× Cookies are disabled! This site requires cookies to be enabled to work properly
SHA256: c3d17a1115cbd7e186613c07223c9bda57fb3c6eaf2fcb3904838306709b602e
File name: dump
Detection ratio: 43 / 68
Analysis date: 2018-09-11 06:08:29 UTC ( 5 months, 1 week ago ) View latest
Antivirus Result Update
Ad-Aware Gen:Variant.Graftor.513424 20180911
AhnLab-V3 Trojan/Win32.Ursnif.R236654 20180910
ALYac Gen:Variant.Graftor.513424 20180911
Arcabit Trojan.Graftor.D7D590 20180911
Avast FileRepMalware 20180911
AVG FileRepMalware 20180911
Avira (no cloud) TR/Crypt.ZPACK.Gen 20180911
Baidu Win32.Trojan.WisdomEyes.16070401.9500.9978 20180910
BitDefender Gen:Variant.Graftor.513424 20180911
Bkav HW32.Packed. 20180906
CrowdStrike Falcon (ML) malicious_confidence_100% (D) 20180723
Cybereason malicious.f67872 20180225
Cylance Unsafe 20180911
Cyren W32/Trojan.NPTX-3391 20180911
DrWeb Trojan.Gozi.322 20180911
Emsisoft Gen:Variant.Graftor.513424 (B) 20180911
Endgame malicious (high confidence) 20180730
ESET-NOD32 a variant of Win32/Spy.Ursnif.BP 20180911
F-Secure Gen:Variant.Graftor.513424 20180911
Fortinet W32/Ursnif.BP!tr.spy 20180911
GData Gen:Variant.Graftor.513424 20180911
Ikarus Trojan-Banker.UrSnif 20180910
Sophos ML heuristic 20180717
K7AntiVirus Spyware ( 0052a9701 ) 20180911
K7GW Spyware ( 0052a9701 ) 20180911
Kaspersky UDS:DangerousObject.Multi.Generic 20180911
Malwarebytes Trojan.Ursnif 20180911
MAX malware (ai score=99) 20180911
McAfee Artemis!07D5209F6787 20180911
McAfee-GW-Edition BehavesLike.Win32.VirRansom.pc 20180910
Microsoft Trojan:Win32/Fuery.B!cl 20180911
eScan Gen:Variant.Graftor.513424 20180911
NANO-Antivirus Trojan.Win32.Ursnif.fgvopa 20180911
Palo Alto Networks (Known Signatures) generic.ml 20180911
Panda Trj/GdSda.A 20180910
Rising Spyware.Ursnif!8.1DEF (CLOUD) 20180911
SentinelOne (Static ML) static engine - malicious 20180830
Sophos AV Mal/Generic-S 20180911
Symantec ML.Attribute.HighConfidence 20180911
Tencent Win32.Trojan.Crypt.Hpd 20180911
TrendMicro-HouseCall TROJ_GEN.R020H09IA18 20180911
VBA32 Trojan.Gozi 20180910
ZoneAlarm by Check Point Trojan-Spy.Win32.Ursnif.zop 20180911
AegisLab 20180911
Alibaba 20180713
Antiy-AVL 20180911
Avast-Mobile 20180911
AVware 20180911
Babable 20180907
CAT-QuickHeal 20180909
ClamAV 20180911
CMC 20180911
Comodo 20180911
eGambit 20180911
F-Prot 20180911
Jiangmin 20180911
Kingsoft 20180911
Qihoo-360 20180917
SUPERAntiSpyware 20180907
Symantec Mobile Insight 20180905
TACHYON 20180911
TheHacker 20180907
TotalDefense 20180910
TrendMicro 20180911
Trustlook 20180911
VIPRE 20180911
ViRobot 20180911
Webroot 20180911
Yandex 20180910
Zillya 20180910
Zoner 20180910
The file being studied is a Portable Executable file! More specifically, it is a Win32 EXE file for the Windows GUI subsystem.
PE header basic information
Target machine Intel 386 or later processors and compatible processors
Compilation timestamp 2018-07-26 10:54:19
Entry Point 0x000013A2
Number of sections 5
PE sections
Overlays
MD5 36ab5bbc84127288a4bfbab259005f93
File type ASCII text
Offset 40448
Size 576
Entropy 0.00
PE imports
SetEvent
GetLastError
HeapFree
GetModuleHandleA
HeapCreate
WaitForSingleObject
VirtualFree
CreateEventA
HeapDestroy
HeapAlloc
CloseHandle
GetTickCount
VirtualProtect
ExitProcess
GetProcAddress
VirtualAlloc
LoadLibraryA
memset
RtlUnwind
memcpy
NtQueryVirtualMemory
ExifTool file metadata
MIMEType
application/octet-stream

Subsystem
Windows GUI

MachineType
Intel 386 or later, and compatibles

FileTypeExtension
exe

TimeStamp
2018:07:26 11:54:19+01:00

FileType
Win32 EXE

PEType
PE32

CodeSize
4096

LinkerVersion
8.0

ImageFileCharacteristics
Executable, 32-bit

EntryPoint
0x13a2

InitializedDataSize
2560

SubsystemVersion
4.0

ImageVersion
0.0

OSVersion
4.0

UninitializedDataSize
0

File identification
MD5 07d5209f67872c809e9b9d7906715f78
SHA1 9908b2f9bd2648a7097380a8172a40dd73ca960c
SHA256 c3d17a1115cbd7e186613c07223c9bda57fb3c6eaf2fcb3904838306709b602e
ssdeep
768:iW0r1gqs+eBcAXhTH52JPzTwz+tId7iu4yv3mEDEmN:iW0r18dPHwhzJuS

authentihash e286b50e5a0b96ff57697ef544e8f64b1a1c25e93ebcc3d15687910ac13a9871
imphash ca51365a4940ce14db29ef80a417bc53
File size 40.1 KB ( 41024 bytes )
File type Win32 EXE
Magic literal
PE32 executable for MS Windows (GUI) Intel 80386 32-bit

TrID Win32 Dynamic Link Library (generic) (38.4%)
Win32 Executable (generic) (26.3%)
OS/2 Executable (generic) (11.8%)
Generic Win/DOS Executable (11.6%)
DOS Executable Generic (11.6%)
Tags
peexe overlay

VirusTotal metadata
First submission 2018-09-10 06:12:12 UTC ( 5 months, 1 week ago )
Last submission 2018-09-20 10:23:09 UTC ( 4 months, 4 weeks ago )
File names dump
No comments. No VirusTotal Community member has commented on this item yet, be the first one to do so!

Leave your comment...

?
Post comment

You have not signed in. Only registered users can leave comments, sign in and have a voice!

No votes. No one has voted on this item yet, be the first one to do so!
Condensed report! The following is a condensed report of the behaviour of the file when executed in a controlled environment. The actions and events described were either performed by the file itself or by any other process launched by the executed file or subjected to code injection by the executed file.
Runtime DLLs