× Cookies are disabled! This site requires cookies to be enabled to work properly
SHA256: bccab45cc546360661a89b80f60d1ba1d440845f1288782af6b592b76274576c
File name: vt-upload-MejX1
Detection ratio: 53 / 68
Analysis date: 2018-08-03 10:52:53 UTC ( 3 months, 1 week ago )
Antivirus Result Update
Ad-Aware Trojan.Ransom.Cerber.1 20180803
AegisLab Trojan.Win32.Generic.4!c 20180803
AhnLab-V3 Trojan/Win32.Gen.C402161 20180803
ALYac Trojan.Ransom.Cerber.1 20180803
Antiy-AVL Trojan[Spy]/Win32.Zbot 20180803
Arcabit Trojan.Ransom.Cerber.1 20180803
Avast FileRepMalware 20180802
AVG FileRepMalware 20180802
Avira (no cloud) HEUR/AGEN.1014958 20180803
AVware Trojan.Win32.Generic!BT 20180727
Baidu Win32.Trojan.WisdomEyes.16070401.9500.9785 20180802
BitDefender Trojan.Ransom.Cerber.1 20180803
CAT-QuickHeal TrojanPWS.Zbot 20180803
Comodo UnclassifiedMalware 20180803
CrowdStrike Falcon (ML) malicious_confidence_100% (D) 20180723
Cybereason malicious.e89667 20180225
Cylance Unsafe 20180803
Cyren W32/Ransom.WXTO-5791 20180803
DrWeb Trojan.PWS.Panda.2977 20180803
Emsisoft Trojan.Ransom.Cerber.1 (B) 20180803
Endgame malicious (high confidence) 20180730
ESET-NOD32 Win32/Spy.Zbot.AAO 20180803
F-Secure Trojan.Ransom.Cerber.1 20180803
Fortinet W32/Zbot.AAO!tr.spy 20180803
GData Trojan.Ransom.Cerber.1 20180803
Ikarus Trojan.SuspectCRC 20180803
Sophos ML heuristic 20180717
Jiangmin Trojan.Generic.ksv 20180803
K7AntiVirus Spyware ( 004b908d1 ) 20180803
K7GW Spyware ( 004b908d1 ) 20180803
Kaspersky HEUR:Trojan.Win32.Generic 20180803
MAX malware (ai score=88) 20180803
McAfee PWSZbot-FABA!06ADA3BE8966 20180803
McAfee-GW-Edition PWSZbot-FABA!06ADA3BE8966 20180803
Microsoft PWS:Win32/Zbot 20180803
eScan Trojan.Ransom.Cerber.1 20180803
NANO-Antivirus Trojan.Win32.Zbot.cxqclj 20180803
Palo Alto Networks (Known Signatures) generic.ml 20180803
Panda Trj/Genetic.gen 20180802
Qihoo-360 HEUR/Malware.QVM20.Gen 20180803
Rising Malware.Undefined!8.C (TFE:2:fHhcOuBGTlH) 20180803
SentinelOne (Static ML) static engine - malicious 20180701
Sophos AV Mal/Generic-S 20180803
Symantec Packed.Generic.530 20180803
Tencent Win32.Trojan.Generic.Gcb 20180803
TrendMicro TROJ_SPNR.0BGN14 20180803
TrendMicro-HouseCall TROJ_SPNR.0BGN14 20180803
VBA32 TrojanSpy.Zbot 20180802
VIPRE Trojan.Win32.Generic!BT 20180803
ViRobot Trojan.Win32.Z.Zbot.292864.H 20180803
Webroot W32.InfoStealer.Zeus 20180803
Yandex TrojanSpy.Zbot!0plJnsQxsHo 20180803
ZoneAlarm by Check Point HEUR:Trojan.Win32.Generic 20180803
Alibaba 20180713
Avast-Mobile 20180802
Babable 20180725
Bkav 20180803
ClamAV 20180803
CMC 20180803
eGambit 20180803
F-Prot 20180803
Kingsoft 20180803
Malwarebytes 20180803
SUPERAntiSpyware 20180803
Symantec Mobile Insight 20180801
TACHYON 20180803
TheHacker 20180802
TotalDefense 20180803
Trustlook 20180803
Zillya 20180802
Zoner 20180803
The file being studied is a Portable Executable file! More specifically, it is a Win32 EXE file for the Windows GUI subsystem.
PE header basic information
Target machine Intel 386 or later processors and compatible processors
Compilation timestamp 2014-02-08 02:32:28
Entry Point 0x0000264F
Number of sections 4
PE sections
Overlays
MD5 7c5c2b8d2ae13fb06cd2929f370fc5ab
File type data
Offset 291840
Size 1024
Entropy 7.79
PE imports
RegOpenKeyExA
RegSetValueExA
RegQueryValueExA
RegCloseKey
RegCreateKeyExA
GetObjectA
LineTo
DeleteDC
SelectObject
MoveToEx
CreatePen
GetStockObject
BitBlt
CreateCompatibleDC
DeleteObject
GetLastError
EnterCriticalSection
SetEvent
QueryPerformanceCounter
IsDebuggerPresent
GetTickCount
TlsAlloc
VirtualProtect
DeleteCriticalSection
GetStartupInfoA
GetCurrentProcessId
UnhandledExceptionFilter
GetCommandLineA
InterlockedCompareExchange
CreateThread
InterlockedExchange
SetUnhandledExceptionFilter
GetCurrentProcess
CloseHandle
GetSystemTimeAsFileTime
TerminateProcess
InitializeCriticalSection
CreateEventA
Sleep
ExitProcess
GetCurrentThreadId
LeaveCriticalSection
GetMessageA
UpdateWindow
EndDialog
LoadMenuA
PostQuitMessage
DefWindowProcA
SetWindowPos
SendDlgItemMessageA
GetSystemMetrics
DispatchMessageA
EndPaint
SetDlgItemTextA
PostMessageA
GetDlgItemTextA
TranslateMessage
DialogBoxParamA
GetDlgItemInt
RegisterClassExA
BeginPaint
SetWindowTextA
CheckMenuItem
LoadStringA
GetWindowPlacement
SendMessageA
CloseWindow
GetDlgItem
DrawMenuBar
WinHelpA
InvalidateRect
LoadAcceleratorsA
GetSubMenu
CreateWindowExA
LoadCursorA
LoadIconA
TrackPopupMenu
TranslateAcceleratorA
SetDlgItemInt
ModifyMenuA
setsockopt
socket
recv
inet_addr
send
WSACleanup
WSAStartup
gethostbyname
select
connect
shutdown
htons
closesocket
WSAGetLastError
Number of PE resources by type
RT_ICON 7
RT_DIALOG 6
RT_GROUP_ICON 1
Number of PE resources by language
ENGLISH US 14
PE resources
ExifTool file metadata
MIMEType
application/octet-stream

