× Cookies are disabled! This site requires cookies to be enabled to work properly
SHA256: ca02686098ebf151605eb1df2afc9b6c2833e2c81aa5ae3f6fae77ab058e5edf
File name: PLKn2zdULIbj9.exe
Detection ratio: 9 / 68
Analysis date: 2017-11-11 11:45:21 UTC ( 10 months, 2 weeks ago ) View latest
Antivirus Result Update
Baidu Win32.Trojan.WisdomEyes.16070401.9500.9998 20171109
CrowdStrike Falcon (ML) malicious_confidence_100% (D) 20171016
Cylance Unsafe 20171111
eGambit Unsafe.AI_Score_100% 20171111
Endgame malicious (moderate confidence) 20171024
Fortinet W32/GenKryptik.AVEL!tr.ransom 20171111
Sophos ML heuristic 20170914
Qihoo-360 HEUR/QVM20.1.1D38.Malware.Gen 20171111
SentinelOne (Static ML) static engine - malicious 20171019
Ad-Aware 20171111
AegisLab 20171111
AhnLab-V3 20171111
Alibaba 20170911
ALYac 20171110
Antiy-AVL 20171111
Arcabit 20171110
Avast 20171111
Avast-Mobile 20171111
AVG 20171111
Avira (no cloud) 20171111
AVware 20171111
BitDefender 20171111
Bkav 20171111
CAT-QuickHeal 20171110
ClamAV 20171111
CMC 20171109
Comodo 20171111
Cybereason 20171030
Cyren 20171111
DrWeb 20171111
Emsisoft 20171111
ESET-NOD32 20171111
F-Prot 20171111
F-Secure 20171111
GData 20171111
Ikarus 20171111
Jiangmin 20171110
K7AntiVirus 20171111
K7GW 20171111
Kaspersky 20171111
Kingsoft 20171111
Malwarebytes 20171111
MAX 20171111
McAfee 20171111
McAfee-GW-Edition 20171111
Microsoft 20171111
eScan 20171111
NANO-Antivirus 20171111
nProtect 20171111
Palo Alto Networks (Known Signatures) 20171111
Panda 20171111
Rising 20171111
Sophos AV 20171111
SUPERAntiSpyware 20171111
Symantec 20171110
Symantec Mobile Insight 20171110
Tencent 20171111
TheHacker 20171102
TotalDefense 20171111
TrendMicro 20171111
TrendMicro-HouseCall 20171111
Trustlook 20171111
VBA32 20171110
VIPRE 20171111
ViRobot 20171111
Webroot 20171111
WhiteArmor 20171104
Yandex 20171110
Zillya 20171110
ZoneAlarm by Check Point 20171111
Zoner 20171111
The file being studied is a Portable Executable file! More specifically, it is a Win32 EXE file for the Windows GUI subsystem.
PE header basic information
Target machine Intel 386 or later processors and compatible processors
Compilation timestamp 2017-11-11 11:40:31
Entry Point 0x0000101E
Number of sections 5
PE sections
PE imports
FindFirstFreeAce
AddAccessDeniedObjectAce
GetOldestEventLogRecord
GetCurrentHwProfileA
GetOpenFileNameW
GetDeviceCaps
CreateMetaFileA
FillRgn
EnumSystemCodePagesW
GetACP
ConvertFiberToThread
GetProfileSectionA
GlobalFindAtomW
GetShortPathNameW
GetVersion
GetCurrentThreadId
GetBinaryTypeW
GetSystemDefaultLangID
GetPrivateProfileSectionNamesW
GetEnvironmentStringsW
SwitchToThread
lstrcmpW
GetCurrentThread
CopyFileExW
GetPrivateProfileStringW
GetNumaNodeProcessorMask
MprAdminMIBEntryCreate
acmDriverAddW
VariantChangeType
SetupDiGetActualSectionToInstallW
SHGetFileInfoA
PathFindNextComponentW
FreeContextBuffer
GetUserNameExA
IsCharAlphaW
GetUserObjectInformationW
GetMessageExtraInfo
LoadIconW
GetDlgItemTextW
IsCharLowerW
GetWindowWord
GetMenuItemID
GetPrinterDriverW
GetStandardColorSpaceProfileW
fwprintf
strncmp
mbtowc
memset
CoRegisterClassObject
IsValidURL
ExifTool file metadata
MIMEType
application/octet-stream

Subsystem
Windows GUI

MachineType
Intel 386 or later, and compatibles

FileTypeExtension
exe

TimeStamp
2017:11:11 12:40:31+01:00

FileType
Win32 EXE

PEType
PE32

CodeSize
1104966662

LinkerVersion
12.0

EntryPoint
0x101e

InitializedDataSize
12288

SubsystemVersion
5.0

ImageVersion
0.0

OSVersion
5.0

UninitializedDataSize
0

File identification
MD5 cea353485e92f60f41d3ae34d2d07f36
SHA1 5c8f87a57b1b30d35604eeafdc9558a96448dfc4
SHA256 ca02686098ebf151605eb1df2afc9b6c2833e2c81aa5ae3f6fae77ab058e5edf
ssdeep
3072:aL2hxFDslPl8Iziwd0VqJ0oDjbk9Ex3fx35tUZ+:phxFDsRbiwd0ZuHfx35tUc

authentihash d0972cfb99fce8d6b0e4ee7a4b01e4c9296366e777b79288d9f41262a07ef75b
imphash a037ed9b182179f0133a72d63b2d306f
File size 227.0 KB ( 232448 bytes )
File type Win32 EXE
Magic literal
PE32 executable for MS Windows (GUI) Intel 80386 32-bit system file

TrID Win32 Dynamic Link Library (generic) (43.5%)
Win32 Executable (generic) (29.8%)
Generic Win/DOS Executable (13.2%)
DOS Executable Generic (13.2%)
Tags
peexe

VirusTotal metadata
First submission 2017-11-11 11:45:21 UTC ( 10 months, 2 weeks ago )
Last submission 2017-12-12 21:00:12 UTC ( 9 months, 2 weeks ago )
File names a.exe
PLKn2zdULIbj9.exe
No comments. No VirusTotal Community member has commented on this item yet, be the first one to do so!

Leave your comment...

?
Post comment

You have not signed in. Only registered users can leave comments, sign in and have a voice!

No votes. No one has voted on this item yet, be the first one to do so!
Condensed report! The following is a condensed report of the behaviour of the file when executed in a controlled environment. The actions and events described were either performed by the file itself or by any other process launched by the executed file or subjected to code injection by the executed file.
Opened files
Read files
Opened mutexes
Runtime DLLs
UDP communications