× Cookies are disabled! This site requires cookies to be enabled to work properly
SHA256: b4190c9abbd90443700a7b196951fcebcb7d58eff7c754a70807da9c36e96d3d
File name: b4190c9abbd90443700a7b196951fcebcb7d58eff7c754a70807da9c36e96d3d
Detection ratio: 26 / 69
Analysis date: 2018-11-29 01:48:39 UTC ( 3 months, 2 weeks ago ) View latest
Antivirus Result Update
AhnLab-V3 Trojan/Win32.Ursnif.C2863241 20181128
Avast FileRepMalware 20181129
AVG FileRepMalware 20181128
CrowdStrike Falcon (ML) malicious_confidence_100% (W) 20181022
Cybereason malicious.491e42 20180225
Cylance Unsafe 20181129
eGambit Unsafe.AI_Score_99% 20181129
Endgame malicious (high confidence) 20181108
ESET-NOD32 Win32/Dridex.CK 20181129
Fortinet W32/GenKryptik.CSJF!tr 20181129
Ikarus Trojan.Win32.Dridex 20181128
Sophos ML heuristic 20181128
K7AntiVirus Trojan ( 005427281 ) 20181128
K7GW Trojan ( 005427281 ) 20181128
Kaspersky Trojan-Downloader.Win32.Cridex.j 20181129
McAfee Artemis!D502B2F820DE 20181129
McAfee-GW-Edition Artemis 20181128
Microsoft Trojan:Win32/Tiggre!plock 20181129
Palo Alto Networks (Known Signatures) generic.ml 20181129
Qihoo-360 Win32/Trojan.Downloader.07b 20181129
Rising Spyware.Ursnif!8.1DEF (TFE:1:0KHXwQGJ8ON) 20181129
Sophos AV Mal/Generic-S 20181128
Symantec Infostealer 20181128
Trapmine malicious.high.ml.score 20181126
Webroot W32.Trojan.Gen 20181129
ZoneAlarm by Check Point Trojan-Downloader.Win32.Cridex.j 20181129
Ad-Aware 20181129
AegisLab 20181129
Alibaba 20180921
ALYac 20181129
Antiy-AVL 20181128
Arcabit 20181129
Avast-Mobile 20181128
Avira (no cloud) 20181128
Babable 20180918
Baidu 20181128
BitDefender 20181128
Bkav 20181128
CAT-QuickHeal 20181128
ClamAV 20181128
CMC 20181128
Comodo 20181128
Cyren 20181128
DrWeb 20181129
Emsisoft 20181129
F-Prot 20181128
F-Secure 20181128
GData 20181129
Jiangmin 20181129
Kingsoft 20181129
Malwarebytes 20181129
MAX 20181129
eScan 20181128
NANO-Antivirus 20181128
Panda 20181128
SentinelOne (Static ML) 20181011
SUPERAntiSpyware 20181128
Symantec Mobile Insight 20181121
TACHYON 20181129
Tencent 20181129
TheHacker 20181126
TotalDefense 20181128
TrendMicro 20181128
TrendMicro-HouseCall 20181128
Trustlook 20181129
VBA32 20181128
ViRobot 20181128
Yandex 20181128
Zillya 20181128
Zoner 20181129
The file being studied is a Portable Executable file! More specifically, it is a Win32 EXE file for the Windows command line subsystem.
PE header basic information
Target machine Intel 386 or later processors and compatible processors
Compilation timestamp 2018-11-26 23:05:03
Entry Point 0x000040B0
Number of sections 6
PE sections
PE imports
IsTokenRestricted
CM_Disable_DevNode
GetFontLanguageInfo
GetTextCharacterExtra
GetCurrentPositionEx
InterlockedCompareExchange64
GetUserDefaultLangID
GetConsoleFontSize
IsValidCodePage
WaitForSingleObject
GetExitCodeThread
FreeConsole
VarCyNeg
I_RpcNsBindingSetEntryNameW
SetupDiBuildClassInfoListExW
GetCursorPos
DdeUninitialize
SetCapture
GetCursor
GetFocus
SetProcessWindowStation
DestroyCaret
Debug information
ExifTool file metadata
MIMEType
application/octet-stream

Subsystem
Windows command line

MachineType
Intel 386 or later, and compatibles

FileTypeExtension
exe

TimeStamp
2018:11:27 00:05:03+01:00

FileType
Win32 EXE

PEType
PE32

CodeSize
114688

LinkerVersion
16.3

ImageFileCharacteristics
Executable, 32-bit

EntryPoint
0x40b0

InitializedDataSize
94208

SubsystemVersion
5.0

ImageVersion
0.0

OSVersion
5.0

UninitializedDataSize
0

File identification
MD5 d502b2f820de0fc451919cfc42b51715
SHA1 adeb7fd491e4244d176e76cdb1ddf2c60a569adc
SHA256 b4190c9abbd90443700a7b196951fcebcb7d58eff7c754a70807da9c36e96d3d
ssdeep
3072:lV1cFjodAor2i/53+wMN6uU+HBDfMZrW1+q:lbc01r2ixMN6uU+hLMZrW

authentihash 94739659d3948933791ba706252ab8da50bd1f83dda1939a126028120fe32dbe
imphash f2c5ad8b2ac09a33994fee2204ad8662
File size 208.0 KB ( 212992 bytes )
File type Win32 EXE
Magic literal
PE32 executable for MS Windows (console) Intel 80386 32-bit

TrID Win64 Executable (generic) (58.9%)
Win32 Dynamic Link Library (generic) (14.0%)
Win32 Executable (generic) (9.6%)
Win16/32 Executable Delphi generic (4.4%)
OS/2 Executable (generic) (4.3%)
Tags
peexe

VirusTotal metadata
First submission 2018-11-27 22:54:43 UTC ( 3 months, 3 weeks ago )
Last submission 2018-12-01 03:49:52 UTC ( 3 months, 2 weeks ago )
File names kHBs3fyF.exe
No comments. No VirusTotal Community member has commented on this item yet, be the first one to do so!

Leave your comment...

?
Post comment

You have not signed in. Only registered users can leave comments, sign in and have a voice!

No votes. No one has voted on this item yet, be the first one to do so!