× Cookies are disabled! This site requires cookies to be enabled to work properly
SHA256: b2ad66e782c2d7c9bb1227faae9e61b66de70163ab07d92c74dfb21b8b5ab72b
File name: .
Detection ratio: 29 / 66
Analysis date: 2019-04-15 18:47:05 UTC ( 1 month ago )
Antivirus Result Update
Acronis suspicious 20190415
Ad-Aware Gen:Variant.Razy.491633 20190415
ALYac Gen:Variant.Razy.491633 20190415
Arcabit Trojan.Razy.D78071 20190415
Avast Win32:BankerX-gen [Trj] 20190415
AVG Win32:BankerX-gen [Trj] 20190415
BitDefender Gen:Variant.Razy.491633 20190415
CrowdStrike Falcon (ML) win/malicious_confidence_100% (D) 20190212
Cybereason malicious.8b1b96 20190403
Cyren W32/FakeAlert.5!Maximus 20190415
DrWeb Trojan.KillProc.54838 20190415
eGambit Unsafe.AI_Score_82% 20190415
Emsisoft Gen:Variant.Razy.491633 (B) 20190415
Endgame malicious (high confidence) 20190403
ESET-NOD32 a variant of Win32/Kryptik.GSCD 20190415
FireEye Generic.mg.66a864e1cff2262d 20190415
Fortinet W32/Generic.AP.29C3A4!tr 20190415
GData Gen:Variant.Razy.491633 20190415
Sophos ML heuristic 20190313
Malwarebytes Trojan.MalPack.VAK 20190415
MAX malware (ai score=81) 20190415
McAfee-GW-Edition BehavesLike.Win32.Dropper.mh 20190415
Microsoft Trojan:Win32/Fuerboos.E!cl 20190415
eScan Gen:Variant.Razy.491633 20190415
Qihoo-360 HEUR/QVM19.1.8BD1.Malware.Gen 20190415
Rising Backdoor.Tofsee!8.1E9 (TFE:dGZlOgTis3I0t3F8Ug) 20190415
SentinelOne (Static ML) DFI - Suspicious PE 20190407
Sophos AV Mal/Elenoocka-G 20190415
Trapmine malicious.high.ml.score 20190325
AegisLab 20190415
AhnLab-V3 20190415
Alibaba 20190402
Antiy-AVL 20190415
Avast-Mobile 20190415
Avira (no cloud) 20190415
Babable 20180918
Baidu 20190318
Bkav 20190412
CAT-QuickHeal 20190415
ClamAV 20190415
CMC 20190321
Comodo 20190415
F-Secure 20190415
Ikarus 20190415
Jiangmin 20190415
K7AntiVirus 20190415
K7GW 20190415
Kaspersky 20190415
Kingsoft 20190415
McAfee 20190415
NANO-Antivirus 20190415
Palo Alto Networks (Known Signatures) 20190415
Panda 20190415
SUPERAntiSpyware 20190410
Symantec Mobile Insight 20190410
TACHYON 20190415
Tencent 20190415
TheHacker 20190411
TotalDefense 20190413
TrendMicro-HouseCall 20190415
Trustlook 20190415
VBA32 20190415
ViRobot 20190415
Yandex 20190415
Zillya 20190415
ZoneAlarm by Check Point 20190415
Zoner 20190415
The file being studied is a Portable Executable file! More specifically, it is a Win32 EXE file for the Windows GUI subsystem.
FileVersionInfo properties
PE header basic information
Target machine Intel 386 or later processors and compatible processors
Compilation timestamp 2015-03-31 03:27:13
Entry Point 0x00001000
Number of sections 5
PE sections
PE imports
PhoneBookFreeFilter
PhoneBookLoad
PhoneBookCopyFilter
OpenMutexA
GetEnvironmentVariableA
MoveFileExA
SetSystemTime
RemoveDirectoryA
GetCurrentDirectoryA
MapViewOfFile
GetModuleHandleA
DeleteFileA
CreateEventA
SleepEx
CreateMutexW
TlsAlloc
OpenJobObjectW
CreateFileA
TerminateProcess
LoadLibraryA
VirtualAlloc
GetCurrentThreadId
GetShortPathNameA
Chkdsk
Recover
Extend
Format
Number of PE resources by type
RT_DIALOG 2
Number of PE resources by language
NEUTRAL 2
PE resources
ExifTool file metadata
MIMEType
application/octet-stream

Subsystem
Windows GUI

MachineType
Intel 386 or later, and compatibles

TimeStamp
2015:03:31 05:27:13+02:00

FileType
Win32 EXE

PEType
PE32

CodeSize
38400

LinkerVersion
14.0

ImageFileCharacteristics
No relocs, Executable, 32-bit

FileTypeExtension
exe

InitializedDataSize
48128

SubsystemVersion
5.1

EntryPoint
0x1000

OSVersion
5.1

ImageVersion
0.0

UninitializedDataSize
0

File identification
MD5 66a864e1cff2262d050e890c1697bd15
SHA1 989f71c8b1b965aca962be0bf91b23d601e28e95
SHA256 b2ad66e782c2d7c9bb1227faae9e61b66de70163ab07d92c74dfb21b8b5ab72b
ssdeep
1536:Zr+fM48mv0dcNW/Cu9GjWfEPdJf6hraE:Zr8NVvRk9/fEPdJf6hb

authentihash 0a09f24de539115d91eb967ace322819ca85502ee0c27d17129eca9838d0848e
imphash bc6eb68bbeb48295e2cfac9cd00c62ac
File size 85.5 KB ( 87552 bytes )
File type Win32 EXE
Magic literal
PE32 executable for MS Windows (GUI) Intel 80386 32-bit

TrID Win32 Dynamic Link Library (generic) (38.4%)
Win32 Executable (generic) (26.3%)
OS/2 Executable (generic) (11.8%)
Generic Win/DOS Executable (11.6%)
DOS Executable Generic (11.6%)
Tags
peexe

VirusTotal metadata
First submission 2019-04-15 18:47:05 UTC ( 1 month ago )
Last submission 2019-04-15 18:47:05 UTC ( 1 month ago )
File names .
No comments. No VirusTotal Community member has commented on this item yet, be the first one to do so!

Leave your comment...

?
Post comment

You have not signed in. Only registered users can leave comments, sign in and have a voice!

No votes. No one has voted on this item yet, be the first one to do so!
Condensed report! The following is a condensed report of the behaviour of the file when executed in a controlled environment. The actions and events described were either performed by the file itself or by any other process launched by the executed file or subjected to code injection by the executed file.
Runtime DLLs