× Cookies are disabled! This site requires cookies to be enabled to work properly
SHA256: bf390a0da704a2f74510d09af32ee3bf31f4c7c4c7c38c53e87af1c307fd343e
File name: t.exe
Detection ratio: 10 / 69
Analysis date: 2019-01-15 15:44:41 UTC ( 2 months, 1 week ago ) View latest
Antivirus Result Update
Antiy-AVL Trojan[Ransom]/Win32.Chapak.a 20190115
Avast FileRepMalware 20190115
AVG FileRepMalware 20190115
Cylance Unsafe 20190115
Endgame malicious (high confidence) 20181108
Kaspersky HEUR:Trojan.Win32.Generic 20190114
Microsoft Trojan:Win32/Fuerboos.C!cl 20190114
Qihoo-360 HEUR/QVM10.2.90D7.Malware.Gen 20190115
Rising Trojan.Kryptik!8.8/N3#81% (RDM+:cmRtazo36xl4bIg/FA9Ml+mYbPQM) 20190115
ZoneAlarm by Check Point HEUR:Trojan.Win32.Generic 20190115
Acronis 20190111
Ad-Aware 20190115
AegisLab 20190115
AhnLab-V3 20190114
Alibaba 20180921
ALYac 20190115
Arcabit 20190115
Avast-Mobile 20190115
Avira (no cloud) 20190115
Babable 20180918
Baidu 20190115
BitDefender 20190115
Bkav 20190108
CAT-QuickHeal 20190114
ClamAV 20190115
CMC 20190114
Comodo 20190114
CrowdStrike Falcon (ML) 20181023
Cybereason 20190109
Cyren 20190115
DrWeb 20190114
eGambit 20190115
Emsisoft 20190114
ESET-NOD32 20190114
F-Prot 20190115
F-Secure 20190114
Fortinet 20190114
GData 20190114
Ikarus 20190114
Sophos ML 20181128
Jiangmin 20190114
K7AntiVirus 20190114
K7GW 20190114
Kingsoft 20190115
Malwarebytes 20190114
MAX 20190115
McAfee 20190114
McAfee-GW-Edition 20190114
eScan 20190114
NANO-Antivirus 20190114
Palo Alto Networks (Known Signatures) 20190115
Panda 20190114
SentinelOne (Static ML) 20181223
Sophos AV 20190115
SUPERAntiSpyware 20190109
Symantec 20190115
TACHYON 20190115
Tencent 20190115
TheHacker 20190115
Trapmine 20190103
TrendMicro-HouseCall 20190115
Trustlook 20190115
VBA32 20190115
VIPRE 20190115
ViRobot 20190115
Webroot 20190115
Yandex 20190111
Zillya 20190115
Zoner 20190115
The file being studied is a Portable Executable file! More specifically, it is a Win32 EXE file for the Windows GUI subsystem.
FileVersionInfo properties
PE header basic information
Target machine Intel 386 or later processors and compatible processors
Compilation timestamp 2018-07-19 08:38:36
Entry Point 0x00002D76
Number of sections 5
PE sections
PE imports
GetEnhMetaFileA
SetDCPenColor
SetStretchBltMode
CreateDiscardableBitmap
GetColorSpace
SetPixelV
CreateCompatibleDC
GetStdHandle
GetConsoleOutputCP
HeapDestroy
FreeEnvironmentStringsA
DeleteCriticalSection
GetCurrentProcess
GetConsoleMode
GetLocaleInfoA
FreeEnvironmentStringsW
GetLocaleInfoW
SetStdHandle
WideCharToMultiByte
GetStringTypeA
InterlockedExchange
FindResourceExW
GetSystemTimeAsFileTime
HeapReAlloc
GetStringTypeW
GetOEMCP
InterlockedDecrement
SetLastError
IsDebuggerPresent
HeapAlloc
GetModuleFileNameA
EnumSystemLocalesA
SetConsoleCtrlHandler
UnhandledExceptionFilter
TlsGetValue
MultiByteToWideChar
FatalAppExitA
SetUnhandledExceptionFilter
GetSystemTimes
ExitThread
SetEnvironmentVariableA
TerminateProcess
FindCloseChangeNotification
WriteConsoleA
GetCurrentThreadId
LeaveCriticalSection
WriteConsoleW
InitializeCriticalSectionAndSpinCount
HeapFree
EnterCriticalSection
SetHandleCount
FreeLibrary
QueryPerformanceCounter
GetTickCount
TlsAlloc
VirtualProtect
FlushFileBuffers
LoadLibraryA
RtlUnwind
GetStartupInfoA
GetDateFormatA
AddAtomA
GetStartupInfoW
GetCPInfo
GetProcAddress
SetSystemTimeAdjustment
GetComputerNameW
CompareStringW
GetTimeFormatA
IsValidLocale
GetUserDefaultLCID
GetTimeZoneInformation
GetFileType
TlsSetValue
CreateFileA
ExitProcess
InterlockedIncrement
GetLastError
LCMapStringW
FindFirstChangeNotificationA
GlobalFree
GetConsoleCP
LCMapStringA
SetProcessShutdownParameters
GetEnvironmentStringsW
GetEnvironmentStrings
UnregisterWait
GetCurrentProcessId
GetCurrentDirectoryA
HeapSize
GetCommandLineA
GetCurrentThread
RaiseException
TlsFree
SetFilePointer
ReadFile
CloseHandle
GetACP
GetModuleHandleW
IsValidCodePage
HeapCreate
WriteFile
VirtualFree
Sleep
VirtualAlloc
CompareStringA
SHGetFileInfoA
DragQueryFileW
ShellExecuteW
SHGetFileInfoW
ShellAboutW
DragQueryFileA
Shell_NotifyIconA
DestroyIcon
BeginPaint
LoadCursorW
MapVirtualKeyExW
GetDialogBaseUnits
PeekMessageA
RegisterRawInputDevices
wsprintfW
CloseClipboard
CallMsgFilterW
GetClipboardSequenceNumber
GetMenuBarInfo
Number of PE resources by type
RT_ICON 6
RT_BITMAP 3
RT_DIALOG 1
WADUTO 1
RT_STRING 1
SOJEVILOHAMOCUGOROZOTAHUJAMIJU 1
NUTAVECEHENUBEPUHUGUWUJEJIXA 1
RT_VERSION 1
RT_GROUP_ICON 1
Number of PE resources by language
SERBIAN DEFAULT 16
PE resources
ExifTool file metadata
UninitializedDataSize
0

