× Cookies are disabled! This site requires cookies to be enabled to work properly
SHA256: bcac915a4ad9bb1ec2b0f5ea262046c9a6f86e613f3823271c22118ba28d269c
File name: 071690f5b59e3c77d2f1a33f88045096
Detection ratio: 37 / 67
Analysis date: 2018-10-21 08:27:28 UTC ( 5 months ago ) View latest
Antivirus Result Update
Ad-Aware Trojan.Agent.DGXZ 20181021
AhnLab-V3 Trojan/Win32.Agent.C2765628 20181020
ALYac Trojan.Agent.DGXZ 20181021
Antiy-AVL Trojan[Spy]/Win32.Ursnif 20181019
Arcabit Trojan.Agent.DGXZ 20181021
Avast Win32:Malware-gen 20181021
AVG Win32:Malware-gen 20181021
BitDefender Trojan.Agent.DGXZ 20181021
Bkav W32.eHeur.Malware08 20181019
Cylance Unsafe 20181021
DrWeb Trojan.PWS.Banker1.28481 20181021
Emsisoft Trojan.Agent.DGXZ (B) 20181021
Endgame malicious (high confidence) 20180730
ESET-NOD32 a variant of Win32/Kryptik.GLTE 20181021
F-Secure Trojan.Agent.DGXZ 20181021
Fortinet W32/Kryptik.GLTV!tr 20181021
GData Trojan.Agent.DGXZ 20181021
Ikarus Trojan.Win32.Crypt 20181021
Sophos ML heuristic 20180717
Jiangmin TrojanSpy.Ursnif.bpy 20181021
K7AntiVirus Trojan ( 0053f20e1 ) 20181021
K7GW Trojan ( 0053f20e1 ) 20181021
Kaspersky Trojan-Spy.Win32.Ursnif.aatq 20181021
Malwarebytes Trojan.Ursnif 20181021
MAX malware (ai score=84) 20181021
McAfee GenericRXGN-FB!071690F5B59E 20181021
McAfee-GW-Edition Artemis 20181020
Microsoft Program:Win32/Unwaders.C!ml 20181021
eScan Trojan.Agent.DGXZ 20181021
NANO-Antivirus Trojan.Win32.Ursnif.fjhbne 20181021
Panda Trj/GdSda.A 20181021
Rising Spyware.Ursnif!8.1DEF (RDM+:cmRtazphY5Gfl6891VI/uArfkgKG) 20181021
Sophos AV Mal/Generic-S 20181021
Symantec ML.Attribute.HighConfidence 20181020
TACHYON Trojan-Spy/W32.Ursnif.413696 20181021
Webroot W32.Trojan.Gen 20181021
ZoneAlarm by Check Point Trojan-Spy.Win32.Ursnif.aatq 20181021
AegisLab 20181021
Alibaba 20180921
Avast-Mobile 20181021
Avira (no cloud) 20181020
Babable 20180918
Baidu 20181019
CAT-QuickHeal 20181020
ClamAV 20181021
CMC 20181021
CrowdStrike Falcon (ML) 20180723
Cybereason 20180225
Cyren 20181021
eGambit 20181021
F-Prot 20181021
Kingsoft 20181021
Palo Alto Networks (Known Signatures) 20181021
Qihoo-360 20181021
SentinelOne (Static ML) 20181011
SUPERAntiSpyware 20181015
Symantec Mobile Insight 20181001
Tencent 20181021
TheHacker 20181018
TotalDefense 20181018
TrendMicro 20181021
TrendMicro-HouseCall 20181021
Trustlook 20181021
VBA32 20181019
ViRobot 20181020
Yandex 20181020
Zillya 20181019
Zoner 20181020
The file being studied is a Portable Executable file! More specifically, it is a Win32 EXE file for the Windows GUI subsystem.
FileVersionInfo properties
PE header basic information
Target machine Intel 386 or later processors and compatible processors
Compilation timestamp 2012-10-17 10:26:25
Entry Point 0x000072AD
Number of sections 4
PE sections
PE imports
HeapSize
GetLastError
TlsGetValue
HeapFree
GetStdHandle
EnterCriticalSection
LCMapStringW
SetHandleCount
LoadLibraryW
GetConsoleCP
GetOEMCP
QueryPerformanceCounter
IsDebuggerPresent
EncodePointer
TlsAlloc
FlushFileBuffers
GetEnvironmentStringsW
GetLocaleInfoW
RtlUnwind
GetLocalTime
DeleteCriticalSection
GetCurrentProcess
EnumSystemLocalesA
GetLocaleInfoA
GetConsoleMode
GetStringTypeW
GetCurrentProcessId
GetUserDefaultLCID
GetCommandLineW
IsValidCodePage
GetCPInfo
UnhandledExceptionFilter
LoadLibraryExW
MultiByteToWideChar
GetStartupInfoW
SetStdHandle
FreeEnvironmentStringsW
InitializeCriticalSectionAndSpinCount
GetProcAddress
HeapWalk
GetFileType
ExitProcess
RaiseException
WideCharToMultiByte
GetModuleFileNameW
TlsFree
SetFilePointer
GetSystemTimeAsFileTime
HeapSetInformation
ReadFile
InterlockedExchange
SetUnhandledExceptionFilter
WriteFile
CloseHandle
IsProcessorFeaturePresent
IsValidLocale
GetACP
HeapReAlloc
DecodePointer
GetModuleHandleW
TerminateProcess
InitializeCriticalSection
HeapCreate
CreateFileW
InterlockedDecrement
Sleep
SetLastError
GetTickCount
TlsSetValue
HeapAlloc
GetCurrentThreadId
LeaveCriticalSection
WriteConsoleW
InterlockedIncrement
OleUninitialize
OleCreate
OleInitialize
Number of PE resources by type
RT_ICON 9
RT_STRING 2
RT_MANIFEST 1
RT_RCDATA 1
RT_VERSION 1
RT_GROUP_ICON 1
Number of PE resources by language
ENGLISH US 15
PE resources
Debug information
ExifTool file metadata
LegalTrademarks
Spring wonder Stickgrand dead grow

