× Cookies are disabled! This site requires cookies to be enabled to work properly
SHA256: ba218aedb66df27b48618ed42939f9a0a8460fb186af151a3975d87684898bf6
File name: 443d08b3e5573b48cb38900a8660799b
Detection ratio: 35 / 67
Analysis date: 2018-10-25 08:21:11 UTC ( 5 months, 3 weeks ago ) View latest
Antivirus Result Update
Ad-Aware Trojan.GenericKD.40640277 20181024
ALYac Trojan.GenericKD.40640277 20181025
Arcabit Trojan.Generic.D26C1F15 20181025
AVG FileRepMalware 20181025
Avira (no cloud) HEUR/AGEN.1035626 20181025
BitDefender Trojan.GenericKD.40640277 20181025
CrowdStrike Falcon (ML) malicious_confidence_70% (D) 20181022
Cylance Unsafe 20181025
Cyren W32/Trojan.SSNZ-2770 20181025
Emsisoft Trojan.GenericKD.40640277 (B) 20181025
Endgame malicious (moderate confidence) 20180730
ESET-NOD32 Win32/TrojanDownloader.AutoHK.FC 20181025
F-Secure Trojan.GenericKD.40640277 20181025
Fortinet W32/AutoHK.FC!tr 20181025
GData Trojan.GenericKD.40640277 20181025
Ikarus Trojan-Downloader.Win32.Autohk 20181025
Jiangmin Trojan.Generic.coqnp 20181025
K7AntiVirus Trojan-Downloader ( 0053eecb1 ) 20181025
K7GW Trojan-Downloader ( 0053eecb1 ) 20181025
Kaspersky Backdoor.Win32.Sinowal.xdz 20181025
McAfee RDN/Generic.dx 20181025
McAfee-GW-Edition BehavesLike.Win32.Dropper.ch 20181025
Microsoft TrojanDownloader:Win32/PSWSteal.D!bit 20181025
eScan Trojan.GenericKD.40640277 20181025
Palo Alto Networks (Known Signatures) generic.ml 20181025
Panda Trj/CI.A 20181024
Qihoo-360 HEUR/QVM10.2.B5F1.Malware.Gen 20181025
Sophos AV Mal/Generic-S 20181025
Symantec ML.Attribute.HighConfidence 20181025
Tencent Win32.Backdoor.Sinowal.Palx 20181025
VBA32 Trojan.Tiggre 20181024
ViRobot Trojan.Win32.Z.Tiggre.852480 20181025
Webroot W32.Trojan.GenKD 20181025
Zillya Trojan.GenericKD.Win32.178938 20181024
ZoneAlarm by Check Point Backdoor.Win32.Sinowal.xdz 20181025
AegisLab 20181025
AhnLab-V3 20181025
Alibaba 20180921
Antiy-AVL 20181023
Avast 20181025
Avast-Mobile 20181025
Babable 20180918
Baidu 20181024
Bkav 20181024
CAT-QuickHeal 20181024
ClamAV 20181024
CMC 20181024
Cybereason 20180225
DrWeb 20181025
eGambit 20181025
F-Prot 20181025
Sophos ML 20180717
Kingsoft 20181025
Malwarebytes 20181025
MAX 20181025
NANO-Antivirus 20181025
Rising 20181025
SentinelOne (Static ML) 20181011
SUPERAntiSpyware 20181022
Symantec Mobile Insight 20181001
TACHYON 20181025
TheHacker 20181024
TotalDefense 20181025
TrendMicro 20181025
TrendMicro-HouseCall 20181025
Trustlook 20181025
Yandex 20181025
Zoner 20181024
The file being studied is a Portable Executable file! More specifically, it is a Win32 EXE file for the Windows GUI subsystem.
FileVersionInfo properties
File version 1.1.30.00
PE header basic information
Target machine Intel 386 or later processors and compatible processors
Compilation timestamp 2018-08-22 07:49:11
Entry Point 0x00090BC3
Number of sections 4
PE sections
PE imports
RegCreateKeyExW
CloseServiceHandle
RegEnumValueW
RegConnectRegistryW
RegCloseKey
OpenProcessToken
RegSetValueExW
RegDeleteValueW
RegQueryInfoKeyW
GetUserNameW
OpenSCManagerW
RegEnumKeyExW
LockServiceDatabase
AdjustTokenPrivileges
LookupPrivilegeValueW
RegOpenKeyExW
RegDeleteKeyW
UnlockServiceDatabase
RegQueryValueExW
InitCommonControlsEx
ImageList_Destroy
CreateStatusWindowW
ImageList_AddMasked
ImageList_GetIconSize
ImageList_Create
ImageList_ReplaceIcon
