× Cookies are disabled! This site requires cookies to be enabled to work properly
SHA256: c5bee1f88fdf6e5318e98e2fe1458403e44fdb67714ed45608ba1fc8cc3d1259
File name: 2018-08-17-Trickbot-on-client-gtag-del53.exe
Detection ratio: 51 / 69
Analysis date: 2018-12-14 14:57:54 UTC ( 2 months, 1 week ago )
Antivirus Result Update
Ad-Aware Trojan.GenericKD.31173133 20181214
AegisLab Trojan.Win32.Trickster.7!c 20181214
AhnLab-V3 Malware/Win32.Generic.C2670892 20181213
ALYac Trojan.Trickster.Gen 20181214
Antiy-AVL Trojan[Banker]/Win32.Trickster 20181214
Arcabit Trojan.Generic.D1DBAA0D 20181214
Avast Win32:Malware-gen 20181214
AVG Win32:Malware-gen 20181214
Avira (no cloud) HEUR/AGEN.1030990 20181214
BitDefender Trojan.GenericKD.31173133 20181214
CAT-QuickHeal Trojan.Meretam 20181214
Comodo Malware@#i5clzrbrf3y7 20181214
CrowdStrike Falcon (ML) malicious_confidence_100% (W) 20181022
Cylance Unsafe 20181214
Cyren W32/Trojan.ZUVU-7708 20181214
DrWeb Trojan.Encoder.3953 20181214
Emsisoft Trojan.Crypt (A) 20181214
Endgame malicious (high confidence) 20181108
ESET-NOD32 a variant of Win32/Kryptik.GJXR 20181214
F-Secure Trojan.GenericKD.31173133 20181214
Fortinet W32/Kryptik.GJXR!tr 20181214
GData Trojan.GenericKD.31173133 20181214
Ikarus Trojan-Banker.TrickBot 20181214
Sophos ML heuristic 20181128
Jiangmin Trojan.Banker.Trickster.ap 20181214
K7AntiVirus Trojan ( 0053acbb1 ) 20181214
K7GW Trojan ( 0053acbb1 ) 20181214
Kaspersky Trojan-Banker.Win32.Trickster.gg 20181214
Malwarebytes Trojan.TrickBot 20181214
MAX malware (ai score=99) 20181214
McAfee Trojan-FPZP!6F92BA1A10CA 20181214
McAfee-GW-Edition BehavesLike.Win32.Generic.gc 20181214
Microsoft Trojan:Win32/Casdet!rfn 20181214
eScan Trojan.GenericKD.31173133 20181214
NANO-Antivirus Trojan.Win32.Trickster.fhrrxj 20181214
Palo Alto Networks (Known Signatures) generic.ml 20181214
Panda Trj/CI.A 20181213
Qihoo-360 Win32/Trojan.05f 20181214
Rising Trojan.Kryptik!8.8 (CLOUD) 20181214
Sophos AV Mal/Exploiter-A 20181214
SUPERAntiSpyware Trojan.Agent/Gen-Kryptik 20181212
Symantec Trojan.Trickybot 20181214
Tencent Win32.Trojan-banker.Trickster.Wsuc 20181214
TrendMicro TROJ_GEN.R039C0DHJ18 20181214
TrendMicro-HouseCall TROJ_GEN.R039C0DHJ18 20181214
VBA32 TrojanBanker.Trickster 20181214
ViRobot Trojan.Win32.S.Agent.460800.CX 20181214
Webroot W32.Trojan.Gen 20181214
Yandex Trojan.PWS.Trickster! 20181214
Zillya Trojan.GenericKD.Win32.163762 20181213
ZoneAlarm by Check Point Trojan-Banker.Win32.Trickster.gg 20181214
Alibaba 20180921
Avast-Mobile 20181214
Babable 20180918
Baidu 20181207
Bkav 20181213
ClamAV 20181214
CMC 20181213
Cybereason 20180225
eGambit 20181214
F-Prot 20181214
Kingsoft 20181214
SentinelOne (Static ML) 20181011
Symantec Mobile Insight 20181212
TACHYON 20181214
TheHacker 20181213
TotalDefense 20181214
Trapmine 20181205
Trustlook 20181214
Zoner 20181214
The file being studied is a Portable Executable file! More specifically, it is a Win32 EXE file for the Windows GUI subsystem.
PE header basic information
Target machine Intel 386 or later processors and compatible processors
Compilation timestamp 2018-08-17 07:05:44
Entry Point 0x00002C5B
Number of sections 4
PE sections
PE imports
CryptAcquireContextW
CryptEncrypt
CryptImportKey
CryptStringToBinaryA
GetNativeSystemInfo
GetLastError
HeapFree
FreeLibrary
QueryPerformanceCounter
IsDebuggerPresent
GetTickCount
VirtualProtect
LoadLibraryA
GetStartupInfoA
GetCurrentProcessId
UnhandledExceptionFilter
GetProcAddress
InterlockedCompareExchange
GetProcessHeap
GetModuleHandleA
InterlockedExchange
SetUnhandledExceptionFilter
GetCurrentProcess
GetSystemTimeAsFileTime
TerminateProcess
VirtualFree
Sleep
IsBadReadPtr
HeapAlloc
GetCurrentThreadId
VirtualAlloc
SetLastError
?tie@?$basic_ios@DU?$char_traits@D@std@@@std@@QBEPAV?$basic_ostream@DU?$char_traits@D@std@@@2@XZ
?c_str@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QBEPBDXZ
?eq_int_type@?$char_traits@D@std@@SA_NABH0@Z
?_Lock@?$basic_streambuf@DU?$char_traits@D@std@@@std@@QAEXXZ
?flags@ios_base@std@@QBEHXZ
?endl@std@@YAAAV?$basic_ostream@DU?$char_traits@D@std@@@1@AAV21@@Z
?rdbuf@?$basic_ios@DU?$char_traits@D@std@@@std@@QBEPAV?$basic_streambuf@DU?$char_traits@D@std@@@2@XZ
?sputc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@QAEHD@Z
?eof@?$char_traits@D@std@@SAHXZ
?good@ios_base@std@@QBE_NXZ
?_Unlock@?$basic_streambuf@DU?$char_traits@D@std@@@std@@QAEXXZ
?setstate@?$basic_ios@DU?$char_traits@D@std@@@std@@QAEXH_N@Z
?uncaught_exception@std@@YA_NXZ
?length@?$char_traits@D@std@@SAIPBD@Z
?cout@std@@3V?$basic_ostream@DU?$char_traits@D@std@@@1@A
??1?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@XZ
?_Osfx@?$basic_ostream@DU?$char_traits@D@std@@@std@@QAEXXZ
?sputn@?$basic_streambuf@DU?$char_traits@D@std@@@std@@QAEHPBDH@Z
??6?$basic_ostream@DU?$char_traits@D@std@@@std@@QAEAAV01@P6AAAV01@AAV01@@Z@Z
?width@ios_base@std@@QBEHXZ
?fill@?$basic_ios@DU?$char_traits@D@std@@@std@@QBEDXZ
??0?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@PBD@Z
?flush@?$basic_ostream@DU?$char_traits@D@std@@@std@@QAEAAV12@XZ
?width@ios_base@std@@QAEHH@Z
__p__fmode
malloc
realloc
memset
__dllonexit
_stricmp
_controlfp_s
_invoke_watson
_cexit
?terminate@@YAXXZ
_lock
__p__commode
_onexit
_amsg_exit
exit
_XcptFilter
_encode_pointer
__setusermatherr
_decode_pointer
_adjust_fdiv
_acmdln
_ismbblead
_unlock
_crt_debugger_hook
free
__CxxFrameHandler3
_except_handler4_common
__getmainargs
_exit
_initterm_e
memcpy
_configthreadlocale
_initterm
__set_app_type
InSendMessage
SendMessageW
Number of PE resources by type
RT_ICON 9
RT_GROUP_ICON 1
NUIGRESQA 1
RT_MANIFEST 1
Number of PE resources by language
NEUTRAL DEFAULT 10
ENGLISH US 2
PE resources
Debug information
ExifTool file metadata
MIMEType
application/octet-stream

