× Cookies are disabled! This site requires cookies to be enabled to work properly
SHA256: b529ca4dd148fdfcee0c1f267bc6821cc5168c121363fa690536a72e0f447c19
File name: gAEB5.tmp.exe
Detection ratio: 45 / 63
Analysis date: 2017-07-17 07:27:23 UTC ( 1 year, 6 months ago ) View latest
Antivirus Result Update
Ad-Aware Trojan.Ceram.Gen.2 20170717
AegisLab Troj.Ceram.Gen!c 20170717
AhnLab-V3 Trojan/Win64.Wdfload.C1994222 20170717
ALYac Trojan.Ceram.Gen.2 20170717
Antiy-AVL Trojan/Win32.SGeneric 20170717
Arcabit Trojan.Ceram.Gen.2 20170717
Avast Win32:CertLock-H [Trj] 20170717
AVG Win32:CertLock-H [Trj] 20170717
Avira (no cloud) TR/Wdfload.ME.1 20170717
AVware Trojan.Win32.Generic!BT 20170717
Baidu Win32.Trojan.WisdomEyes.16070401.9500.9992 20170717
BitDefender Trojan.Ceram.Gen.2 20170717
CAT-QuickHeal Trojan.CertLock 20170717
Comodo UnclassifiedMalware 20170717
Cylance Unsafe 20170717
Cyren W64/Trojan.WEZW-6604 20170717
DrWeb Trojan.Hosts.42152 20170717
Emsisoft Trojan.CertLock (A) 20170717
ESET-NOD32 a variant of Win64/Wdfload.S 20170717
F-Secure Trojan.Ceram.Gen.2 20170717
Fortinet W64/Wdfload.P!tr 20170629
GData Trojan.Ceram.Gen.2 20170717
Ikarus Trojan.Ceram 20170717
K7AntiVirus Trojan ( 0050f6fc1 ) 20170717
K7GW Trojan ( 0050f6fc1 ) 20170717
Kaspersky Trojan.Win64.Agent.joo 20170717
Malwarebytes Trojan.Ceram 20170717
MAX malware (ai score=88) 20170717
McAfee RDN/Generic.dx 20170717
McAfee-GW-Edition RDN/Generic.dx 20170717
Microsoft Trojan:Win32/Skeeyah.A!bit 20170717
eScan Trojan.Ceram.Gen.2 20170717
NANO-Antivirus Trojan.Win64.Hosts.epwfvy 20170717
Panda Trj/Agent.MEP 20170716
Qihoo-360 Win32/Trojan.ae7 20170717
Rising Malware.Generic.5!tfe (cloud:qN6Pch16dnH) 20170717
Symantec Trojan.Gen.2 20170717
TrendMicro TROJ64_WDFLOAD.AUSAD 20170717
TrendMicro-HouseCall TROJ64_WDFLOAD.AUSAD 20170717
VIPRE Trojan.Win32.Generic!BT 20170717
ViRobot Trojan.Win32.Z.Wdfload.307200 20170717
Webroot W32.Trojan.Gen 20170717
Yandex Trojan.Wdfload! 20170714
Zillya Trojan.Wdfload.Win64.1312 20170714
ZoneAlarm by Check Point Trojan.Win64.Agent.joo 20170717
Alibaba 20170717
Bkav 20170716
ClamAV 20170717
CMC 20170717
CrowdStrike Falcon (ML) 20170710
Endgame 20170713
F-Prot 20170717
Sophos ML 20170607
Jiangmin 20170717
Kingsoft 20170717
nProtect 20170717
Palo Alto Networks (Known Signatures) 20170717
SentinelOne (Static ML) 20170516
Sophos AV 20170717
SUPERAntiSpyware 20170717
Symantec Mobile Insight 20170717
Tencent 20170717
TheHacker 20170717
Trustlook 20170717
VBA32 20170714
WhiteArmor 20170713
Zoner 20170717
The file being studied is a Portable Executable file! More specifically, it is a Win32 EXE file for the Windows GUI subsystem that targets 64bit architectures.
PE header basic information
Target machine x64
Compilation timestamp 2017-06-06 20:02:25
Entry Point 0x00006014
Number of sections 6
PE sections
PE imports
RegRestoreKeyA
RegDeleteKeyA
RegCloseKey
RegNotifyChangeKeyValue
RegQueryValueExA
RegSetValueA
RegSetKeySecurity
RegCreateKeyExA
RegCreateKeyA
RegGetKeySecurity
RegReplaceKeyA
RegOpenKeyA
RegQueryValueA
RegEnumKeyA
RegDeleteValueA
RegConnectRegistryA
RegQueryMultipleValuesA
RegUnLoadKeyA
RegLoadKeyA
RegFlushKey
RegOpenKeyExA
RegEnumKeyExA
RegQueryInfoKeyA
IsValidAcl
RegSaveKeyA
RegSetValueExA
RegEnumValueA
IsValidSecurityDescriptor
CertFreeCertificateContext
CertAddCertificateContextToStore
CertCloseStore
CertOpenStore
