× Cookies are disabled! This site requires cookies to be enabled to work properly
SHA256: c7c8d2c271f2eb4032c8788467bf44b94e38771f317be4cf86aad286950e1179
File name: logo.png
Detection ratio: 13 / 65
Analysis date: 2017-08-22 09:39:13 UTC ( 1 year, 6 months ago ) View latest
Antivirus Result Update
Baidu Win32.Trojan.WisdomEyes.16070401.9500.9708 20170822
CrowdStrike Falcon (ML) malicious_confidence_100% (D) 20170804
Cylance Unsafe 20170822
Endgame malicious (high confidence) 20170821
Fortinet W32/Generic.AP.100C66!tr 20170822
Sophos ML heuristic 20170822
McAfee-GW-Edition BehavesLike.Win32.VirRansom.hh 20170822
Palo Alto Networks (Known Signatures) generic.ml 20170822
Qihoo-360 HEUR/QVM20.1.54F3.Malware.Gen 20170822
Rising Trojan.GenKryptik!8.AA55 (tfe:2:qJTMRZXgq7C) 20170822
SentinelOne (Static ML) static engine - malicious 20170806
Webroot W32.Trojan.Gen 20170822
WhiteArmor Malware.HighConfidence 20170817
Ad-Aware 20170822
AegisLab 20170822
AhnLab-V3 20170822
Alibaba 20170822
ALYac 20170822
Antiy-AVL 20170822
Arcabit 20170822
Avast 20170822
AVG 20170822
Avira (no cloud) 20170822
AVware 20170822
BitDefender 20170822
Bkav 20170822
CAT-QuickHeal 20170822
ClamAV 20170822
CMC 20170822
Comodo 20170822
Cyren 20170822
DrWeb 20170822
Emsisoft 20170822
ESET-NOD32 20170822
F-Prot 20170822
F-Secure 20170822
GData 20170822
Ikarus 20170822
Jiangmin 20170822
K7AntiVirus 20170822
K7GW 20170821
Kaspersky 20170822
Kingsoft 20170822
Malwarebytes 20170822
MAX 20170822
McAfee 20170822
Microsoft 20170822
eScan 20170822
NANO-Antivirus 20170822
nProtect 20170822
Panda 20170821
Sophos AV 20170822
SUPERAntiSpyware 20170822
Symantec 20170822
Symantec Mobile Insight 20170822
Tencent 20170822
TheHacker 20170821
TotalDefense 20170822
TrendMicro 20170822
TrendMicro-HouseCall 20170822
Trustlook 20170822
VBA32 20170821
VIPRE 20170822
ViRobot 20170822
Yandex 20170821
Zillya 20170821
ZoneAlarm by Check Point 20170822
Zoner 20170822
The file being studied is a Portable Executable file! More specifically, it is a Win32 EXE file for the Windows GUI subsystem.
PE header basic information
Target machine Intel 386 or later processors and compatible processors
Compilation timestamp 2015-01-02 14:18:20
Entry Point 0x000232D0
Number of sections 4
PE sections
PE imports
TextOutA
DeleteDC
GetLastError
lstrlenA
lstrcmpA
GetModuleHandleA
lstrcatA
GetCommandLineW
GetCurrentDirectoryA
ExitProcess
GetStartupInfoA
HeapAlloc
CreateFileA
GetCommandLineA
GetProcessHeap
CommandLineToArgvW
DrawTextA
GetMessageA
SetTimer
LoadCursorA
EnableWindow
wsprintfA
DispatchMessageA
EndPaint
BeginPaint
TranslateMessage
SendMessageA
MessageBoxA
CreateWindowExA
PostQuitMessage
DefWindowProcA
ShowWindow
MessageBeep
DestroyWindow
UpdateWindow
LoadStringA
RegisterClassExA
ExifTool file metadata
MIMEType
application/octet-stream

Subsystem
Windows GUI

MachineType
Intel 386 or later, and compatibles

TimeStamp
2015:01:02 15:18:20+01:00

FileType
Win32 EXE

PEType
PE32

CodeSize
372224

LinkerVersion
9.0

FileTypeExtension
exe

InitializedDataSize
141824

SubsystemVersion
5.0

EntryPoint
0x232d0

OSVersion
5.0

ImageVersion
0.0

UninitializedDataSize
0

Execution parents
Compressed bundles
PCAP parents
File identification
MD5 6c0311d051d5e84fff21ec1e3bb295c0
SHA1 872d68da9e989c4dc8d34201f6b8a230f75848e9
SHA256 c7c8d2c271f2eb4032c8788467bf44b94e38771f317be4cf86aad286950e1179
ssdeep
6144:DxTjdg6icjUQXVgqKf2wL4OSRcUqF/RNmaSMyeA19QydAaY7tae2snkbaZMyNfk:tdDHpX1OSRcUqdCW+LSHWskbTy

authentihash 403b66e090fce7864171fcc4ef55137f37bd65b20d29043a36951eb3ebf76c7f
imphash df77afebac7b480cb101545f68df7962
File size 502.5 KB ( 514560 bytes )
File type Win32 EXE
Magic literal
PE32 executable for MS Windows (GUI) Intel 80386 32-bit

TrID Win32 Executable MS Visual C++ (generic) (41.0%)
Win64 Executable (generic) (36.3%)
Win32 Dynamic Link Library (generic) (8.6%)
Win32 Executable (generic) (5.9%)
OS/2 Executable (generic) (2.6%)
Tags
peexe

VirusTotal metadata
First submission 2017-08-22 09:39:13 UTC ( 1 year, 6 months ago )
Last submission 2018-05-19 03:51:13 UTC ( 9 months, 1 week ago )
File names ahkjhx.exe
Ufipks.exe
iqaxxfyb.exe
sgpfl.exe
6c0311d051d5e84fff21ec1e3bb295c0.vir
logo.png
Trickbot
6c0311d051d5e84fff21ec1e3bb295c0.virobj
logo.png
Vgjqlt.exe
No comments. No VirusTotal Community member has commented on this item yet, be the first one to do so!

Leave your comment...

?
Post comment

You have not signed in. Only registered users can leave comments, sign in and have a voice!

No votes. No one has voted on this item yet, be the first one to do so!
Condensed report! The following is a condensed report of the behaviour of the file when executed in a controlled environment. The actions and events described were either performed by the file itself or by any other process launched by the executed file or subjected to code injection by the executed file.
Opened files
Read files
Written files
Copied files
Deleted files
Created processes
Terminated processes
Created mutexes
Opened mutexes
Opened service managers
Opened services
Runtime DLLs
HTTP requests
DNS requests
TCP connections
UDP communications