× Cookies are disabled! This site requires cookies to be enabled to work properly
SHA256: c51a8afcc184846226f32e03d30ff1e5f1ca4c4fe3bd57e52b06cf00b3673ee5
File name: 18517325
Detection ratio: 32 / 68
Analysis date: 2018-10-29 11:04:14 UTC ( 5 months, 3 weeks ago ) View latest
Antivirus Result Update
Ad-Aware AIT:Trojan.GenericTKA.16 20181029
AhnLab-V3 Trojan/Win32.HDC.C779751 20181029
ALYac AIT:Trojan.GenericTKA.16 20181029
Antiy-AVL Trojan/Generic.ASVCS3S.1E5 20181029
Arcabit AIT:Trojan.GenericTKA.16 20181029
Avira (no cloud) DR/AutoIt.Gen 20181029
BitDefender AIT:Trojan.GenericTKA.16 20181029
CrowdStrike Falcon (ML) malicious_confidence_100% (D) 20181022
Cybereason malicious.6b17cc 20180225
Cylance Unsafe 20181029
Cyren W32/AutoIt.GQ.gen!Eldorado 20181029
DrWeb Trojan.AutoIt.276 20181029
Emsisoft AIT:Trojan.GenericTKA.16 (B) 20181029
Endgame malicious (moderate confidence) 20180730
ESET-NOD32 a variant of Win32/Spy.Autoit.DW 20181029
F-Prot W32/AutoIt.GQ.gen!Eldorado 20181029
F-Secure AIT:Trojan.GenericTKA.16 20181029
Fortinet W32/Autoit.BY!tr.spy 20181029
GData AIT:Trojan.AutoIT.Agent.MR (2x) 20181029
Ikarus Dropper.AutoIt 20181029
Sophos ML heuristic 20180717
Kaspersky Trojan-Spy.Win32.AutoIt.cv 20181029
MAX malware (ai score=88) 20181029
McAfee-GW-Edition BehavesLike.Win32.Generic.cc 20181029
Microsoft Program:Win32/Unwaders.C!ml 20181029
eScan AIT:Trojan.GenericTKA.16 20181029
Panda Trj/Genetic.gen 20181028
Qihoo-360 HEUR/QVM11.1.D915.Malware.Gen 20181029
SentinelOne (Static ML) static engine - malicious 20181011
Symantec ML.Attribute.HighConfidence 20181029
VBA32 Trojan-Downloader.Autoit.gen 20181029
ZoneAlarm by Check Point Trojan-Spy.Win32.AutoIt.cv 20181029
AegisLab 20181029
Alibaba 20180921
Avast 20181029
Avast-Mobile 20181029
AVG 20181029
Babable 20180918
Baidu 20181029
Bkav 20181029
CAT-QuickHeal 20181028
ClamAV 20181029
CMC 20181029
eGambit 20181029
Jiangmin 20181029
K7AntiVirus 20181029
K7GW 20181029
Kingsoft 20181029
Malwarebytes 20181029
McAfee 20181029
NANO-Antivirus 20181029
Palo Alto Networks (Known Signatures) 20181029
Rising 20181029
Sophos AV 20181029
SUPERAntiSpyware 20181022
Symantec Mobile Insight 20181026
TACHYON 20181029
Tencent 20181029
TheHacker 20181025
TotalDefense 20181029
TrendMicro 20181029
TrendMicro-HouseCall 20181029
Trustlook 20181029
VIPRE 20181029
ViRobot 20181029
Webroot 20181029
Yandex 20181026
Zillya 20181028
Zoner 20181029
The file being studied is a Portable Executable file! More specifically, it is a Win32 EXE file for the Windows GUI subsystem.
FileVersionInfo properties
Copyright
© Microsoft Corporation. All rights reserved

