× Cookies are disabled! This site requires cookies to be enabled to work properly
SHA256: c5a40464fa0497107d84c39ef109d7488e4367b9273f64b90aeb9f3da6735b23
File name: IgUpnaFuxa
Detection ratio: 38 / 64
Analysis date: 2019-03-12 19:37:37 UTC ( 1 month, 2 weeks ago ) View latest
Antivirus Result Update
Acronis suspicious 20190222
Ad-Aware Trojan.GenericKD.31780078 20190312
AhnLab-V3 Malware/Win32.Generic.C2950469 20190312
ALYac Trojan.GenericKD.31780078 20190312
Arcabit Trojan.Generic.D1E4ECEE 20190312
Avast Win32:Adware-gen [Adw] 20190312
AVG Win32:Adware-gen [Adw] 20190312
Avira (no cloud) ADWARE/OxyPumper.avslu 20190312
BitDefender Trojan.GenericKD.31780078 20190312
CrowdStrike Falcon (ML) win/malicious_confidence_100% (D) 20190212
Cybereason malicious.8dc483 20190109
Emsisoft Trojan.GenericKD.31780078 (B) 20190312
Endgame malicious (high confidence) 20190215
ESET-NOD32 a variant of Win32/Adware.OxyPumper.BP 20190312
F-Secure Adware.ADWARE/OxyPumper.avslu 20190312
Fortinet W32/Agent!tr 20190312
GData Trojan.GenericKD.31780078 20190312
Ikarus PUA.OxyPumper 20190312
Jiangmin RiskTool.BitCoinMiner.jrn 20190312
K7AntiVirus Adware ( 005460da1 ) 20190312
K7GW Adware ( 005460da1 ) 20190312
Kaspersky HEUR:Trojan-Downloader.Win32.Generic 20190312
MAX malware (ai score=99) 20190312
McAfee Artemis!4DDF7BC8DC48 20190312
McAfee-GW-Edition BehavesLike.Win32.Trojan.dh 20190312
Microsoft Trojan:Win32/Dynamer!ac 20190312
eScan Trojan.GenericKD.31780078 20190312
Palo Alto Networks (Known Signatures) generic.ml 20190312
Panda Trj/Genetic.gen 20190312
Qihoo-360 Win32/Trojan.74b 20190312
Rising Trojan.Agent!8.B1E (TFE:dGZlOgXiiClTlRJYNg) 20190312
SentinelOne (Static ML) DFI - Suspicious PE 20190311
Sophos AV Generic PUA EJ (PUA) 20190312
Tencent Win32.Trojan.Agent.Phrb 20190312
TrendMicro-HouseCall TROJ_GEN.R002H0CCC19 20190312
VBA32 suspected of Trojan.Downloader.gen.h 20190312
ViRobot Adware.Oxypumper.301056 20190312
ZoneAlarm by Check Point HEUR:Trojan-Downloader.Win32.Generic 20190312
AegisLab 20190312
Alibaba 20190306
Antiy-AVL 20190312
Avast-Mobile 20190312
Babable 20180918
Baidu 20190306
Bkav 20190312
CAT-QuickHeal 20190312
ClamAV 20190312
CMC 20190312
Comodo 20190312
Cyren 20190312
DrWeb 20190312
eGambit 20190312
Sophos ML 20181128
Kingsoft 20190312
Malwarebytes 20190312
NANO-Antivirus 20190312
SUPERAntiSpyware 20190307
Symantec Mobile Insight 20190220
TACHYON 20190312
TheHacker 20190308
TotalDefense 20190312
Trapmine 20190301
Trustlook 20190312
Yandex 20190312
Zoner 20190312
The file being studied is a Portable Executable file! More specifically, it is a Win32 EXE file for the Windows GUI subsystem.
FileVersionInfo properties
PE header basic information
Target machine Intel 386 or later processors and compatible processors
Compilation timestamp 2019-03-11 14:15:15
Entry Point 0x000180F7
Number of sections 5
PE sections
PE imports
RegCreateKeyExW
RegDeleteValueW
RegCloseKey
RegSetValueExW
RegQueryInfoKeyW
RegEnumValueW
RegOpenKeyExW
RegCreateKeyW
RegOpenKeyW
RegQueryValueExW
GetStdHandle
FileTimeToSystemTime
WaitForSingleObject
EncodePointer
SystemTimeToTzSpecificLocalTime
DeleteCriticalSection
GetCurrentProcess
GetConsoleMode
EnumSystemLocalesW
LoadLibraryExW
FreeEnvironmentStringsW
InitializeSListHead
GetLocaleInfoW
SetStdHandle
GetFileTime
GetCPInfo
GetTempPathW
GetSystemTimeAsFileTime
HeapReAlloc
GetStringTypeW
GetOEMCP
LocalFree
FormatMessageW
OutputDebugStringW
FindClose
TlsGetValue
SetLastError
GetSystemTime
GetModuleFileNameW
IsDebuggerPresent
HeapAlloc
UnhandledExceptionFilter
InterlockedDecrement
MultiByteToWideChar
SetFilePointerEx
SetUnhandledExceptionFilter
IsProcessorFeaturePresent
DecodePointer
TerminateProcess
GetModuleHandleExW
GetCurrentThreadId
WriteConsoleW
CreateToolhelp32Snapshot
InitializeCriticalSectionAndSpinCount
HeapFree
EnterCriticalSection
GetVersionExW
GetExitCodeProcess
QueryPerformanceCounter
TlsAlloc
FlushFileBuffers
RtlUnwind
FreeLibrary
OpenProcess
GetStartupInfoW
GetUserDefaultLCID
GetProcessHeap
GetTempFileNameW
FindNextFileW
IsValidLocale
FindFirstFileExW
GetProcAddress
CreateFileW
GetFileType
TlsSetValue
ExitProcess
LeaveCriticalSection
GetLastError
LCMapStringW
GetConsoleCP
GetEnvironmentStringsW
lstrlenW
Process32NextW
SwitchToThread
GetCurrentProcessId
GetCommandLineW
WideCharToMultiByte
HeapSize
GetCommandLineA
Process32FirstW
RaiseException
TlsFree
CloseHandle
GetACP
GetModuleHandleW
GetFileAttributesExW
IsValidCodePage
WriteFile
CreateProcessW
Sleep
SysAllocStringLen
VariantClear
SysAllocString
GetErrorInfo
SysFreeString
VariantInit
UuidCreate
UuidToStringW
SHGetFolderPathW
wvsprintfW
GetWindowThreadProcessId
GetDlgCtrlID
SendMessageW
EnumWindows
EnumChildWindows
InternetConnectW
InternetReadFile
InternetCloseHandle
HttpSendRequestW
InternetOpenW
HttpOpenRequestW
CoUninitialize
CoCreateInstance
CoInitialize
CoSetProxyBlanket
URLDownloadToFileW
Number of PE resources by type
RT_MANIFEST 1
Number of PE resources by language
ENGLISH US 1
PE resources
Debug information
ExifTool file metadata
MIMEType
application/octet-stream

