× Cookies are disabled! This site requires cookies to be enabled to work properly
SHA256: be5f9cb26cfadb5329b9abe9393dadb6044667e5f1171a839d4f028ddc92da06
File name: lunar.gun
Detection ratio: 7 / 65
Analysis date: 2018-10-29 16:43:27 UTC ( 6 months, 3 weeks ago ) View latest
Antivirus Result Update
Avast FileRepMalware 20181029
AVG FileRepMalware 20181029
Bkav W32.eHeur.Malware03 20181029
CrowdStrike Falcon (ML) malicious_confidence_100% (D) 20181022
Endgame malicious (high confidence) 20180730
Microsoft Trojan:Win32/MereTam.A 20181029
Palo Alto Networks (Known Signatures) generic.ml 20181029
Ad-Aware 20181029
AegisLab 20181029
AhnLab-V3 20181029
Alibaba 20180921
ALYac 20181029
Antiy-AVL 20181029
Arcabit 20181029
Avast-Mobile 20181029
Avira (no cloud) 20181029
Babable 20180918
Baidu 20181029
BitDefender 20181029
CAT-QuickHeal 20181028
ClamAV 20181029
CMC 20181029
Cybereason 20180225
Cylance 20181029
Cyren 20181029
DrWeb 20181029
eGambit 20181029
Emsisoft 20181029
ESET-NOD32 20181029
F-Prot 20181029
F-Secure 20181029
Fortinet 20181029
GData 20181029
Ikarus 20181029
Sophos ML 20180717
Jiangmin 20181029
K7AntiVirus 20181029
K7GW 20181029
Kaspersky 20181029
Kingsoft 20181029
Malwarebytes 20181029
MAX 20181029
McAfee 20181029
McAfee-GW-Edition 20181029
eScan 20181029
NANO-Antivirus 20181029
Panda 20181029
Qihoo-360 20181029
Rising 20181029
SentinelOne (Static ML) 20181011
Sophos AV 20181029
SUPERAntiSpyware 20181022
Symantec 20181029
Symantec Mobile Insight 20181026
TACHYON 20181029
Tencent 20181029
TheHacker 20181025
TrendMicro 20181029
TrendMicro-HouseCall 20181029
Trustlook 20181029
VBA32 20181029
ViRobot 20181029
Webroot 20181029
Yandex 20181026
Zillya 20181029
ZoneAlarm by Check Point 20181029
Zoner 20181029
The file being studied is a Portable Executable file! More specifically, it is a Win32 EXE file for the Windows GUI subsystem.
FileVersionInfo properties
PE header basic information
Target machine Intel 386 or later processors and compatible processors
Compilation timestamp 2018-10-29 10:38:53
Entry Point 0x00001965
Number of sections 5
PE sections
PE imports
CryptDestroyKey
CryptReleaseContext
CryptAcquireContextA
CryptImportKey
CryptEncrypt
GetCurrentProcess
TerminateProcess
SetUnhandledExceptionFilter
GetStartupInfoA
GetCurrentProcessId
InterlockedCompareExchange
InterlockedExchange
QueryPerformanceCounter
UnhandledExceptionFilter
IsDebuggerPresent
GetTickCount
GetSystemTimeAsFileTime
Sleep
GetCurrentThreadId
VirtualAlloc
?uncaught_exception@std@@YA_NXZ
??6?$basic_ostream@DU?$char_traits@D@std@@@std@@QAEAAV01@P6AAAV01@AAV01@@Z@Z
?endl@std@@YAAAV?$basic_ostream@DU?$char_traits@D@std@@@1@AAV21@@Z
?sputc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@QAEHD@Z
?cout@std@@3V?$basic_ostream@DU?$char_traits@D@std@@@1@A
?sputn@?$basic_streambuf@DU?$char_traits@D@std@@@std@@QAEHPBDH@Z
?_Unlock@?$basic_streambuf@DU?$char_traits@D@std@@@std@@QAEXXZ
?_Osfx@?$basic_ostream@DU?$char_traits@D@std@@@std@@QAEXXZ
?_Lock@?$basic_streambuf@DU?$char_traits@D@std@@@std@@QAEXXZ
?flush@?$basic_ostream@DU?$char_traits@D@std@@@std@@QAEAAV12@XZ
?setstate@?$basic_ios@DU?$char_traits@D@std@@@std@@QAEXH_N@Z
__p__fmode
memset
__dllonexit
_cexit
_controlfp_s
_invoke_watson
_amsg_exit
?terminate@@YAXXZ
_lock
_onexit
exit
_XcptFilter
_encode_pointer
__setusermatherr
_initterm_e
__p__commode
_adjust_fdiv
_acmdln
_ismbblead
_unlock
_crt_debugger_hook
memcpy
__CxxFrameHandler3
_except_handler4_common
__getmainargs
_exit
_decode_pointer
_configthreadlocale
_initterm
__set_app_type
Number of PE resources by type
RT_ICON 10
RT_MANIFEST 1
RT_GROUP_ICON 1
Number of PE resources by language
ENGLISH US 12
PE resources
Debug information
ExifTool file metadata
MIMEType
application/octet-stream

