× Cookies are disabled! This site requires cookies to be enabled to work properly
SHA256: be57e8549dfb21552f450156f04d41246c7ef51ff0ba96eed5a0fb260cf07430
File name: b0d68f92a7e0c0bff642083b98627130.vir
Detection ratio: 48 / 66
Analysis date: 2018-05-20 19:01:58 UTC ( 2 days ago )
Antivirus Result Update
Ad-Aware Trojan.GenericKD.12245621 20180520
AegisLab Uds.Dangerousobject.Multi!c 20180520
AhnLab-V3 Trojan/Win32.Trickster.C2124579 20180520
ALYac Trojan.GenericKD.12245621 20180520
Arcabit Trojan.Generic.DBADA75 20180520
Avast Win32:Malware-gen 20180520
AVG Win32:Malware-gen 20180520
Avira (no cloud) TR/Crypt.XPACK.Gen7 20180520
AVware Trojan.Win32.Generic!BT 20180520
Baidu Win32.Trojan.WisdomEyes.16070401.9500.9999 20180518
BitDefender Trojan.GenericKD.12245621 20180520
CAT-QuickHeal Trojan.Mauvaise.SL1 20180520
Cylance Unsafe 20180520
Cyren W32/Trojan.ETBW-3295 20180520
DrWeb Trojan.DownLoader25.31124 20180520
Emsisoft Trojan.GenericKD.12245621 (B) 20180520
Endgame malicious (high confidence) 20180507
ESET-NOD32 a variant of Win32/Kryptik.FWKE 20180520
F-Secure Trojan.GenericKD.12245621 20180520
Fortinet W32/GenKryptik.AVDN!tr 20180520
GData Trojan.GenericKD.12245621 20180520
Ikarus Trojan-Banker.TrickBot 20180520
Sophos ML heuristic 20180503
Jiangmin Trojan.Trickster.qi 20180520
K7AntiVirus Trojan ( 0051662b1 ) 20180520
K7GW Trojan ( 0051662b1 ) 20180520
Kaspersky HEUR:Trojan.Win32.Generic 20180520
Malwarebytes Trojan.TrickBot.Generic 20180520
MAX malware (ai score=88) 20180520
McAfee Trojan-FNZP!B0D68F92A7E0 20180520
McAfee-GW-Edition BehavesLike.Win32.Downloader.gh 20180520
eScan Trojan.GenericKD.12245621 20180520
NANO-Antivirus Trojan.Win32.Trickster.esnuvk 20180520
Palo Alto Networks (Known Signatures) generic.ml 20180520
Panda Trj/GdSda.A 20180520
SentinelOne (Static ML) static engine - malicious 20180225
Sophos AV Mal/Trickbt-A 20180520
SUPERAntiSpyware Trojan.Agent/Gen-TrickBot 20180520
Symantec Trojan.Trickybot!g7 20180519
Tencent Win32.Trojan.Generic.Pfja 20180520
TrendMicro TROJ_GEN.R002C0ODK18 20180520
TrendMicro-HouseCall TSPY_HPTRICKBOT.SMA 20180520
VBA32 BScope.Trojan.Downloader 20180518
VIPRE Trojan.Win32.Generic!BT 20180520
Webroot W32.Trojan.GenKD 20180520
Yandex Trojan.Trickster! 20180518
Zillya Trojan.GenericKD.Win32.73961 20180519
ZoneAlarm by Check Point HEUR:Trojan.Win32.Generic 20180520
Alibaba 20180518
Antiy-AVL 20180520
Avast-Mobile 20180520
Babable 20180406
Bkav 20180518
ClamAV 20180520
CMC 20180520
Comodo 20180520
CrowdStrike Falcon (ML) 20180202
Cybereason None
eGambit 20180520
F-Prot 20180520
Kingsoft 20180520
Microsoft 20180520
nProtect 20180520
Qihoo-360 20180520
Rising 20180520
Symantec Mobile Insight 20180518
TheHacker 20180516
TotalDefense 20180520
Trustlook 20180520
ViRobot 20180520
Zoner 20180519
The file being studied is a Portable Executable file! More specifically, it is a Win32 EXE file for the Windows GUI subsystem.
PE header basic information
Target machine Intel 386 or later processors and compatible processors
Compilation timestamp 2015-06-14 16:19:12
Entry Point 0x00001110
Number of sections 3
PE sections
PE imports
GetLastError
GetStartupInfoA
lstrcmpA
GetSystemInfo
GetModuleHandleA
lstrcatA
GetCurrentDirectoryA
lstrlenA
CreateFileA
GetVersionExA
_except_handler3
_acmdln
__p__fmode
_adjust_fdiv
__p__commode
_controlfp
exit
_XcptFilter
__getmainargs
_initterm
_exit
__setusermatherr
__set_app_type
SetFocus
GetMessageA
GetParent
EndDialog
BeginPaint
PostQuitMessage
DefWindowProcA
DrawFocusRect
FlashWindowEx
SetWindowPos
SetWindowLongW
GetWindowRect
DispatchMessageA
EndPaint
MoveWindow
TranslateMessage
DialogBoxParamA
GetScrollInfo
RegisterClassExA
DrawTextA
LoadBitmapW
LoadStringA
GetWindowLongW
SendMessageA
InvalidateRect
wsprintfA
DrawFrameControl
CreateWindowExA
LoadIconA
DeferWindowPos
EnableWindow
GetKeyState
IsChild
DestroyWindow
Number of PE resources by type
RT_MENU 1
Number of PE resources by language
ENGLISH US 1
PE resources
ExifTool file metadata
MIMEType
application/octet-stream

