× Cookies are disabled! This site requires cookies to be enabled to work properly
SHA256: bc30d985163b94386253529b970638bc75350bb0de87d41cf237b596ad340637
File name: dc21a2f1af89c4cd1c955cc801c183db.virus
Detection ratio: 37 / 66
Analysis date: 2018-10-23 11:39:53 UTC ( 5 months ago ) View latest
Antivirus Result Update
Ad-Aware Trojan.Agent.DGXZ 20181023
AhnLab-V3 Trojan/Win32.Agent.C2765628 20181023
ALYac Trojan.Agent.DGXZ 20181023
Antiy-AVL Trojan[Spy]/Win32.Ursnif 20181023
Arcabit Trojan.Agent.DGXZ 20181023
Avast Win32:Malware-gen 20181023
AVG Win32:Malware-gen 20181023
BitDefender Trojan.Agent.DGXZ 20181023
Bkav W32.eHeur.Malware08 20181023
Cylance Unsafe 20181023
DrWeb Trojan.PWS.Banker1.28481 20181023
Emsisoft Trojan.Agent.DGXZ (B) 20181023
Endgame malicious (high confidence) 20180730
ESET-NOD32 a variant of Win32/Kryptik.GLTE 20181023
F-Secure Trojan.Agent.DGXZ 20181023
Fortinet W32/Kryptik.GLTV!tr 20181023
GData Trojan.Agent.DGXZ 20181023
Sophos ML heuristic 20180717
Jiangmin TrojanSpy.Ursnif.bpy 20181023
K7AntiVirus Trojan ( 0053f20e1 ) 20181023
K7GW Trojan ( 0053f20e1 ) 20181023
Kaspersky Trojan-Spy.Win32.Ursnif.aatq 20181023
Malwarebytes Trojan.Ursnif 20181023
MAX malware (ai score=89) 20181023
McAfee GenericRXGN-FB!DC21A2F1AF89 20181023
McAfee-GW-Edition GenericRXGN-FB!DC21A2F1AF89 20181023
Microsoft Trojan:Win32/Skeeyah.A!rfn 20181023
eScan Trojan.Agent.DGXZ 20181023
NANO-Antivirus Trojan.Win32.Ursnif.fjhbne 20181023
Panda Trj/GdSda.A 20181022
Qihoo-360 HEUR/QVM10.1.B76D.Malware.Gen 20181023
Sophos AV Mal/Generic-S 20181023
Symantec ML.Attribute.HighConfidence 20181023
TACHYON Trojan-Spy/W32.Ursnif.413696 20181023
VBA32 TrojanSpy.Ursnif 20181023
Webroot W32.Trojan.Gen 20181023
ZoneAlarm by Check Point Trojan-Spy.Win32.Ursnif.aatq 20181023
AegisLab 20181023
Alibaba 20180921
Avast-Mobile 20181023
Avira (no cloud) 20181023
Babable 20180918
Baidu 20181023
CAT-QuickHeal 20181022
ClamAV 20181023
CMC 20181023
CrowdStrike Falcon (ML) 20180723
Cybereason 20180225
Cyren 20181023
eGambit 20181023
F-Prot 20181023
Kingsoft 20181023
Palo Alto Networks (Known Signatures) 20181023
Rising 20181023
SentinelOne (Static ML) 20181011
SUPERAntiSpyware 20181022
Symantec Mobile Insight 20181001
Tencent 20181023
TheHacker 20181018
TotalDefense 20181023
TrendMicro 20181023
TrendMicro-HouseCall 20181023
Trustlook 20181023
ViRobot 20181023
Yandex 20181022
Zillya 20181022
Zoner 20181022
The file being studied is a Portable Executable file! More specifically, it is a Win32 EXE file for the Windows GUI subsystem.
FileVersionInfo properties
PE header basic information
Target machine Intel 386 or later processors and compatible processors
Compilation timestamp 2012-10-17 10:26:25
Entry Point 0x000072AD
Number of sections 4
PE sections
PE imports
HeapSize
GetLastError
TlsGetValue
HeapFree
GetStdHandle
EnterCriticalSection
LCMapStringW
SetHandleCount
LoadLibraryW
GetConsoleCP
GetOEMCP
QueryPerformanceCounter
IsDebuggerPresent
EncodePointer
TlsAlloc
FlushFileBuffers
GetEnvironmentStringsW
GetLocaleInfoW
RtlUnwind
GetLocalTime
DeleteCriticalSection
GetCurrentProcess
EnumSystemLocalesA
GetLocaleInfoA
GetConsoleMode
GetStringTypeW
GetCurrentProcessId
GetUserDefaultLCID
GetCommandLineW
IsValidCodePage
GetCPInfo
UnhandledExceptionFilter
LoadLibraryExW
MultiByteToWideChar
GetStartupInfoW
SetStdHandle
FreeEnvironmentStringsW
InitializeCriticalSectionAndSpinCount
GetProcAddress
HeapWalk
GetFileType
ExitProcess
RaiseException
WideCharToMultiByte
GetModuleFileNameW
TlsFree
SetFilePointer
GetSystemTimeAsFileTime
HeapSetInformation
ReadFile
InterlockedExchange
SetUnhandledExceptionFilter
WriteFile
CloseHandle
IsProcessorFeaturePresent
IsValidLocale
GetACP
HeapReAlloc
DecodePointer
GetModuleHandleW
TerminateProcess
InitializeCriticalSection
HeapCreate
CreateFileW
InterlockedDecrement
Sleep
SetLastError
GetTickCount
TlsSetValue
HeapAlloc
GetCurrentThreadId
LeaveCriticalSection
WriteConsoleW
InterlockedIncrement
OleUninitialize
OleCreate
OleInitialize
Number of PE resources by type
RT_ICON 9
RT_STRING 2
RT_MANIFEST 1
RT_RCDATA 1
RT_VERSION 1
RT_GROUP_ICON 1
Number of PE resources by language
ENGLISH US 15
PE resources
Debug information
ExifTool file metadata
LegalTrademarks
Spring wonder Stickgrand dead grow

