× Cookies are disabled! This site requires cookies to be enabled to work properly
SHA256: aff5fa4ec4cd78bcf5f1c712f361bbd7d428800bea08c23cae66f0947e66c2a3
Detection ratio: 19 / 66
Analysis date: 2018-05-08 11:51:43 UTC ( 1 year ago ) View latest
Antivirus Result Update
AegisLab Ml.Attribute.Gen!c 20180508
Avira (no cloud) TR/Crypt.XPACK.Gen 20180508
AVware Trojan-Downloader.Win32.Upatre.tfl (v) 20180428
Babable Malware.HighConfidence 20180406
Baidu Win32.Trojan.WisdomEyes.16070401.9500.9942 20180508
CrowdStrike Falcon (ML) malicious_confidence_100% (W) 20180418
Cylance Unsafe 20180508
Endgame malicious (high confidence) 20180507
Sophos ML heuristic 20180503
Kaspersky UDS:DangerousObject.Multi.Generic 20180508
McAfee Artemis!D2D7A0384F6A 20180508
McAfee-GW-Edition BehavesLike.Win32.Swisyn.gh 20180508
Palo Alto Networks (Known Signatures) generic.ml 20180508
SentinelOne (Static ML) static engine - malicious 20180225
Symantec ML.Attribute.HighConfidence 20180508
VBA32 BScope.Trojan.Inject 20180507
VIPRE Trojan-Downloader.Win32.Upatre.tfl (v) 20180508
Webroot W32.Malware.Gen 20180508
ZoneAlarm by Check Point UDS:DangerousObject.Multi.Generic 20180508
Ad-Aware 20180508
AhnLab-V3 20180507
Alibaba 20180508
ALYac 20180508
Antiy-AVL 20180508
Arcabit 20180508
Avast 20180508
Avast-Mobile 20180507
AVG 20180508
BitDefender 20180508
Bkav 20180508
CAT-QuickHeal 20180508
ClamAV 20180508
CMC 20180508
Comodo 20180508
Cybereason None
Cyren 20180508
DrWeb 20180508
eGambit 20180508
Emsisoft 20180508
ESET-NOD32 20180508
F-Prot 20180508
F-Secure 20180508
Fortinet 20180508
GData 20180508
Ikarus 20180508
Jiangmin 20180508
K7AntiVirus 20180508
K7GW 20180508
Kingsoft 20180508
Malwarebytes 20180508
MAX 20180508
Microsoft 20180508
eScan 20180508
NANO-Antivirus 20180508
nProtect 20180508
Panda 20180507
Qihoo-360 20180508
Rising 20180508
Sophos AV 20180508
SUPERAntiSpyware 20180508
Symantec Mobile Insight 20180505
Tencent 20180508
TheHacker 20180504
TrendMicro 20180508
TrendMicro-HouseCall 20180508
Trustlook 20180508
ViRobot 20180508
Yandex 20180506
Zillya 20180507
Zoner 20180507
The file being studied is a Portable Executable file! More specifically, it is a Win32 EXE file for the Windows GUI subsystem.
FileVersionInfo properties
PE header basic information
Target machine Intel 386 or later processors and compatible processors
Compilation timestamp 2016-08-03 12:34:42
Entry Point 0x00006009
Number of sections 3
PE sections
PE imports
DeleteDC
GetLastError
GetEnvironmentVariableA
HeapFree
GetStdHandle
EnterCriticalSection
LCMapStringW
SetHandleCount
GetSystemInfo
GetOEMCP
LCMapStringA
HeapDestroy
HeapAlloc
TlsAlloc
GetEnvironmentStringsW
GetVersionExA
LoadLibraryA
RtlUnwind
lstrcmpW
FreeEnvironmentStringsA
GetStartupInfoA
GetEnvironmentStrings
lstrlenW
WideCharToMultiByte
UnhandledExceptionFilter
TlsGetValue
MultiByteToWideChar
FreeEnvironmentStringsW
GetCommandLineA
GetProcAddress
GetTempPathA
GetCPInfo
MapViewOfFile
GetStringTypeA
GetModuleHandleA
WriteFile
GetCurrentProcess
GetACP
HeapReAlloc
GetStringTypeW
GetCurrentThreadId
TerminateProcess
GetModuleFileNameA
InitializeCriticalSection
HeapCreate
VirtualFree
InterlockedDecrement
GetFileType
TlsSetValue
ExitProcess
GetVersion
InterlockedIncrement
VirtualAlloc
SleepEx
SetLastError
LeaveCriticalSection
SetFocus
GetMessageA
UpdateWindow
EndDialog
BeginPaint
PostQuitMessage
DefWindowProcA
ShowWindow
LoadBitmapA
SetWindowLongW
MessageBoxW
DispatchMessageA
EndPaint
PostMessageA
MoveWindow
MessageBoxA
TranslateMessage
DialogBoxParamA
SetDlgItemTextW
RegisterClassExA
GetCursorPos
ShowCaret
LoadStringA
SendMessageA
SetWindowTextW
CreateWindowExA
LoadCursorA
LoadIconA
LockWindowUpdate
DestroyWindow
Number of PE resources by type
RT_BITMAP 4
RT_MENU 2
RT_DIALOG 1
RT_MANIFEST 1
Number of PE resources by language
ENGLISH US 8
PE resources
ExifTool file metadata
MIMEType
application/octet-stream

