypeW
GetCurrentProcessId
AddAtomA
GetCommandLineW
WideCharToMultiByte
UnhandledExceptionFilter
InterlockedDecrement
MultiByteToWideChar
GetStartupInfoW
FreeEnvironmentStringsW
GetProcAddress
EncodePointer
HeapSize
RaiseException
GetCPInfo
LoadLibraryW
TlsFree
GetSystemTimeAsFileTime
DeleteCriticalSection
SetUnhandledExceptionFilter
WriteFile
IsProcessorFeaturePresent
DuplicateHandle
HeapReAlloc
DecodePointer
GetModuleHandleW
TerminateProcess
QueryPerformanceCounter
IsValidCodePage
HeapCreate
GlobalAlloc
TlsGetValue
Sleep
GetFileType
GetTickCount
TlsSetValue
HeapAlloc
GetCurrentThreadId
LeaveCriticalSection
SetLastError
InterlockedIncrement
ShellExecuteA
wsprintfW
Number of PE resources by type
RT_BITMAP 4
RT_ICON 2
RT_MANIFEST 1
RT_MENU 1
RT_ACCELERATOR 1
RT_GROUP_ICON 1
Number of PE resources by language
NEUTRAL 10
PE resources
ExifTool file metadata
MIMEType
application/octet-stream

Subsystem
Windows GUI

MachineType
Intel 386 or later, and compatibles

FileTypeExtension
exe

TimeStamp
2017:07:31 03:34:12+01:00

FileType
Win32 EXE

PEType
PE32

CodeSize
26112

LinkerVersion
10.0

ImageFileCharacteristics
No relocs, Executable, 32-bit

EntryPoint
0x1fad

InitializedDataSize
272384

SubsystemVersion
5.1

ImageVersion
0.0

OSVersion
5.1

UninitializedDataSize
0

Compressed bundles
File identification
MD5 75876717abb6ae282c97a2da6d7d8a1f
SHA1 203fc080b99bcdaf883b620b4aa4c380586ba1b5
SHA256 adcced3025b513fd907f595357182d66c630ebcad3d0720851230ec93a81fa27
ssdeep
3072:gCbiFuKJbiw704YbqMCjserDI2ccETY7rnUxJzOSMQTqDr5wjhGthXGsvmhFb:gCbiFszb9GsevIxFTsrniZOS29f1Uh

authentihash df56dace2d3ed36387b83451dbc5f19e4350f37857037ddbaa58075a117414ab
imphash e3071eb90719dea866d7e32cff72861c
File size 268.0 KB ( 274432 bytes )
File type Win32 EXE
Magic literal
PE32 executable for MS Windows (GUI) Intel 80386 32-bit

TrID Win32 Executable MS Visual C++ (generic) (64.5%)
Win32 Dynamic Link Library (generic) (13.6%)
Win32 Executable (generic) (9.3%)
OS/2 Executable (generic) (4.1%)
Generic Win/DOS Executable (4.1%)
Tags
peexe

VirusTotal metadata
First submission 2017-07-31 11:32:10 UTC ( 1 year, 8 months ago )
Last submission 2018-05-10 08:16:49 UTC ( 11 months, 2 weeks ago )
File names 98wugf56.exe
adcced3025b513fd907f595357182d66c630ebcad3d0720851230ec93a81fa27
http`luczko.pl`98wugf56$
adcced3025b513fd907f595357182d66c630ebcad3d0720851230ec93a81fa27.exe
localfile~
adcced3025b513fd907f595357182d66c630ebcad3d0720851230ec93a81fa27.exe
x.exe
Abc.exe
98wugf56
98wugf56.exe
DrwqTM.exe
adcced3025b513fd907f595357182d66c630ebcad3d0720851230ec93a81fa27
Advanced heuristic and reputation engines
No comments. No VirusTotal Community member has commented on this item yet, be the first one to do so!

Leave your comment...

?
Post comment

You have not signed in. Only registered users can leave comments, sign in and have a voice!

No votes. No one has voted on this item yet, be the first one to do so!
Condensed report! The following is a condensed report of the behaviour of the file when executed in a controlled environment. The actions and events described were either performed by the file itself or by any other process launched by the executed file or subjected to code injection by the executed file.
Created processes
Opened mutexes
Runtime DLLs
UDP communications