× Cookies are disabled! This site requires cookies to be enabled to work properly
SHA256: b5567655caabb75af68f6ea33c7a22dbc1a6006ca427da6be0066c093f592610
File name: d9f1c8185f582c722bea4eaf4cf5a115.kaf
Detection ratio: 8 / 58
Analysis date: 2017-01-14 15:03:28 UTC ( 1 year, 11 months ago ) View latest
Antivirus Result Update
Baidu Win32.Trojan.WisdomEyes.16070401.9500.9892 20170113
CrowdStrike Falcon (ML) malicious_confidence_100% (D) 20161024
ESET-NOD32 a variant of Win32/Kryptik.FLIT 20170114
Fortinet W32/Kryptik.FMTL!tr 20170114
Sophos ML trojandownloader.win32.kuluoz.d 20170111
Qihoo-360 HEUR/QVM09.0.0000.Malware.Gen 20170114
Rising Malware.Heuristic!ET#96% (rdm+) 20170114
Symantec Heur.AdvML.B 20170113
Ad-Aware 20170114
AegisLab 20170114
AhnLab-V3 20170114
Alibaba 20170113
ALYac 20170114
Antiy-AVL 20170114
Arcabit 20170114
Avast 20170114
AVG 20170114
Avira (no cloud) 20170114
AVware 20170114
BitDefender 20170114
Bkav 20170114
CAT-QuickHeal 20170114
ClamAV 20170114
CMC 20170114
Comodo 20170114
Cyren 20170114
DrWeb 20170114
Emsisoft 20170114
F-Prot 20170114
F-Secure 20170114
GData 20170114
Ikarus 20170114
Jiangmin 20170114
K7AntiVirus 20170114
K7GW 20170114
Kaspersky 20170114
Kingsoft 20170114
Malwarebytes 20170114
McAfee 20170108
McAfee-GW-Edition 20170114
Microsoft 20170114
eScan 20170114
NANO-Antivirus 20170114
nProtect 20170114
Panda 20170113
Sophos AV 20170114
SUPERAntiSpyware 20170114
Tencent 20170114
TheHacker 20170111
TotalDefense 20170114
TrendMicro 20170114
TrendMicro-HouseCall 20170114
Trustlook 20170114
VBA32 20170113
VIPRE 20170114
ViRobot 20170114
WhiteArmor 20170113
Yandex 20170113
Zillya 20170113
Zoner 20170114
The file being studied is a Portable Executable file! More specifically, it is a Win32 EXE file for the Windows GUI subsystem.
PE header basic information
Target machine Intel 386 or later processors and compatible processors
Compilation timestamp 2017-01-14 10:34:52
Entry Point 0x0002343E
Number of sections 4
PE sections
PE imports
GetLastError
IsValidCodePage
HeapFree
GetStdHandle
EnterCriticalSection
LCMapStringW
SetHandleCount
GetOEMCP
GetEnvironmentStringsW
HeapDestroy
HeapAlloc
TlsAlloc
IsValidLocale
GetProcessHeap
GetVersionExA
LoadLibraryA
RtlUnwind
GetModuleFileNameA
FreeEnvironmentStringsA
DeleteCriticalSection
GetStartupInfoA
GetDateFormatA
GetEnvironmentStrings
GetLocaleInfoA
SetConsoleCtrlHandler
GetCurrentProcessId
LCMapStringA
GetCPInfo
UnhandledExceptionFilter
TlsGetValue
MultiByteToWideChar
HeapSize
FreeEnvironmentStringsW
GetCommandLineA
GetProcAddress
QueryPerformanceCounter
GetStringTypeA
GetCurrentThread
LeaveCriticalSection
CompareStringW
WideCharToMultiByte
GetTimeFormatA
TlsFree
GetModuleHandleA
InterlockedExchange
SetUnhandledExceptionFilter
WriteFile
InterlockedIncrement
CompareStringA
GetSystemTimeAsFileTime
EnumSystemLocalesA
GetACP
HeapReAlloc
GetStringTypeW
GetUserDefaultLCID
SetEnvironmentVariableA
FreeLibrary
IsDebuggerPresent
TerminateProcess
GetTimeZoneInformation
GetCurrentProcess
InitializeCriticalSection
HeapCreate
VirtualFree
FatalAppExitA
InterlockedDecrement
Sleep
GetFileType
GetTickCount
TlsSetValue
ExitProcess
GetCurrentThreadId
GetLocaleInfoW
VirtualAlloc
SetLastError
ResetEvent
SHDeleteValueW
PathFileExistsW
PathRemoveBlanksW
StrStrW
Number of PE resources by type
RT_STRING 1
Number of PE resources by language
ENGLISH US 1
PE resources
ExifTool file metadata
MIMEType
application/octet-stream

Subsystem
Windows GUI

MachineType
Intel 386 or later, and compatibles

FileTypeExtension
exe

TimeStamp
2017:01:14 11:34:52+01:00

FileType
Win32 EXE

PEType
PE32

CodeSize
229376

LinkerVersion
7.1

EntryPoint
0x2343e

InitializedDataSize
28672

SubsystemVersion
4.0

ImageVersion
0.0

OSVersion
4.0

UninitializedDataSize
0

Compressed bundles
File identification
MD5 d9f1c8185f582c722bea4eaf4cf5a115
SHA1 455316f12509dc328363eebfaf24a9c320f8b8ae
SHA256 b5567655caabb75af68f6ea33c7a22dbc1a6006ca427da6be0066c093f592610
ssdeep
6144:0P6xBCjv3a8w8bvgUyZLrP5pAaMr4vyI:dM+qvArRpASy

authentihash 144cf903c2edd44b17e0a11a52ff4adca01bd443ed76ed10673b76dba298b874
imphash f28ee52d10dd3dc27444c29c3ea21551
File size 252.0 KB ( 258048 bytes )
File type Win32 EXE
Magic literal
PE32 executable for MS Windows (GUI) Intel 80386 32-bit

TrID Win32 Executable MS Visual C++ (generic) (41.0%)
Win64 Executable (generic) (36.3%)
Win32 Dynamic Link Library (generic) (8.6%)
Win32 Executable (generic) (5.9%)
OS/2 Executable (generic) (2.6%)
Tags
peexe

VirusTotal metadata
First submission 2017-01-14 15:03:28 UTC ( 1 year, 11 months ago )
Last submission 2018-05-15 16:00:12 UTC ( 6 months, 4 weeks ago )
File names RUNDS.EXE
d9f1c8185f582c722bea4eaf4cf5a115.kaf
f2e3a3eea070e034eeef104156645f7a
No comments. No VirusTotal Community member has commented on this item yet, be the first one to do so!

Leave your comment...

?
Post comment

You have not signed in. Only registered users can leave comments, sign in and have a voice!

No votes. No one has voted on this item yet, be the first one to do so!
Condensed report! The following is a condensed report of the behaviour of the file when executed in a controlled environment. The actions and events described were either performed by the file itself or by any other process launched by the executed file or subjected to code injection by the executed file.
Opened files
Created processes
Terminated processes
Opened mutexes
Runtime DLLs
UDP communications