× Cookies are disabled! This site requires cookies to be enabled to work properly
SHA256: cdac07bfc91124d2c015bcee10ffcf90480b75ed2b996938240cefda06fed0c9
File name: 11b0cd9c-933b-11e7-a93f-80e65024849a.file
Detection ratio: 57 / 68
Analysis date: 2019-03-06 04:03:27 UTC ( 2 weeks, 4 days ago )
Antivirus Result Update
Acronis suspicious 20190222
Ad-Aware Generic.StealerA.C6E54A6D 20190306
AhnLab-V3 Trojan/Win32.Tepfer.R77902 20190305
ALYac Generic.StealerA.C6E54A6D 20190306
Antiy-AVL Trojan[PSW]/Win32.Tepfer 20190306
Arcabit Generic.StealerA.C6E54A6D 20190306
Avast Win32:Evo-gen [Susp] 20190306
AVG Win32:Evo-gen [Susp] 20190306
Avira (no cloud) TR/PSW.Fareit.iloen 20190306
Baidu Win32.Trojan-PSW.Fareit.a 20190215
BitDefender Generic.StealerA.C6E54A6D 20190306
CAT-QuickHeal PWS.Fareit.E3 20190304
ClamAV Win.Trojan.Fareit-403 20190305
Comodo TrojWare.Win32.PWS.Fareit.GS@5t8zib 20190306
CrowdStrike Falcon (ML) win/malicious_confidence_90% (W) 20190212
Cybereason malicious.f6d4f6 20190109
Cyren W32/Tepfer.R.gen!Eldorado 20190306
DrWeb Trojan.PWS.Stealer.1932 20190306
eGambit Unsafe.AI_Score_99% 20190306
Emsisoft Generic.StealerA.C6E54A6D (B) 20190306
Endgame malicious (moderate confidence) 20190215
ESET-NOD32 a variant of Win32/PSW.Fareit.A 20190306
F-Prot W32/Tepfer.R.gen!Eldorado 20190306
F-Secure Trojan.TR/PSW.Fareit.iloen 20190306
Fortinet W32/Agent.NTM!tr 20190306
GData Win32.Trojan-Stealer.Zbot.AB 20190306
Ikarus Trojan-Spy.Fareit 20190305
Sophos ML heuristic 20181128
Jiangmin Trojan.PSW.Tepfer.alg 20190306
K7AntiVirus Password-Stealer ( 0040f4f51 ) 20190304
K7GW Password-Stealer ( 0040f4f51 ) 20190306
Kaspersky Trojan-PSW.Win32.Tepfer.gen 20190306
Kingsoft Win32.PSWTroj.Tepfer.g.(kcloud) 20190306
Malwarebytes Spyware.Pony 20190306
MAX malware (ai score=100) 20190306
McAfee Artemis!8C039EAF6D4F 20190306
McAfee-GW-Edition BehavesLike.Win32.PWSZbot.nc 20190305
Microsoft PWS:Win32/Fareit.C!bit 20190306
eScan Generic.StealerA.C6E54A6D 20190306
NANO-Antivirus Trojan.Win32.Siggen.evgeyh 20190306
Palo Alto Networks (Known Signatures) generic.ml 20190306
Panda Trj/Genetic.gen 20190303
Qihoo-360 Win32/Trojan.PSW.5cd 20190306
Rising Stealer.Fareit!8.170 (CLOUD) 20190306
SentinelOne (Static ML) static engine - malicious 20190203
Sophos AV Mal/Pony-A 20190306
Symantec Trojan.Gen.MBT 20190305
Tencent Win32.Trojan-qqpass.Qqrob.Eadf 20190306
TheHacker Posible_Worm32 20190304
Trapmine malicious.high.ml.score 20190301
TrendMicro-HouseCall BKDR_PONY.SM 20190306
VBA32 BScope.Malware-Cryptor.Ponik 20190305
VIPRE Trojan.Win32.Fareit.gi (v) 20190306
ViRobot Backdoor.Win32.Pony.Gen.A 20190305
Webroot Trojanspy:Win32/Fitmu.A 20190306
Yandex Trojan.PonyPass.Gen.LH 20190305
ZoneAlarm by Check Point Trojan-PSW.Win32.Tepfer.gen 20190306
AegisLab 20190306
Alibaba 20180921
Avast-Mobile 20190305
Babable 20180918
Bkav 20190304
CMC 20190305
SUPERAntiSpyware 20190227
Symantec Mobile Insight 20190220
TACHYON 20190306
TotalDefense 20190305
Trustlook 20190306
Zoner 20190306
The file being studied is a Portable Executable file! More specifically, it is a Win32 EXE file for the Windows GUI subsystem.
FileVersionInfo properties
Packers identified
F-PROT UPX
PE header basic information
Target machine Intel 386 or later processors and compatible processors
Compilation timestamp 2017-08-22 22:30:59
Entry Point 0x0001AFF0
Number of sections 3
PE sections
PE imports
VirtualFree
ExitProcess
VirtualProtect
LoadLibraryA
VirtualAlloc
GetProcAddress
RegCloseKey
CoCreateGuid
StrStrA
wsprintfA
LoadUserProfileA
InternetCrackUrlA
ExifTool file metadata
MIMEType
application/octet-stream

