× Cookies are disabled! This site requires cookies to be enabled to work properly
SHA256: b1776f61609f107780919ee570e4e10fa622d9b51df7e6e9171dc8f46c7083ca
File name: 7328652
Detection ratio: 11 / 66
Analysis date: 2018-05-03 10:57:52 UTC ( 11 months, 3 weeks ago ) View latest
Antivirus Result Update
AVware Trojan.Win32.Generic.pak!cobra 20180428
Babable Malware.HighConfidence 20180406
Baidu Win32.Trojan.WisdomEyes.16070401.9500.9925 20180503
CrowdStrike Falcon (ML) malicious_confidence_80% (D) 20180418
Cylance Unsafe 20180503
Endgame malicious (moderate confidence) 20180403
ESET-NOD32 a variant of Win32/GenKryptik.BYSS 20180503
Sophos ML heuristic 20180121
Palo Alto Networks (Known Signatures) generic.ml 20180503
Symantec Packed.Generic.523 20180503
VIPRE Trojan.Win32.Generic.pak!cobra 20180503
Ad-Aware 20180503
AegisLab 20180503
AhnLab-V3 20180503
Alibaba 20180503
ALYac 20180503
Antiy-AVL 20180503
Arcabit 20180503
Avast 20180503
Avast-Mobile 20180503
AVG 20180503
Avira (no cloud) 20180503
BitDefender 20180503
Bkav 20180502
CAT-QuickHeal 20180503
ClamAV 20180503
CMC 20180503
Comodo 20180503
Cybereason None
Cyren 20180503
DrWeb 20180503
eGambit 20180503
Emsisoft 20180503
F-Prot 20180503
F-Secure 20180503
Fortinet 20180503
GData 20180503
Ikarus 20180503
Jiangmin 20180503
K7AntiVirus 20180503
K7GW 20180503
Kaspersky 20180503
Kingsoft 20180503
MAX 20180503
McAfee 20180503
McAfee-GW-Edition 20180503
Microsoft 20180503
eScan 20180503
NANO-Antivirus 20180503
nProtect 20180503
Panda 20180502
Qihoo-360 20180503
Rising 20180503
SentinelOne (Static ML) 20180225
Sophos AV 20180503
SUPERAntiSpyware 20180503
Symantec Mobile Insight 20180501
Tencent 20180503
TheHacker 20180430
TotalDefense 20180503
TrendMicro 20180503
TrendMicro-HouseCall 20180503
Trustlook 20180503
VBA32 20180503
ViRobot 20180503
Webroot 20180503
Yandex 20180503
Zillya 20180502
ZoneAlarm by Check Point 20180503
Zoner 20180502
The file being studied is a Portable Executable file! More specifically, it is a Win32 EXE file for the Windows GUI subsystem.
FileVersionInfo properties
File version 2, 5, 2793, 5235
Description Range Must
PE header basic information
Target machine Intel 386 or later processors and compatible processors
Compilation timestamp 2012-05-03 09:46:14
Entry Point 0x000978C6
Number of sections 4
PE sections
PE imports
SetBkColor
CreateBitmap
StretchDIBits
SetTextColor
GetClipBox
HeapSize
GetLastError
InitializeCriticalSectionAndSpinCount
HeapFree
IsProcessorFeaturePresent
EnterCriticalSection
LCMapStringW
SetHandleCount
GetLocaleInfoW
LoadLibraryW
WaitForSingleObject
GetOEMCP
QueryPerformanceCounter
IsDebuggerPresent
FindNextFileW
TlsAlloc
GetEnvironmentStringsW
FlushFileBuffers
RtlUnwind
GetLocalTime
GetStdHandle
DeleteCriticalSection
LeaveCriticalSection
EnumSystemLocalesA
GetFileType
GetConsoleMode
GetLocaleInfoA
LocalAlloc
GetUserDefaultLCID
GetCommandLineW
IsValidCodePage
WideCharToMultiByte
UnhandledExceptionFilter
TlsGetValue
MultiByteToWideChar
GetStartupInfoW
SetStdHandle
FreeEnvironmentStringsW
GetProcAddress
InterlockedCompareExchange
GetProcessHeap
ExitProcess
RaiseException
GetCPInfo
GetModuleFileNameW
TlsFree
SetFilePointer
HeapSetInformation
SetSystemPowerState
InterlockedExchange
SetUnhandledExceptionFilter
WriteFile
GetCurrentProcess
ReadFile
GetSystemTimeAsFileTime
FindFirstFileW
IsValidLocale
GetACP
HeapReAlloc
DecodePointer
GetModuleHandleW
HeapAlloc
LocalFree
TerminateProcess
GetConsoleCP
CreateEventW
InitializeCriticalSection
HeapCreate
CreateFileW
GetStringTypeW
FindClose
InterlockedDecrement
Sleep
SetLastError
GetTickCount
TlsSetValue
EncodePointer
GetCurrentThreadId
InterlockedIncrement
GetCurrentProcessId
WriteConsoleW
CloseHandle
MapWindowPoints
EmptyClipboard
GetSystemMetrics
BeginPaint
ValidateRect
PostMessageW
InvalidateRect
OleUninitialize
CoUninitialize
CoInitialize
OleInitialize
CoRevokeClassObject
Number of PE resources by type
RT_ICON 7
RT_GROUP_ICON 1
RT_VERSION 1
RT_MANIFEST 1
Number of PE resources by language
ENGLISH US 10
PE resources
Debug information
ExifTool file metadata
CodeSize
688128

