× Cookies are disabled! This site requires cookies to be enabled to work properly
SHA256: b32a1cc7bf5666616499860b1c75db6a19fbd31dad2be7ef5f13720dec6939af
File name: update.exe
Detection ratio: 10 / 68
Analysis date: 2018-06-21 02:10:45 UTC ( 8 months ago ) View latest
Antivirus Result Update
Baidu Win32.Trojan.WisdomEyes.16070401.9500.9841 20180620
Bkav W32.eHeur.Malware14 20180620
CrowdStrike Falcon (ML) malicious_confidence_80% (D) 20180530
Sophos ML heuristic 20180601
Kaspersky Trojan-PSW.Win32.Agent.thbh 20180621
McAfee-GW-Edition BehavesLike.Win32.Ransom.wc 20180621
Microsoft Trojan:Win32/Fuerboos.C!cl 20180621
SentinelOne (Static ML) static engine - malicious 20180618
Yandex Trojan.PWS.Phpw! 20180620
ZoneAlarm by Check Point Trojan-PSW.Win32.Agent.thbh 20180621
Ad-Aware 20180621
AegisLab 20180621
AhnLab-V3 20180621
Alibaba 20180620
ALYac 20180621
Antiy-AVL 20180621
Arcabit 20180621
Avast 20180621
Avast-Mobile 20180620
AVG 20180621
Avira (no cloud) 20180620
AVware 20180621
Babable 20180406
BitDefender 20180621
CAT-QuickHeal 20180620
ClamAV 20180621
CMC 20180621
Comodo 20180621
Cybereason 20180225
Cylance 20180621
Cyren 20180621
DrWeb 20180621
eGambit 20180621
Emsisoft 20180621
Endgame 20180612
ESET-NOD32 20180621
F-Prot 20180621
F-Secure 20180615
Fortinet 20180621
GData 20180621
Ikarus 20180620
Jiangmin 20180621
K7AntiVirus 20180620
K7GW 20180620
Kingsoft 20180621
Malwarebytes 20180621
MAX 20180621
McAfee 20180621
eScan 20180621
NANO-Antivirus 20180621
Palo Alto Networks (Known Signatures) 20180621
Panda 20180620
Qihoo-360 20180621
Rising 20180621
Sophos AV 20180621
SUPERAntiSpyware 20180621
Symantec 20180621
Symantec Mobile Insight 20180619
TACHYON 20180621
Tencent 20180621
TheHacker 20180619
TotalDefense 20180620
TrendMicro 20180621
TrendMicro-HouseCall 20180621
Trustlook 20180621
VBA32 20180620
VIPRE 20180621
ViRobot 20180620
Webroot 20180621
Zillya 20180620
Zoner 20180620
The file being studied is a Portable Executable file! More specifically, it is a Win32 EXE file for the Windows GUI subsystem.
Packers identified
F-PROT RAR
PE header basic information
Target machine Intel 386 or later processors and compatible processors
Compilation timestamp 2015-11-18 09:15:19
Entry Point 0x0001DA8B
Number of sections 4
PE sections
Overlays
MD5 ed2b46908c73fe5985366cccaafea10e
File type application/x-rar
Offset 212480
Size 2988755
Entropy 8.00
PE imports
RegCreateKeyExW
RegCloseKey
OpenProcessToken
RegSetValueExW
RegOpenKeyExW
SetFileSecurityW
AdjustTokenPrivileges
LookupPrivilegeValueW
RegQueryValueExW
InitCommonControlsEx
GetSaveFileNameW
GetOpenFileNameW
CommDlgExtendedError
GetDeviceCaps
DeleteDC
SelectObject
StretchBlt
GetObjectW
CreateDIBSection
CreateCompatibleDC
DeleteObject
CreateCompatibleBitmap
GetStdHandle
GetConsoleOutputCP
FileTimeToSystemTime
WaitForSingleObject
GetFileAttributesW
GetLocalTime
FreeEnvironmentStringsA
DeleteCriticalSection
GetCurrentProcess
OpenFileMappingW
GetConsoleMode
GetLocaleInfoA
FreeEnvironmentStringsW
GetLocaleInfoW
SetStdHandle
WideCharToMultiByte
GetStringTypeA
GetTempPathW
GetSystemTimeAsFileTime
HeapReAlloc
GetStringTypeW
GetOEMCP
GetExitCodeProcess
InitializeCriticalSection
FindClose
InterlockedDecrement
MoveFileW
SetFileAttributesW
SetLastError
GetSystemTime
DeviceIoControl
GetModuleFileNameW
IsDebuggerPresent
ExitProcess
GetModuleFileNameA
SetThreadPriority
UnhandledExceptionFilter
TlsGetValue
MultiByteToWideChar
SystemTimeToTzSpecificLocalTime
FoldStringW
SetFilePointer
GetFullPathNameW
CreateThread
SetEnvironmentVariableW
MoveFileExW
CreateSemaphoreW
TzSpecificLocalTimeToSystemTime
TerminateProcess
SetUnhandledExceptionFilter
WriteConsoleA
SetCurrentDirectoryW
GlobalAlloc
LocalFileTimeToFileTime
SetEndOfFile
GetCurrentThreadId
InterlockedIncrement
GetNumberFormatW
WriteConsoleW
InitializeCriticalSectionAndSpinCount
HeapFree
EnterCriticalSection
SetHandleCount
LoadLibraryW
GetVersionExW
FreeLibrary
QueryPerformanceCounter
GetTickCount
TlsAlloc
FlushFileBuffers
LoadLibraryA
RtlUnwind
GetStartupInfoA
GetDateFormatW
SetEvent
DeleteFileW
GetProcAddress
CreateFileMappingW
CompareStringW
WriteFile
RemoveDirectoryW
ExpandEnvironmentStringsW
FindNextFileW
CreateDirectoryW
ResetEvent
FindFirstFileW
GetProcessAffinityMask
CreateEventW
CreateFileW
GetFileType
TlsSetValue
CreateFileA
HeapAlloc
LeaveCriticalSection
GetLastError
SystemTimeToFileTime
LCMapStringW
GetShortPathNameW
HeapCreate
GetConsoleCP
LCMapStringA
GetTimeFormatW
GetEnvironmentStringsW
IsDBCSLeadByte
FileTimeToLocalFileTime
GetEnvironmentStrings
GetCurrentDirectoryW
GetCurrentProcessId
SetFileTime
GetCommandLineW
GetCPInfo
HeapSize
GetCommandLineA
RaiseException
ReleaseSemaphore
MapViewOfFile
TlsFree
GetModuleHandleA
ReadFile
CloseHandle
GetACP
GetModuleHandleW
SetThreadExecutionState
GetLongPathNameW
IsValidCodePage
UnmapViewOfFile
FindResourceW
VirtualFree
Sleep
VirtualAlloc
CreateHardLinkW
SHGetFolderLocation
SHBrowseForFolderW
SHChangeNotify
SHFileOperationW
SHGetPathFromIDListW
ShellExecuteExW
SHGetFileInfoW
SHGetMalloc
SHAutoComplete
MapWindowPoints
SetFocus
GetParent
UpdateWindow
EndDialog
LoadBitmapW
SetWindowTextW
DefWindowProcW
GetWindowTextW
GetMessageW
ShowWindow
SetWindowPos
wvsprintfW
GetSystemMetrics
SetWindowLongW
IsWindow
SendMessageW
GetWindowRect
EnableWindow
CharUpperW
DialogBoxParamW
SendDlgItemMessageW
GetDlgItemTextW
PostMessageW
GetSysColor
SetDlgItemTextW
GetDC
GetWindowLongW
ReleaseDC
DestroyIcon
TranslateMessage
IsWindowVisible
LoadStringW
GetClientRect
GetDlgItem
GetWindow
OemToCharBuffA
DispatchMessageW
MessageBoxW
PeekMessageW
GetClassNameW
IsDialogMessageW
CopyRect
WaitForInputIdle
LoadCursorW
LoadIconW
FindWindowExW
CreateWindowExW
RegisterClassExW
SetForegroundWindow
DestroyWindow
CreateStreamOnHGlobal
CoCreateInstance
CLSIDFromString
OleInitialize
OleUninitialize
Number of PE resources by type
RT_STRING 9
RT_DIALOG 6
RT_ICON 4
RT_MANIFEST 1
RT_BITMAP 1
RT_GROUP_ICON 1
Number of PE resources by language
ENGLISH US 22
PE resources
Debug information
ExifTool file metadata
MIMEType
application/octet-stream

