× Cookies are disabled! This site requires cookies to be enabled to work properly
SHA256: b84d7dd0add09843ca2c4096f1f0949501f47535147a9c8fdbf218b5562846d2
File name: 4747.tmp.exe
Detection ratio: 25 / 69
Analysis date: 2019-03-02 16:38:35 UTC ( 1 month, 3 weeks ago ) View latest
Antivirus Result Update
Acronis suspicious 20190222
AhnLab-V3 Malware/Win32.Generic.C2950469 20190302
Avast Win32:Adware-gen [Adw] 20190302
AVG Win32:Adware-gen [Adw] 20190302
Avira (no cloud) HEUR/AGEN.1010414 20190302
CrowdStrike Falcon (ML) win/malicious_confidence_100% (D) 20190212
Cybereason malicious.309d03 20190109
Endgame malicious (high confidence) 20190215
ESET-NOD32 a variant of Win32/Adware.OxyPumper.BP 20190302
F-Secure Heuristic.HEUR/AGEN.1010414 20190302
Jiangmin RiskTool.BitCoinMiner.jrn 20190302
Kaspersky Trojan.Win32.Agent.qwifxc 20190302
Malwarebytes Trojan.AdLoad 20190302
McAfee-GW-Edition BehavesLike.Win32.Generic.dh 20190302
Microsoft Trojan:Win32/Fuery.C!cl 20190302
NANO-Antivirus Trojan.Win32.OxyPumper.fnpdda 20190302
Palo Alto Networks (Known Signatures) generic.ml 20190302
Panda Trj/GdSda.A 20190302
Qihoo-360 HEUR/QVM20.1.93DA.Malware.Gen 20190302
Rising Trojan.Agent!8.B1E (RDM+:cmRtazoJyempcbgNCMQn5p7p8vHc) 20190302
SentinelOne (Static ML) static engine - malicious 20190203
Sophos AV Generic PUA KP (PUA) 20190302
Symantec ML.Attribute.HighConfidence 20190301
VBA32 suspected of Trojan.Downloader.gen.h 20190301
ZoneAlarm by Check Point Trojan.Win32.Agent.qwifxc 20190302
Ad-Aware 20190302
AegisLab 20190302
Alibaba 20180921
ALYac 20190302
Antiy-AVL 20190302
Arcabit 20190302
Avast-Mobile 20190302
Babable 20180918
Baidu 20190215
BitDefender 20190302
Bkav 20190301
CAT-QuickHeal 20190228
ClamAV 20190302
CMC 20190302
Comodo 20190302
Cyren 20190302
DrWeb 20190302
eGambit 20190302
Emsisoft 20190302
F-Prot 20190302
Fortinet 20190302
GData 20190302
Sophos ML 20181128
K7AntiVirus 20190302
K7GW 20190302
Kingsoft 20190302
MAX 20190302
McAfee 20190302
eScan 20190302
SUPERAntiSpyware 20190227
Symantec Mobile Insight 20190220
TACHYON 20190302
Tencent 20190302
TheHacker 20190225
TotalDefense 20190302
Trapmine 20190301
TrendMicro 20190302
TrendMicro-HouseCall 20190302
Trustlook 20190302
VIPRE 20190302
ViRobot 20190302
Webroot 20190302
Yandex 20190301
Zillya 20190302
Zoner 20190302
The file being studied is a Portable Executable file! More specifically, it is a Win32 EXE file for the Windows GUI subsystem.
FileVersionInfo properties
PE header basic information
Target machine Intel 386 or later processors and compatible processors
Compilation timestamp 2019-03-01 15:22:23
Entry Point 0x00017727
Number of sections 5
PE sections
PE imports
RegCreateKeyExW
RegDeleteValueW
RegCloseKey
RegSetValueExW
RegQueryInfoKeyW
RegEnumValueW
RegOpenKeyExW
RegCreateKeyW
RegOpenKeyW
RegQueryValueExW
GetStdHandle
FileTimeToSystemTime
WaitForSingleObject
EncodePointer
SystemTimeToTzSpecificLocalTime
DeleteCriticalSection
GetCurrentProcess
GetConsoleMode
EnumSystemLocalesW
LoadLibraryExW
FreeEnvironmentStringsW
InitializeSListHead
GetLocaleInfoW
SetStdHandle
GetFileTime
GetCPInfo
GetTempPathW
GetSystemTimeAsFileTime
HeapReAlloc
GetStringTypeW
GetOEMCP
LocalFree
FormatMessageW
OutputDebugStringW
FindClose
TlsGetValue
SetLastError
GetSystemTime
GetModuleFileNameW
IsDebuggerPresent
HeapAlloc
UnhandledExceptionFilter
InterlockedDecrement
MultiByteToWideChar
SetFilePointerEx
SetUnhandledExceptionFilter
IsProcessorFeaturePresent
DecodePointer
TerminateProcess
GetModuleHandleExW
GetCurrentThreadId
WriteConsoleW
CreateToolhelp32Snapshot
InitializeCriticalSectionAndSpinCount
HeapFree
EnterCriticalSection
GetVersionExW
GetExitCodeProcess
QueryPerformanceCounter
TlsAlloc
FlushFileBuffers
RtlUnwind
FreeLibrary
OpenProcess
GetStartupInfoW
GetUserDefaultLCID
GetProcessHeap
GetTempFileNameW
FindNextFileW
IsValidLocale
FindFirstFileExW
GetProcAddress
CreateFileW
GetFileType
TlsSetValue
ExitProcess
LeaveCriticalSection
GetLastError
LCMapStringW
GetConsoleCP
GetEnvironmentStringsW
lstrlenW
Process32NextW
SwitchToThread
GetCurrentProcessId
GetCommandLineW
WideCharToMultiByte
HeapSize
GetCommandLineA
Process32FirstW
RaiseException
TlsFree
CloseHandle
GetACP
GetModuleHandleW
GetFileAttributesExW
IsValidCodePage
WriteFile
CreateProcessW
Sleep
SysAllocStringLen
VariantClear
SysAllocString
GetErrorInfo
SysFreeString
VariantInit
UuidCreate
UuidToStringW
SHGetFolderPathW
wvsprintfW
InternetConnectW
InternetReadFile
InternetCloseHandle
HttpSendRequestW
InternetOpenW
HttpOpenRequestW
CoCreateInstance
CoUninitialize
CoInitialize
CoSetProxyBlanket
URLDownloadToFileW
Number of PE resources by type
RT_MANIFEST 1
Number of PE resources by language
ENGLISH US 1
PE resources
Debug information
ExifTool file metadata
MIMEType
application/octet-stream

