× Cookies are disabled! This site requires cookies to be enabled to work properly
SHA256: d1523ec73031fadd389a75c09db21d40a9150ad570ed260c31c36ad3bfdb56f8
File name: 3962220531.EXE
Detection ratio: 29 / 70
Analysis date: 2018-11-26 07:24:12 UTC ( 3 months, 4 weeks ago ) View latest
Antivirus Result Update
Ad-Aware Gen:Variant.Graftor.532745 20181126
AegisLab Trojan.Multi.Generic.4!c 20181126
Avast FileRepMalware 20181126
AVG FileRepMalware 20181126
BitDefender Gen:Variant.Graftor.532745 20181126
CrowdStrike Falcon (ML) malicious_confidence_90% (W) 20181022
Cylance Unsafe 20181126
DrWeb Trojan.DownLoader27.17146 20181126
eGambit Unsafe.AI_Score_86% 20181126
Emsisoft Gen:Variant.Graftor.532745 (B) 20181126
Endgame malicious (high confidence) 20181108
ESET-NOD32 a variant of Win32/Kryptik.GNDK 20181126
F-Secure Gen:Variant.Graftor.532745 20181126
Fortinet Malicious_Behavior.SB 20181126
GData Gen:Variant.Graftor.532745 20181126
Sophos ML heuristic 20181108
Kaspersky Trojan.Win32.Zenpak.bxu 20181126
MAX malware (ai score=89) 20181126
McAfee Artemis!574C8A27FC79 20181126
McAfee-GW-Edition BehavesLike.Win32.PUPXFM.dz 20181126
Microsoft Trojan:Win32/Vigorf.A 20181126
eScan Gen:Variant.Graftor.532745 20181126
Palo Alto Networks (Known Signatures) generic.ml 20181126
Qihoo-360 HEUR/QVM10.2.7359.Malware.Gen 20181126
Symantec ML.Attribute.HighConfidence 20181126
Trapmine malicious.high.ml.score 20180918
VBA32 BScope.Trojan.Pushdo 20181123
Webroot W32.Adware.Installcore 20181126
ZoneAlarm by Check Point UDS:DangerousObject.Multi.Generic 20181126
AhnLab-V3 20181126
Alibaba 20180921
ALYac 20181126
Antiy-AVL 20181126
Arcabit 20181126
Avast-Mobile 20181125
Avira (no cloud) 20181126
Babable 20180918
Baidu 20181126
Bkav 20181123
CAT-QuickHeal 20181125
ClamAV 20181126
CMC 20181125
Comodo 20181126
Cybereason 20180225
Cyren 20181126
F-Prot 20181126
Ikarus 20181125
Jiangmin 20181126
K7AntiVirus 20181126
K7GW 20181126
Kingsoft 20181126
Malwarebytes 20181126
NANO-Antivirus 20181126
Panda 20181125
Rising 20181126
SentinelOne (Static ML) 20181011
Sophos AV 20181126
SUPERAntiSpyware 20181121
Symantec Mobile Insight 20181121
TACHYON 20181126
Tencent 20181126
TheHacker 20181118
TotalDefense 20181126
TrendMicro 20181126
TrendMicro-HouseCall 20181126
Trustlook 20181126
VIPRE 20181125
ViRobot 20181126
Yandex 20181123
Zillya 20181123
Zoner 20181126
The file being studied is a Portable Executable file! More specifically, it is a Win32 EXE file for the Windows GUI subsystem.
FileVersionInfo properties
PE header basic information
Target machine Intel 386 or later processors and compatible processors
Compilation timestamp 2018-05-29 07:58:21
Entry Point 0x00005A07
Number of sections 4
PE sections
PE imports
EndPath
BitBlt
FreeEnvironmentStringsW
GetLastError
InitializeCriticalSectionAndSpinCount
HeapFree
GetStdHandle
EnterCriticalSection
LCMapStringW
GetStartupInfoA
GetConsoleCP
GetOEMCP
LCMapStringA
IsDebuggerPresent
ExitProcess
TlsAlloc
GetEnvironmentStringsW
FlushFileBuffers
GetModuleFileNameA
RtlUnwind
LoadLibraryA
FindFirstChangeNotificationW
FreeEnvironmentStringsA
DeleteCriticalSection
EnumTimeFormatsW
GetEnvironmentStrings
GetConsoleMode
GetLocaleInfoA
LocalAlloc
GetConsoleOutputCP
GetCurrentDirectoryA
UnhandledExceptionFilter
InterlockedDecrement
MultiByteToWideChar
HeapSize
SetHandleCount
GetCPInfo
GetCommandLineA
GetProcAddress
AddAtomW
GetFileType
SetStdHandle
SetFilePointer
RaiseException
WideCharToMultiByte
GetStringTypeA
GetModuleHandleA
LocalFree
ReadFile
SetUnhandledExceptionFilter
WriteFile
GetCurrentProcess
CloseHandle
GetSystemTimeAsFileTime
GetACP
HeapReAlloc
GetStringTypeW
GetModuleHandleW
TlsFree
GetSystemTimeAdjustment
TerminateProcess
QueryPerformanceCounter
WriteConsoleA
IsValidCodePage
HeapCreate
VirtualFree
WriteConsoleOutputCharacterA
FindAtomA
TlsGetValue
Sleep
SetLastError
GetTickCount
TlsSetValue
CreateFileA
HeapAlloc
GetCurrentThreadId
LeaveCriticalSection
VirtualAlloc
GetCurrentProcessId
WriteConsoleW
InterlockedIncrement
FindExecutableW
CreateWindowExA
PeekMessageA
GetAltTabInfoA
SetParent
BeginPaint
GetMessageExtraInfo
GetRawInputDeviceInfoA
ScrollWindow
SetThreadDesktop
GetCaretPos
GetNextDlgTabItem
SwitchDesktop
LoadIconA
Number of PE resources by type
RT_ICON 6
YILEMEJEVUXOTI 1
RT_STRING 1
RT_ACCELERATOR 1
RT_GROUP_ICON 1
RT_VERSION 1
PUKAFOLO 1
Number of PE resources by language
SERBIAN DEFAULT 12
PE resources
ExifTool file metadata
UninitializedDataSize
0

