× Cookies are disabled! This site requires cookies to be enabled to work properly
SHA256: cf9db12f75698a0b69f8a5b232166f85d71013d1557b342596d52b13f34e0e28
File name: kb.exe
Detection ratio: 46 / 68
Analysis date: 2018-07-23 10:53:33 UTC ( 2 months ago )
Antivirus Result Update
Ad-Aware Trojan.GenericKD.40222763 20180723
AegisLab Troj.Ransom.W32.Blocker!c 20180723
AhnLab-V3 Malware/Win32.Generic.C2479314 20180723
ALYac Trojan.Ransom.Blocker.gen 20180723
Antiy-AVL Trojan[Exploit]/EXE.CVE-2016-0099.Generic 20180723
Arcabit Trojan.Generic.D265C02B 20180723
Avast Win32:Malware-gen 20180723
AVG Win32:Malware-gen 20180723
Avira (no cloud) TR/AD.Gaudox.rioid 20180723
AVware Trojan.Win32.Generic!BT 20180723
BitDefender Trojan.GenericKD.40222763 20180723
Bkav HW32.Packed.94E7 20180723
CAT-QuickHeal Trojan.IGENERIC 20180723
Comodo UnclassifiedMalware 20180723
CrowdStrike Falcon (ML) malicious_confidence_80% (D) 20180530
Cyren W32/Trojan.BPST-3695 20180723
DrWeb Trojan.Inject2.57861 20180723
Emsisoft Trojan.GenericKD.40222763 (B) 20180723
ESET-NOD32 a variant of Generik.ERROCKD 20180723
F-Secure Trojan.GenericKD.40222763 20180723
Fortinet W32/Blocker.ERROCKD!tr 20180723
GData Trojan.GenericKD.40222763 20180723
Ikarus Trojan.SuspectCRC 20180723
K7AntiVirus Riskware ( 0040eff71 ) 20180723
K7GW Riskware ( 0040eff71 ) 20180723
Kaspersky Trojan-Ransom.Win32.Blocker.kyzq 20180723
Malwarebytes Trojan.Gaudox 20180723
MAX malware (ai score=99) 20180723
McAfee RDN/Generic.dx 20180723
McAfee-GW-Edition BehavesLike.Win32.ObfusRansom.cc 20180723
Microsoft Trojan:Win32/Occamy.B 20180723
eScan Trojan.GenericKD.40222763 20180723
NANO-Antivirus Trojan.Win32.Blocker.fcwobo 20180723
Palo Alto Networks (Known Signatures) generic.ml 20180723
Panda Trj/CI.A 20180722
Qihoo-360 Win32/Trojan.Ransom.2f0 20180723
Sophos AV Mal/Generic-S 20180723
Symantec Trojan Horse 20180723
Tencent Win32.Trojan.Blocker.Airu 20180723
TrendMicro Ransom_Blocker.R057C0ODQ18 20180723
TrendMicro-HouseCall Ransom_Blocker.R057C0ODQ18 20180723
VBA32 TrojanRansom.Blocker 20180720
VIPRE Trojan.Win32.Generic!BT 20180723
Webroot W32.Malware.Gen 20180723
Zillya Trojan.Blocker.Win32.39876 20180720
ZoneAlarm by Check Point Trojan-Ransom.Win32.Blocker.kyzq 20180723
Alibaba 20180713
Avast-Mobile 20180723
Babable 20180406
Baidu 20180723
ClamAV 20180723
CMC 20180723
Cybereason 20180225
Cylance 20180723
eGambit 20180723
Endgame 20180711
F-Prot 20180723
Sophos ML 20180717
Jiangmin 20180723
Kingsoft 20180723
Rising 20180723
SentinelOne (Static ML) 20180701
SUPERAntiSpyware 20180722
TACHYON 20180723
TheHacker 20180723
TotalDefense 20180722
Trustlook 20180723
ViRobot 20180723
Yandex 20180720
Zoner 20180723
The file being studied is a Portable Executable file! More specifically, it is a Win32 EXE file for the Windows GUI subsystem.
Packers identified
F-PROT NSIS
PE header basic information
Target machine Intel 386 or later processors and compatible processors
Compilation timestamp 2018-01-30 03:57:45
Entry Point 0x0000320C
Number of sections 5
PE sections
Overlays
MD5 4819676650c655738ae4fd4d02195ed7
File type font/x-snf
Offset 67584
Size 135181
Entropy 8.00
PE imports
RegDeleteKeyA
LookupPrivilegeValueA
RegCloseKey
RegDeleteValueA
OpenProcessToken
RegSetValueExA
RegQueryValueExA
AdjustTokenPrivileges
RegEnumKeyA
RegEnumValueA
RegCreateKeyExA
RegOpenKeyExA
SetFileSecurityA
ImageList_Create
Ord(17)
ImageList_Destroy
ImageList_AddMasked
GetDeviceCaps
SelectObject
CreateBrushIndirect
CreateFontIndirectA
SetBkMode
SetBkColor
DeleteObject
SetTextColor
GetLastError
lstrlenA
GetFileAttributesA
GlobalFree
WaitForSingleObject
GetExitCodeProcess
CopyFileA
ExitProcess
SetFileTime
GlobalUnlock
RemoveDirectoryA
GetModuleFileNameA
GetShortPathNameA
GetCurrentProcess
LoadLibraryExA
CompareFileTime
GetPrivateProfileStringA
WritePrivateProfileStringA
GetFileSize
lstrcatA
CreateDirectoryA
DeleteFileA
GetWindowsDirectoryA
SetErrorMode
MultiByteToWideChar
ExpandEnvironmentStringsA
GetCommandLineA
GetProcAddress
GetFullPathNameA
GetModuleHandleA
GetTempPathA
CreateThread
lstrcmpiA
SetFilePointer
lstrcmpA
ReadFile
WriteFile
FindFirstFileA
CloseHandle
GetTempFileNameA
lstrcpynA
FindNextFileA
GetSystemDirectoryA
GetDiskFreeSpaceA
MoveFileExA
GlobalLock
SetEnvironmentVariableA
SetFileAttributesA
FreeLibrary
MoveFileA
CreateProcessA
lstrcpyA
GlobalAlloc
SearchPathA
FindClose
Sleep
CreateFileA
GetTickCount
GetVersion
SetCurrentDirectoryA
MulDiv
SHGetFileInfoA
ShellExecuteExA
SHBrowseForFolderA
SHGetSpecialFolderLocation
SHGetPathFromIDListA
SHFileOperationA
EmptyClipboard
GetMessagePos
CharPrevA
EndDialog
BeginPaint
PostQuitMessage
DefWindowProcA
GetClassInfoA
SetClassLongA
LoadBitmapA
SetWindowPos
GetSystemMetrics
IsWindow
AppendMenuA
GetWindowRect
DispatchMessageA
EnableWindow
SetDlgItemTextA
MessageBoxIndirectA
LoadImageA
GetDlgItemTextA
PeekMessageA
SetWindowLongA
IsWindowEnabled
GetSysColor
CheckDlgButton
GetDC
FindWindowExA
ReleaseDC
SystemParametersInfoA
CreatePopupMenu
wsprintfA
ShowWindow
SetClipboardData
IsWindowVisible
SendMessageA
DialogBoxParamA
GetClientRect
SetTimer
GetDlgItem
SetForegroundWindow
CreateDialogParamA
SetWindowTextA
EnableMenuItem
ScreenToClient
InvalidateRect
GetWindowLongA
SendMessageTimeoutA
CreateWindowExA
LoadCursorA
TrackPopupMenu
DrawTextA
DestroyWindow
FillRect
RegisterClassA
CharNextA
CallWindowProcA
GetSystemMenu
EndPaint
CloseClipboard
OpenClipboard
ExitWindowsEx
SetCursor
OleUninitialize
CoTaskMemFree
OleInitialize
CoCreateInstance
Number of PE resources by type
RT_DIALOG 20
RT_ICON 7
RT_BITMAP 1
RT_MANIFEST 1
RT_GROUP_ICON 1
Number of PE resources by language
ENGLISH US 30
PE resources
ExifTool file metadata
MIMEType
application/octet-stream