SubsystemVersion
5.1

LinkerVersion
10.0

ImageVersion
0.0

FileSubtype
0

FileVersionNumber
15.6.83.89

LanguageCode
English (U.S.)

FileFlagsMask
0x0000

FileDescription
Application Development Resources Clothe

ImageFileCharacteristics
No relocs, Executable, 32-bit

CharacterSet
Unknown (04E0)

InitializedDataSize
275968

EntryPoint
0x72ad

OriginalFileName
minecook.exe

MIMEType
application/octet-stream

LegalCopyright
There

FileVersion
15.6.83.89

TimeStamp
2012:10:17 11:26:25+01:00

FileType
Win32 EXE

PEType
PE32

InternalName
Application Development Resources Clothe

ProductVersion
15.6.83.89

UninitializedDataSize
0

OSVersion
5.1

FileOS
Win32

Subsystem
Windows GUI

MachineType
Intel 386 or later, and compatibles

CodeSize
179712

ProductName
Application Development Resources Clothe

ProductVersionNumber
15.6.83.89

FileTypeExtension
exe

ObjectFileType
Executable application

File identification
MD5 dc21a2f1af89c4cd1c955cc801c183db
SHA1 0bc7e3ffe9f69226439ddab308e9c0ec43d0a504
SHA256 bc30d985163b94386253529b970638bc75350bb0de87d41cf237b596ad340637
ssdeep
6144:eZbVRyqUVsg44tAUOb1W36A8z9UrTHANGRP5OY2k:WV0hD44t4Uq5cTHANG37X

authentihash 93d8041662d30fc215b292964f8aa8fc0c6e489a27b1d1ad2734a39aa1d7e0df
imphash 151a6a154ababb03c9214273ea31e77f
File size 404.0 KB ( 413696 bytes )
File type Win32 EXE
Magic literal
PE32 executable for MS Windows (GUI) Intel 80386 32-bit

TrID Win32 Executable MS Visual C++ (generic) (41.0%)
Win64 Executable (generic) (36.3%)
Win32 Dynamic Link Library (generic) (8.6%)
Win32 Executable (generic) (5.9%)
OS/2 Executable (generic) (2.6%)
Tags
peexe

VirusTotal metadata
First submission 2018-10-23 11:39:53 UTC ( 5 months ago )
Last submission 2018-10-23 11:39:53 UTC ( 5 months ago )
File names dc21a2f1af89c4cd1c955cc801c183db.virus
No comments. No VirusTotal Community member has commented on this item yet, be the first one to do so!

Leave your comment...

?
Post comment

You have not signed in. Only registered users can leave comments, sign in and have a voice!

No votes. No one has voted on this item yet, be the first one to do so!