GetSaveFileNameW
GetOpenFileNameW
CommDlgExtendedError
GetCharABCWidthsW
GetTextMetricsW
GetSystemPaletteEntries
CreatePolygonRgn
GetClipBox
GetPixel
GetDeviceCaps
ExcludeClipRect
DeleteDC
SetBkMode
GetObjectW
BitBlt
CreateDIBSection
SetTextColor
CreatePatternBrush
FillRgn
CreateEllipticRgn
GetTextFaceW
CreateDCW
EnumFontFamiliesExW
GetStockObject
GetDIBits
GdiFlush
CreateRoundRectRgn
CreateCompatibleDC
CreateFontW
SetBrushOrgEx
CreateRectRgn
GetClipRgn
CreateSolidBrush
SelectObject
SetBkColor
DeleteObject
CreateCompatibleBitmap
GetStdHandle
GetDriveTypeW
FileTimeToSystemTime
GetPrivateProfileSectionNamesW
GetFileAttributesW
GetLocalTime
DeleteCriticalSection
GetCurrentProcess
GetConsoleMode
UnhandledExceptionFilter
SetErrorMode
FreeEnvironmentStringsW
SetStdHandle
WideCharToMultiByte
GetDiskFreeSpaceW
WriteFile
GetSystemTimeAsFileTime
HeapReAlloc
GetStringTypeW
GetExitCodeProcess
FormatMessageW
InitializeCriticalSection
OutputDebugStringW
GetStringTypeExW
FindClose
InterlockedDecrement
QueryDosDeviceW
MoveFileW
SetFileAttributesW
GetEnvironmentVariableW
SetLastError
GetSystemTime
DeviceIoControl
TlsGetValue
CopyFileW
WriteProcessMemory
LoadResource
RemoveDirectoryW
Beep
IsDebuggerPresent
HeapAlloc
HeapSetInformation
SetThreadPriority
WritePrivateProfileSectionW
GetVolumeInformationW
LoadLibraryExW
MultiByteToWideChar
SetFilePointerEx
GetPrivateProfileStringW
GetFullPathNameW
CreateThread
SetEnvironmentVariableW
GetSystemDefaultUILanguage
GetExitCodeThread
SetUnhandledExceptionFilter
CreateMutexW
MulDiv
IsProcessorFeaturePresent
SetPriorityClass
TerminateProcess
SetCurrentDirectoryW
GlobalAlloc
LocalFileTimeToFileTime
SetEndOfFile
GetCurrentThreadId
LeaveCriticalSection
WriteConsoleW
InitializeCriticalSectionAndSpinCount
HeapFree
EnterCriticalSection
SetHandleCount
LoadLibraryW
GetVersionExW
GetOEMCP
QueryPerformanceCounter
GetTickCount
TlsAlloc
VirtualProtect
FlushFileBuffers
lstrcmpiW
RtlUnwind
FreeLibrary
GlobalSize
GetWindowsDirectoryW
GetFileSize
OpenProcess
GetDateFormatW
GetStartupInfoW
ReadProcessMemory
CreateDirectoryW
DeleteFileW
GetProcAddress
GetProcessHeap
GetComputerNameW
EnumResourceNamesW
CompareStringW
GetFileSizeEx
GetModuleFileNameW
FindNextFileW
FindFirstFileW
GlobalLock
SetVolumeLabelW
GetPrivateProfileSectionW
CreateFileW
GetFileType
TlsSetValue
ExitProcess
InterlockedIncrement
GetLastError
SystemTimeToFileTime
LCMapStringW
GetShortPathNameW
VirtualAllocEx
GlobalFree
GetConsoleCP
FindResourceW
GetTimeFormatW
GetEnvironmentStringsW
GlobalUnlock
VirtualQuery
FileTimeToLocalFileTime
SizeofResource
GetCurrentDirectoryW
VirtualFreeEx
GetCurrentProcessId
LockResource
SetFileTime
GetCommandLineW
HeapQueryInformation
GetCPInfo
HeapSize
WritePrivateProfileStringW
RaiseException
TlsFree
SetFilePointer
ReadFile
CloseHandle
GetACP
GetModuleHandleW
IsValidCodePage
HeapCreate
GetTempPathW
CreateProcessW
Sleep
SafeArrayDestroy
VariantChangeType
SafeArrayAccessData
SafeArrayGetLBound
SysFreeString
SafeArrayPtrOfIndex
SafeArrayCreate
SafeArrayUnaccessData
VariantCopyInd
VariantClear
SysAllocString
GetActiveObject
SafeArrayUnlock
SafeArrayGetUBound
SafeArrayLock
SafeArrayGetElemsize
SafeArrayGetDim
SafeArrayCopy
OleLoadPicture
SysStringLen
GetModuleFileNameExW
GetModuleBaseNameW
SHGetFolderPathW
SHEmptyRecycleBinW
SHBrowseForFolderW
DragQueryFileW
