× Cookies are disabled! This site requires cookies to be enabled to work properly
SHA256: c2cb48209e590289e62a2e461ef9b00078b104aa359bdc02b64c695c9eb8cd27
File name: winsvcs(101).gxe
Detection ratio: 51 / 71
Analysis date: 2019-01-16 22:31:55 UTC ( 16 hours, 16 minutes ago )
Antivirus Result Update
Acronis suspicious 20190116
Ad-Aware Gen:Variant.Ransom.GandCrab.2094 20190116
AhnLab-V3 Trojan/Win32.RansomCrypt.R251333 20190116
ALYac Trojan.Ransom.GandCrab 20190116
Antiy-AVL Trojan/Win32.Chapak 20190116
Arcabit Trojan.Ransom.GandCrab.D82E 20190116
Avast Win32:Trojan-gen 20190116
AVG Win32:Trojan-gen 20190116
Avira (no cloud) TR/AD.Phorpiex.anoxr 20190116
BitDefender Gen:Variant.Ransom.GandCrab.2094 20190116
Bkav W32.DelpemP.Trojan 20190116
CAT-QuickHeal Trojan.Occamy.S4954666 20190116
Comodo Malware@#1vqstjioj8adi 20190116
CrowdStrike Falcon (ML) malicious_confidence_100% (W) 20181023
Cylance Unsafe 20190116
Cyren W32/Trojan.TNDY-0160 20190116
DrWeb Win32.HLLW.Phorpiex.1332 20190116
Emsisoft Gen:Variant.Ransom.GandCrab.2094 (B) 20190116
Endgame malicious (high confidence) 20181108
ESET-NOD32 a variant of Win32/Kryptik.GOLM 20190116
F-Secure Gen:Variant.Ransom.GandCrab.2094 20190116
Fortinet W32/Kryptik.GOLM!tr 20190116
GData Gen:Variant.Ransom.GandCrab.2094 20190116
Ikarus Trojan.Win32.Crypt 20190116
Sophos ML heuristic 20181128
Jiangmin Trojan.Chapak.aqq 20190116
K7AntiVirus Riskware ( 0040eff71 ) 20190116
K7GW Riskware ( 0040eff71 ) 20190116
Kaspersky Trojan.Win32.Chapak.brhp 20190116
Malwarebytes Trojan.MalPack 20190116
MAX malware (ai score=100) 20190116
McAfee Trojan-FPZV!CB9D7FF8DEB9 20190116
McAfee-GW-Edition BehavesLike.Win32.Generic.hm 20190116
Microsoft Trojan:Win32/Occamy.C 20190116
eScan Gen:Variant.Ransom.GandCrab.2094 20190116
NANO-Antivirus Trojan.Win32.Phorpiex.flytcn 20190116
Palo Alto Networks (Known Signatures) generic.ml 20190116
Panda Trj/GdSda.A 20190116
Qihoo-360 HEUR/QVM10.2.6E19.Malware.Gen 20190116
Rising Trojan.Fuerboos!8.EFC8 (CLOUD) 20190116
Sophos AV Mal/Generic-S 20190116
Symantec Trojan Horse 20190116
Tencent Win32.Trojan.Chapak.Tayv 20190116
Trapmine malicious.moderate.ml.score 20190103
TrendMicro Trojan.Win32.DLOADER.THOAAOAI 20190116
TrendMicro-HouseCall Trojan.Win32.DLOADER.THOAAOAI 20190116
VBA32 BScope.Trojan.Fuery 20190116
VIPRE Trojan.Win32.Generic!BT 20190116
ViRobot Trojan.Win32.Ransom.539648 20190116
Webroot W32.Trojan.Gen 20190116
ZoneAlarm by Check Point Trojan.Win32.Chapak.brhp 20190116
AegisLab 20190116
Alibaba 20180921
Avast-Mobile 20190116
Babable 20180918
Baidu 20190116
ClamAV 20190116
CMC 20190116
Cybereason 20190109
eGambit 20190116
F-Prot 20190116
Kingsoft 20190116
SentinelOne (Static ML) 20181223
SUPERAntiSpyware 20190116
TACHYON 20190116
TheHacker 20190115
TotalDefense 20190116
Trustlook 20190116
Yandex 20190116
Zillya 20190116
Zoner 20190116
The file being studied is a Portable Executable file! More specifically, it is a Win32 EXE file for the Windows GUI subsystem.
PE header basic information
Target machine Intel 386 or later processors and compatible processors
Compilation timestamp 2018-07-13 10:40:33
Entry Point 0x000055D7
Number of sections 5
PE sections
PE imports
HeapSize
GetLastError
InitializeCriticalSectionAndSpinCount
HeapFree
TlsAlloc
EnterCriticalSection
LCMapStringW
SetHandleCount
GetModuleFileNameW
GlobalFree
GetOEMCP
LCMapStringA
IsDebuggerPresent
GetTickCount
SetFileApisToANSI
GetEnvironmentStringsW
LoadLibraryA
RtlUnwind
GetModuleFileNameA
GetPrivateProfileStructW
GetStdHandle
VirtualFree
DeleteCriticalSection
GetCurrentProcess
EnumSystemLocalesA
SetConsoleCtrlHandler
GetCurrentProcessId
AddAtomA
GetUserDefaultLCID
GetCommandLineW
IsValidCodePage
WideCharToMultiByte
UnhandledExceptionFilter
GetCPInfoExA
MultiByteToWideChar
GetStartupInfoW
FreeEnvironmentStringsW
GetCPInfo
GetProcAddress
InterlockedCompareExchange
GetStringTypeA
GetLocaleInfoW
EnumResourceLanguagesW
CompareStringW
RaiseException
GlobalReAlloc
TlsFree
TlsSetValue
InterlockedExchange
SetUnhandledExceptionFilter
WriteFile
GetStartupInfoA
CloseHandle
GetSystemTimeAsFileTime
IsValidLocale
GetACP
HeapReAlloc
GetStringTypeW
GetModuleHandleW
ExitProcess
TerminateProcess
QueryPerformanceCounter
TlsGetValue
InitializeCriticalSection
HeapCreate
GlobalAlloc
CreateProcessW
InterlockedDecrement
Sleep
GetFileType
GetLocaleInfoA
GetProcessVersion
HeapAlloc
GetCurrentThreadId
LeaveCriticalSection
VirtualAlloc
SetLastError
InterlockedIncrement
AlphaBlend
TransparentBlt
GradientFill
InvalidateRgn
IsAccelerator
Number of PE resources by type
RT_STRING 15
RT_ICON 14
RT_BITMAP 2
RT_GROUP_ICON 2
RT_VERSION 1
Number of PE resources by language
ENGLISH US 34
PE resources
ExifTool file metadata
UninitializedDataSize
0

