× Cookies are disabled! This site requires cookies to be enabled to work properly
SHA256: b92c00f58393af56a7e29cff9d847354f8c36eb5ebab917b767b92de09b09023
File name: B92C00F58393AF56A7E29CFF9D847354F8C36EB5EBAB917B767B92DE09B09023
Detection ratio: 14 / 71
Analysis date: 2019-01-11 19:02:08 UTC ( 1 month, 1 week ago ) View latest
Antivirus Result Update
AVG FileRepMalware 20190111
CrowdStrike Falcon (ML) malicious_confidence_80% (D) 20181023
Cylance Unsafe 20190111
Endgame malicious (high confidence) 20181108
ESET-NOD32 a variant of Win32/Kryptik.GONF 20190111
Kaspersky UDS:DangerousObject.Multi.Generic 20190111
McAfee Artemis!6E48CACE8211 20190111
McAfee-GW-Edition BehavesLike.Win32.PWSZbot.dh 20190111
Qihoo-360 HEUR/QVM10.1.7B27.Malware.Gen 20190111
Rising Trojan.Fuerboos!8.EFC8/N3#91% (RDM+:cmRtazoxc1xNQQcjFyqKZ+j97MrC) 20190111
Symantec ML.Attribute.HighConfidence 20190111
Trapmine malicious.high.ml.score 20190103
VBA32 BScope.Trojan.Chapak 20190111
ZoneAlarm by Check Point Trojan-Spy.Win32.Stealer.gqj 20190111
Acronis 20190111
Ad-Aware 20190111
AegisLab 20190111
AhnLab-V3 20190111
Alibaba 20180921
Antiy-AVL 20190111
Arcabit 20190111
Avast 20190111
Avast-Mobile 20190111
Avira (no cloud) 20190111
AVware 20180925
Babable 20180918
Baidu 20190111
BitDefender 20190111
Bkav 20190108
CAT-QuickHeal 20190111
ClamAV 20190111
CMC 20190111
Comodo 20190111
Cybereason 20190109
Cyren 20190111
DrWeb 20190111
eGambit 20190111
Emsisoft 20190111
F-Prot 20190111
F-Secure 20190111
Fortinet 20190111
GData 20190111
Ikarus 20190111
Sophos ML 20181128
Jiangmin 20190111
K7AntiVirus 20190111
K7GW 20190111
Kingsoft 20190111
Malwarebytes 20190111
MAX 20190111
Microsoft 20190111
eScan 20190111
NANO-Antivirus 20190111
Palo Alto Networks (Known Signatures) 20190111
Panda 20190111
SentinelOne (Static ML) 20181223
Sophos AV 20190111
SUPERAntiSpyware 20190109
TACHYON 20190111
Tencent 20190111
TheHacker 20190106
TotalDefense 20190111
TrendMicro 20190111
TrendMicro-HouseCall 20190111
Trustlook 20190111
VIPRE 20190111
ViRobot 20190111
Webroot 20190111
Yandex 20190111
Zillya 20190110
Zoner 20190111
The file being studied is a Portable Executable file! More specifically, it is a Win32 EXE file for the Windows GUI subsystem.
FileVersionInfo properties
PE header basic information
Target machine Intel 386 or later processors and compatible processors
Compilation timestamp 2018-02-15 03:50:34
Entry Point 0x0000651E
Number of sections 6
PE sections
PE imports
LookupPrivilegeNameW
GetSecurityDescriptorControl
GetSecurityDescriptorDacl
GetUserNameA
InitiateSystemShutdownW
GetSecurityDescriptorLength
BeginPath
StretchBlt
FillPath
GetStdHandle
GetDriveTypeW
GetConsoleOutputCP
DeleteCriticalSection
GetCurrentProcess
GetConsoleMode
GetLocaleInfoA
LocalAlloc
GetFileInformationByHandle
GetLocaleInfoW
SetStdHandle
GetCPInfo
GetStringTypeA
WriteFile
GetSystemTimeAsFileTime
GetThreadTimes
HeapReAlloc
GetStringTypeW
InitializeCriticalSection
TlsGetValue
SetLastError
GetModuleFileNameW
IsDebuggerPresent
ExitProcess
GetModuleFileNameA
SetProcessWorkingSetSize
EnumSystemLocalesA
UnhandledExceptionFilter
InterlockedDecrement
MultiByteToWideChar
SetUnhandledExceptionFilter
GetSystemTimes
TerminateProcess
WriteConsoleA
GlobalAlloc
LocalFileTimeToFileTime
GetCurrentThreadId
InterlockedIncrement
WriteConsoleW
InitializeCriticalSectionAndSpinCount
HeapFree
EnterCriticalSection
SetHandleCount
TerminateThread
GetOEMCP
QueryPerformanceCounter
GetTickCount
SetConsoleTextAttribute
TlsAlloc
FlushFileBuffers
LoadLibraryA
RtlUnwind
GetStartupInfoA
GetCommProperties
SetCommMask
GetStartupInfoW
GetProcAddress
CreateFileMappingW
FreeEnvironmentStringsW
lstrcpyA
IsValidLocale
DuplicateHandle
GetUserDefaultLCID
GetProcessAffinityMask
GetFileType
TlsSetValue
CreateFileA
HeapAlloc
LeaveCriticalSection
GetLastError
LCMapStringW
SetComputerNameExA
GetConsoleCP
LCMapStringA
GetEnvironmentStringsW
GetCurrentProcessId
GetCommandLineW
WideCharToMultiByte
HeapSize
RaiseException
TlsFree
SetFilePointer
ReadFile
CloseHandle
GetACP
GetModuleHandleW
GetSystemTimeAdjustment
IsValidCodePage
HeapCreate
VirtualFree
Sleep
VirtualAlloc
ShowScrollBar
SetScrollRange
DestroyIcon
GetPropW
EnableScrollBar
PostMessageW
Number of PE resources by type
RT_ICON 7
RT_STRING 4
RT_ACCELERATOR 1
RT_BITMAP 1
RT_VERSION 1
RT_GROUP_ICON 1
Number of PE resources by language
DANISH DEFAULT 15
PE resources
ExifTool file metadata
UninitializedDataSize
0