SHFileOperationW
ExtractIconW
SHGetPathFromIDListW
DragQueryPoint
ShellExecuteExW
SHGetDesktopFolder
Shell_NotifyIconW
SHGetMalloc
DragFinish
RedrawWindow
GetMessagePos
SetWindowRgn
RegisterWindowMessageW
UnregisterHotKey
DrawTextW
DestroyMenu
PostQuitMessage
GetForegroundWindow
SetWindowPos
IsWindow
ScreenToClient
WindowFromPoint
SetMenuItemInfoW
SetActiveWindow
GetMenuItemID
GetCursorPos
ReleaseDC
GetMenuStringW
GetMenu
GetClientRect
SetMenuDefaultItem
CallNextHookEx
IsClipboardFormatAvailable
LoadImageW
CountClipboardFormats
keybd_event
GetTopWindow
RegisterHotKey
OpenClipboard
GetWindowTextW
EnumClipboardFormats
GetWindowTextLengthW
LoadAcceleratorsW
GetKeyState
DestroyWindow
GetClassInfoExW
UpdateWindow
GetPropW
EnumWindows
CheckRadioButton
MapVirtualKeyExW
GetMessageW
ShowWindow
SetMenuInfo
EnableMenuItem
SetPropW
GetDesktopWindow
IsCharAlphaW
PeekMessageW
InsertMenuItemW
CharUpperW
GetClipboardFormatNameW
SetClipboardViewer
TranslateMessage
IsWindowEnabled
GetWindow
ActivateKeyboardLayout
GetIconInfo
SetParent
SetClipboardData
IsZoomed
IsCharLowerW
IsIconic
TrackPopupMenuEx
GetSubMenu
CreateMenu
GetKeyboardLayout
FlashWindow
CreateAcceleratorTableW
GetSysColorBrush
CreateWindowExW
GetWindowLongW
GetUpdateRect
GetGUIThreadInfo
PtInRect
MapWindowPoints
VkKeyScanExW
EmptyClipboard
SystemParametersInfoW
DefWindowProcW
GetKeyboardLayoutNameW
KillTimer
MapVirtualKeyW
GetClipboardData
GetParent
ToUnicodeEx
GetSystemMetrics
SetWindowLongW
GetWindowRect
IsDialogMessageW
EnumChildWindows
CharLowerW
SendDlgItemMessageW
SetKeyboardState
GetCursor
CreatePopupMenu
CheckMenuItem
GetClassLongW
DrawIconEx
SetWindowTextW
SetTimer
GetDlgItem
RemovePropW
BringWindowToTop
SendInput
ClientToScreen
PostMessageW
GetKeyboardState
PostThreadMessageW
GetMenuItemCount
AttachThreadInput
DestroyAcceleratorTable
CreateIconFromResourceEx
SetWindowsHookExW
LoadCursorW
GetSystemMenu
FindWindowW
GetDC
FillRect
SetForegroundWindow
ExitWindowsEx
SetFocus
GetMenuItemInfoW
GetAsyncKeyState
CreateDialogIndirectParamW
IntersectRect
SetLayeredWindowAttributes
EndDialog
CreateIconIndirect
GetDlgCtrlID
MessageBeep
RemoveMenu
GetWindowThreadProcessId
GetQueueStatus
MessageBoxW
SendMessageW
RegisterClassExW
UnhookWindowsHookEx
MoveWindow
DialogBoxParamW
AppendMenuW
ChangeClipboardChain
AdjustWindowRectEx
mouse_event
GetFocus
GetSysColor
SetDlgItemTextW
CopyImage
DestroyIcon
IsWindowVisible
IsCharAlphaNumericW
GetLastInputInfo
DispatchMessageW
SetRect
InvalidateRect
CallWindowProcW
GetClassNameW
GetAncestor
IsCharUpperW
IsMenu
SendMessageTimeoutW
EnableWindow
CloseClipboard
DefDlgProcW
SetMenu
TranslateAcceleratorW
VerQueryValueW
GetFileVersionInfoW
GetFileVersionInfoSizeW
mixerGetLineControlsW
mixerGetControlDetailsW
mixerOpen
waveOutSetVolume
mixerSetControlDetails
mciSendStringW
mixerClose
mixerGetDevCapsW
waveOutGetVolume
mixerGetLineInfoW
joyGetPosEx
joyGetDevCapsW
WSAStartup
gethostbyname
gethostname
inet_addr
WSACleanup
CreateStreamOnHGlobal
OleUninitialize
CoUninitialize
CoInitialize
OleInitialize
CoCreateInstance
CoGetObject
CLSIDFromString
StringFromGUID2
Number of PE resources by type
RT_ICON 9
RT_GROUP_ICON 5
RT_DIALOG 1
RT_MANIFEST 1
RT_MENU 1
RT_RCDATA 1
RT_ACCELERATOR 1
RT_VERSION 1
Number of PE resources by language
ENGLISH US 20
PE resources
ExifTool file metadata
UninitializedDataSize
0

