× Cookies are disabled! This site requires cookies to be enabled to work properly
SHA256: cc2f35db7acba5ad4ed96c420763da0781c7baa434cf767a5d203c00991a6c55
File name: cc2f35db7acba5ad4ed96c420763da0781c7baa434cf767a5d203c00991a6c55
Detection ratio: 16 / 69
Analysis date: 2018-09-30 12:29:39 UTC ( 5 months, 3 weeks ago ) View latest
Antivirus Result Update
Avast FileRepMalware 20180930
AVG FileRepMalware 20180930
Bkav W32.eHeur.Malware08 20180928
CrowdStrike Falcon (ML) malicious_confidence_90% (D) 20180723
Cylance Unsafe 20180930
Endgame malicious (high confidence) 20180730
ESET-NOD32 a variant of Win32/Kryptik.GLFC 20180930
GData Win32.Trojan-Ransom.GandCrab.N 20180930
Sophos ML heuristic 20180717
McAfee GenericRXGM-GZ!FC61E4D3C5D2 20180930
McAfee-GW-Edition BehavesLike.Win32.Generic.ch 20180930
Microsoft Trojan:Win32/Vigorf.A 20180930
Qihoo-360 HEUR/QVM10.1.3607.Malware.Gen 20180930
Rising Malware.Heuristic!ET#98% (RDM+:cmRtazog5yDgxtUszKtVCrgYoord) 20180930
SentinelOne (Static ML) static engine - malicious 20180926
Symantec ML.Attribute.HighConfidence 20180929
Ad-Aware 20180930
AegisLab 20180930
AhnLab-V3 20180930
Alibaba 20180921
ALYac 20180930
Antiy-AVL 20180930
Arcabit 20180930
Avast-Mobile 20180928
Avira (no cloud) 20180930
AVware 20180925
Babable 20180918
Baidu 20180930
BitDefender 20180930
CAT-QuickHeal 20180929
ClamAV 20180930
CMC 20180930
Comodo 20180930
Cybereason 20180225
Cyren 20180930
DrWeb 20180930
eGambit 20180930
Emsisoft 20180930
F-Prot 20180930
F-Secure 20180930
Fortinet 20180930
Ikarus 20180930
Jiangmin 20180930
K7AntiVirus 20180930
K7GW 20180930
Kaspersky 20180930
Kingsoft 20180930
Malwarebytes 20180930
MAX 20180930
eScan 20180930
NANO-Antivirus 20180930
Palo Alto Networks (Known Signatures) 20180930
Panda 20180930
Sophos AV 20180930
SUPERAntiSpyware 20180907
Symantec Mobile Insight 20180924
TACHYON 20180930
Tencent 20180930
TheHacker 20180927
TotalDefense 20180930
TrendMicro 20180930
TrendMicro-HouseCall 20180930
Trustlook 20180930
VBA32 20180928
VIPRE 20180930
ViRobot 20180930
Webroot 20180930
Yandex 20180927
Zillya 20180928
ZoneAlarm by Check Point 20180925
Zoner 20180927
The file being studied is a Portable Executable file! More specifically, it is a Win32 EXE file for the Windows GUI subsystem.
FileVersionInfo properties
PE header basic information
Target machine Intel 386 or later processors and compatible processors
Compilation timestamp 2017-07-07 08:45:35
Entry Point 0x00001D95
Number of sections 5
PE sections
PE imports
ReportEventW
GetNativeSystemInfo
GetLastError
InitializeCriticalSectionAndSpinCount
HeapFree
GetSystemTimeAsFileTime
EnterCriticalSection
LCMapStringW
FindFirstChangeNotificationA
LoadLibraryW
GlobalFree
GetOEMCP
QueryPerformanceCounter
IsDebuggerPresent
GetTickCount
TlsAlloc
GetEnvironmentStringsW
GetModuleFileNameA
RtlUnwind
GetStdHandle
IsProcessorFeaturePresent
HeapAlloc
GetStartupInfoA
DecodePointer
LocalAlloc
FreeEnvironmentStringsW
SetHandleCount
WideCharToMultiByte
UnhandledExceptionFilter
InterlockedDecrement
MultiByteToWideChar
HeapSize
GetFileInformationByHandle
GetCommandLineA
GetProcAddress
DeleteCriticalSection
AddAtomW
EncodePointer
GetStartupInfoW
GetModuleFileNameW
RaiseException
GetCPInfo
FillConsoleOutputCharacterA
TlsFree
GetModuleHandleA
HeapSetInformation
SetUnhandledExceptionFilter
lstrcpyA
GetCurrentProcess
GetMailslotInfo
GetComputerNameA
TerminateProcess
GetACP
HeapReAlloc
GetStringTypeW
GetModuleHandleW
FindAtomW
IsValidCodePage
HeapCreate
WriteFile
TlsGetValue
Sleep
GetFileType
TlsSetValue
ExitProcess
GetCurrentThreadId
InterlockedIncrement
GetCurrentProcessId
SetLastError
LeaveCriticalSection
ExtractIconA
GetDesktopWindow
EndPaint
GetParent
GetMenu
ExifTool file metadata
MIMEType
application/octet-stream

Subsystem
Windows GUI

MachineType
Intel 386 or later, and compatibles

FileTypeExtension
exe

TimeStamp
2017:07:07 10:45:35+02:00

FileType
Win32 EXE

PEType
PE32

CodeSize
134656

LinkerVersion
10.0

ImageFileCharacteristics
Executable, 32-bit

EntryPoint
0x1d95

InitializedDataSize
37888

SubsystemVersion
5.1

ImageVersion
0.0

OSVersion
5.1

UninitializedDataSize
0

File identification
MD5 fc61e4d3c5d20310ce14e5681e3fb134
SHA1 a95a3c48ad93835524c366e094dc89dfa382321f
SHA256 cc2f35db7acba5ad4ed96c420763da0781c7baa434cf767a5d203c00991a6c55
ssdeep
3072:7kwpH8Mm/zXDH1+5cmsmRBp4gbQ+So3qr3WjQqv98Dncs4bvaBNj8w:7kw58z/z7o5Vtp4gMo3qrGUqv98Dncsy

authentihash 0d785e393abd17551c3e2bccaceeab1f17cf966adacfb5fd3705c7cc1a0677c9
imphash 11eda8ae7e60a11f7dc8c75e02190de6
File size 166.0 KB ( 169984 bytes )
File type Win32 EXE
Magic literal
PE32 executable for MS Windows (GUI) Intel 80386 32-bit

TrID Win32 Executable MS Visual C++ (generic) (41.0%)
Win64 Executable (generic) (36.3%)
Win32 Dynamic Link Library (generic) (8.6%)
Win32 Executable (generic) (5.9%)
OS/2 Executable (generic) (2.6%)
Tags
peexe

VirusTotal metadata
First submission 2018-09-30 12:29:39 UTC ( 5 months, 3 weeks ago )
Last submission 2018-09-30 12:29:39 UTC ( 5 months, 3 weeks ago )
No comments. No VirusTotal Community member has commented on this item yet, be the first one to do so!

Leave your comment...

?
Post comment

You have not signed in. Only registered users can leave comments, sign in and have a voice!

No votes. No one has voted on this item yet, be the first one to do so!
Condensed report! The following is a condensed report of the behaviour of the file when executed in a controlled environment. The actions and events described were either performed by the file itself or by any other process launched by the executed file or subjected to code injection by the executed file.
Opened files
Read files
Written files
Copied files
Deleted files
Created processes
Shell commands
Created mutexes
Opened mutexes
Opened service managers
Opened services
Runtime DLLs
HTTP requests
TCP connections