LinkerVersion
9.0

ImageVersion
0.0

FileVersionNumber
1.45.8.4

LanguageCode
English (British)

FileFlagsMask
0x003f

ImageFileCharacteristics
Executable, Large address aware, 32-bit

CharacterSet
Unicode

InitializedDataSize
452096

EntryPoint
0x55d7

MIMEType
application/octet-stream

LegalCopyright
Copyright (C) 2017, padepojonenezaz

FileVersion
5.3.8.28

TimeStamp
2018:07:13 11:40:33+01:00

FileType
Win32 EXE

PEType
PE32

InternalName
lefotubi.exe

ProductVersion
5.3.8.28

SubsystemVersion
5.0

OSVersion
5.0

FileOS
Windows NT 32-bit

Subsystem
Windows GUI

MachineType
Intel 386 or later, and compatibles

CodeSize
90624

FileSubtype
0

ProductVersionNumber
7.32.568.0

FileTypeExtension
exe

ObjectFileType
Executable application

File identification
MD5 cb9d7ff8deb972b96917e88e0d56adac
SHA1 8ca2b46c42c7b413e9a24bdf2790f9260af0facf
SHA256 c2cb48209e590289e62a2e461ef9b00078b104aa359bdc02b64c695c9eb8cd27
ssdeep
3072:G7UpE9lqoZ/WLpwsUPg7YSU2RrygKjFvwwwwwwlwwwwww2wwww4ByXrMlseFaEkX:G7V93ZeLpw1eU2RrygKFErMeeF3k

authentihash 9cc7b1d3b0a9ef53a8051d4eb9cd9229c1ce74918c90f31da2f7bbbc0e22b3e2
imphash fc50286f3bf9e8c07954c288446d71f5
File size 527.0 KB ( 539648 bytes )
File type Win32 EXE
Magic literal
PE32 executable for MS Windows (GUI) Intel 80386 32-bit

TrID Win32 Executable MS Visual C++ (generic) (41.0%)
Win64 Executable (generic) (36.3%)
Win32 Dynamic Link Library (generic) (8.6%)
Win32 Executable (generic) (5.9%)
OS/2 Executable (generic) (2.6%)
Tags
suspicious-dns peexe nxdomain

VirusTotal metadata
First submission 2019-01-09 11:16:21 UTC ( 1 week, 1 day ago )
Last submission 2019-01-10 10:29:01 UTC ( 1 week ago )
File names 2018542537.exe
2622129607.exe
output.114775326.txt
1[1].exe
winsvcs(101).gxe
t[1].exe
No comments. No VirusTotal Community member has commented on this item yet, be the first one to do so!

Leave your comment...

?
Post comment

You have not signed in. Only registered users can leave comments, sign in and have a voice!

No votes. No one has voted on this item yet, be the first one to do so!
Condensed report! The following is a condensed report of the behaviour of the file when executed in a controlled environment. The actions and events described were either performed by the file itself or by any other process launched by the executed file or subjected to code injection by the executed file.
Opened files
Read files
Written files
Copied files
Deleted files
Created processes
Code injections in the following processes
Terminated processes
Created mutexes
Opened mutexes
Opened service managers
Opened services
Runtime DLLs
HTTP requests
DNS requests
TCP connections