× Cookies are disabled! This site requires cookies to be enabled to work properly
SHA256: cf8ca3371459e5e89a002accc75a13d6519d1ee399ae9770d19d92463723f7d5
File name: eaab21.exe
Detection ratio: 9 / 66
Analysis date: 2018-05-28 15:33:30 UTC ( 8 months, 3 weeks ago )
Antivirus Result Update
Baidu Win32.Trojan.WisdomEyes.16070401.9500.9999 20180528
Cylance Unsafe 20180528
Endgame malicious (high confidence) 20180507
Fortinet W32/GenKryptik.CAUA!tr 20180528
Sophos ML heuristic 20180504
Qihoo-360 HEUR/QVM20.1.7791.Malware.Gen 20180528
SentinelOne (Static ML) static engine - malicious 20180225
Sophos AV Mal/EncPk-ANX 20180528
Symantec ML.Attribute.HighConfidence 20180528
Ad-Aware 20180528
AegisLab 20180528
AhnLab-V3 20180528
Alibaba 20180528
ALYac 20180528
Antiy-AVL 20180528
Arcabit 20180528
Avast 20180528
Avast-Mobile 20180527
AVG 20180528
Avira (no cloud) 20180528
AVware 20180528
Babable 20180406
BitDefender 20180528
Bkav 20180528
CAT-QuickHeal 20180528
ClamAV 20180528
CMC 20180528
Comodo 20180528
CrowdStrike Falcon (ML) 20180202
Cybereason None
Cyren 20180528
DrWeb 20180528
eGambit 20180528
Emsisoft 20180528
ESET-NOD32 20180528
F-Prot 20180528
F-Secure 20180528
GData 20180528
Ikarus 20180528
Jiangmin 20180528
K7AntiVirus 20180528
K7GW 20180528
Kaspersky 20180528
Kingsoft 20180528
Malwarebytes 20180528
MAX 20180528
McAfee 20180528
McAfee-GW-Edition 20180528
Microsoft 20180528
eScan 20180528
NANO-Antivirus 20180528
nProtect 20180528
Palo Alto Networks (Known Signatures) 20180528
Panda 20180528
Rising 20180528
SUPERAntiSpyware 20180528
Symantec Mobile Insight 20180525
Tencent 20180528
TheHacker 20180524
TotalDefense 20180528
TrendMicro 20180528
TrendMicro-HouseCall 20180528
Trustlook 20180528
VBA32 20180528
VIPRE 20180528
ViRobot 20180528
Webroot 20180528
Yandex 20180528
Zillya 20180528
ZoneAlarm by Check Point 20180528
Zoner 20180528
The file being studied is a Portable Executable file! More specifically, it is a Win32 EXE file for the Windows GUI subsystem.
PE header basic information
Target machine Intel 386 or later processors and compatible processors
Compilation timestamp 2018-05-28 15:23:42
Entry Point 0x00001469
Number of sections 5
PE sections
PE imports
DeregisterEventSource
RegQueryReflectionKey
JetInit2
GetTextColor
GetFontLanguageInfo
GetNearestColor
GetCurrentPositionEx
GetCurrentProcess
TerminateProcess
GetProcessAffinityMask
GetCurrentConsoleFont
ReadFileEx
GetCommandLineA
ToUnicodeEx
IsDlgButtonChecked
ToAscii
GetPhysicalCursorPos
GetCaretPos
GetMenuDefaultItem
Number of PE resources by type
RT_STRING 6
RT_DIALOG 1
Number of PE resources by language
NEUTRAL 7
PE resources
ExifTool file metadata
MIMEType
application/octet-stream

Subsystem
Windows GUI

MachineType
Intel 386 or later, and compatibles

TimeStamp
2018:05:28 17:23:42+02:00

FileType
Win32 EXE

PEType
PE32

CodeSize
12288

LinkerVersion
15.0

FileTypeExtension
exe

InitializedDataSize
0

SubsystemVersion
5.0

EntryPoint
0x1469

OSVersion
5.0

ImageVersion
0.0

UninitializedDataSize
135168

Compressed bundles
File identification
MD5 2cf712762726087f0eee54bd97193cd5
SHA1 a33602d7fbba19f37e7ac2ad62e559d3bd6eec6a
SHA256 cf8ca3371459e5e89a002accc75a13d6519d1ee399ae9770d19d92463723f7d5
ssdeep
3072:HSL1VJDepFDdxP03ANahKFJqQl/hShkABPl2s2fs54:HSL1LDevdxPvasF1hShDBPl

authentihash 30cd838ff8ee33bb587a52d40e0e693f6c258afa1c843dbffe094ead3bb5c24f
imphash 9accd6f3eb1dc569ef93838de25fcf79
File size 168.0 KB ( 172032 bytes )
File type Win32 EXE
Magic literal
PE32 executable for MS Windows (GUI) Intel 80386 32-bit

TrID Win32 Dynamic Link Library (generic) (38.4%)
Win32 Executable (generic) (26.3%)
OS/2 Executable (generic) (11.8%)
Generic Win/DOS Executable (11.6%)
DOS Executable Generic (11.6%)
Tags
peexe

VirusTotal metadata
First submission 2018-05-28 15:33:30 UTC ( 8 months, 3 weeks ago )
Last submission 2018-05-28 15:33:30 UTC ( 8 months, 3 weeks ago )
File names eaab21.exe
No comments. No VirusTotal Community member has commented on this item yet, be the first one to do so!

Leave your comment...

?
Post comment

You have not signed in. Only registered users can leave comments, sign in and have a voice!

No votes. No one has voted on this item yet, be the first one to do so!