× Cookies are disabled! This site requires cookies to be enabled to work properly
SHA256: c837d83ae2278f21106a97b46fd2c58396c36b64044dc3a7e7243d9db5946769
File name: 9fefd98c71bc929d2f726c733c03c6d256c26d42
Detection ratio: 28 / 72
Analysis date: 2018-12-29 11:51:51 UTC ( 1 month, 2 weeks ago ) View latest
Antivirus Result Update
Ad-Aware Trojan.GenericKD.40872746 20181229
AhnLab-V3 Trojan/Win32.Injector.C2906021 20181228
ALYac Trojan.GenericKD.40872746 20181229
Arcabit Trojan.Generic.D26FAB2A 20181229
Avast Win32:PWSX-gen [Trj] 20181229
AVG Win32:PWSX-gen [Trj] 20181229
BitDefender Trojan.GenericKD.40872746 20181229
CrowdStrike Falcon (ML) malicious_confidence_60% (D) 20181022
Cylance Unsafe 20181229
Emsisoft Trojan.GenericKD.40872746 (B) 20181229
Endgame malicious (high confidence) 20181108
ESET-NOD32 a variant of Win32/Kryptik.GODF 20181229
F-Secure Trojan.GenericKD.40872746 20181229
Fortinet W32/Kryptik.GOBG!tr 20181229
GData Trojan.GenericKD.40872746 20181229
Jiangmin TrojanSpy.Stealer.acd 20181229
Kaspersky Trojan-Spy.Win32.Ursnif.afzg 20181229
Malwarebytes Trojan.MalPack.GS 20181229
MAX malware (ai score=81) 20181229
Microsoft Trojan:Win32/Fuerboos.C!cl 20181229
eScan Trojan.GenericKD.40872746 20181229
Panda Generic Suspicious 20181228
Qihoo-360 HEUR/QVM10.1.3051.Malware.Gen 20181229
Rising Malware.Obscure/Heur!1.A89E (CLASSIC) 20181229
Trapmine malicious.high.ml.score 20181205
VBA32 BScope.Trojan.Chapak 20181229
Webroot W32.Trojan.Gen 20181229
ZoneAlarm by Check Point Trojan-Spy.Win32.Ursnif.afzg 20181229
Acronis 20181227
AegisLab 20181229
Alibaba 20180921
Antiy-AVL 20181229
Avast-Mobile 20181228
Avira (no cloud) 20181228
AVware 20180925
Babable 20180918
Baidu 20181207
Bkav 20181227
CAT-QuickHeal 20181228
ClamAV 20181229
CMC 20181228
Comodo 20181229
Cybereason 20180225
Cyren 20181229
DrWeb 20181229
eGambit 20181229
F-Prot 20181229
Ikarus 20181228
Sophos ML 20181128
K7AntiVirus 20181229
K7GW 20181229
Kingsoft 20181229
McAfee 20181229
McAfee-GW-Edition 20181229
NANO-Antivirus 20181229
Palo Alto Networks (Known Signatures) 20181229
SentinelOne (Static ML) 20181223
Sophos AV 20181229
SUPERAntiSpyware 20181226
Symantec 20181228
Symantec Mobile Insight 20181225
TACHYON 20181229
Tencent 20181229
TheHacker 20181225
TotalDefense 20181229
TrendMicro 20181229
TrendMicro-HouseCall 20181229
Trustlook 20181229
VIPRE 20181229
ViRobot 20181228
Yandex 20181229
Zillya 20181228
Zoner 20181229
The file being studied is a Portable Executable file! More specifically, it is a Win32 EXE file for the Windows GUI subsystem.
FileVersionInfo properties
PE header basic information
Target machine Intel 386 or later processors and compatible processors
Compilation timestamp 2017-09-01 14:23:05
Entry Point 0x00012C13
Number of sections 4
PE sections
PE imports
BackupEventLogW
OpenServiceW
ChangeServiceConfigW
ClearEventLogW
SetStretchBltMode
CreateDiscardableBitmap
SetViewportOrgEx
GetLastError
InitializeCriticalSectionAndSpinCount
HeapFree
GetStdHandle
EnterCriticalSection
LCMapStringW
FindFirstChangeNotificationA
LoadLibraryW
GlobalFree
GetOEMCP
QueryPerformanceCounter
IsDebuggerPresent
GetTickCount
SetProcessShutdownParameters
TlsAlloc
GetEnvironmentStringsW
LoadLibraryA
RtlUnwind
ExitThread
IsProcessorFeaturePresent
DeleteCriticalSection
EnumTimeFormatsW
DecodePointer
GetCurrentProcessId
GetCommandLineW
GetCPInfo
UnhandledExceptionFilter
TlsGetValue
MultiByteToWideChar
HeapSize
SetHandleCount
GetProcAddress
AddAtomW
GetStartupInfoW
ExitProcess
GetModuleFileNameW
FindResourceExA
RaiseException
WideCharToMultiByte
FillConsoleOutputCharacterA
TlsFree
FreeEnvironmentStringsW
HeapSetInformation
SetUnhandledExceptionFilter
WriteFile
GetCurrentProcess
GetSystemTimeAsFileTime
GetSystemTimes
GetACP
HeapReAlloc
GetStringTypeW
GetModuleHandleW
HeapAlloc
TerminateProcess
GetProcessShutdownParameters
IsValidCodePage
HeapCreate
InterlockedDecrement
Sleep
GetFileType
TlsSetValue
GetProcessVersion
EncodePointer
GetCurrentThreadId
InterlockedIncrement
SetLastError
LeaveCriticalSection
ShellExecuteW
MapWindowPoints
UpdateWindow
MapVirtualKeyW
GetNextDlgGroupItem
SendDlgItemMessageA
GetRegisteredRawInputDevices
LookupIconIdFromDirectory
LoadCursorFromFileA
LoadBitmapA
GetMessageExtraInfo
PeekMessageA
LoadKeyboardLayoutA
GetClipboardSequenceNumber
DlgDirSelectExA
SetParent
CloseClipboard
GetNextDlgTabItem
RealGetWindowClassA
LoadImageW
DefDlgProcA
MapVirtualKeyExW
LoadIconW
UserHandleGrantAccess
ScrollWindow
GetUpdateRect
PE exports
Number of PE resources by type
RT_BITMAP 3
RT_ICON 1
RT_VERSION 1
RT_GROUP_ICON 1
Number of PE resources by language
SERBIAN DEFAULT 6
PE resources
ExifTool file metadata
UninitializedDataSize
0

