× Cookies are disabled! This site requires cookies to be enabled to work properly
SHA256: b7d10768fe367e73b63eaff33f4f016fae3a9293fa8509f79f521e4b439dd7b5
File name: 44aa0cda3aed1c6a7a07d561883b43d5.virus
Detection ratio: 45 / 66
Analysis date: 2018-05-14 16:48:59 UTC ( 9 months, 1 week ago )
Antivirus Result Update
Ad-Aware Trojan.GenericKD.30752279 20180514
AhnLab-V3 Trojan/Win32.Kryptik.R227462 20180514
ALYac Trojan.GenericKD.30752279 20180514
Antiy-AVL Trojan/Win32.TSGeneric 20180514
Arcabit Trojan.Generic.D1D53E17 20180514
Avast Win32:Malware-gen 20180514
AVG Win32:Malware-gen 20180514
Avira (no cloud) TR/AD.PandaBanker.qhuas 20180514
Baidu Win32.Trojan.WisdomEyes.16070401.9500.9999 20180511
BitDefender Trojan.GenericKD.30752279 20180514
CrowdStrike Falcon (ML) malicious_confidence_100% (D) 20180418
Cylance Unsafe 20180514
Cyren W32/Trojan.SUBK-5503 20180514
eGambit Unsafe.AI_Score_74% 20180514
Emsisoft Trojan.GenericKD.30752279 (B) 20180514
Endgame malicious (high confidence) 20180507
ESET-NOD32 a variant of Win32/Kryptik.GGNN 20180514
F-Prot W32/S-651c2493!Eldorado 20180514
F-Secure Trojan.GenericKD.30752279 20180514
Fortinet W32/Kryptik.GGNN!tr 20180514
GData Trojan.GenericKD.30752279 20180514
Sophos ML heuristic 20180504
Jiangmin Trojan.GandCrypt.ca 20180514
K7AntiVirus Trojan ( 005304de1 ) 20180514
K7GW Trojan ( 005304de1 ) 20180514
Kaspersky Trojan.Win32.Chapak.tmg 20180514
Malwarebytes Trojan.MalPack 20180514
MAX malware (ai score=83) 20180514
McAfee GenericRXFI-YJ!44AA0CDA3AED 20180514
McAfee-GW-Edition BehavesLike.Win32.MultiPlug.dc 20180514
Microsoft Trojan:Win32/Tiggre!plock 20180514
eScan Trojan.GenericKD.30752279 20180514
NANO-Antivirus Trojan.Win32.Kryptik.fbkpnu 20180514
Palo Alto Networks (Known Signatures) generic.ml 20180514
Qihoo-360 HEUR/QVM10.1.2955.Malware.Gen 20180514
SentinelOne (Static ML) static engine - malicious 20180225
Sophos AV Mal/GandCrab-A 20180514
Symantec Packed.Generic.525 20180514
Tencent Win32.Trojan.Chapak.Pdcs 20180514
TrendMicro TROJ_GEN.R004C0OED18 20180514
TrendMicro-HouseCall TROJ_GEN.R004C0OED18 20180514
VBA32 BScope.TrojanDownloader.Upatre 20180514
ViRobot Trojan.Win32.Agent.224768.Q 20180514
Yandex Trojan.Kryptik!YNKCS++USpw 20180513
ZoneAlarm by Check Point Trojan.Win32.Chapak.tmg 20180514
AegisLab 20180514
Alibaba 20180514
Avast-Mobile 20180514
AVware 20180428
Babable 20180406
Bkav 20180514
CAT-QuickHeal 20180514
ClamAV 20180514
CMC 20180514
Comodo 20180514
Cybereason None
Ikarus 20180514
Kingsoft 20180514
nProtect 20180514
Panda 20180514
Rising 20180514
SUPERAntiSpyware 20180514
Symantec Mobile Insight 20180511
TheHacker 20180509
TotalDefense 20180514
Trustlook 20180514
VIPRE 20180514
Webroot 20180514
Zillya 20180514
Zoner 20180514
The file being studied is a Portable Executable file! More specifically, it is a Win32 EXE file for the Windows GUI subsystem.
PE header basic information
Target machine Intel 386 or later processors and compatible processors
Compilation timestamp 2018-05-08 13:03:04
Entry Point 0x00004FDD
Number of sections 6
PE sections
PE imports
GetObjectA
GetCharWidth32A
GetLastError
InitializeCriticalSectionAndSpinCount
HeapFree
IsProcessorFeaturePresent
FlushConsoleInputBuffer
LCMapStringW
GetStartupInfoW
LoadLibraryW
GetConsoleCP
CreateMailslotW
SetEvent
QueryPerformanceCounter
IsDebuggerPresent
EncodePointer
TlsAlloc
GetOEMCP
GetEnvironmentStringsW
FlushFileBuffers
GetModuleFileNameA
LockFile
WaitForSingleObjectEx
GetStdHandle
HeapAlloc
DeleteCriticalSection
GetStartupInfoA
EnterCriticalSection
GetFileType
GetConsoleMode
DecodePointer
GetCurrentProcessId
GetUserDefaultLCID
GetProcessHeap
EnumSystemLocalesW
SetFileTime
GetCommandLineW
GetCPInfo
UnhandledExceptionFilter
LoadLibraryExW
MultiByteToWideChar
HeapSize
SetFilePointerEx
FreeEnvironmentStringsW
SetConsoleCursorInfo
GetTapePosition
InterlockedCompareExchange
GetLocaleInfoW
SetStdHandle
GetVolumeNameForVolumeMountPointA
RaiseException
WideCharToMultiByte
TlsFree
FindFirstFileExA
InitializeSListHead
SetUnhandledExceptionFilter
WriteFile
GetCurrentProcess
CloseHandle
GetSystemTimeAsFileTime
GetCommandLineA
FindNextFileA
IsValidLocale
GetACP
HeapReAlloc
GetStringTypeW
GetModuleHandleW
ExitProcess
FreeLibrary
TerminateProcess
RtlUnwind
CreateEventW
ResetEvent
GetModuleHandleExW
IsValidCodePage
CreateFileW
FindClose
TlsGetValue
SetLastError
TlsSetValue
GetCurrentThreadId
GetVersion
GetProcAddress
VirtualAlloc
WriteConsoleW
LeaveCriticalSection
GetDoubleClickTime
GetTabbedTextExtentA
DefDlgProcA
RealGetWindowClassW
IsCharAlphaA
UnhookWinEvent
VkKeyScanW
GetSysColor
SetScrollInfo
ReleaseStgMedium
CoGetMarshalSizeMax
OleInitialize
GetConvertStg
OleGetClipboard
Number of PE resources by type
RT_STRING 34
RT_ACCELERATOR 3
TSH 1
RT_ICON 1
RT_BITMAP 1
RT_GROUP_ICON 1
Number of PE resources by language
NEUTRAL 41
PE resources
Debug information
ExifTool file metadata
MIMEType
application/octet-stream

