× Cookies are disabled! This site requires cookies to be enabled to work properly
SHA256: adcf88dea429193166c115ac30c01b26efc7db3f811eb7c51065ddece5618c14
File name: f1f872ffdc0a4ef21f6f35c14efbb572
Detection ratio: 39 / 68
Analysis date: 2017-11-11 09:59:07 UTC ( 1 year, 5 months ago ) View latest
Antivirus Result Update
Ad-Aware Trojan.Agent.CPYY 20171111
Antiy-AVL Trojan/Win32.Refinka 20171111
Arcabit Trojan.Agent.CPYY 20171110
Avast Win32:Malware-gen 20171111
AVG Win32:Malware-gen 20171111
AVware Trojan.Win32.Generic!BT 20171111
Baidu Win32.Trojan.WisdomEyes.16070401.9500.9999 20171109
BitDefender Trojan.Agent.CPYY 20171111
CrowdStrike Falcon (ML) malicious_confidence_100% (W) 20171016
Cylance Unsafe 20171111
DrWeb Trojan.PWS.Panda.11620 20171111
eGambit Unsafe.AI_Score_89% 20171111
Emsisoft Trojan.Agent.CPYY (B) 20171111
Endgame malicious (high confidence) 20171024
ESET-NOD32 a variant of Win32/Kryptik.FYVP 20171111
F-Secure Trojan.Agent.CPYY 20171111
Fortinet W32/GenKryptik.BCFY!tr 20171111
GData Trojan.Agent.CPYY 20171111
Ikarus Trojan.Win32.Krypt 20171111
Sophos ML heuristic 20170914
K7AntiVirus Trojan ( 0051b8d71 ) 20171111
K7GW Trojan ( 0051b8d71 ) 20171111
Kaspersky Trojan.Win32.Refinka.jkz 20171111
MAX malware (ai score=15) 20171111
McAfee Ransomware-GIO!F1F872FFDC0A 20171111
McAfee-GW-Edition BehavesLike.Win32.Backdoor.cc 20171111
eScan Trojan.Agent.CPYY 20171111
Palo Alto Networks (Known Signatures) generic.ml 20171111
Panda Trj/Genetic.gen 20171111
Qihoo-360 Win32/Trojan.7a6 20171111
SentinelOne (Static ML) static engine - malicious 20171019
Sophos AV Mal/Generic-S 20171111
Symantec Packed.Generic.493 20171110
Tencent Suspicious.Heuristic.Gen.b.0 20171111
TrendMicro TROJ_GEN.R00EC0WKA17 20171111
TrendMicro-HouseCall TROJ_GEN.R00EC0WKA17 20171111
VIPRE Trojan.Win32.Generic!BT 20171111
WhiteArmor Malware.HighConfidence 20171104
ZoneAlarm by Check Point Trojan.Win32.Refinka.jkz 20171111
AegisLab 20171111
AhnLab-V3 20171110
Alibaba 20170911
ALYac 20171110
Avast-Mobile 20171111
Avira (no cloud) 20171110
Bkav 20171111
CAT-QuickHeal 20171110
ClamAV 20171111
CMC 20171109
Comodo 20171111
Cybereason 20171030
Cyren 20171111
F-Prot 20171111
Jiangmin 20171110
Kingsoft 20171111
Malwarebytes 20171111
Microsoft 20171111
NANO-Antivirus 20171111
nProtect 20171111
Rising 20171111
SUPERAntiSpyware 20171111
Symantec Mobile Insight 20171110
TheHacker 20171102
TotalDefense 20171111
Trustlook 20171111
VBA32 20171110
ViRobot 20171111
Webroot 20171111
Yandex 20171110
Zillya 20171110
Zoner 20171111
The file being studied is a Portable Executable file! More specifically, it is a Win32 EXE file for the Windows GUI subsystem.
PE header basic information
Target machine Intel 386 or later processors and compatible processors
Compilation timestamp 2015-10-19 03:22:40
Entry Point 0x00004955
Number of sections 4
PE sections
PE imports
CryptUnprotectData
CertDeleteCRLFromStore
CertAlgIdToOID
CertGetNameStringA
CertOpenStore
CryptMsgUpdate
CryptDecodeMessage
CertFindExtension
CryptProtectData
CryptMemFree
CertDuplicateCTLContext
CertEnumSystemStore
CryptMemAlloc
CreateJobObjectA
GetEnvironmentStringsA
GetTickCount
GetVolumePathNameA
LoadLibraryA
GetShortPathNameA
UpdateResourceA
GetConsoleTitleW
GetDateFormatW
ReadProcessMemory
GetCommandLineA
CopyFileExW
GetPrivateProfileStringW
CreateMutexA
CreateDirectoryA
CreateSemaphoreA
lstrcmpA
GetExitCodeThread
CompareStringA
SetLocalTime
GetProcAddress
GetBinaryTypeA
GetProfileIntW
CreateProcessA
WriteConsoleA
SetCurrentDirectoryW
FindResourceW
CreateFileW
GetNumberFormatW
GetPrivateProfileSectionA
GetCurrentThreadId
OpenEventA
SleepEx
OpenJobObjectA
CountryRunOnce
InvokeControlPanel
drvSetDefaultCommConfigA
drvCommConfigDialogA
Number of PE resources by type
Struct(28) 7
Number of PE resources by language
NEUTRAL 7
PE resources
ExifTool file metadata
MIMEType
application/octet-stream