LinkerVersion
9.0

ImageVersion
0.0

FileVersionNumber
7.0.0.0

LanguageCode
Unknown (457A)

FileFlagsMask
0x004f

ImageFileCharacteristics
Executable, Large address aware, 32-bit, System file

CharacterSet
Unknown (A56B)

InitializedDataSize
370688

EntryPoint
0x5a07

MIMEType
application/octet-stream

LegalCopyright
Copyright (C) 2018, ouwecxkuswe

FileVersion
1.6.6.1

TimeStamp
2018:05:29 09:58:21+02:00

FileType
Win32 EXE

PEType
PE32

InternalName
unawetno

ProductVersion
1.4.0.1

SubsystemVersion
5.0

OSVersion
5.0

FileOS
Unknown (0x40534)

Subsystem
Windows GUI

MachineType
Intel 386 or later, and compatibles

CodeSize
75776

FileSubtype
0

ProductVersionNumber
3.0.0.0

FileTypeExtension
exe

ObjectFileType
Executable application

File identification
MD5 574c8a27fc79939ca1343ccb2722b74f
SHA1 a18255f8c4734783e602f85ca115232ff745f6ca
SHA256 d1523ec73031fadd389a75c09db21d40a9150ad570ed260c31c36ad3bfdb56f8
ssdeep
1536:L+hJlZG1+lzB3MyhCK7mCkqXp0TO3f5XvPOtJZIkJrKVV:L+Tqk1BzhCImE5XvPOtJZIkJrKVV

authentihash 41245f04ac8c7ee40842e78ea3177cab524a849c268e6a3b5d1640fb7712a3a1
imphash 2c3ac865599b2ba011ba19418cd4b3be
File size 280.0 KB ( 286720 bytes )
File type Win32 EXE
Magic literal
PE32 executable for MS Windows (GUI) Intel 80386 32-bit system file

TrID Win32 Executable MS Visual C++ (generic) (41.0%)
Win64 Executable (generic) (36.3%)
Win32 Dynamic Link Library (generic) (8.6%)
Win32 Executable (generic) (5.9%)
OS/2 Executable (generic) (2.6%)
Tags
peexe

VirusTotal metadata
First submission 2018-11-25 21:52:41 UTC ( 3 months, 4 weeks ago )
Last submission 2018-11-25 21:52:41 UTC ( 3 months, 4 weeks ago )
File names s.exe
3962220531.EXE
p.exe
No comments. No VirusTotal Community member has commented on this item yet, be the first one to do so!

Leave your comment...

?
Post comment

You have not signed in. Only registered users can leave comments, sign in and have a voice!

No votes. No one has voted on this item yet, be the first one to do so!
Condensed report! The following is a condensed report of the behaviour of the file when executed in a controlled environment. The actions and events described were either performed by the file itself or by any other process launched by the executed file or subjected to code injection by the executed file.
Opened files
Read files
Created mutexes
Opened mutexes
Opened service managers
Opened services
Runtime DLLs