CertCreateCertificateContext
GetStdHandle
SetEndOfFile
DeleteCriticalSection
GetCurrentProcess
GetConsoleMode
EnumSystemLocalesW
RtlUnwindEx
FreeEnvironmentStringsW
InitializeSListHead
GetLocaleInfoW
SetStdHandle
WideCharToMultiByte
GetTempPathW
GetSystemTimeAsFileTime
HeapReAlloc
GetStringTypeW
FreeLibrary
LocalFree
FindClose
TlsGetValue
SetLastError
Beep
IsDebuggerPresent
HeapAlloc
GetModuleFileNameA
RtlVirtualUnwind
UnhandledExceptionFilter
LoadLibraryExW
MultiByteToWideChar
SetFilePointerEx
RegisterWaitForSingleObject
MoveFileExW
SetUnhandledExceptionFilter
IsProcessorFeaturePresent
GetSystemDirectoryA
SetEnvironmentVariableA
TerminateProcess
GetModuleHandleExW
ReadConsoleW
GetCurrentThreadId
WriteConsoleW
InitializeCriticalSectionAndSpinCount
HeapFree
EnterCriticalSection
SetEvent
QueryPerformanceCounter
TlsAlloc
FlushFileBuffers
LoadLibraryA
DeleteFileA
GetStartupInfoW
DeleteFileW
GetUserDefaultLCID
GetProcessHeap
CompareStringW
FindFirstFileExA
RtlLookupFunctionEntry
FindNextFileA
IsValidLocale
GetProcAddress
GetTimeZoneInformation
CreateFileW
CreateEventA
GetFileType
TlsSetValue
ExitProcess
LeaveCriticalSection
GetLastError
LCMapStringW
GetConsoleCP
GetEnvironmentStringsW
GetCurrentProcessId
GetCommandLineW
GetCPInfo
HeapSize
GetCommandLineA
RaiseException
TlsFree
GetModuleHandleA
ReadFile
RtlCaptureContext
CloseHandle
GetACP
GetModuleHandleW
GetFileAttributesExW
IsValidCodePage
WriteFile
Sleep
GetOEMCP
CommandLineToArgvW
GetMessageA
CharUpperA
CloseDesktop
CharPrevA
BeginPaint
CallMsgFilterA
BroadcastSystemMessageA
CopyIcon
CheckRadioButton
CreateCaret
CopyRect
DestroyMenu
DestroyCaret
ClipCursor
PostQuitMessage
DefMDIChildProcA
CheckMenuRadioItem
CreateDialogIndirectParamA
ArrangeIconicWindows
CreateIconFromResourceEx
CharLowerA
LoadIconA
SetTimer
DispatchMessageA
RegisterClassA
DestroyIcon
DefWindowProcA
CharUpperBuffA
AppendMenuA
CascadeWindows
ChildWindowFromPoint
DeleteMenu
AdjustWindowRectEx
TranslateMessage
DestroyCursor
CreateIcon
ActivateKeyboardLayout
CheckDlgButton
CreateCursor
CopyImage
CreateWindowStationA
CreatePopupMenu
CheckMenuItem
ChildWindowFromPointEx
CreateWindowExA
AnyPopup
BeginDeferWindowPos
DefFrameProcA
CreateMDIWindowA
CloseWindow
CreateDialogParamA
CharLowerBuffA
BringWindowToTop
CopyAcceleratorTableA
CreateIconIndirect
ClientToScreen
CloseWindowStation
CallNextHookEx
SendMessageA
FindWindowExA
CreateMenu
LoadCursorA
ChangeMenuA
CountClipboardFormats
CharToOemBuffA
ChangeClipboardChain
DefDlgProcA
AdjustWindowRect
AttachThreadInput
CharNextA
DestroyAcceleratorTable
DeferWindowPos
CreateIconFromResource
CallWindowProcA
CreateAcceleratorTableA
DeregisterShellHookWindow
PostThreadMessageA
CharToOemA
CoFileTimeNow
IIDFromString
CoMarshalHresult
CoGetStdMarshalEx
CoUnmarshalHresult
CoFreeLibrary
CoCreateGuid
CoRegisterMallocSpy
CoLoadLibrary
CoRegisterMessageFilter
CLSIDFromString
CoRevokeMallocSpy
CoLockObjectExternal
CoTaskMemRealloc
CoIsHandlerConnected
CoCreateFreeThreadedMarshaler
CoInitializeEx
CoTaskMemAlloc
CoRevokeClassObject
CoFileTimeToDosDateTime
CLSIDFromProgID
CoFreeUnusedLibraries
CoGetCurrentProcess
CoFreeAllLibraries
CoDosDateTimeToFileTime
CoDisconnectObject
CoGetMalloc
CoReleaseMarshalData
CoTaskMemFree
Number of PE resources by type
RT_MANIFEST 1
Number of PE resources by language
ENGLISH US 1
PE resources
Debug information
ExifTool file metadata
MIMEType
application/octet-stream