SubsystemVersion
5.1

LinkerVersion
10.0

ImageVersion
0.0

FileSubtype
0

FileVersionNumber
15.6.83.89

LanguageCode
English (U.S.)

FileFlagsMask
0x0000

FileDescription
Application Development Resources Clothe

ImageFileCharacteristics
No relocs, Executable, 32-bit

CharacterSet
Unknown (04E0)

InitializedDataSize
275968

EntryPoint
0x72ad

OriginalFileName
minecook.exe

MIMEType
application/octet-stream

LegalCopyright
There

FileVersion
15.6.83.89

TimeStamp
2012:10:17 12:26:25+02:00

FileType
Win32 EXE

PEType
PE32

InternalName
Application Development Resources Clothe

ProductVersion
15.6.83.89

UninitializedDataSize
0

OSVersion
5.1

FileOS
Win32

Subsystem
Windows GUI

MachineType
Intel 386 or later, and compatibles

CodeSize
179712

ProductName
Application Development Resources Clothe

ProductVersionNumber
15.6.83.89

FileTypeExtension
exe

ObjectFileType
Executable application

File identification
MD5 071690f5b59e3c77d2f1a33f88045096
SHA1 04a3f2ddcf47a4158a789a6ccfd9019a989036ae
SHA256 bcac915a4ad9bb1ec2b0f5ea262046c9a6f86e613f3823271c22118ba28d269c
ssdeep
6144:eZbVRyqUVsg44tAUOb1z36A8z9UrTHANGRP5OY2k:WV0hD44t4Fq5cTHANG37X

authentihash 98b416c314fa7325072dbe2c138fb7218b719d886d0fe12a64513e2cbc1dae52
imphash 151a6a154ababb03c9214273ea31e77f
File size 404.0 KB ( 413696 bytes )
File type Win32 EXE
Magic literal
PE32 executable for MS Windows (GUI) Intel 80386 32-bit

TrID Win32 Executable MS Visual C++ (generic) (41.0%)
Win64 Executable (generic) (36.3%)
Win32 Dynamic Link Library (generic) (8.6%)
Win32 Executable (generic) (5.9%)
OS/2 Executable (generic) (2.6%)
Tags
peexe

VirusTotal metadata
First submission 2018-10-21 08:27:28 UTC ( 5 months ago )
Last submission 2018-10-21 08:27:28 UTC ( 5 months ago )
No comments. No VirusTotal Community member has commented on this item yet, be the first one to do so!

Leave your comment...

?
Post comment

You have not signed in. Only registered users can leave comments, sign in and have a voice!

No votes. No one has voted on this item yet, be the first one to do so!