Subsystem
Windows GUI

MachineType
Intel 386 or later, and compatibles

FileTypeExtension
exe

TimeStamp
2016:08:03 05:34:42-07:00

FileType
Win32 EXE

PEType
PE32

CodeSize
189440

LinkerVersion
6.0

ImageFileCharacteristics
No relocs, Executable, No line numbers, No symbols, 32-bit

EntryPoint
0x6009

InitializedDataSize
243200

SubsystemVersion
4.0

ImageVersion
0.0

OSVersion
4.0

UninitializedDataSize
0

File identification
MD5 d2d7a0384f6a5e4e7a2eb59a5f4488da
SHA1 a9f620bbaba3f981d56dda7473d63ddaa9f2eb04
SHA256 aff5fa4ec4cd78bcf5f1c712f361bbd7d428800bea08c23cae66f0947e66c2a3
ssdeep
6144:6kNn2DKEGkGRmZBMUEMG2fGgrid4ouhko6YFvflQRfEkks2z2:jx2CiaUELvd4JhkFO3lQR8WV

authentihash 8f003e1e96a9806babb51818f10e24b21d432cf0b2b38c5a02103d70d80f35c6
imphash e16bad0236468eff091da2304eb71564
File size 423.5 KB ( 433664 bytes )
File type Win32 EXE
Magic literal
PE32 executable for MS Windows (GUI) Intel 80386 32-bit

TrID Win32 Executable MS Visual C++ (generic) (33.7%)
Win64 Executable (generic) (29.8%)
Microsoft Visual C++ compiled executable (generic) (17.8%)
Win32 Dynamic Link Library (generic) (7.1%)
Win32 Executable (generic) (4.8%)
Tags
peexe

VirusTotal metadata
First submission 2018-05-08 10:52:01 UTC ( 1 year ago )
Last submission 2018-10-04 22:05:05 UTC ( 7 months, 2 weeks ago )
File names d2d7a0384f6a5e4e7a2eb59a5f4488da.virus
logo.bin
noqnwutj.exe
Advanced heuristic and reputation engines
No comments. No VirusTotal Community member has commented on this item yet, be the first one to do so!

Leave your comment...

?
Post comment

You have not signed in. Only registered users can leave comments, sign in and have a voice!

No votes. No one has voted on this item yet, be the first one to do so!
Condensed report! The following is a condensed report of the behaviour of the file when executed in a controlled environment. The actions and events described were either performed by the file itself or by any other process launched by the executed file or subjected to code injection by the executed file.
Opened files
Read files
Copied files
Created processes
Opened mutexes
Runtime DLLs