Subsystem
Windows GUI

MachineType
Intel 386 or later, and compatibles

FileTypeExtension
exe

TimeStamp
2014:02:08 03:32:28+01:00

FileType
Win32 EXE

PEType
PE32

CodeSize
258048

LinkerVersion
9.0

ImageFileCharacteristics
No relocs, Executable, No line numbers, 32-bit

EntryPoint
0x264f

InitializedDataSize
32768

SubsystemVersion
5.0

ImageVersion
0.0

OSVersion
5.0

UninitializedDataSize
0

File identification
MD5 06ada3be8966713f7e3bfe34b03c898c
SHA1 b26deaa79218179b9962f06516befe37763f4f37
SHA256 bccab45cc546360661a89b80f60d1ba1d440845f1288782af6b592b76274576c
ssdeep
6144:a6x+O+0B899m5LrZ/XSXnI3zHWRb9ZhHosAQSZQSY6N8Dd6Vdqmc:a6sO+X9m5XZ/XSXI2bzFoQS5N4MVS

authentihash d226b263a4c8314403fcf00b9596a0b1b9249f5f7967adf9ecee48ffaa683b14
imphash 927de8a9597de2ceb5c70bacee8a9019
File size 286.0 KB ( 292864 bytes )
File type Win32 EXE
Magic literal
PE32 executable for MS Windows (GUI) Intel 80386 32-bit

TrID Win32 Executable MS Visual C++ (generic) (41.0%)
Win64 Executable (generic) (36.3%)
Win32 Dynamic Link Library (generic) (8.6%)
Win32 Executable (generic) (5.9%)
OS/2 Executable (generic) (2.6%)
Tags
peexe overlay

VirusTotal metadata
First submission 2014-05-13 05:13:15 UTC ( 4 years, 6 months ago )
Last submission 2014-05-13 05:13:15 UTC ( 4 years, 6 months ago )
File names vt-upload-MejX1
Advanced heuristic and reputation engines
Symantec reputation Suspicious.Insight
No comments. No VirusTotal Community member has commented on this item yet, be the first one to do so!

Leave your comment...

?
Post comment

You have not signed in. Only registered users can leave comments, sign in and have a voice!

No votes. No one has voted on this item yet, be the first one to do so!
Condensed report! The following is a condensed report of the behaviour of the file when executed in a controlled environment. The actions and events described were either performed by the file itself or by any other process launched by the executed file or subjected to code injection by the executed file.
Opened files
Read files
Written files
Copied files
Moved files
Deleted files
Created processes
Code injections in the following processes
Created mutexes
Opened mutexes
Searched windows
Opened service managers
Opened services
Runtime DLLs
Additional details
The file sends control codes directly to certain device drivers making use of the DeviceIoControl Windows API function.
DNS requests