Subsystem
Windows GUI

MachineType
Intel 386 or later, and compatibles

FileTypeExtension
exe

TimeStamp
2015:10:19 04:22:40+01:00

FileType
Win32 EXE

PEType
PE32

CodeSize
20480

LinkerVersion
9.0

ImageFileCharacteristics
No relocs, Executable, No line numbers, No symbols, 32-bit

EntryPoint
0x4955

InitializedDataSize
126976

SubsystemVersion
4.0

ImageVersion
0.0

OSVersion
4.0

UninitializedDataSize
0

Compressed bundles
File identification
MD5 f1f872ffdc0a4ef21f6f35c14efbb572
SHA1 83d2e0fbcbdeabeb5ec9955c86044c235dcf0fd8
SHA256 adcf88dea429193166c115ac30c01b26efc7db3f811eb7c51065ddece5618c14
ssdeep
1536:zGRXmy7XkcdG0LcrNGStDT1mKh8qfONO+dWjvXNGiBg5M+M4FIiWyCgSfZmRE/Ux:yIcbRgweZZCkONmGiBW71E4REsx

authentihash 0565d9551f0b827c1e9b392ccfbcb8e5b5f2498d5281874a24922d2ddc2abe31
imphash 9f4dbe50595be68a319b1bab1cdfc0f0
File size 148.0 KB ( 151552 bytes )
File type Win32 EXE
Magic literal
PE32 executable for MS Windows (GUI) Intel 80386 32-bit

TrID Win64 Executable (generic) (58.9%)
Win32 Dynamic Link Library (generic) (14.0%)
Win32 Executable (generic) (9.6%)
Win16/32 Executable Delphi generic (4.4%)
OS/2 Executable (generic) (4.3%)
Tags
peexe

VirusTotal metadata
First submission 2017-11-09 15:56:11 UTC ( 1 year, 5 months ago )
Last submission 2017-11-11 09:59:07 UTC ( 1 year, 5 months ago )
File names upd9e65858d.exe
1000-83d2e0fbcbdeabeb5ec9955c86044c235dcf0fd8
No comments. No VirusTotal Community member has commented on this item yet, be the first one to do so!

Leave your comment...

?
Post comment

You have not signed in. Only registered users can leave comments, sign in and have a voice!

No votes. No one has voted on this item yet, be the first one to do so!
Condensed report! The following is a condensed report of the behaviour of the file when executed in a controlled environment. The actions and events described were either performed by the file itself or by any other process launched by the executed file or subjected to code injection by the executed file.
Opened files
Read files
Written files
Deleted files
Created processes
Created mutexes
Opened mutexes
Runtime DLLs
UDP communications