× Cookies are disabled! This site requires cookies to be enabled to work properly
SHA256: b6fbd671edfa5bd958c0e7f54f0f079c79e8e558e0665128a68b58a97ce5762d
File name: 880d450b7741f466f810521ca60b03db.virus
Detection ratio: 29 / 68
Analysis date: 2018-10-26 01:23:42 UTC ( 4 months, 4 weeks ago ) View latest
Antivirus Result Update
Ad-Aware Trojan.GenericKD.31313849 20181026
AhnLab-V3 Trojan/Win32.Gandcrab.C2785732 20181025
Avast Win32:Trojan-gen 20181026
AVG Win32:Trojan-gen 20181026
BitDefender Trojan.GenericKD.31313849 20181026
Cylance Unsafe 20181026
Emsisoft Trojan.GenericKD.31313849 (B) 20181026
Endgame malicious (high confidence) 20180730
ESET-NOD32 a variant of Win32/Kryptik.GLYP 20181026
F-Secure Trojan.GenericKD.31313849 20181026
Fortinet W32/Kryptik.GLZK!tr 20181026
GData Win32.Packed.Kryptik.4CR8IM 20181026
Ikarus Trojan.Win32.Crypt 20181025
Sophos ML heuristic 20180717
Kaspersky Trojan.Win32.Chapak.banq 20181025
Malwarebytes Trojan.MalPack.GS 20181026
MAX malware (ai score=100) 20181026
McAfee Packed-FNQ!880D450B7741 20181026
McAfee-GW-Edition BehavesLike.Win32.MultiPlug.ch 20181026
Microsoft Trojan:Win32/Gandcrab.AF 20181026
eScan Trojan.GenericKD.31313849 20181026
Palo Alto Networks (Known Signatures) generic.ml 20181026
Qihoo-360 HEUR/QVM10.2.BF51.Malware.Gen 20181026
Rising Downloader.Vigorf!8.F626 (CLOUD) 20181026
Sophos AV Mal/Generic-S 20181026
Symantec ML.Attribute.HighConfidence 20181026
VBA32 BScope.Trojan.Zenpak 20181025
Webroot W32.Trojan.Gen 20181026
ZoneAlarm by Check Point Trojan.Win32.Chapak.banq 20181026
AegisLab 20181026
Alibaba 20180921
ALYac 20181026
Antiy-AVL 20181025
Arcabit 20181025
Avast-Mobile 20181025
Avira (no cloud) 20181025
Babable 20180918
Baidu 20181024
Bkav 20181025
CAT-QuickHeal 20181025
ClamAV 20181026
CMC 20181025
CrowdStrike Falcon (ML) 20181022
Cybereason 20180225
Cyren 20181026
DrWeb 20181026
eGambit 20181026
F-Prot 20181026
Jiangmin 20181026
K7AntiVirus 20181025
K7GW 20181025
Kingsoft 20181026
NANO-Antivirus 20181026
Panda 20181025
SentinelOne (Static ML) 20181011
SUPERAntiSpyware 20181022
Symantec Mobile Insight 20181001
TACHYON 20181026
Tencent 20181026
TheHacker 20181025
TotalDefense 20181025
TrendMicro 20181026
TrendMicro-HouseCall 20181026
Trustlook 20181026
VIPRE 20181026
ViRobot 20181025
Yandex 20181025
Zillya 20181024
Zoner 20181025
The file being studied is a Portable Executable file! More specifically, it is a Win32 EXE file for the Windows GUI subsystem.
FileVersionInfo properties
PE header basic information
Target machine Intel 386 or later processors and compatible processors
Compilation timestamp 2017-06-01 17:21:56
Entry Point 0x00007357
Number of sections 5
PE sections
PE imports
ReportEventW
GetLastError
IsValidCodePage
HeapFree
GetStdHandle
EnterCriticalSection
LCMapStringW
SetHandleCount
GetModuleFileNameW
GetOEMCP
LCMapStringA
IsDebuggerPresent
HeapAlloc
TlsAlloc
IsValidLocale
VirtualProtect
LoadLibraryA
SetConsoleOutputCP
RtlUnwind
GetModuleFileNameA
DeleteCriticalSection
GetCurrentProcess
EnumSystemLocalesA
GetCPInfoExW
GetLocaleInfoA
HeapSize
LocalAlloc
GetUserDefaultLCID
GetPrivateProfileIntA
GetCommandLineW
GetCPInfo
UnhandledExceptionFilter
TlsGetValue
MultiByteToWideChar
GetStartupInfoW
FreeEnvironmentStringsW
InitializeCriticalSectionAndSpinCount
GetProcAddress
InterlockedCompareExchange
VirtualProtectEx
GetLocaleInfoW
SetFirmwareEnvironmentVariableW
RaiseException
WideCharToMultiByte
TlsFree
InterlockedExchange
SetUnhandledExceptionFilter
WriteFile
GetStartupInfoA
GetStringTypeA
GetSystemTimeAsFileTime
TerminateProcess
GetACP
HeapReAlloc
GetStringTypeW
GetModuleHandleW
GetFirmwareEnvironmentVariableA
FindAtomW
QueryPerformanceCounter
InitializeCriticalSection
HeapCreate
SetFileApisToOEM
VirtualFree
GetEnvironmentStringsW
InterlockedDecrement
Sleep
GetFileType
GetTickCount
TlsSetValue
ExitProcess
GetCurrentThreadId
LeaveCriticalSection
VirtualAlloc
GetCurrentProcessId
SetLastError
InterlockedIncrement
GetMonitorInfoW
Number of PE resources by type
RT_ICON 2
RT_BITMAP 2
RT_GROUP_CURSOR 1
RT_ACCELERATOR 1
RT_CURSOR 1
RT_VERSION 1
RT_GROUP_ICON 1
Number of PE resources by language
THAI DEFAULT 9
PE resources
ExifTool file metadata
UninitializedDataSize
0

