× Cookies are disabled! This site requires cookies to be enabled to work properly
SHA256: c654d6f2831715d33b3b7411ac5c45eebf1d590a272acd56d861efddd4ef108d
File name: stack.exe
Detection ratio: 15 / 66
Analysis date: 2018-10-13 03:06:40 UTC ( 7 months, 2 weeks ago ) View latest
Antivirus Result Update
CrowdStrike Falcon (ML) malicious_confidence_70% (D) 20180723
Cybereason malicious.b98616 20180225
Cylance Unsafe 20181013
Cyren W32/FakeAlert.5!Maximus 20181013
Endgame malicious (high confidence) 20180730
F-Prot W32/FakeAlert.5!Maximus 20181013
GData Win32.Trojan-Spy.TrickBot.A6OCLJ 20181013
Ikarus Trojan-Banker.TrickBot 20181012
Sophos ML heuristic 20180717
Kaspersky Trojan-Banker.Win32.Trickster.uf 20181013
Palo Alto Networks (Known Signatures) generic.ml 20181013
Qihoo-360 Win32/Trojan.05f 20181013
Sophos AV Troj/Trickbo-HZ 20181013
Webroot W32.Trojan.Gen 20181013
ZoneAlarm by Check Point UDS:DangerousObject.Multi.Generic 20181013
Ad-Aware 20181013
AegisLab 20181013
AhnLab-V3 20181012
Alibaba 20180921
ALYac 20181013
Antiy-AVL 20181013
Arcabit 20181013
Avast 20181013
Avast-Mobile 20181012
AVG 20181013
Avira (no cloud) 20181012
Babable 20180918
Baidu 20181012
BitDefender 20181013
Bkav 20181011
CAT-QuickHeal 20181011
ClamAV 20181012
CMC 20181012
Comodo 20181012
DrWeb 20181013
eGambit 20181013
Emsisoft 20181013
ESET-NOD32 20181013
F-Secure 20181013
Fortinet 20181013
Jiangmin 20181013
K7AntiVirus 20181012
K7GW 20181012
Kingsoft 20181013
Malwarebytes 20181013
MAX 20181013
McAfee 20181013
McAfee-GW-Edition 20181013
Microsoft 20181013
eScan 20181013
NANO-Antivirus 20181013
Panda 20181012
Rising 20181012
SentinelOne (Static ML) 20181011
SUPERAntiSpyware 20181013
Symantec 20181012
Symantec Mobile Insight 20181001
TACHYON 20181013
Tencent 20181013
TheHacker 20181011
TrendMicro 20181010
TrendMicro-HouseCall 20181010
Trustlook 20181013
VBA32 20181012
ViRobot 20181012
Yandex 20181012
Zillya 20181012
Zoner 20181012
The file being studied is a Portable Executable file! More specifically, it is a Win32 EXE file for the Windows GUI subsystem.
FileVersionInfo properties
File version 1.0.0.0
Description Developed using the Dev-C++ IDE
PE header basic information
Target machine Intel 386 or later processors and compatible processors
Compilation timestamp 2018-10-12 15:17:04
Entry Point 0x000014E0
Number of sections 16
PE sections
Overlays
MD5 34fe1136d08414ecdc77275bd0868fa7
File type data
Offset 447488
Size 75252
Entropy 4.33
PE imports
CryptDestroyKey
CryptReleaseContext
CryptEncrypt
CryptImportKey
CryptAcquireContextA
GetLastError
EnterCriticalSection
ReleaseMutex
TryEnterCriticalSection
ResumeThread
SetEvent
QueryPerformanceCounter
WaitForSingleObject
GetTickCount
TlsAlloc
GetHandleInformation
DeleteCriticalSection
GetAtomNameA
SetThreadPriority
GetCurrentProcessId
AddAtomA
GetCurrentProcess
UnhandledExceptionFilter
TlsGetValue
VirtualProtect
SetProcessAffinityMask
WaitForMultipleObjects
InterlockedCompareExchange
GetThreadContext
GetCurrentThread
SuspendThread
CreateMutexA
InterlockedExchangeAdd
CreateSemaphoreA
InterlockedExchange
SetUnhandledExceptionFilter
GetStartupInfoA
CloseHandle
GetSystemTimeAsFileTime
DuplicateHandle
GetThreadPriority
SetThreadContext
TerminateProcess
GetProcessAffinityMask
ReleaseSemaphore
ResetEvent
InitializeCriticalSection
VirtualQuery
CreateEventA
FindAtomA
InterlockedDecrement
Sleep
TlsSetValue
GetCurrentThreadId
LeaveCriticalSection
VirtualAlloc
SetLastError
InterlockedIncrement
strncmp
__lconv_init
malloc
realloc
memset
__dllonexit
_cexit
abort
fprintf
_setjmp3
printf
_fmode
_endthreadex
_amsg_exit
fputc
fwrite
_lock
_onexit
__initenv
fputs
exit
sprintf
memcmp
strlen
__setusermatherr
_acmdln
longjmp
_unlock
free
vfprintf
__getmainargs
calloc
_write
memcpy
memmove
signal
_beginthreadex
_initterm
__set_app_type
strcmp
_ftime
_iob
Number of PE resources by type
RT_VERSION 1
Number of PE resources by language
ENGLISH US 1
PE resources
ExifTool file metadata
UninitializedDataSize
1536

