× Cookies are disabled! This site requires cookies to be enabled to work properly
SHA256: b34954cd5a90cd128640f62056dc429583aa904582210adbd7be79a89dfbe077
File name: 1.exe
Detection ratio: 45 / 67
Analysis date: 2017-12-09 19:50:07 UTC ( 1 week ago )
Antivirus Result Update
Ad-Aware Gen:Variant.Graftor.448083 20171209
AhnLab-V3 Trojan/Win32.MalCrypted.R214834 20171209
ALYac Gen:Variant.Graftor.448083 20171209
Antiy-AVL RiskWare[RiskTool]/Win32.BitCoinMiner 20171209
Arcabit Trojan.Graftor.D6D653 20171209
Avast Win32:Malware-gen 20171209
AVG Win32:Malware-gen 20171209
AVware RiskTool.Win32.BitCoinMiner 20171209
Baidu Win32.Trojan.WisdomEyes.16070401.9500.9997 20171209
BitDefender Gen:Variant.Graftor.448083 20171209
CAT-QuickHeal Trojan.BitcoinMiner 20171209
Comodo ApplicUnwnt 20171209
CrowdStrike Falcon (ML) malicious_confidence_90% (W) 20171016
Cylance Unsafe 20171209
Cyren W32/Trojan.CUOL-5120 20171209
DrWeb Trojan.DownLoader25.64517 20171209
Emsisoft Gen:Variant.Graftor.448083 (B) 20171209
Endgame malicious (high confidence) 20171130
ESET-NOD32 a variant of Win32/Kryptik.GAEY 20171209
F-Prot W32/S-00766a36!Eldorado 20171209
F-Secure Gen:Variant.Graftor.448083 20171209
Fortinet W32/Injector.DUAP!tr 20171209
GData Gen:Variant.Graftor.448083 20171209
Ikarus Trojan.Win32.Crypt 20171209
Sophos ML heuristic 20170914
Jiangmin RiskTool.BitCoinMiner.gen 20171209
K7AntiVirus Trojan ( 0051fb271 ) 20171209
K7GW Trojan ( 0051fb271 ) 20171209
Kaspersky not-a-virus:RiskTool.Win32.BitCoinMiner.imvf 20171209
MAX malware (ai score=67) 20171209
McAfee RDN/Generic.grp 20171209
McAfee-GW-Edition BehavesLike.Win32.Generic.bc 20171209
Microsoft Trojan:Win32/CoinMiner.AC!bit 20171209
eScan Gen:Variant.Graftor.448083 20171209
NANO-Antivirus Riskware.Win32.BitCoinMiner.evusfe 20171209
Palo Alto Networks (Known Signatures) generic.ml 20171209
Panda Trj/CI.A 20171209
Rising Malware.Obscure/Heur!1.9E03 (CLASSIC) 20171209
SentinelOne (Static ML) static engine - malicious 20171207
Sophos AV Generic PUA GB (PUA) 20171209
Symantec Trojan.Gen.2 20171209
Tencent Win32.Trojan.Inject.Auto 20171209
TrendMicro-HouseCall TROJ_GEN.R038C0DL717 20171209
VIPRE RiskTool.Win32.BitCoinMiner (not malicious) 20171209
ZoneAlarm by Check Point not-a-virus:RiskTool.Win32.BitCoinMiner.imvf 20171209
AegisLab 20171209
Alibaba 20171208
Avast-Mobile 20171209
Bkav 20171208
ClamAV 20171209
CMC 20171208
Cybereason 20171103
eGambit 20171209
Kingsoft 20171209
Malwarebytes 20171209
nProtect 20171209
Qihoo-360 20171209
SUPERAntiSpyware 20171209
Symantec Mobile Insight 20171207
TheHacker 20171209
TotalDefense 20171209
TrendMicro 20171209
Trustlook 20171209
VBA32 20171208
ViRobot 20171209
Webroot 20171209
WhiteArmor 20171204
Yandex 20171208
Zillya 20171209
Zoner 20171209
The file being studied is a Portable Executable file! More specifically, it is a Win32 EXE file for the Windows GUI subsystem.
FileVersionInfo properties
Copyright
Copyright (C) 2017, cjfdfhvdvifbish456

