× Cookies are disabled! This site requires cookies to be enabled to work properly
SHA256: b3ebc32089b1f9932794ea86ac4821060d99a7602088e5e6f8d2cfa269a74ff1
File name: payload_1.exe
Detection ratio: 24 / 68
Analysis date: 2018-06-20 00:02:29 UTC ( 9 months, 1 week ago ) View latest
Antivirus Result Update
AegisLab Ml.Attribute.Gen!c 20180619
Avast FileRepMalware 20180619
AVG Win32:Malware-gen 20180619
Baidu Win32.Trojan.WisdomEyes.16070401.9500.9999 20180615
Bkav HW32.Packed.957E 20180619
CrowdStrike Falcon (ML) malicious_confidence_100% (W) 20180530
Cybereason malicious.bec0ed 20180225
Cylance Unsafe 20180620
Endgame malicious (high confidence) 20180612
ESET-NOD32 a variant of Win32/Kryptik.GHYJ 20180619
Fortinet W32/Kryptik.GHOF!tr 20180619
Ikarus Win32.Outbreak 20180619
Kaspersky UDS:DangerousObject.Multi.Generic 20180619
Malwarebytes Spyware.Emotet 20180619
McAfee Artemis!163632BBEC0E 20180619
McAfee-GW-Edition BehavesLike.Win32.Emotet.ch 20180619
Microsoft Trojan:Win32/Azden.B!cl 20180619
Palo Alto Networks (Known Signatures) generic.ml 20180620
Qihoo-360 HEUR/QVM20.1.F4E9.Malware.Gen 20180620
SentinelOne (Static ML) static engine - malicious 20180618
Symantec ML.Attribute.HighConfidence 20180619
TrendMicro-HouseCall Suspicious_GEN.F47V0619 20180620
VBA32 BScope.Trojan.Dovs 20180619
ZoneAlarm by Check Point UDS:DangerousObject.Multi.Generic 20180619
Ad-Aware 20180619
AhnLab-V3 20180619
Alibaba 20180619
ALYac 20180619
Antiy-AVL 20180619
Arcabit 20180619
Avast-Mobile 20180619
Avira (no cloud) 20180619
AVware 20180618
Babable 20180406
BitDefender 20180619
CAT-QuickHeal 20180619
ClamAV 20180619
CMC 20180619
Comodo 20180620
Cyren 20180620
DrWeb 20180619
eGambit 20180620
Emsisoft 20180619
F-Prot 20180619
F-Secure 20180620
GData 20180619
Sophos ML 20180601
Jiangmin 20180619
K7AntiVirus 20180619
K7GW 20180620
Kingsoft 20180620
MAX 20180620
eScan 20180619
NANO-Antivirus 20180619
Panda 20180619
Rising 20180619
Sophos AV 20180620
SUPERAntiSpyware 20180619
Symantec Mobile Insight 20180619
TACHYON 20180619
Tencent 20180620
TheHacker 20180619
TotalDefense 20180619
TrendMicro 20180619
Trustlook 20180620
VIPRE 20180619
ViRobot 20180619
Webroot 20180620
Yandex 20180618
Zillya 20180619
Zoner 20180619
The file being studied is a Portable Executable file! More specifically, it is a Win32 EXE file for the Windows GUI subsystem.
FileVersionInfo properties
Copyright
(c)2008-2018 CPUID. All rights reserved.

Product CPUID Hardware Monitor
Original name HWMonitor.exe
Internal name HWMonitor.exe
File version 1, 3, 5, 0
Description HWMonitor
PE header basic information
Target machine Intel 386 or later processors and compatible processors
Compilation timestamp 2018-06-20 03:30:31
Entry Point 0x000014D5
Number of sections 4
PE sections
PE imports
FindFirstFreeAce
AddAccessDeniedAce
GetSecurityDescriptorDacl
CryptCreateHash
CryptSIPAddProvider
JetMakeKey
GetFontData
PaintRgn
ExtEscape
RemoveFontMemResourceEx
SetStretchBltMode
SuspendThread
GetThreadPriority
GetTimeZoneInformation
GetSystemDefaultLocaleName
LocalFlags
SetTapePosition
GetCommState
CloseHandle
GetSystemTimeAsFileTime
GetDynamicTimeZoneInformation
lstrcmpW
VirtualAlloc
RpcStringBindingParseW
SetupGetStringFieldA
SetupGetLineTextA
PathStripPathW
UrlApplySchemeW
GetDoubleClickTime
UnregisterHotKey
FlashWindow
OpenWindowStationA
GetThreadDesktop
IsDialogMessageA
OleTranslateAccelerator
Number of PE resources by type
RT_STRING 26
RT_DIALOG 4
RT_BITMAP 4
RT_MENU 1
RT_ACCELERATOR 1
RT_VERSION 1
Number of PE resources by language
ENGLISH US 34
FRENCH 3
PE resources
Debug information
ExifTool file metadata
MIMEType
application/octet-stream

Subsystem
Windows GUI

MachineType
Intel 386 or later, and compatibles

FileTypeExtension
exe

TimeStamp
2018:06:20 05:30:31+02:00

FileType
Win32 EXE

PEType
PE32

CodeSize
12288

LinkerVersion
0.0

ImageFileCharacteristics
No relocs, Executable, 32-bit

EntryPoint
0x14d5

InitializedDataSize
65536

SubsystemVersion
5.0

ImageVersion
0.0

OSVersion
5.0

UninitializedDataSize
0

Execution parents
File identification
MD5 163632bbec0ed021dbdd4e889bf8c255
SHA1 f9a3d975c336ab624555edefd155c23b92002dd8
SHA256 b3ebc32089b1f9932794ea86ac4821060d99a7602088e5e6f8d2cfa269a74ff1
ssdeep
3072:vIwZuHYmGQcmnHBw0abISRzSV5PfyEPpUdDzX:hMHYm9cmnC0NV5Pf

authentihash cbb1ba4e68a718b463c36eb977247d25ac19e2098ab2d8c1b41dee89856fab72
imphash 090af33eebf5daef37e20ba5d0773b9a
File size 124.0 KB ( 126976 bytes )
File type Win32 EXE
Magic literal
PE32 executable for MS Windows (GUI) Intel 80386 32-bit

TrID Win32 Dynamic Link Library (generic) (38.4%)
Win32 Executable (generic) (26.3%)
OS/2 Executable (generic) (11.8%)
Generic Win/DOS Executable (11.6%)
DOS Executable Generic (11.6%)
Tags
peexe

VirusTotal metadata
First submission 2018-06-19 21:18:46 UTC ( 9 months, 1 week ago )
Last submission 2018-07-22 03:14:13 UTC ( 8 months, 1 week ago )
File names output.113470845.txt
payload_1.exe
b3794bb57dde882d1ca9a40026e15c82581f58ce
HWMonitor.exe
679348839.exe
68427539.exe
251981.exe
39910.exe
454042.exe
224617.exe
No comments. No VirusTotal Community member has commented on this item yet, be the first one to do so!

Leave your comment...

?
Post comment

You have not signed in. Only registered users can leave comments, sign in and have a voice!

No votes. No one has voted on this item yet, be the first one to do so!