LinkerVersion
2.23

ImageVersion
1.0

FileVersionNumber
1.0.0.0

LanguageCode
English (U.S.)

FileFlagsMask
0x0000

FileDescription
Developed using the Dev-C++ IDE

ImageFileCharacteristics
No relocs, Executable, No line numbers, 32-bit

CharacterSet
Windows, Latin1

InitializedDataSize
361472

EntryPoint
0x14e0

MIMEType
application/octet-stream

FileVersion
1.0.0.0

TimeStamp
2018:10:12 08:17:04-07:00

FileType
Win32 EXE

PEType
PE32

ProductVersion
1.0.0.0

SubsystemVersion
4.0

OSVersion
4.0

FileOS
Unknown (0)

Subsystem
Windows GUI

MachineType
Intel 386 or later, and compatibles

CodeSize
86528

FileSubtype
0

ProductVersionNumber
1.0.0.0

FileTypeExtension
exe

ObjectFileType
Executable application

Execution parents
File identification
MD5 63ed397a4c52e7848cb26aceda5eef45
SHA1 521c5f6b98616db96457e0e2c15b70149890dde9
SHA256 c654d6f2831715d33b3b7411ac5c45eebf1d590a272acd56d861efddd4ef108d
ssdeep
12288:+kjc2qUtDag+IGflvn7N8ErKFmdSbb4zRMbGv:40azlv7N8qKFmgnaRMbGv

authentihash 4912cce05fa65727f3c5ea34b12cf7c59902529feefba45b375360d5d757817b
imphash 5fb912fe3f0c8bac0405e93d9b983d46
File size 510.5 KB ( 522740 bytes )
File type Win32 EXE
Magic literal
PE32 executable for MS Windows (GUI) Intel 80386 32-bit

TrID Win64 Executable (generic) (45.0%)
Microsoft Visual C++ compiled executable (generic) (26.9%)
Win32 Dynamic Link Library (generic) (10.7%)
Win32 Executable (generic) (7.3%)
OS/2 Executable (generic) (3.3%)
Tags
peexe overlay

VirusTotal metadata
First submission 2018-10-12 18:46:28 UTC ( 7 months, 2 weeks ago )
Last submission 2018-10-23 12:11:08 UTC ( 7 months ago )
File names output.114328969.txt
mara.sta
<SAMPLE.EXE>
stack.exe
No comments. No VirusTotal Community member has commented on this item yet, be the first one to do so!

Leave your comment...

?
Post comment

You have not signed in. Only registered users can leave comments, sign in and have a voice!

No votes. No one has voted on this item yet, be the first one to do so!
Condensed report! The following is a condensed report of the behaviour of the file when executed in a controlled environment. The actions and events described were either performed by the file itself or by any other process launched by the executed file or subjected to code injection by the executed file.
Opened files
Read files
Written files
Copied files
Created processes
Created mutexes
Opened mutexes
Opened service managers
Opened services
Runtime DLLs
HTTP requests
DNS requests
TCP connections