UninitializedDataSize
0

LinkerVersion
10.0

ImageVersion
0.0

FileVersionNumber
2.5.2793.5235

LanguageCode
English (U.S.)

FileFlagsMask
0x0000

FileDescription
Range Must

ImageFileCharacteristics
No relocs, Executable, 32-bit

CharacterSet
Unicode

InitializedDataSize
397312

EntryPoint
0x978c6

MIMEType
application/octet-stream

FileVersion
2, 5, 2793, 5235

TimeStamp
2012:05:03 10:46:14+01:00

FileType
Win32 EXE

PEType
PE32

ProductVersion
2, 5, 2793, 5235

SubsystemVersion
5.1

OSVersion
5.1

FileOS
Win32

Subsystem
Windows GUI

MachineType
Intel 386 or later, and compatibles

CompanyName
Stone Mount

LegalTrademarks
Range Must

FileSubtype
0

ProductVersionNumber
2.5.2793.5235

FileTypeExtension
exe

ObjectFileType
Executable application

File identification
MD5 f14b3ef7f21e4dc21710b7edfe3f4284
SHA1 8fde99d9727e7c431fd19ce68cff44835e33e43b
SHA256 b1776f61609f107780919ee570e4e10fa622d9b51df7e6e9171dc8f46c7083ca
ssdeep
24576:oVVWQC2krYS/hBXPBuJQ0QbhirIrtymKDbV2/W36eyX8:A8M/SHBydQ9+LmKDbV2/W36eyX8

authentihash fc2bca3ba0a9da8deb0f6b6f4213e2638748945c3875dc8952199f44cf909251
imphash c0779d67e6a4121ad3d2c3a76e6a59db
File size 991.5 KB ( 1015296 bytes )
File type Win32 EXE
Magic literal
PE32 executable for MS Windows (GUI) Intel 80386 32-bit

TrID Win32 Executable MS Visual C++ (generic) (39.9%)
Win64 Executable (generic) (35.4%)
Win32 Dynamic Link Library (generic) (8.4%)
Win32 Executable (generic) (5.7%)
Win16/32 Executable Delphi generic (2.6%)
Tags
peexe

VirusTotal metadata
First submission 2018-05-03 10:57:52 UTC ( 11 months, 3 weeks ago )
Last submission 2018-09-10 06:58:17 UTC ( 7 months, 1 week ago )
File names crypt_0001_1054b.exe
7328652
unker4.yarn
crypt_0001_1054b.exe
poop2.yarn
unker3.yarn
No comments. No VirusTotal Community member has commented on this item yet, be the first one to do so!

Leave your comment...

?
Post comment

You have not signed in. Only registered users can leave comments, sign in and have a voice!

No votes. No one has voted on this item yet, be the first one to do so!
Condensed report! The following is a condensed report of the behaviour of the file when executed in a controlled environment. The actions and events described were either performed by the file itself or by any other process launched by the executed file or subjected to code injection by the executed file.
Opened files
Written files
Runtime DLLs