× Cookies are disabled! This site requires cookies to be enabled to work properly
SHA256: c2cb48209e590289e62a2e461ef9b00078b104aa359bdc02b64c695c9eb8cd27
File name: output.114775326.txt
Detection ratio: 11 / 71
Analysis date: 2019-01-09 11:16:21 UTC ( 3 months, 1 week ago ) View latest
Antivirus Result Update
Avast FileRepMalware 20190109
AVG FileRepMalware 20190109
Cylance Unsafe 20190109
Endgame malicious (high confidence) 20181108
McAfee-GW-Edition BehavesLike.Win32.Generic.hm 20190109
Microsoft Trojan:Win32/Fuerboos.C!cl 20190109
Qihoo-360 HEUR/QVM10.2.6E19.Malware.Gen 20190109
Rising Trojan.Injector!8.C4/N3#75% (RDM+:cmRtazq7Kb/Zai5CGRYbMEPFUNdI) 20190109
Trapmine malicious.moderate.ml.score 20190103
VBA32 BScope.Trojan.Fuery 20190108
Webroot W32.Trojan.Gen 20190109
Acronis 20181227
Ad-Aware 20190109
AegisLab 20190109
AhnLab-V3 20190108
Alibaba 20180921
ALYac 20190109
Antiy-AVL 20190109
Arcabit 20190109
Avast-Mobile 20190109
Avira (no cloud) 20190109
Babable 20180918
Baidu 20190109
BitDefender 20190109
Bkav 20190108
CAT-QuickHeal 20190108
ClamAV 20190109
CMC 20190108
Comodo 20190109
CrowdStrike Falcon (ML) 20181022
Cybereason 20190109
Cyren 20190109
DrWeb 20190109
eGambit 20190109
Emsisoft 20190109
ESET-NOD32 20190109
F-Prot 20190109
F-Secure 20190109
Fortinet 20190109
GData 20190109
Ikarus 20190108
Sophos ML 20181128
Jiangmin 20190109
K7AntiVirus 20190109
K7GW 20190109
Kaspersky 20190109
Kingsoft 20190109
Malwarebytes 20190109
MAX 20190109
McAfee 20190109
eScan 20190109
NANO-Antivirus 20190109
Palo Alto Networks (Known Signatures) 20190109
Panda 20190108
SentinelOne (Static ML) 20181223
Sophos AV 20190109
SUPERAntiSpyware 20190102
Symantec 20190109
TACHYON 20190109
Tencent 20190109
TheHacker 20190106
TotalDefense 20190109
TrendMicro 20190109
TrendMicro-HouseCall 20190109
Trustlook 20190109
VIPRE 20190109
ViRobot 20190109
Yandex 20181229
Zillya 20190108
ZoneAlarm by Check Point 20190109
Zoner 20190109
The file being studied is a Portable Executable file! More specifically, it is a Win32 EXE file for the Windows GUI subsystem.
FileVersionInfo properties
PE header basic information
Target machine Intel 386 or later processors and compatible processors
Compilation timestamp 2018-07-13 10:40:33
Entry Point 0x000055D7
Number of sections 5
PE sections
PE imports
HeapSize
GetLastError
InitializeCriticalSectionAndSpinCount
HeapFree
TlsAlloc
EnterCriticalSection
LCMapStringW
SetHandleCount
GetModuleFileNameW
GlobalFree
GetOEMCP
LCMapStringA
IsDebuggerPresent
GetTickCount
SetFileApisToANSI
GetEnvironmentStringsW
LoadLibraryA
RtlUnwind
GetModuleFileNameA
GetPrivateProfileStructW
GetStdHandle
VirtualFree
DeleteCriticalSection
GetCurrentProcess
EnumSystemLocalesA
SetConsoleCtrlHandler
GetCurrentProcessId
AddAtomA
GetUserDefaultLCID
GetCommandLineW
IsValidCodePage
WideCharToMultiByte
UnhandledExceptionFilter
GetCPInfoExA
MultiByteToWideChar
GetStartupInfoW
FreeEnvironmentStringsW
GetCPInfo
GetProcAddress
InterlockedCompareExchange
GetStringTypeA
GetLocaleInfoW
EnumResourceLanguagesW
CompareStringW
RaiseException
GlobalReAlloc
TlsFree
TlsSetValue
InterlockedExchange
SetUnhandledExceptionFilter
WriteFile
GetStartupInfoA
CloseHandle
GetSystemTimeAsFileTime
IsValidLocale
GetACP
HeapReAlloc
GetStringTypeW
GetModuleHandleW
ExitProcess
TerminateProcess
QueryPerformanceCounter
TlsGetValue
InitializeCriticalSection
HeapCreate
GlobalAlloc
CreateProcessW
InterlockedDecrement
Sleep
GetFileType
GetLocaleInfoA
GetProcessVersion
HeapAlloc
GetCurrentThreadId
LeaveCriticalSection
VirtualAlloc
SetLastError
InterlockedIncrement
AlphaBlend
TransparentBlt
GradientFill
InvalidateRgn
IsAccelerator
Number of PE resources by type
RT_STRING 15
RT_ICON 14
RT_BITMAP 2
RT_GROUP_ICON 2
RT_VERSION 1
Number of PE resources by language
ENGLISH US 34
PE resources
ExifTool file metadata
UninitializedDataSize
0