LinkerVersion
9.0

ImageVersion
0.0

FileVersionNumber
1.0.0.0

LanguageCode
Unknown (457A)

FileFlagsMask
0x004f

ImageFileCharacteristics
Executable, Large address aware, 32-bit

CharacterSet
Unknown (A56B)

InitializedDataSize
175616

EntryPoint
0x651e

MIMEType
application/octet-stream

TimeStamp
2018:02:15 04:50:34+01:00

FileType
Win32 EXE

PEType
PE32

InternalName
boyobilot.exe

SubsystemVersion
5.1

OSVersion
5.1

FileOS
Unknown (0x40534)

Subsystem
Windows GUI

MachineType
Intel 386 or later, and compatibles

CodeSize
81920

FileSubtype
0

ProductVersionNumber
1.0.0.0

FileTypeExtension
exe

ObjectFileType
Executable application

File identification
MD5 6e48cace821190acc61587d4ae6ebb93
SHA1 eb2e58ab624c9e9404a1cab1983f1f60ec62ac35
SHA256 b92c00f58393af56a7e29cff9d847354f8c36eb5ebab917b767b92de09b09023
ssdeep
6144:laO6uhkLamLC//AULObTLPUdQPrd57DlWXpQ:laOBkWf//KnPMkG

authentihash 9e53b2154a6be62c807bb5c0c63e47b7807cf396d3261408a93577b9b7b8d1e3
imphash 0ab5a879e94ad27d52ab2ff11914235e
File size 244.5 KB ( 250368 bytes )
File type Win32 EXE
Magic literal
PE32 executable for MS Windows (GUI) Intel 80386 32-bit

TrID Win32 Executable MS Visual C++ (generic) (40.0%)
Win64 Executable (generic) (35.4%)
Win32 Dynamic Link Library (generic) (8.4%)
Win32 Executable (generic) (5.7%)
OS/2 Executable (generic) (2.6%)
Tags
peexe

VirusTotal metadata
First submission 2019-01-11 19:02:06 UTC ( 1 month, 1 week ago )
Last submission 2019-01-11 19:02:08 UTC ( 1 month, 1 week ago )
File names doc-copy.exe
No comments. No VirusTotal Community member has commented on this item yet, be the first one to do so!

Leave your comment...

?
Post comment

You have not signed in. Only registered users can leave comments, sign in and have a voice!

No votes. No one has voted on this item yet, be the first one to do so!
Condensed report! The following is a condensed report of the behaviour of the file when executed in a controlled environment. The actions and events described were either performed by the file itself or by any other process launched by the executed file or subjected to code injection by the executed file.
Opened files
Read files
Written files
Copied files
Deleted files
Created mutexes
Opened mutexes
Opened service managers
Opened services
Runtime DLLs
HTTP requests
TCP connections