× Cookies are disabled! This site requires cookies to be enabled to work properly
SHA256: cd41e782df3aa8083a49e0c9226ae9394c77e1a6376f79148fc87323d5b1130f
File name: scan_69452.exe
Detection ratio: 11 / 62
Analysis date: 2017-03-27 16:01:39 UTC ( 2 years ago ) View latest
Antivirus Result Update
Baidu Win32.Trojan.WisdomEyes.16070401.9500.9981 20170327
CrowdStrike Falcon (ML) malicious_confidence_100% (D) 20170130
Endgame malicious (high confidence) 20170317
ESET-NOD32 a variant of Win32/Injector.DNBX 20170327
Sophos ML ransom.win32.crowti.a 20170203
Palo Alto Networks (Known Signatures) generic.ml 20170327
Qihoo-360 HEUR/QVM07.1.0000.Malware.Gen 20170327
SentinelOne (Static ML) static engine - malicious 20170315
Symantec ML.Attribute.HighConfidence 20170327
Tencent Win32.Trojan.Inject.Auto 20170327
Webroot Malicious 20170327
Ad-Aware 20170327
AegisLab 20170327
AhnLab-V3 20170327
Alibaba 20170327
ALYac 20170327
Antiy-AVL 20170327
Arcabit 20170327
Avast 20170327
AVG 20170327
Avira (no cloud) 20170327
AVware 20170327
BitDefender 20170327
Bkav 20170326
CAT-QuickHeal 20170327
ClamAV 20170327
CMC 20170327
Comodo 20170325
Cyren 20170327
DrWeb 20170327
Emsisoft 20170327
F-Prot 20170327
F-Secure 20170327
Fortinet 20170327
GData 20170327
Ikarus 20170327
Jiangmin 20170327
K7AntiVirus 20170327
K7GW 20170327
Kaspersky 20170327
Kingsoft 20170327
Malwarebytes 20170327
McAfee 20170327
McAfee-GW-Edition 20170327
Microsoft 20170327
eScan 20170327
NANO-Antivirus 20170327
nProtect 20170327
Panda 20170327
Rising None
Sophos AV 20170327
SUPERAntiSpyware 20170327
Symantec Mobile Insight 20170326
TheHacker 20170327
TotalDefense 20170327
TrendMicro 20170327
TrendMicro-HouseCall 20170327
Trustlook 20170327
VBA32 20170327
VIPRE 20170327
ViRobot 20170327
WhiteArmor 20170327
Yandex 20170327
Zillya 20170327
ZoneAlarm by Check Point 20170327
Zoner 20170327
The file being studied is a Portable Executable file! More specifically, it is a Win32 EXE file for the Windows GUI subsystem.
PE header basic information
Target machine Intel 386 or later processors and compatible processors
Compilation timestamp 2017-03-17 18:06:28
Entry Point 0x0000303F
Number of sections 6
PE sections
Overlays
MD5 e52f12ee4dfeb434e304fcd7e622f2c0
File type data
Offset 77824
Size 69986
Entropy 7.99
PE imports
GetStartupInfoA
lstrcpyA
CreateFileA
GetModuleFileNameA
VirtualAlloc
GetModuleHandleW
Ord(1775)
Ord(4080)
Ord(537)
Ord(4710)
Ord(3597)
Ord(3136)
Ord(925)
Ord(2124)
Ord(755)
Ord(3798)
Ord(6052)
Ord(3259)
Ord(2446)
Ord(2370)
Ord(2915)
Ord(4353)
Ord(2514)
Ord(4425)
Ord(5277)
Ord(4441)
Ord(4465)
Ord(2863)
Ord(5300)
Ord(4627)
Ord(1168)
Ord(3738)
Ord(4853)
Ord(2982)
Ord(4234)
Ord(825)
Ord(3081)
Ord(5199)
Ord(5307)
Ord(4424)
Ord(540)
Ord(4078)
Ord(2554)
Ord(6376)
Ord(1727)
Ord(912)
Ord(2379)
Ord(2725)
Ord(4998)
Ord(800)
Ord(656)
Ord(3749)
Ord(2512)
Ord(470)
Ord(4274)
Ord(5261)
Ord(4079)
Ord(1146)
Ord(3147)
Ord(6375)
Ord(2621)
Ord(400)
Ord(2366)
Ord(3262)
Ord(2289)
Ord(1576)
Ord(5856)
Ord(5065)
Ord(4407)
Ord(5520)
Ord(4204)
Ord(3346)
Ord(858)
Ord(2396)
Ord(3831)
Ord(6374)
Ord(5280)
Ord(3825)
Ord(2976)
Ord(1089)
Ord(773)
Ord(2985)
Ord(3922)
Ord(2818)
Ord(4376)
Ord(324)
Ord(3830)
Ord(2385)
Ord(4278)
Ord(3079)
Ord(6334)
Ord(2055)
Ord(4837)
Ord(5241)
Ord(2648)
Ord(5714)
Ord(5289)
Ord(4622)
Ord(561)
Ord(4486)
Ord(4698)
Ord(5163)
Ord(5265)
Ord(4673)
Ord(5302)
Ord(860)
Ord(5731)
Ord(4194)
__p__fmode
__CxxFrameHandler
_ftol
__dllonexit
_except_handler3
?terminate@@YAXXZ
log
fabs
_mbscmp
sqrt
_onexit
exit
_XcptFilter
__setusermatherr
__p__commode
_acmdln
atan
_adjust_fdiv
__getmainargs
atof
_exit
_setmbcp
cos
sin
exp
_initterm
_controlfp
__set_app_type
GetSystemMetrics
AppendMenuA
EnableWindow
DrawIcon
FindWindowW
SendMessageA
GetClientRect
GetSystemMenu
IsIconic
LoadIconA
Number of PE resources by type
RT_ICON 6
RT_DIALOG 2
RT_GROUP_ICON 2
RT_STRING 1
RT_VERSION 1
Number of PE resources by language
CHINESE SIMPLIFIED 7
NEUTRAL 5
PE resources
ExifTool file metadata
MIMEType
application/octet-stream

