× Cookies are disabled! This site requires cookies to be enabled to work properly
SHA256: bff8fd24fb8ce377ba960ce47974bba8f0dad4f7f1f5c21711e4fa162d65915d
File name: a30cc4a2e8c8d85ef03751d765f6acc0.virobj
Detection ratio: 47 / 65
Analysis date: 2019-03-11 12:26:17 UTC ( 2 months, 1 week ago )
Antivirus Result Update
Acronis suspicious 20190222
Ad-Aware Trojan.GenericKDZ.43399 20190311
AhnLab-V3 Trojan/Win32.Agent.R224787 20190311
ALYac Trojan.GenericKDZ.43399 20190311
Antiy-AVL GrayWare[Adware]/Win32.Adposhel.AY 20190311
Arcabit Trojan.Generic.DA987 20190311
Avast Win32:Adposhel-C [Adw] 20190311
AVG Win32:Adposhel-C [Adw] 20190311
Avira (no cloud) ADWARE/Adposhel.aya 20190311
BitDefender Trojan.GenericKDZ.43399 20190311
CAT-QuickHeal Trojan.Mauvaise.SL1 20190311
Comodo Application.Win32.Adware.Adposhel.AY@7lnbtm 20190311
CrowdStrike Falcon (ML) win/malicious_confidence_100% (D) 20190212
Cybereason malicious.2e8c8d 20190109
Cyren W32/S-eb2065bf!Eldorado 20190311
DrWeb Trojan.Adposhel.25 20190311
Emsisoft Trojan.GenericKDZ.43399 (B) 20190311
Endgame malicious (high confidence) 20190215
ESET-NOD32 a variant of Win32/Adware.Adposhel.AY 20190311
F-Prot W32/S-eb2065bf!Eldorado 20190311
F-Secure Adware.ADWARE/Adposhel.aya 20190311
Fortinet Adware/Adposhel 20190311
GData Trojan.GenericKDZ.43399 20190311
Ikarus PUA.Adposhel 20190311
Sophos ML heuristic 20181128
Jiangmin TrojanDropper.Agent.dgmv 20190311
K7AntiVirus Adware ( 0052d87f1 ) 20190311
K7GW Adware ( 0052d87f1 ) 20190311
Kaspersky Trojan-Dropper.Win32.Agent.bjuwvk 20190311
MAX malware (ai score=80) 20190311
McAfee GenericRXFG-PT!A30CC4A2E8C8 20190311
McAfee-GW-Edition BehavesLike.Win32.AdwareAdposhel.tz 20190311
Microsoft BrowserModifier:Win32/Foniad 20190307
eScan Trojan.GenericKDZ.43399 20190311
NANO-Antivirus Trojan.Win32.Adposhel.fabtlt 20190311
Palo Alto Networks (Known Signatures) generic.ml 20190311
Panda Trj/Genetic.gen 20190310
Qihoo-360 Win32/Trojan.Adware.Adposhel.A 20190311
Rising Adware.Adposhel!1.B180 (CLOUD) 20190311
SentinelOne (Static ML) DFI - Malicious PE 20190311
Sophos AV Adposhel (PUA) 20190311
Tencent Win32.Trojan-dropper.Agent.Liqe 20190311
Trapmine malicious.high.ml.score 20190301
TrendMicro-HouseCall TROJ_GEN.R003C0OC519 20190311
VBA32 OScope.Malware-Cryptor.Kidep 20190311
ViRobot Trojan.Win32.Z.Adposhel.1117184.KBBO 20190311
ZoneAlarm by Check Point Trojan-Dropper.Win32.Agent.bjuwvk 20190311
AegisLab 20190311
Alibaba 20190306
Avast-Mobile 20190311
Babable 20180918
Baidu 20190306
Bkav 20190311
ClamAV 20190311
CMC 20190311
eGambit 20190311
Kingsoft 20190311
Malwarebytes 20190311
SUPERAntiSpyware 20190307
Symantec Mobile Insight 20190220
TACHYON 20190311
TheHacker 20190308
TotalDefense 20190311
Trustlook 20190311
Yandex 20190310
Zoner 20190311
The file being studied is a Portable Executable file! More specifically, it is a Win32 EXE file for the Windows GUI subsystem.
FileVersionInfo properties
PE header basic information
Target machine Intel 386 or later processors and compatible processors
Compilation timestamp 2018-02-09 03:10:52
Entry Point 0x000067EF
Number of sections 4
PE sections
PE imports
RegCreateKeyExW
RegCloseKey
RegQueryValueExW
RegOpenKeyExW