Subsystem
Windows GUI

SubsystemVersion
5.2

MachineType
AMD AMD64

TimeStamp
2017:06:06 21:02:25+01:00

FileType
Win64 EXE

PEType
PE32+

CodeSize
172032

LinkerVersion
14.1

FileTypeExtension
exe

InitializedDataSize
139776

ImageFileCharacteristics
Executable, Large address aware

EntryPoint
0x6014

OSVersion
5.2

ImageVersion
0.0

UninitializedDataSize
0

Compressed bundles
File identification
MD5 679a54233089bd649b01bc70905e22cd
SHA1 a66197a6fdf6cde046a02ec10eb417bf125a63b1
SHA256 b529ca4dd148fdfcee0c1f267bc6821cc5168c121363fa690536a72e0f447c19
ssdeep
6144:kVSiEji+m4qWmPMDo+t5iasw3JUyJmSo99oV:k83W+5q7MVhD+9

authentihash 21a7bb31bfa3f62c2ac25e4f2068a0d1067b191b00fd330bc0b7793921e2c3ea
imphash ca74f2c2225045446ef176b0c9d468b6
File size 300.0 KB ( 307200 bytes )
File type Win32 EXE
Magic literal
PE32+ executable for MS Windows (GUI) Mono/.Net assembly

TrID Win64 Executable (generic) (82.0%)
OS/2 Executable (generic) (6.0%)
Generic Win/DOS Executable (5.9%)
DOS Executable Generic (5.9%)
Tags
64bits peexe assembly

VirusTotal metadata
First submission 2017-06-06 20:12:41 UTC ( 1 year, 7 months ago )
Last submission 2017-07-17 07:27:23 UTC ( 1 year, 6 months ago )
File names g8F53.tmp.exe
gA331.tmp.exe
gAEB5.tmp.exe
gAEB5.tmp.exe
g87CE.tmp.exe
679a54233089bd649b01bc70905e22cd
gFDB9.tmp.exe
g2392.tmp.exe
gb10e.tmp.exe
a66197a6fdf6cde046a02ec10eb417bf125a63b1
No comments. No VirusTotal Community member has commented on this item yet, be the first one to do so!

Leave your comment...

?
Post comment

You have not signed in. Only registered users can leave comments, sign in and have a voice!

No votes. No one has voted on this item yet, be the first one to do so!