× Cookies are disabled! This site requires cookies to be enabled to work properly
SHA256: d05d3fb9b8db52f34042d1dac14703478e3b12407d71fee8a048c82412ba413c
File name: tmp593.exe
Detection ratio: 9 / 68
Analysis date: 2018-11-26 19:32:02 UTC ( 5 months, 3 weeks ago ) View latest
Antivirus Result Update
CrowdStrike Falcon (ML) malicious_confidence_80% (D) 20181022
Cylance Unsafe 20181126
Endgame malicious (moderate confidence) 20181108
Ikarus Trojan-Banker.TrickBot 20181126
Sophos ML heuristic 20181108
Microsoft Trojan:Win32/MereTam.A 20181126
SentinelOne (Static ML) static engine - malicious 20181011
Trapmine suspicious.low.ml.score 20181126
Webroot W32.Malware.Gen 20181126
Ad-Aware 20181126
AegisLab 20181126
AhnLab-V3 20181126
Alibaba 20180921
ALYac 20181126
Antiy-AVL 20181126
Arcabit 20181126
Avast 20181126
Avast-Mobile 20181126
AVG 20181126
Avira (no cloud) 20181126
Babable 20180918
Baidu 20181126
BitDefender 20181126
Bkav 20181126
CAT-QuickHeal 20181126
ClamAV 20181126
CMC 20181126
Comodo 20181126
Cybereason 20180225
Cyren 20181126
DrWeb 20181126
eGambit 20181126
Emsisoft 20181126
ESET-NOD32 20181126
F-Prot 20181126
F-Secure 20181126
Fortinet 20181126
GData 20181126
Jiangmin 20181126
K7AntiVirus 20181126
K7GW 20181126
Kaspersky 20181126
Kingsoft 20181126
Malwarebytes 20181126
MAX 20181126
McAfee 20181126
McAfee-GW-Edition 20181126
eScan 20181126
NANO-Antivirus 20181126
Palo Alto Networks (Known Signatures) 20181126
Panda 20181126
Qihoo-360 20181126
Rising 20181126
Sophos AV 20181126
SUPERAntiSpyware 20181121
Symantec 20181126
Symantec Mobile Insight 20181121
TACHYON 20181126
Tencent 20181126
TheHacker 20181126
TrendMicro 20181126
TrendMicro-HouseCall 20181126
Trustlook 20181126
VBA32 20181126
ViRobot 20181126
Yandex 20181123
Zillya 20181126
ZoneAlarm by Check Point 20181126
Zoner 20181126
The file being studied is a Portable Executable file! More specifically, it is a Win32 EXE file for the Windows GUI subsystem.
FileVersionInfo properties
PE header basic information
Target machine Intel 386 or later processors and compatible processors
Compilation timestamp 2018-11-26 17:34:22
Entry Point 0x00001284
Number of sections 8
PE sections
PE imports
CryptImportKey
CryptAcquireContextA
GetLastError
EnterCriticalSection
ReleaseMutex
WaitForSingleObject
ExitProcess
TlsAlloc
VirtualProtect
DeleteCriticalSection
GetAtomNameA
SizeofResource
InterlockedIncrement
AddAtomA
LockResource
TlsGetValue
MultiByteToWideChar
GetCommandLineA
GetProcAddress
CreateMutexA
IsDBCSLeadByteEx
CreateSemaphoreA
WideCharToMultiByte
TlsFree
GetModuleHandleA
InterlockedExchange
SetUnhandledExceptionFilter
GetStartupInfoA
CloseHandle
MoveFileA
ReleaseSemaphore
InitializeCriticalSection
LoadResource
VirtualQuery
FindAtomA
InterlockedDecrement
Sleep
TlsSetValue
GetCurrentThreadId
FindResourceA
VirtualAlloc
SetLastError
LeaveCriticalSection
MessageBoxA
__p__fmode
malloc
getc
__p__environ
realloc
fread
fclose
wcsftime
wcsxfrm
atexit
abort
_setmode
getwc
fflush
fopen
towupper
_cexit
fputc
iswctype
_errno
fwrite
fgetpos
strftime
_onexit
wcslen
fputs
sprintf
putc
ungetwc
fsetpos
towlower
strchr
strxfrm
_fdopen
wcscoll
free
getenv
setlocale
signal
atoi
_fstati64
__getmainargs
calloc
_write
strcoll
_lseeki64
memmove
_read
strerror
strcmp
_filelengthi64
strcpy
setvbuf
__mb_cur_max
ungetc
putwc
__set_app_type
vfprintf
localeconv
memchr
_iob
Number of PE resources by type
RT_ICON 38
PULARIS 1
RT_GROUP_ICON 1
Number of PE resources by language
NEUTRAL DEFAULT 39
ENGLISH US 1
PE resources
ExifTool file metadata
MIMEType
application/octet-stream

Subsystem
Windows GUI

MachineType
Intel 386 or later, and compatibles

FileTypeExtension
exe

TimeStamp
2018:11:26 18:34:22+01:00

FileType
Win32 EXE

PEType
PE32

CodeSize
459264

LinkerVersion
2.21

ImageFileCharacteristics
No relocs, Executable, No line numbers, No symbols, 32-bit, No debug

EntryPoint
0x1284

InitializedDataSize
818176

SubsystemVersion
4.0

ImageVersion
1.0

OSVersion
4.0

UninitializedDataSize
27648

Execution parents
File identification
MD5 052f7373c07383a5935d6953dc571900
SHA1 562f14f9836b30202d450e4f158f6cad893c4e29
SHA256 d05d3fb9b8db52f34042d1dac14703478e3b12407d71fee8a048c82412ba413c
ssdeep
12288:8TKed1sycBKkIBNDi2sXJwumYtsZXMs/lLo4aR/j7xnscaD:lo1WMDzCJwlP9LPaZjaRD

authentihash d53260b8498dffe3f4e2549219fac571d3c964a4256fd47d85510d8664c89857
imphash 1b89559f2d9c37b8c588aef07ec22c67
File size 800.0 KB ( 819200 bytes )
File type Win32 EXE
Magic literal
PE32 executable for MS Windows (GUI) Intel 80386 32-bit

TrID Win32 Executable MS Visual C++ (generic) (33.7%)
Win64 Executable (generic) (29.8%)
Microsoft Visual C++ compiled executable (generic) (17.8%)
Win32 Dynamic Link Library (generic) (7.1%)
Win32 Executable (generic) (4.8%)
Tags
peexe

VirusTotal metadata
First submission 2018-11-26 19:32:02 UTC ( 5 months, 3 weeks ago )
Last submission 2018-12-06 12:31:47 UTC ( 5 months, 2 weeks ago )
File names cbrl.exe
tmp593.exe
052f7373.gxe
052f7373c07383a5935d6953dc571900.virobj
fitzsg.exe
under.gro
output.114584658.txt
ygltrltt.exe
<SAMPLE.EXE>
tgfuycv.exe
No comments. No VirusTotal Community member has commented on this item yet, be the first one to do so!

Leave your comment...

?
Post comment

You have not signed in. Only registered users can leave comments, sign in and have a voice!

No votes. No one has voted on this item yet, be the first one to do so!
Condensed report! The following is a condensed report of the behaviour of the file when executed in a controlled environment. The actions and events described were either performed by the file itself or by any other process launched by the executed file or subjected to code injection by the executed file.
Opened files
Read files
Written files
Copied files
Moved files
Created processes
Created mutexes
Opened mutexes
Opened service managers
Opened services
Runtime DLLs
HTTP requests
DNS requests
TCP connections
UDP communications