Subsystem
Windows GUI

MachineType
Intel 386 or later, and compatibles

FileTypeExtension
exe

TimeStamp
2015:06:14 17:19:12+01:00

FileType
Win32 EXE

PEType
PE32

CodeSize
34304

LinkerVersion
5.0

EntryPoint
0x1110

InitializedDataSize
465920

SubsystemVersion
4.0

ImageVersion
0.0

OSVersion
4.0

UninitializedDataSize
0

File identification
MD5 b0d68f92a7e0c0bff642083b98627130
SHA1 12f2768b5b188b52379b6f3058d65a6e5ee58471
SHA256 be57e8549dfb21552f450156f04d41246c7ef51ff0ba96eed5a0fb260cf07430
ssdeep
12288:bBvDwXM/G6kaveUElvO/zp5VMuRNXI10:b9E8/Gjav1ElyNc

authentihash 8a7cac6fee8705c379dff4a9c11b1550736d97c9b78c5f1505c8b31a9386df25
imphash 1e8f4dc52b712ce21839c41f835ce06a
File size 489.5 KB ( 501248 bytes )
File type Win32 EXE
Magic literal
PE32 executable for MS Windows (GUI) Intel 80386 32-bit

TrID Win32 Executable MS Visual C++ (generic) (41.0%)
Win64 Executable (generic) (36.3%)
Win32 Dynamic Link Library (generic) (8.6%)
Win32 Executable (generic) (5.9%)
OS/2 Executable (generic) (2.6%)
Tags
peexe

VirusTotal metadata
First submission 2017-09-07 22:58:41 UTC ( 8 months, 2 weeks ago )
Last submission 2018-05-20 19:01:58 UTC ( 2 days ago )
File names 12f2768b5b188b52379b6f3058d65a6e5ee58471
b0d68f92a7e0c0bff642083b98627130.vir
b0d68f92a7e0c0bff642083b98627130.virobj
b0d68f92a7e0c0bff642083b98627130.vir
No comments. No VirusTotal Community member has commented on this item yet, be the first one to do so!

Leave your comment...

?
Post comment

You have not signed in. Only registered users can leave comments, sign in and have a voice!

No votes. No one has voted on this item yet, be the first one to do so!
Condensed report! The following is a condensed report of the behaviour of the file when executed in a controlled environment. The actions and events described were either performed by the file itself or by any other process launched by the executed file or subjected to code injection by the executed file.
Opened files
Read files
Written files
Copied files
Deleted files
Created processes
Terminated processes
Created mutexes
Opened mutexes
Opened service managers
Opened services
Runtime DLLs
HTTP requests
DNS requests
TCP connections
UDP communications