LinkerVersion
10.0

ImageVersion
0.0

FileVersionNumber
7.0.0.0

LanguageCode
Unknown (457A)

FileFlagsMask
0x004f

ImageFileCharacteristics
Executable, Large address aware, 32-bit

CharacterSet
Unknown (A56B)

InitializedDataSize
188928

EntryPoint
0x12c13

MIMEType
application/octet-stream

LegalCopyright
Copyright (C) 2018, wapif

FileVersion
8.9.2.6

TimeStamp
2017:09:01 16:23:05+02:00

FileType
Win32 EXE

PEType
PE32

InternalName
pubaxel.exe

ProductVersion
8.9.2.6

SubsystemVersion
5.1

OSVersion
5.1

FileOS
Unknown (0x40534)

Subsystem
Windows GUI

MachineType
Intel 386 or later, and compatibles

CodeSize
97792

FileSubtype
0

ProductVersionNumber
3.0.0.0

FileTypeExtension
exe

ObjectFileType
Executable application

File identification
MD5 3e81c5c662bdf1a81c72ee3c5a470a12
SHA1 9fefd98c71bc929d2f726c733c03c6d256c26d42
SHA256 c837d83ae2278f21106a97b46fd2c58396c36b64044dc3a7e7243d9db5946769
ssdeep
3072:443p+f86g3vhc5jNew7ERXSvERb+0q2SgzNKBWVSyW2NS6ANuUznuf:gkrC5h+MwbPigzNKBWVSyW2NS6ANuUz6

authentihash ead9f2e86b89a2f707e831619cbd30202bf48ed09b7f92e4af8bcb0305b10350
imphash 25d0a1c46e163a33cacf71f98a1b9ddc
File size 176.5 KB ( 180736 bytes )
File type Win32 EXE
Magic literal
PE32 executable for MS Windows (GUI) Intel 80386 32-bit

TrID Win32 Executable MS Visual C++ (generic) (40.0%)
Win64 Executable (generic) (35.4%)
Win32 Dynamic Link Library (generic) (8.4%)
Win32 Executable (generic) (5.7%)
OS/2 Executable (generic) (2.6%)
Tags
peexe

VirusTotal metadata
First submission 2018-12-29 11:51:51 UTC ( 1 month, 2 weeks ago )
Last submission 2018-12-29 11:51:51 UTC ( 1 month, 2 weeks ago )
No comments. No VirusTotal Community member has commented on this item yet, be the first one to do so!

Leave your comment...

?
Post comment

You have not signed in. Only registered users can leave comments, sign in and have a voice!

No votes. No one has voted on this item yet, be the first one to do so!
Condensed report! The following is a condensed report of the behaviour of the file when executed in a controlled environment. The actions and events described were either performed by the file itself or by any other process launched by the executed file or subjected to code injection by the executed file.
Opened files
Read files
Written files
Deleted files
Created processes
Shell commands
Code injections in the following processes
Created mutexes
Opened mutexes
Searched windows
Opened service managers
Runtime DLLs
HTTP requests
DNS requests
TCP connections
UDP communications