RegSetValueExW
CreateDIBPatternBrushPt
GetDIBColorTable
AddFontResourceA
GetGlyphOutlineW
CreatePen
CreateFontIndirectA
CreatePolygonRgn
AnimatePalette
AddFontResourceW
GetClipBox
GetBitmapBits
GetGlyphOutlineA
GetDeviceGammaRamp
GetDeviceCaps
CreateDCA
DeleteDC
CreateColorSpaceW
GetBoundsRect
GetPixel
GetPixelFormat
CreateDiscardableBitmap
GetBitmapDimensionEx
CreateDCW
CreateBitmapIndirect
CreateHatchBrush
CreatePatternBrush
GetOutlineTextMetricsA
CreateBitmap
CreateFontA
CreatePalette
GetPath
CreateEllipticRgnIndirect
AddFontMemResourceEx
CreateCompatibleDC
CreateFontW
Chord
GetGlyphIndicesA
CreateColorSpaceA
GetGlyphIndicesW
CancelDC
AddFontResourceExW
GetDIBits
DeleteObject
GetLastError
InitializeCriticalSectionAndSpinCount
HeapFree
GetStdHandle
EnterCriticalSection
LCMapStringW
GetConsoleCP
GetOEMCP
QueryPerformanceCounter
IsDebuggerPresent
GetTickCount
TlsAlloc
GetEnvironmentStringsW
FlushFileBuffers
LoadLibraryA
RtlUnwind
GetACP
FreeLibrary
IsProcessorFeaturePresent
DeleteCriticalSection
GetCurrentProcess
GetStartupInfoW
GetConsoleMode
GetCurrentProcessId
OpenProcess
UnhandledExceptionFilter
GetCommandLineW
WideCharToMultiByte
ExitProcess
LoadLibraryExW
MultiByteToWideChar
HeapSize
SetFilePointerEx
FreeEnvironmentStringsW
VirtualProtect
GetCommandLineA
GetProcAddress
InitializeSListHead
GetProcessHeap
SetStdHandle
RaiseException
GetCPInfo
TlsFree
GetModuleHandleA
FindFirstFileExA
SetUnhandledExceptionFilter
WriteFile
CloseHandle
GetSystemTimeAsFileTime
FindNextFileA
DuplicateHandle
HeapReAlloc
GetStringTypeW
GetModuleHandleW
GetFileAttributesExW
TerminateProcess
GetModuleFileNameA
GetModuleHandleExW
IsValidCodePage
SetLastError
CreateFileW
CreateProcessW
FindClose
TlsGetValue
GetFileType
TlsSetValue
HeapAlloc
GetCurrentThreadId
WriteConsoleW
LeaveCriticalSection
SHGetFileInfoA
SHGetFolderPathW
ExtractIconExA
DragAcceptFiles
DuplicateIcon
ShellExecuteW
SHGetDesktopFolder
DragQueryFileA
SHGetPathFromIDListA
SetFocus
DrawEdge
GetForegroundWindow
IsIconic
DrawTextA
SetPropA
EndDialog
EqualRect
InSendMessage
MoveWindow
CharUpperA
GetMessageW
SetWindowTextA
MessageBeep
DrawFocusRect
DrawFrameControl
LoadBitmapA
SetWindowPos
SendDlgItemMessageA
BeginDeferWindowPos
GetNextDlgTabItem
CreateDialogIndirectParamW
DispatchMessageA
EnableWindow
GetWindowLongA
PostMessageA
ReleaseCapture
GetDlgItemTextA
CallWindowProcA
MessageBoxA
PeekMessageA
DrawTextExA
TranslateMessage
IsWindowEnabled
PostMessageW
GetMenuDefaultItem
GetSysColor
LoadStringA
InsertMenuItemA
ReleaseDC
LoadMenuA
CreatePopupMenu
ShowCaret
SendMessageW
GetSubMenu
GetKeyNameTextA
SetClipboardData
SendDlgItemMessageW
DrawIconEx
IsWindowVisible
GetWindowPlacement
SendMessageA
GetClassInfoW
CloseWindow
GetDlgItem
MonitorFromWindow
ClientToScreen
SetRect
MonitorFromRect
wsprintfA
GetWindowTextLengthA
SetTimer
SetRectEmpty
LoadIconA
DialogBoxIndirectParamW
DefDlgProcA
CharLowerA
IsDlgButtonChecked
TrackPopupMenuEx
EnableMenuItem
DeferWindowPos
LoadImageA
GetCursor
GetFocus
CreateWindowExW
RegisterClassExA
ReplyMessage
DestroyWindow
ReleaseStgMedium
CoCreateGuid
RevokeDragDrop
OleGetClipboard
Debug information
ExifTool file metadata
MIMEType
application/octet-stream