Subsystem
Windows GUI

SubsystemVersion
5.1

MachineType
Intel 386 or later, and compatibles

TimeStamp
2019:03:01 16:22:23+01:00

FileType
Win32 EXE

PEType
PE32

CodeSize
192512

LinkerVersion
14.16

FileTypeExtension
exe

InitializedDataSize
107520

ImageFileCharacteristics
Executable, 32-bit

EntryPoint
0x17727

OSVersion
5.1

ImageVersion
0.0

UninitializedDataSize
0

File identification
MD5 813cd2d309d030cdbeb655ab09d0a8d6
SHA1 afe7aba5c656ea743f12c76a58c26401ec4aa049
SHA256 b84d7dd0add09843ca2c4096f1f0949501f47535147a9c8fdbf218b5562846d2
ssdeep
6144:HxMcZELTVJcjGMdu8yjnV/VkIxiV+PFZI001aAOHEa/gOZo:HxMc2LTVJ0GMd9yjVtkAcA30Y9pgOZo

authentihash d2ffbb240a2a1b168a3dbd78c8d75583f70a68b6c8353ef0880ed26b2c5e7642
imphash c16c21d116ff6fad683c36f2504ced8c
File size 290.5 KB ( 297472 bytes )
File type Win32 EXE
Magic literal
PE32 executable for MS Windows (GUI) Intel 80386 32-bit

TrID Win64 Executable (generic) (72.3%)
Win32 Executable (generic) (11.8%)
OS/2 Executable (generic) (5.3%)
Generic Win/DOS Executable (5.2%)
DOS Executable Generic (5.2%)
Tags
peexe

VirusTotal metadata
First submission 2019-03-02 16:38:35 UTC ( 1 month, 3 weeks ago )
Last submission 2019-03-02 16:38:35 UTC ( 1 month, 3 weeks ago )
File names 5E76E2A0-47D0-42A8-B748-ACD67B499273.exe
4747.tmp.exe
No comments. No VirusTotal Community member has commented on this item yet, be the first one to do so!

Leave your comment...

?
Post comment

You have not signed in. Only registered users can leave comments, sign in and have a voice!

No votes. No one has voted on this item yet, be the first one to do so!
Condensed report! The following is a condensed report of the behaviour of the file when executed in a controlled environment. The actions and events described were either performed by the file itself or by any other process launched by the executed file or subjected to code injection by the executed file.
Opened files
Read files
Written files
Copied files
Created processes
Shell commands
Created mutexes
Opened mutexes
Searched windows
Opened service managers
Opened services
Runtime DLLs
Additional details
The file uses the IsDebuggerPresent Windows API function in order to see whether it is being debugged.
HTTP requests
DNS requests
TCP connections
UDP communications