Subsystem
Windows GUI

MachineType
Intel 386 or later, and compatibles

TimeStamp
2018:05:08 15:03:04+02:00

FileType
Win32 EXE

PEType
PE32

CodeSize
95744

LinkerVersion
14.0

FileTypeExtension
exe

InitializedDataSize
5386752

SubsystemVersion
5.1

EntryPoint
0x4fdd

OSVersion
5.1

ImageVersion
0.0

UninitializedDataSize
0

File identification
MD5 44aa0cda3aed1c6a7a07d561883b43d5
SHA1 dd31e180056508d5be3e78b6c805b9c1af7327cb
SHA256 b7d10768fe367e73b63eaff33f4f016fae3a9293fa8509f79f521e4b439dd7b5
ssdeep
3072:WsA3izhGQXZDoO6BHi/Fy+XvQBAg0FujRf1wncFA3vZaNkfZVDB2PLbGJGXGid17:FvoO0i4AOVa7/5iuGXGid1Bqs

authentihash 302f0df74c6e36ac8a3b927fd591df09aa436e12a467bc4ed8244052570befa1
imphash 5de0425c8d7585d849bd874ddda76b3a
File size 259.5 KB ( 265728 bytes )
File type Win32 EXE
Magic literal
PE32 executable for MS Windows (GUI) Intel 80386 32-bit

TrID Win32 Executable MS Visual C++ (generic) (41.0%)
Win64 Executable (generic) (36.3%)
Win32 Dynamic Link Library (generic) (8.6%)
Win32 Executable (generic) (5.9%)
OS/2 Executable (generic) (2.6%)
Tags
peexe

VirusTotal metadata
First submission 2018-05-14 16:48:59 UTC ( 9 months, 1 week ago )
Last submission 2018-05-14 16:48:59 UTC ( 9 months, 1 week ago )
File names 44aa0cda3aed1c6a7a07d561883b43d5.virus
No comments. No VirusTotal Community member has commented on this item yet, be the first one to do so!

Leave your comment...

?
Post comment

You have not signed in. Only registered users can leave comments, sign in and have a voice!

No votes. No one has voted on this item yet, be the first one to do so!
Condensed report! The following is a condensed report of the behaviour of the file when executed in a controlled environment. The actions and events described were either performed by the file itself or by any other process launched by the executed file or subjected to code injection by the executed file.
Opened files
Read files
Written files
Created processes
Created mutexes
Opened mutexes
Runtime DLLs