Subsystem
Windows GUI

MachineType
Intel 386 or later, and compatibles

FileTypeExtension
exe

TimeStamp
2018:02:09 04:10:52+01:00

FileType
Win32 EXE

PEType
PE32

CodeSize
96768

LinkerVersion
12.25

ImageFileCharacteristics
Executable, No line numbers, 32-bit, No debug

EntryPoint
0x67ef

InitializedDataSize
1023488

SubsystemVersion
5.1

ImageVersion
0.0

OSVersion
5.1

UninitializedDataSize
0

File identification
MD5 a30cc4a2e8c8d85ef03751d765f6acc0
SHA1 7173145efa97615816185539383377082cc7d437
SHA256 bff8fd24fb8ce377ba960ce47974bba8f0dad4f7f1f5c21711e4fa162d65915d
ssdeep
6144:Eogyljyz2G3v4G7Y/5NTONyLN7Di9Gh6Ovc8lulYT:25v/RYvs0h6Xl

authentihash 78dec95c4779d22590e4d8609c9c588fd7788189d6305cff62e0240b9a620f47
imphash e9c4f864fdfac66d0cdb9821ef784bab
File size 1.1 MB ( 1117184 bytes )
File type Win32 EXE
Magic literal
PE32 executable for MS Windows (GUI) Intel 80386 32-bit

TrID Win64 Executable (generic) (61.7%)
Win32 Dynamic Link Library (generic) (14.7%)
Win32 Executable (generic) (10.0%)
OS/2 Executable (generic) (4.5%)
Generic Win/DOS Executable (4.4%)
Tags
peexe

VirusTotal metadata
First submission 2019-03-07 08:58:44 UTC ( 2 months, 1 week ago )
Last submission 2019-03-11 12:26:17 UTC ( 2 months, 1 week ago )
File names a30cc4a2e8c8d85ef03751d765f6acc0.virobj
No comments. No VirusTotal Community member has commented on this item yet, be the first one to do so!

Leave your comment...

?
Post comment

You have not signed in. Only registered users can leave comments, sign in and have a voice!

No votes. No one has voted on this item yet, be the first one to do so!
Condensed report! The following is a condensed report of the behaviour of the file when executed in a controlled environment. The actions and events described were either performed by the file itself or by any other process launched by the executed file or subjected to code injection by the executed file.
Created processes
Opened mutexes
Searched windows
Runtime DLLs