Subsystem
Windows GUI

MachineType
Intel 386 or later, and compatibles

TimeStamp
2017:03:17 19:06:28+01:00

FileType
Win32 EXE

PEType
PE32

CodeSize
12288

LinkerVersion
6.8

Warning
Invalid Version Info block

FileTypeExtension
exe

InitializedDataSize
61440

SubsystemVersion
4.0

EntryPoint
0x303f

OSVersion
4.0

ImageVersion
0.0

UninitializedDataSize
61440

File identification
MD5 b41c8d5ff882e8b4182a6a038a345058
SHA1 9ca2542a543e3793445d0cb48b4952c81c5e62c5
SHA256 cd41e782df3aa8083a49e0c9226ae9394c77e1a6376f79148fc87323d5b1130f
ssdeep
3072:AEAjgS2k3uvWiYlyMnhalilyt6rOYzHmVPjEhT:/AjKWutMnsOhiuHWPjYT

authentihash 0c8b8817e930265c8e5658367dc35d04826b306581ef20db5561e81e48f3c5bf
imphash cdb4cc345f4187bbf42eeb5c22938afb
File size 144.3 KB ( 147810 bytes )
File type Win32 EXE
Magic literal
PE32 executable for MS Windows (GUI) Intel 80386 32-bit

TrID Win32 Executable MS Visual C++ (generic) (42.2%)
Win64 Executable (generic) (37.3%)
Win32 Dynamic Link Library (generic) (8.8%)
Win32 Executable (generic) (6.0%)
Generic Win/DOS Executable (2.7%)
Tags
peexe overlay

VirusTotal metadata
First submission 2017-03-27 16:01:39 UTC ( 2 years ago )
Last submission 2017-05-11 11:47:47 UTC ( 1 year, 11 months ago )
File names scan_86892.exe
5b1130f.exe
scan_76680.exe
scan_69452.exe
Win32.Trojan.Agent@cd41e782df3aa8083a49e0c9226ae9394c77e1a6376f79148fc87323d5b1130f.bin
cd41e782df3aa8083a49e0c9226ae9394c77e1a6376f79148fc87323d5b1130f.bin.exe
Advanced heuristic and reputation engines
Behaviour characterization
Zemana
dll-injection

No comments. No VirusTotal Community member has commented on this item yet, be the first one to do so!

Leave your comment...

?
Post comment

You have not signed in. Only registered users can leave comments, sign in and have a voice!

No votes. No one has voted on this item yet, be the first one to do so!