LinkerVersion
9.0

ImageVersion
0.0

FileVersionNumber
1.45.8.4

LanguageCode
English (British)

FileFlagsMask
0x003f

ImageFileCharacteristics
Executable, Large address aware, 32-bit

CharacterSet
Unicode

InitializedDataSize
452096

EntryPoint
0x55d7

MIMEType
application/octet-stream

LegalCopyright
Copyright (C) 2017, padepojonenezaz

FileVersion
5.3.8.28

TimeStamp
2018:07:13 12:40:33+02:00

FileType
Win32 EXE

PEType
PE32

InternalName
lefotubi.exe

ProductVersion
5.3.8.28

SubsystemVersion
5.0

OSVersion
5.0

FileOS
Windows NT 32-bit

Subsystem
Windows GUI

MachineType
Intel 386 or later, and compatibles

CodeSize
90624

FileSubtype
0

ProductVersionNumber
7.32.568.0

FileTypeExtension
exe

ObjectFileType
Executable application

File identification
MD5 cb9d7ff8deb972b96917e88e0d56adac
SHA1 8ca2b46c42c7b413e9a24bdf2790f9260af0facf
SHA256 c2cb48209e590289e62a2e461ef9b00078b104aa359bdc02b64c695c9eb8cd27
ssdeep
3072:G7UpE9lqoZ/WLpwsUPg7YSU2RrygKjFvwwwwwwlwwwwww2wwww4ByXrMlseFaEkX:G7V93ZeLpw1eU2RrygKFErMeeF3k

authentihash 9cc7b1d3b0a9ef53a8051d4eb9cd9229c1ce74918c90f31da2f7bbbc0e22b3e2
imphash fc50286f3bf9e8c07954c288446d71f5
File size 527.0 KB ( 539648 bytes )
File type Win32 EXE
Magic literal
PE32 executable for MS Windows (GUI) Intel 80386 32-bit

TrID Win32 Executable MS Visual C++ (generic) (41.0%)
Win64 Executable (generic) (36.3%)
Win32 Dynamic Link Library (generic) (8.6%)
Win32 Executable (generic) (5.9%)
OS/2 Executable (generic) (2.6%)
Tags
suspicious-dns peexe nxdomain

VirusTotal metadata
First submission 2019-01-09 11:16:21 UTC ( 3 months, 1 week ago )
Last submission 2019-02-06 15:00:51 UTC ( 2 months, 2 weeks ago )
File names 2018542537.exe
2622129607.exe
output.114775326.txt
1[1].exe
winsvcs(101).gxe
DeviceManager.exe
t[1].exe
No comments. No VirusTotal Community member has commented on this item yet, be the first one to do so!

Leave your comment...

?
Post comment

You have not signed in. Only registered users can leave comments, sign in and have a voice!

No votes. No one has voted on this item yet, be the first one to do so!
Condensed report! The following is a condensed report of the behaviour of the file when executed in a controlled environment. The actions and events described were either performed by the file itself or by any other process launched by the executed file or subjected to code injection by the executed file.
Opened files
Read files
Written files
Copied files
Deleted files
Created processes
Code injections in the following processes
Terminated processes
Created mutexes
Opened mutexes
Opened service managers
Opened services
Runtime DLLs
HTTP requests
DNS requests
TCP connections