Subsystem
Windows GUI

SubsystemVersion
5.0

MachineType
Intel 386 or later, and compatibles

TimeStamp
2018:10:29 11:38:53+01:00

FileType
Win32 EXE

PEType
PE32

CodeSize
4096

LinkerVersion
9.0

FileTypeExtension
exe

InitializedDataSize
312832

ImageFileCharacteristics
Executable, 32-bit

EntryPoint
0x1965

OSVersion
5.0

ImageVersion
0.0

UninitializedDataSize
0

Execution parents
File identification
MD5 b534c5de34397da563701aeed0b24dfd
SHA1 2346c4643dedf0e3bf138558da0ce40bdd7472c1
SHA256 be5f9cb26cfadb5329b9abe9393dadb6044667e5f1171a839d4f028ddc92da06
ssdeep
6144:rzV1d4fmhX4qwuAmHGSV+wDjnZl7Yd9RFr4T01mYdn3H+luxL:PV74f0pwuArSV+4r7yzUorn3OIL

authentihash b69b8172b2b431f323901c3050a6d4df56543b434238771731000849bb477869
imphash cb92cffee8fe7c1c596603e303d05bda
File size 310.5 KB ( 317952 bytes )
File type Win32 EXE
Magic literal
PE32 executable for MS Windows (GUI) Intel 80386 32-bit

TrID Win64 Executable (generic) (45.0%)
Microsoft Visual C++ compiled executable (generic) (26.9%)
Win32 Dynamic Link Library (generic) (10.7%)
Win32 Executable (generic) (7.3%)
OS/2 Executable (generic) (3.3%)
Tags
peexe

VirusTotal metadata
First submission 2018-10-29 16:43:27 UTC ( 6 months, 3 weeks ago )
Last submission 2018-11-08 09:08:52 UTC ( 6 months, 2 weeks ago )
File names b634c6de34398da673801aeed0b24dfd_be6f9cb27cfadb6329b9abe9393dadb7044778e6f1181a939d4f029ddc92da07.exe
b534c5de34397da563701aeed0b24dfd
lunar.gun
No comments. No VirusTotal Community member has commented on this item yet, be the first one to do so!

Leave your comment...

?
Post comment

You have not signed in. Only registered users can leave comments, sign in and have a voice!

No votes. No one has voted on this item yet, be the first one to do so!
Condensed report! The following is a condensed report of the behaviour of the file when executed in a controlled environment. The actions and events described were either performed by the file itself or by any other process launched by the executed file or subjected to code injection by the executed file.
Opened files
Read files
Written files
Copied files
Created processes
Created mutexes
Opened mutexes
Opened service managers
Opened services
Runtime DLLs
HTTP requests
DNS requests
TCP connections