File version 1.0.0.1
PE header basic information
Target machine Intel 386 or later processors and compatible processors
Compilation timestamp 2017-12-05 14:09:21
Entry Point 0x00003D13
Number of sections 5
PE sections
PE imports
GetLastError
InitializeCriticalSectionAndSpinCount
HeapFree
GetStdHandle
GetDriveTypeW
LCMapStringW
lstrlenA
GetModuleFileNameW
GetConsoleCP
GetOEMCP
QueryPerformanceCounter
EnterCriticalSection
IsDebuggerPresent
GetTickCount
SetProcessShutdownParameters
TlsAlloc
GetEnvironmentStringsW
FlushFileBuffers
GetModuleFileNameA
FatalExit
RtlUnwind
GetACP
HeapAlloc
SetProcessWorkingSetSize
GetProcessIoCounters
GetStartupInfoW
GetWindowsDirectoryW
GetConsoleMode
GetStringTypeW
GetFileSize
AddAtomA
UnhandledExceptionFilter
GetCurrentProcess
ExitProcess
LoadLibraryExW
MultiByteToWideChar
HeapSize
SetFilePointerEx
FreeEnvironmentStringsW
GetCommandLineA
GetProcAddress
GetProcessHeap
SetStdHandle
GetTempPathA
RaiseException
GetCPInfo
TlsFree
GetModuleHandleA
GetSystemTimeAsFileTime
DeleteCriticalSection
SetUnhandledExceptionFilter
WriteFile
GetAtomNameA
CloseHandle
IsProcessorFeaturePresent
GlobalMemoryStatus
ExitThread
HeapReAlloc
DecodePointer
GetModuleHandleW
TerminateProcess
GetProcessHandleCount
WideCharToMultiByte
GetModuleHandleExW
IsValidCodePage
OutputDebugStringW
SetLastError
CreateFileW
GlobalAlloc
TlsGetValue
Sleep
GetFileType
TlsSetValue
EncodePointer
GetCurrentThreadId
GetCurrentProcessId
WriteConsoleW
LeaveCriticalSection
TransparentBlt
WinHttpOpen
Number of PE resources by type
RT_ICON 4
RT_STRING 4
RT_MANIFEST 1
RT_GROUP_CURSOR 1
LOHUDOSEDEFUCEMATIVOBUXENEDUTENA 1
BYUSFAKUIP 1
AFX_DIALOG_LAYOUT 1
RT_BITMAP 1
RT_CURSOR 1
DEFOYUJILASU 1
RT_VERSION 1
RT_GROUP_ICON 1
Number of PE resources by language
NEUTRAL 18
PE resources
ExifTool file metadata
UninitializedDataSize
0

InitializedDataSize
1782272

ImageVersion
0.0

FileVersionNumber
1.0.0.1

LanguageCode
English (British)

FileFlagsMask
0x003f

CharacterSet
Unicode

LinkerVersion
12.0

FileTypeExtension
exe

MIMEType
application/octet-stream

Subsystem
Windows GUI

FileVersion
1.0.0.1

TimeStamp
2017:12:05 15:09:21+01:00

FileType
Win32 EXE

PEType
PE32

ProductVersion
1.0.0.1

SubsystemVersion
5.1

OSVersion
5.1

FileOS
Windows NT 32-bit

LegalCopyright
Copyright (C) 2017, cjfdfhvdvifbish456

MachineType
Intel 386 or later, and compatibles

CodeSize
56320

FileSubtype
0

ProductVersionNumber
1.0.0.1

EntryPoint
0x3d13

ObjectFileType
Executable application

Execution parents
Compressed bundles
File identification
MD5 0cdd87e7b3db4c8d81dc9617b9a51a66
SHA1 612bb94e9e8ce7d54e56791dda5ce1b5b09e459f
SHA256 b34954cd5a90cd128640f62056dc429583aa904582210adbd7be79a89dfbe077
ssdeep
24576:1uv5QjycK3Vc2//I62wtavq0jOQRfeRXnOQd6x:126O3mGg6Havq8NR2R7ox

authentihash 894db6d28e48f2cca7e8cd12e23910b2da1de76ffec967d9606b0337ea11332d
imphash 5dcc5ab029dfc4b9c63203c10e44892c
File size 785.5 KB ( 804352 bytes )
File type Win32 EXE
Magic literal
PE32 executable for MS Windows (GUI) Intel 80386 32-bit

TrID Win32 Executable MS Visual C++ (generic) (67.4%)
Win32 Dynamic Link Library (generic) (14.2%)
Win32 Executable (generic) (9.7%)
Generic Win/DOS Executable (4.3%)
DOS Executable Generic (4.3%)
Tags
peexe

VirusTotal metadata
First submission 2017-12-06 03:04:32 UTC ( 1 week, 4 days ago )
Last submission 2017-12-09 19:50:07 UTC ( 1 week ago )
File names 1.exe
output.112557440.txt
1002-612bb94e9e8ce7d54e56791dda5ce1b5b09e459f
WINNTBACKEND-630035074441128.TMP.EXE
love.bin
No comments. No VirusTotal Community member has commented on this item yet, be the first one to do so!

Leave your comment...

?
Post comment

You have not signed in. Only registered users can leave comments, sign in and have a voice!

No votes. No one has voted on this item yet, be the first one to do so!
Condensed report! The following is a condensed report of the behaviour of the file when executed in a controlled environment. The actions and events described were either performed by the file itself or by any other process launched by the executed file or subjected to code injection by the executed file.
Created processes
Opened mutexes
Runtime DLLs