× Cookies are disabled! This site requires cookies to be enabled to work properly
SHA256: b2e0557eaf1c7a85b4bbf5c65405893968ad7d2f5a44ae2339f3483362fc6254
File name: e1ec1b5dc38891d8fd724daa6ec591fa.virus
Detection ratio: 55 / 72
Analysis date: 2019-04-26 13:40:28 UTC ( 3 weeks, 4 days ago )
Antivirus Result Update
Acronis suspicious 20190425
Ad-Aware Dropped:Trojan.Script.418723 20190426
AegisLab Trojan.Win32.Lunam.tpLz 20190426
AhnLab-V3 Trojan/Win32.Lunam.R261674 20190426
ALYac Dropped:Trojan.Script.418723 20190426
Antiy-AVL Trojan/Win32.Lunam 20190426
Arcabit Trojan.Script.D663A3 20190426
Avast Win32:Trojan-gen 20190426
AVG Win32:Trojan-gen 20190426
Avira (no cloud) TR/Crypt.XPACK.Gen 20190426
BitDefender Dropped:Trojan.Script.418723 20190426
CAT-QuickHeal Trojan.Lunam 20190426
ClamAV Win.Malware.Lunam-6905845-0 20190426
CMC Trojan.Win32.Lunam!O 20190321
Comodo TrojWare.Win32.Spy.Agent.1396070@1qn3u3 20190426
CrowdStrike Falcon (ML) win/malicious_confidence_100% (D) 20190212
Cybereason malicious.dc3889 20190417
Cylance Unsafe 20190426
Cyren W32/Trojan.NEIG-3448 20190426
DrWeb Trojan.PWS.Banker1.30100 20190426
Emsisoft Dropped:Trojan.Script.418723 (B) 20190426
Endgame malicious (high confidence) 20190403
ESET-NOD32 Win32/Otfrem.A 20190426
F-Prot W32/Trojan3.ANVL 20190426
F-Secure Trojan.TR/Crypt.XPACK.Gen 20190426
FireEye Generic.mg.e1ec1b5dc38891d8 20190426
Fortinet W32/Lunam.A!tr 20190426
GData Dropped:Trojan.Script.418723 20190426
Ikarus Trojan.Win32.Delf 20190426
Sophos ML heuristic 20190313
Jiangmin Trojan/PSW.Lmir.dah 20190426
K7AntiVirus Trojan ( 0029f2001 ) 20190426
K7GW Trojan ( 0029f2001 ) 20190426
Kaspersky Trojan.Win32.Lunam.a 20190426
Malwarebytes Spyware.PasswordStealer 20190426
MAX malware (ai score=81) 20190426
McAfee Artemis!E1EC1B5DC388 20190426
McAfee-GW-Edition BehavesLike.Win32.Swisyn.mc 20190426
Microsoft Trojan:Win32/Lunam.A 20190426
eScan Dropped:Trojan.Script.418723 20190426
NANO-Antivirus Trojan.Win32.Lunam.foufld 20190426
Panda Trj/Genetic.gen 20190426
Qihoo-360 HEUR/QVM17.0.C895.Malware.Gen 20190426
Rising Trojan.Otfrem!8.466E (RDM+:cmRtazpCXM7s3sUbPZ/iyu/usV8O) 20190426
SentinelOne (Static ML) DFI - Malicious PE 20190420
Sophos AV Mal/SillyFDC-K 20190426
Symantec Trojan.Gen.MBT 20190426
Tencent Trojan.Win32.FakeFolder.pb 20190426
Trapmine malicious.high.ml.score 20190325
TrendMicro PE_LUNAM.A-O 20190426
TrendMicro-HouseCall PE_LUNAM.A-O 20190426
VBA32 Trojan.VBO.012939 20190426
VIPRE Trojan.Win32.Generic!BT 20190426
Zillya Trojan.Lunam.Win32.171 20190424
ZoneAlarm by Check Point Trojan.Win32.Lunam.a 20190426
Alibaba 20190425
Avast-Mobile 20190426
Babable 20190424
Baidu 20190318
Bkav 20190425
eGambit 20190426
Kingsoft 20190426
Palo Alto Networks (Known Signatures) 20190426
SUPERAntiSpyware 20190423
Symantec Mobile Insight 20190418
TACHYON 20190426
TheHacker 20190421
TotalDefense 20190426
Trustlook 20190426
ViRobot 20190426
Webroot 20190426
Yandex 20190426
Zoner 20190426
The file being studied is a Portable Executable file! More specifically, it is a Win32 EXE file for the Windows GUI subsystem.
FileVersionInfo properties
Packers identified
PEiD PECompact 2.xx --> BitSum Technologies
PE header basic information
Target machine Intel 386 or later processors and compatible processors
Compilation timestamp 2008-11-16 03:29:47
Entry Point 0x00001E60
Number of sections 2
PE sections
Overlays
MD5 669945d48df2d93c9e4b9619e2663cef
File type data
Offset 32768
Size 54520
Entropy 7.42
PE imports
VirtualFree
LoadLibraryA
VirtualAlloc
GetProcAddress
Number of PE resources by type
RT_ICON 6
RT_VERSION 1
RT_GROUP_ICON 1
Number of PE resources by language
NEUTRAL 7
ENGLISH US 1
PE resources
ExifTool file metadata
MIMEType
application/octet-stream

Subsystem
Windows GUI

MachineType
Intel 386 or later, and compatibles

FileTypeExtension
exe

TimeStamp
2008:11:16 04:29:47+01:00

FileType
Win32 EXE

PEType
PE32

CodeSize
106496

LinkerVersion
6.0

ImageFileCharacteristics
No relocs, Executable, No line numbers, No symbols, 32-bit

Warning
Error processing PE data dictionary

EntryPoint
0x1e60

InitializedDataSize
32768

SubsystemVersion
4.0

ImageVersion
1.0

OSVersion
4.0

UninitializedDataSize
0

File identification
MD5 e1ec1b5dc38891d8fd724daa6ec591fa
SHA1 aa1eab16a94276318fe0cf44da6169942c8b2334
SHA256 b2e0557eaf1c7a85b4bbf5c65405893968ad7d2f5a44ae2339f3483362fc6254
ssdeep
1536:SVmlLfDIi7wujHdLqR/gOTH6XrFQFPYhDcczpzrzRELqREbFeFVWwvi:WmlfhjHdWBDH67FQO9JlzfRlREQKwvi

authentihash 4ff95c03df81559baee9f8c4f1a2ab675722b3c73da1b5eb2dbff03ddd29c84d
imphash 09d0478591d4f788cb3e5ea416c25237
File size 85.2 KB ( 87288 bytes )
File type Win32 EXE
Magic literal
PE32 executable for MS Windows (GUI) Intel 80386 32-bit

TrID Win32 EXE PECompact compressed (v2.x) (50.1%)
Win32 EXE PECompact compressed (generic) (35.3%)
Win32 Dynamic Link Library (generic) (5.5%)
Win32 Executable (generic) (3.8%)
OS/2 Executable (generic) (1.7%)
Tags
pecompact peexe overlay

VirusTotal metadata
First submission 2019-04-26 13:40:28 UTC ( 3 weeks, 4 days ago )
Last submission 2019-04-26 13:40:28 UTC ( 3 weeks, 4 days ago )
File names e1ec1b5dc38891d8fd724daa6ec591fa.virus
No comments. No VirusTotal Community member has commented on this item yet, be the first one to do so!

Leave your comment...

?
Post comment

You have not signed in. Only registered users can leave comments, sign in and have a voice!

No votes. No one has voted on this item yet, be the first one to do so!