× Cookies are disabled! This site requires cookies to be enabled to work properly
SHA256: bc680617133a0734f3b2f40204d8d41305669318704ce20a3c627b6bca1d3663
File name: 2AF0000.mem
Detection ratio: 37 / 70
Analysis date: 2018-12-01 22:10:06 UTC ( 2 months, 2 weeks ago ) View latest
Antivirus Result Update
Ad-Aware Gen:Variant.Graftor.497274 20181201
AhnLab-V3 Trojan/Win32.Trickbot.C2618725 20181201
ALYac Gen:Variant.Graftor.497274 20181201
Arcabit Trojan.Graftor.D7967A 20181201
Avira (no cloud) HEUR/AGEN.1035581 20181201
BitDefender Gen:Variant.Graftor.497274 20181201
ClamAV Win.Trojan.Trickbot-6335790-0 20181201
CrowdStrike Falcon (ML) malicious_confidence_90% (W) 20181022
Cybereason malicious.933db8 20180225
Cylance Unsafe 20181201
Emsisoft Gen:Variant.Graftor.497274 (B) 20181201
Endgame malicious (high confidence) 20181108
ESET-NOD32 a variant of Win32/TrickBot.AQ 20181201
F-Prot W32/FakeAlert.FY.gen!Eldorado 20181201
F-Secure Gen:Variant.Graftor.497274 20181201
Fortinet W32/Generic.AP.157C834!tr 20181201
GData Gen:Variant.Graftor.497274 20181201
Ikarus Trojan-Banker.TrickBot 20181201
Sophos ML heuristic 20181128
K7GW Trojan ( 0052f2dc1 ) 20181201
MAX malware (ai score=100) 20181201
McAfee Trojan-FPWA!FBAA16465BDD 20181201
McAfee-GW-Edition BehavesLike.Win32.Ransom.ch 20181201
Microsoft Trojan:Win32/Totbrick.H 20181201
eScan Gen:Variant.Graftor.497274 20181201
Palo Alto Networks (Known Signatures) generic.ml 20181201
Panda Trj/GdSda.A 20181201
Qihoo-360 HEUR/QVM10.2.8F40.Malware.Gen 20181201
Rising Trojan.TrickBot!8.E313 (CLOUD) 20181201
SentinelOne (Static ML) static engine - malicious 20181011
Sophos AV Mal/Generic-S 20181201
Symantec ML.Attribute.HighConfidence 20181201
Trapmine malicious.high.ml.score 20181128
TrendMicro TROJ_GEN.R002C0DKU18 20181201
TrendMicro-HouseCall TROJ_GEN.R002C0DKU18 20181201
VBA32 BScope.Trojan.Downloader 20181130
ViRobot Trojan.Win32.Z.Graftor.176640.G 20181201
AegisLab 20181201
Alibaba 20180921
Antiy-AVL 20181201
Avast 20181203
Avast-Mobile 20181201
AVG 20181203
Babable 20180918
Baidu 20181130
Bkav 20181129
CAT-QuickHeal 20181201
CMC 20181201
Comodo 20181201
Cyren 20181201
DrWeb 20181201
eGambit 20181201
Jiangmin 20181201
K7AntiVirus 20181201
Kaspersky 20181201
Kingsoft 20181201
Malwarebytes 20181201
NANO-Antivirus 20181201
SUPERAntiSpyware 20181128
Symantec Mobile Insight 20181121
TACHYON 20181201
Tencent 20181201
TheHacker 20181129
TotalDefense 20181201
Trustlook 20181201
VIPRE 20181201
Webroot 20181201
Yandex 20181130
Zillya 20181130
ZoneAlarm by Check Point 20181201
Zoner 20181201
The file being studied is a Portable Executable file! More specifically, it is a Win32 EXE file for the Windows GUI subsystem.
FileVersionInfo properties
PE header basic information
Target machine Intel 386 or later processors and compatible processors
Compilation timestamp 2018-11-28 09:16:54
Entry Point 0x0000AE56
Number of sections 5
PE sections
PE imports
CryptDestroyKey
RegCreateKeyExW
CryptReleaseContext
RegCloseKey
CryptAcquireContextA
RegSetValueExW
CryptSetKeyParam
CryptEncrypt
RegOpenKeyW
CryptDecrypt
RegQueryValueExW
CryptImportKey
CryptStringToBinaryA
GetSystemTime
GetLastError
SystemTimeToFileTime
GetModuleFileNameW
WaitForSingleObject
QueryPerformanceCounter
GetTickCount
LoadLibraryA
lstrlenW
GetCurrentProcess
GetWindowsDirectoryW
GetCurrentProcessId
UnhandledExceptionFilter
DeleteFileA
GetVolumeInformationW
GetStartupInfoW
GetProcAddress
InterlockedCompareExchange
GetTempPathA
LoadLibraryW
GetModuleHandleA
GetSystemDirectoryW
InterlockedExchange
SetUnhandledExceptionFilter
WriteFile
CloseHandle
GetSystemTimeAsFileTime
LocalFree
TerminateProcess
CreateProcessA
CreateProcessW
InterlockedDecrement
Sleep
GetFullPathNameW
CreateFileA
GetCurrentThreadId
SysAllocString
SysFreeString
VariantInit
VariantClear
SysAllocStringLen
SHGetFolderPathW
wsprintfA
wsprintfW
WinHttpSetOption
WinHttpConnect
WinHttpQueryHeaders
WinHttpSendRequest
WinHttpCloseHandle
WinHttpSetTimeouts
WinHttpQueryDataAvailable
WinHttpCrackUrl
WinHttpReceiveResponse
WinHttpOpen
WinHttpOpenRequest
WinHttpReadData
setsockopt
getaddrinfo
gethostname
socket
recv
inet_addr
send
WSACleanup
WSAStartup
freeaddrinfo
connect
htonl
inet_ntoa
htons
closesocket
getpeername
__wgetmainargs
malloc
sscanf
rand
??1type_info@@UAE@XZ
srand
wcsftime
memset
_vsnwprintf
_amsg_exit
?terminate@@YAXXZ
strtok
??2@YAPAXI@Z
memcpy
exit
sprintf
realloc
__setusermatherr
_controlfp
_XcptFilter
_cexit
_CxxThrowException
tolower
_wtoi
__p__commode
_itow
??3@YAXPAX@Z
free
_time64
atoi
_initterm
??_V@YAXPAX@Z
_vsnprintf
strstr
__p__fmode
_localtime64
_exit
_wcmdln
__set_app_type
RtlUnwind
CoInitializeEx
CoInitializeSecurity
Number of PE resources by type
RT_RCDATA 2
Number of PE resources by language
NEUTRAL 2
PE resources
ExifTool file metadata
MIMEType
application/octet-stream