LinkerVersion
9.0

ImageVersion
0.0

FileVersionNumber
1.0.0.0

LanguageCode
Unknown (457A)

FileFlagsMask
0x004f

ImageFileCharacteristics
Executable, Large address aware, 32-bit

CharacterSet
Unknown (A56B)

InitializedDataSize
486912

EntryPoint
0x2d76

MIMEType
application/octet-stream

Subsystem
Windows GUI

FileVersion
4.3.3.18

TimeStamp
2018:07:19 10:38:36+02:00

FileType
Win32 EXE

PEType
PE32

InternalName
perani.exe

SubsystemVersion
5.0

OSVersion
5.0

FileOS
Unknown (0x40534)

LegalCopyright
Copyright (C) 2018, gamotob

MachineType
Intel 386 or later, and compatibles

CodeSize
115200

FileSubtype
0

ProductVersionNumber
1.0.0.0

FileTypeExtension
exe

ObjectFileType
Executable application

Execution parents
File identification
MD5 863a57272d343cb1d65f2b11728a0351
SHA1 808d89fa9c5086acece4872a20cf7c5d01982b8b
SHA256 bf390a0da704a2f74510d09af32ee3bf31f4c7c4c7c38c53e87af1c307fd343e
ssdeep
12288:ClI7EqgpXXnXXfXXXWXXXXHXXXXBXXXXgXXXXX5XXXXiXXXX5XXXXXoXXXX0XXXM:ClI7XapOpHKr

authentihash dfeab388a35b4d86dbb964d244ed4eaceafa741c241ea0eb0ae121e9238c6fb9
imphash d738471a6fcd4614f12c6690d84649a4
File size 571.5 KB ( 585216 bytes )
File type Win32 EXE
Magic literal
PE32 executable for MS Windows (GUI) Intel 80386 32-bit

TrID Win32 Executable MS Visual C++ (generic) (41.0%)
Win64 Executable (generic) (36.3%)
Win32 Dynamic Link Library (generic) (8.6%)
Win32 Executable (generic) (5.9%)
OS/2 Executable (generic) (2.6%)
Tags
suspicious-dns peexe nxdomain

VirusTotal metadata
First submission 2019-01-15 15:44:41 UTC ( 2 months, 1 week ago )
Last submission 2019-01-15 15:44:41 UTC ( 2 months, 1 week ago )
File names t.exe
Advanced heuristic and reputation engines
No comments. No VirusTotal Community member has commented on this item yet, be the first one to do so!

Leave your comment...

?
Post comment

You have not signed in. Only registered users can leave comments, sign in and have a voice!

No votes. No one has voted on this item yet, be the first one to do so!
Condensed report! The following is a condensed report of the behaviour of the file when executed in a controlled environment. The actions and events described were either performed by the file itself or by any other process launched by the executed file or subjected to code injection by the executed file.
Opened files
Read files
Copied files
Deleted files
Created processes
Created mutexes
Opened mutexes
Opened service managers
Opened services
Runtime DLLs
HTTP requests
DNS requests
TCP connections