Subsystem
Windows GUI

MachineType
Intel 386 or later, and compatibles

FileTypeExtension
exe

TimeStamp
2017:08:23 00:30:59+02:00

FileType
Win32 EXE

PEType
PE32

CodeSize
36864

LinkerVersion
2.5

ImageFileCharacteristics
No relocs, Executable, No line numbers, No symbols, 32-bit

EntryPoint
0x1aff0

InitializedDataSize
4096

SubsystemVersion
4.0

ImageVersion
0.0

OSVersion
4.0

UninitializedDataSize
73728

File identification
MD5 8c039eaf6d4f61fc2e0812582d781f04
SHA1 cbf1193c68f36aa673e29fceb0cfbf7e6eb49718
SHA256 cdac07bfc91124d2c015bcee10ffcf90480b75ed2b996938240cefda06fed0c9
ssdeep
768:+ShIrxaPrTxcbF3I6HxEwqLDK5iW/Lq/WQzh2SKP5nljcR8dHZNW:hPrTaJ31R8m5fjPQzYSN8dO

authentihash a0d89d02d9c59d3ae2c5530fd8dbc3c5ef9602b3043a963ee58f844a93bf848d
imphash fd3adc5077b3a19a8142a087013e6a1b
File size 34.0 KB ( 34816 bytes )
File type Win32 EXE
Magic literal
PE32 executable for MS Windows (GUI) Intel 80386 32-bit

TrID UPX compressed Win32 Executable (38.2%)
Win32 EXE Yoda's Crypter (37.5%)
Win32 Dynamic Link Library (generic) (9.2%)
Win32 Executable (generic) (6.3%)
OS/2 Executable (generic) (2.8%)
Tags
peexe upx

VirusTotal metadata
First submission 2017-08-23 12:56:17 UTC ( 1 year, 7 months ago )
Last submission 2019-03-06 04:03:27 UTC ( 2 weeks, 4 days ago )
File names 048_08_15_2017_22_43_33_micro.exe.malware.MRG
malwre sample 26_09_2017 (29)
VirusShare_8c039eaf6d4f61fc2e0812582d781f04
b5aec178-9018-11e7-87b2-80e65024849a.file
b5aec178-9018-11e7-87b2-80e65024849a.file
output.111985627.txt
b5aec178-9018-11e7-87b2-80e65024849a.exe
11b0cd9c-933b-11e7-a93f-80e65024849a.file
11b0cd9c-933b-11e7-a93f-80e65024849a.file
micro.exe
b5aec178-9018-11e7-87b2-80e65024849a.file
11b0cd9c-933b-11e7-a93f-80e65024849a.file
No comments. No VirusTotal Community member has commented on this item yet, be the first one to do so!

Leave your comment...

?
Post comment

You have not signed in. Only registered users can leave comments, sign in and have a voice!

No votes. No one has voted on this item yet, be the first one to do so!
Condensed report! The following is a condensed report of the behaviour of the file when executed in a controlled environment. The actions and events described were either performed by the file itself or by any other process launched by the executed file or subjected to code injection by the executed file.
Opened files
Read files
Written files
Deleted files
Created processes
Shell commands
Opened service managers
Opened services
Runtime DLLs
HTTP requests
DNS requests
TCP connections
UDP communications