LinkerVersion
9.0

ImageVersion
0.0

FileVersionNumber
1.45.8.4

LanguageCode
English (British)

FileFlagsMask
0x003f

ImageFileCharacteristics
Executable, 32-bit

CharacterSet
Unicode

InitializedDataSize
43520

EntryPoint
0x7357

MIMEType
application/octet-stream

FileVersion
1.3.1

TimeStamp
2017:06:01 19:21:56+02:00

FileType
Win32 EXE

PEType
PE32

InternalName
wfsfnaasdBa.exe

ProductVersion
1.2.0.1

SubsystemVersion
5.0

OSVersion
5.0

FileOS
Windows NT 32-bit

Subsystem
Windows GUI

MachineType
Intel 386 or later, and compatibles

CodeSize
93696

FileSubtype
0

ProductVersionNumber
7.32.568.0

FileTypeExtension
exe

ObjectFileType
Executable application

File identification
MD5 880d450b7741f466f810521ca60b03db
SHA1 fc7c59ed6f2dddb156f9f9654b05dc067739b6b8
SHA256 b6fbd671edfa5bd958c0e7f54f0f079c79e8e558e0665128a68b58a97ce5762d
ssdeep
1536:SwFWIxtYhPmS2pr8IQLLZ5QhRkhmCD3ODGKUd4uXVmzo2amV1ry2b/FU/yV6io:zFXxtumSVL/QjCiDGoZamcio

authentihash cc1d18cebdbf925e09c5dcb0d133fe3174ba1282549de6e3c6f4289918ca09c0
imphash 326e67c55213d80bbc3c487321e21b6b
File size 130.5 KB ( 133632 bytes )
File type Win32 EXE
Magic literal
PE32 executable for MS Windows (GUI) Intel 80386 32-bit

TrID Win32 Executable MS Visual C++ (generic) (40.0%)
Win64 Executable (generic) (35.4%)
Win32 Dynamic Link Library (generic) (8.4%)
Win32 Executable (generic) (5.7%)
OS/2 Executable (generic) (2.6%)
Tags
peexe

VirusTotal metadata
First submission 2018-10-25 03:05:17 UTC ( 5 months ago )
Last submission 2018-10-25 03:05:17 UTC ( 5 months ago )
File names 880d450b7741f466f810521ca60b03db.virus
No comments. No VirusTotal Community member has commented on this item yet, be the first one to do so!

Leave your comment...

?
Post comment

You have not signed in. Only registered users can leave comments, sign in and have a voice!

No votes. No one has voted on this item yet, be the first one to do so!
Condensed report! The following is a condensed report of the behaviour of the file when executed in a controlled environment. The actions and events described were either performed by the file itself or by any other process launched by the executed file or subjected to code injection by the executed file.
Runtime DLLs