Subsystem
Windows GUI

MachineType
Intel 386 or later, and compatibles

FileTypeExtension
exe

TimeStamp
2018:01:30 04:57:45+01:00

FileType
Win32 EXE

PEType
PE32

CodeSize
25600

LinkerVersion
6.0

EntryPoint
0x320c

InitializedDataSize
162816

SubsystemVersion
4.0

ImageVersion
6.0

OSVersion
4.0

UninitializedDataSize
1024

File identification
MD5 e72e0222e3cf9da4c4263d52a38e06d8
SHA1 194cbf40f140263fce4ad04045d763e72a9d462e
SHA256 cf9db12f75698a0b69f8a5b232166f85d71013d1557b342596d52b13f34e0e28
ssdeep
3072:xYjClDhQlDvrcIG4pFy3A+x93CA5nITbaK6OdoOc3R2++va8Nod2:xDOVpQA+xIsI3aFxOc8zdW2

authentihash 8a4508b273d5beff25c39a0e08c02cd8901337f769545fd9c676c510d327ae63
imphash 3abe302b6d9a1256e6a915429af4ffd2
File size 198.0 KB ( 202765 bytes )
File type Win32 EXE
Magic literal
PE32 executable for MS Windows (GUI) Intel 80386 32-bit

TrID Win32 Executable MS Visual C++ (generic) (64.5%)
Win32 Dynamic Link Library (generic) (13.6%)
Win32 Executable (generic) (9.3%)
OS/2 Executable (generic) (4.1%)
Generic Win/DOS Executable (4.1%)
Tags
nsis peexe cve-2016-0099 exploit overlay

VirusTotal metadata
First submission 2018-04-25 14:07:06 UTC ( 5 months ago )
Last submission 2018-05-22 17:46:30 UTC ( 4 months ago )
File names kb.exe
output.113181730.txt
No comments. No VirusTotal Community member has commented on this item yet, be the first one to do so!

Leave your comment...

?
Post comment

You have not signed in. Only registered users can leave comments, sign in and have a voice!

No votes. No one has voted on this item yet, be the first one to do so!
Condensed report! The following is a condensed report of the behaviour of the file when executed in a controlled environment. The actions and events described were either performed by the file itself or by any other process launched by the executed file or subjected to code injection by the executed file.
Opened files
Read files
Written files
Deleted files
Created processes
Created mutexes
Opened mutexes
Runtime DLLs