Subsystem
Windows GUI

MachineType
Intel 386 or later, and compatibles

FileTypeExtension
exe

TimeStamp
2018:08:17 08:05:44+01:00

FileType
Win32 EXE

PEType
PE32

CodeSize
9216

LinkerVersion
9.0

ImageFileCharacteristics
No relocs, Executable, 32-bit

EntryPoint
0x2c5b

InitializedDataSize
450560

SubsystemVersion
5.0

ImageVersion
0.0

OSVersion
5.0

UninitializedDataSize
0

Execution parents
File identification
MD5 6f92ba1a10ca3bc8a66973ac0c15eeae
SHA1 178215625955fb5d6606a82975392319c083744d
SHA256 c5bee1f88fdf6e5318e98e2fe1458403e44fdb67714ed45608ba1fc8cc3d1259
ssdeep
12288:QmgQZH+CiXnPWdZfYBNFr3SpBdECZsy9d:MCeCwPWPfYBN53SpBBd

authentihash d3b7c1b14bfb8caa8ec30bca6d3a1c2756a28a1aa4d291dfb35e4dd4b42982b4
imphash 423dc1c92809676906bde519604fbafb
File size 450.0 KB ( 460800 bytes )
File type Win32 EXE
Magic literal
PE32 executable for MS Windows (GUI) Intel 80386 32-bit

TrID Win32 Executable MS Visual C++ (generic) (41.0%)
Win64 Executable (generic) (36.3%)
Win32 Dynamic Link Library (generic) (8.6%)
Win32 Executable (generic) (5.9%)
OS/2 Executable (generic) (2.6%)
Tags
peexe

VirusTotal metadata
First submission 2018-08-17 14:32:15 UTC ( 6 months ago )
Last submission 2018-08-20 14:21:59 UTC ( 6 months ago )
File names bokssppc.exe
<SAMPLE.EXE>
7eiZYsK.exe
<SAMPLE.EXE>
178215625955fb5d6606a82975392319c083744d.exe
2018-08-17-Trickbot-on-client-gtag-del53.exe
No comments. No VirusTotal Community member has commented on this item yet, be the first one to do so!

Leave your comment...

?
Post comment

You have not signed in. Only registered users can leave comments, sign in and have a voice!

No votes. No one has voted on this item yet, be the first one to do so!
Condensed report! The following is a condensed report of the behaviour of the file when executed in a controlled environment. The actions and events described were either performed by the file itself or by any other process launched by the executed file or subjected to code injection by the executed file.
Opened files
Read files
Written files
Created processes
Opened mutexes
Runtime DLLs