Subsystem
Windows GUI

MachineType
Intel 386 or later, and compatibles

FileTypeExtension
exe

TimeStamp
2018:11:28 10:16:54+01:00

FileType
Win32 EXE

PEType
PE32

CodeSize
146944

LinkerVersion
10.0

ImageFileCharacteristics
Executable, 32-bit

EntryPoint
0xae56

InitializedDataSize
28672

SubsystemVersion
5.1

ImageVersion
0.0

OSVersion
5.1

UninitializedDataSize
0

File identification
MD5 fbaa16465bdd58d739073ba2a424e80e
SHA1 fcce3be933db8eb31b638044731573b3d4f3f7f4
SHA256 bc680617133a0734f3b2f40204d8d41305669318704ce20a3c627b6bca1d3663
ssdeep
3072:f2tCWIN1W4ZCHqbiWjKlMJz8D0Aj5CxqhPRlTB9jIAfAQHeLCLfOv+lqYgwmA0:f2YrN1HN/jE4zW0AjwxqRR/9jIAIQSc2

authentihash 8f3038898008c7d7e5fce13cc27e5b12c770bde05dad4092bc301d45dc602fa0
imphash 25bf9a93cd1c021383748f90b0bc1193
File size 172.5 KB ( 176640 bytes )
File type Win32 EXE
Magic literal
PE32 executable for MS Windows (GUI) Intel 80386 32-bit

TrID Win64 Executable (generic) (61.7%)
Win32 Dynamic Link Library (generic) (14.7%)
Win32 Executable (generic) (10.0%)
OS/2 Executable (generic) (4.5%)
Generic Win/DOS Executable (4.4%)
Tags
peexe

VirusTotal metadata
First submission 2018-11-30 16:57:59 UTC ( 2 months, 2 weeks ago )
Last submission 2018-11-30 16:57:59 UTC ( 2 months, 2 weeks ago )
File names 2AF0000.mem
No comments. No VirusTotal Community member has commented on this item yet, be the first one to do so!

Leave your comment...

?
Post comment

You have not signed in. Only registered users can leave comments, sign in and have a voice!

No votes. No one has voted on this item yet, be the first one to do so!
Condensed report! The following is a condensed report of the behaviour of the file when executed in a controlled environment. The actions and events described were either performed by the file itself or by any other process launched by the executed file or subjected to code injection by the executed file.
Opened files
Read files
Written files
Code injections in the following processes
Created mutexes
Runtime DLLs
HTTP requests
DNS requests
TCP connections
UDP communications