LinkerVersion
10.0

ImageVersion
0.0

FileVersionNumber
1.1.30.0

LanguageCode
English (U.S.)

FileFlagsMask
0x0017

ImageFileCharacteristics
No relocs, Executable, 32-bit

CharacterSet
Unicode

InitializedDataSize
206336

EntryPoint
0x90bc3

MIMEType
application/octet-stream

FileVersion
1.1.30.00

TimeStamp
2018:08:22 08:49:11+01:00

FileType
Win32 EXE

PEType
PE32

ProductVersion
1.1.30.00

SubsystemVersion
5.0

OSVersion
5.0

FileOS
Win32

Subsystem
Windows GUI

MachineType
Intel 386 or later, and compatibles

CodeSize
645120

FileSubtype
0

ProductVersionNumber
1.1.30.0

FileTypeExtension
exe

ObjectFileType
Executable application

File identification
MD5 443d08b3e5573b48cb38900a8660799b
SHA1 d0f3d50bd12af31a965546dd2ff085e906d1e5ec
SHA256 ba218aedb66df27b48618ed42939f9a0a8460fb186af151a3975d87684898bf6
ssdeep
24576:kAGVqpTLHlrS6ah4PzbZrdP8UkuywMaAWUSjx:kRVQHt8UbRMaRUy

authentihash 6d7e4b752134db0897233cf7b440f5869199afee3fced71302fa3a748a6a24a2
imphash 847c3746fe942bb10b09e9ad7a65deac
File size 832.5 KB ( 852480 bytes )
File type Win32 EXE
Magic literal
PE32 executable for MS Windows (GUI) Intel 80386 32-bit

TrID Win32 Executable MS Visual C++ (generic) (35.0%)
Win64 Executable (generic) (31.0%)
Windows screen saver (14.7%)
Win32 Dynamic Link Library (generic) (7.3%)
Win32 Executable (generic) (5.0%)
Tags
peexe

VirusTotal metadata
First submission 2018-10-23 08:26:49 UTC ( 5 months, 3 weeks ago )
Last submission 2018-11-06 07:11:04 UTC ( 5 months, 1 week ago )
File names 443d08b3e5573b48cb38900a8660799b
443d08b3e5573b48cb38900a8660799b
No comments. No VirusTotal Community member has commented on this item yet, be the first one to do so!

Leave your comment...

?
Post comment

You have not signed in. Only registered users can leave comments, sign in and have a voice!

No votes. No one has voted on this item yet, be the first one to do so!
Condensed report! The following is a condensed report of the behaviour of the file when executed in a controlled environment. The actions and events described were either performed by the file itself or by any other process launched by the executed file or subjected to code injection by the executed file.
Searched windows
Runtime DLLs