Subsystem
Windows GUI

MachineType
Intel 386 or later, and compatibles

FileTypeExtension
exe

TimeStamp
2015:11:18 10:15:19+01:00

FileType
Win32 EXE

PEType
PE32

CodeSize
166912

LinkerVersion
9.0

ImageFileCharacteristics
No relocs, Executable, 32-bit

EntryPoint
0x1da8b

InitializedDataSize
175616

SubsystemVersion
5.0

ImageVersion
0.0

OSVersion
5.0

UninitializedDataSize
0

File identification
MD5 2a6c125d7ddbdf876a132dad12f33d34
SHA1 961dae6d9cac36b3cb7a2ef1f63792af56b4c1d9
SHA256 b32a1cc7bf5666616499860b1c75db6a19fbd31dad2be7ef5f13720dec6939af
ssdeep
49152:AUfYxziGK24+ZnH/XGiLVDd2Md9UySlEO+lFBe/kEcbycuhAOOdudfV6wetNcLlV:A+YxGJWH/XNHd2KRqkPycu1Oafr+er

authentihash 9d775881c099c278234ccadb24b59bea904d939eaa682a315def84cce2cc4f49
imphash 1e4543b94f902fb1e062932841a7f90c
File size 3.1 MB ( 3201235 bytes )
File type Win32 EXE
Magic literal
PE32 executable for MS Windows (GUI) Intel 80386 32-bit

TrID WinRAR Self Extracting archive (4.x-5.x) (91.4%)
Win32 Executable MS Visual C++ (generic) (3.4%)
Win64 Executable (generic) (3.0%)
Win32 Dynamic Link Library (generic) (0.7%)
Win32 Executable (generic) (0.5%)
Tags
peexe overlay

VirusTotal metadata
First submission 2018-06-21 02:10:45 UTC ( 8 months ago )
Last submission 2018-06-21 10:04:29 UTC ( 8 months ago )
File names update.exe
No comments. No VirusTotal Community member has commented on this item yet, be the first one to do so!

Leave your comment...

?
Post comment

You have not signed in. Only registered users can leave comments, sign in and have a voice!

No votes. No one has voted on this item yet, be the first one to do so!
Condensed report! The following is a condensed report of the behaviour of the file when executed in a controlled environment. The actions and events described were either performed by the file itself or by any other process launched by the executed file or subjected to code injection by the executed file.
Opened files
Read files
Runtime DLLs