File version 1.2.0.1
Packers identified
F-PROT UPX
PE header basic information
Target machine Intel 386 or later processors and compatible processors
Compilation timestamp 2018-10-28 19:02:23
Entry Point 0x0014BFB0
Number of sections 3
PE sections
PE imports
ImageList_Remove
GetSaveFileNameW
LineTo
IcmpSendEcho
VirtualFree
ExitProcess
VirtualProtect
LoadLibraryA
VirtualAlloc
GetProcAddress
WNetUseConnectionW
VariantInit
GetProcessMemoryInfo
DragFinish
LoadUserProfileW
IsThemeActive
VerQueryValueW
FtpOpenFileW
timeGetTime
CoGetObject
Number of PE resources by type
RT_ICON 9
RT_STRING 7
RT_GROUP_ICON 2
RT_MANIFEST 1
RT_RCDATA 1
RT_VERSION 1
Number of PE resources by language
ENGLISH UK 20
NEUTRAL 1
PE resources
ExifTool file metadata
UninitializedDataSize
1011712

LinkerVersion
11.0

ImageVersion
0.0

FileVersionNumber
1.2.0.1

LanguageCode
English (British)

FileFlagsMask
0x0000

ImageFileCharacteristics
Executable, Large address aware, 32-bit

CharacterSet
Unicode

InitializedDataSize
475136

EntryPoint
0x14bfb0

MIMEType
application/octet-stream

Subsystem
Windows GUI

FileVersion
1.2.0.1

TimeStamp
2018:10:28 20:02:23+01:00

FileType
Win32 EXE

PEType
PE32

SubsystemVersion
5.1

OSVersion
5.1

FileOS
Win32

LegalCopyright
Microsoft Corporation. All rights reserved

MachineType
Intel 386 or later, and compatibles

CodeSize
348160

FileSubtype
0

ProductVersionNumber
0.0.0.0

FileTypeExtension
exe

ObjectFileType
Executable application

File identification
MD5 0c6d1146b17ccccd7939b9c08aa9ea59
SHA1 06c9cdf208f454a610d814533e55e4781eea6684
SHA256 c51a8afcc184846226f32e03d30ff1e5f1ca4c4fe3bd57e52b06cf00b3673ee5
ssdeep
12288:KOv5jKhsfoPA+yeVKUCUxP4C902bdRtJJPieUVKWQspHRLGaaWEQIEHgJYyuty0Y:Kq5TfcdHj4fmbWrQsRdHYY9oSWn9n

authentihash 9fcdafd1069ee53e35187d9c5f834ad274440a702f0b3b9e12d5b355b0e1ea82
imphash ef471c0edf1877cd5a881a6a8bf647b9
File size 801.0 KB ( 820224 bytes )
File type Win32 EXE
Magic literal
PE32 executable for MS Windows (GUI) Intel 80386 32-bit

TrID UPX compressed Win32 Executable (42.1%)
Win32 EXE Yoda's Crypter (41.4%)
Win32 Executable (generic) (7.0%)
OS/2 Executable (generic) (3.1%)
Generic Win/DOS Executable (3.1%)
Tags
peexe upx

VirusTotal metadata
First submission 2018-10-29 11:04:14 UTC ( 5 months, 3 weeks ago )
Last submission 2018-11-22 09:58:09 UTC ( 5 months ago )
File names bob.exe
18517325
0c6d1146b17ccccd7939b9c08aa9ea59
No comments. No VirusTotal Community member has commented on this item yet, be the first one to do so!

Leave your comment...

?
Post comment

You have not signed in. Only registered users can leave comments, sign in and have a voice!

No votes. No one has voted on this item yet, be the first one to do so!
Condensed report! The following is a condensed report of the behaviour of the file when executed in a controlled environment. The actions and events described were either performed by the file itself or by any other process launched by the executed file or subjected to code injection by the executed file.
Opened files
Read files
Written files
Copied files
Deleted files
Created processes
Code injections in the following processes
Created mutexes
Opened mutexes
Opened service managers
Opened services
Runtime DLLs
Additional details
The file uses the IsDebuggerPresent Windows API function in order to see whether it is being debugged.
HTTP requests
TCP connections