Subsystem
Windows GUI

MachineType
Intel 386 or later, and compatibles

FileTypeExtension
exe

TimeStamp
2019:03:11 15:15:15+01:00

FileType
Win32 EXE

PEType
PE32

CodeSize
195072

LinkerVersion
14.16

ImageFileCharacteristics
Executable, 32-bit

EntryPoint
0x180f7

InitializedDataSize
108544

SubsystemVersion
5.1

ImageVersion
0.0

OSVersion
5.1

UninitializedDataSize
0

File identification
MD5 4ddf7bc8dc483239a65c602d5cd9acc0
SHA1 49142abd85663d2aa3725204eb42fed3a3b3b868
SHA256 c5a40464fa0497107d84c39ef109d7488e4367b9273f64b90aeb9f3da6735b23
ssdeep
6144:rW4EHUR+Tk1Qa6jBZ9hyIJh233siy/CbnE/AOhKMy78HLEvJ:rW4E0QTk1Qa6jBZ9hyIJK8iGFzNyiEvJ

authentihash a5f0d244973d358658806261936bc2992748f94e236be00283588ae6d7e4c64b
imphash e047db4ef03a55257901bf43ac748417
File size 294.0 KB ( 301056 bytes )
File type Win32 EXE
Magic literal
PE32 executable for MS Windows (GUI) Intel 80386 32-bit

TrID Win64 Executable (generic) (61.7%)
Win32 Dynamic Link Library (generic) (14.7%)
Win32 Executable (generic) (10.0%)
OS/2 Executable (generic) (4.5%)
Generic Win/DOS Executable (4.4%)
Tags
peexe

VirusTotal metadata
First submission 2019-03-12 01:47:23 UTC ( 1 month, 2 weeks ago )
Last submission 2019-03-18 06:31:26 UTC ( 1 month, 1 week ago )
File names 4ddf7bc8dc483239a65c602d5cd9acc0.virobj
IgUpnaFuxa
No comments. No VirusTotal Community member has commented on this item yet, be the first one to do so!

Leave your comment...

?
Post comment

You have not signed in. Only registered users can leave comments, sign in and have a voice!

No votes. No one has voted on this item yet, be the first one to do so!
Condensed report! The following is a condensed report of the behaviour of the file when executed in a controlled environment. The actions and events described were either performed by the file itself or by any other process launched by the executed file or subjected to code injection by the executed file.
Opened files
Read files
Created mutexes
Opened mutexes
Opened service managers
Opened services
Runtime DLLs
HTTP requests
DNS requests
TCP connections