× Cookies are disabled! This site requires cookies to be enabled to work properly
SHA256: d1542300c9eb8ca823956917aeb23fcf00753a11c3fc5a26586e29757ec3a64f
Detection ratio: 30 / 66
Analysis date: 2018-05-01 19:20:03 UTC ( 1 year ago ) View latest
Antivirus Result Update
Ad-Aware Trojan.GenericKD.30692343 20180501
Avast Win32:Malware-gen 20180501
AVG Win32:Malware-gen 20180501
Avira (no cloud) TR/Crypt.XPACK.Gen7 20180501
Babable Malware.HighConfidence 20180406
Baidu Win32.Trojan.WisdomEyes.16070401.9500.9989 20180428
BitDefender Trojan.GenericKD.30692343 20180501
CrowdStrike Falcon (ML) malicious_confidence_100% (W) 20180418
Cylance Unsafe 20180501
Emsisoft Trojan.GenericKD.30692343 (B) 20180501
Endgame malicious (high confidence) 20180403
ESET-NOD32 a variant of Win32/Kryptik.GGET 20180501
Fortinet W32/Kryptik.FUJR!tr.ransom 20180501
GData Trojan.GenericKD.30692343 20180501
Sophos ML heuristic 20180121
Kaspersky UDS:DangerousObject.Multi.Generic 20180501
MAX malware (ai score=94) 20180501
McAfee Artemis!D7B4F35FF3C6 20180501
McAfee-GW-Edition BehavesLike.Win32.CrackReloaded.mh 20180425
Microsoft Trojan:Win32/Azden.B!cl 20180501
eScan Trojan.GenericKD.30692343 20180501
Palo Alto Networks (Known Signatures) generic.ml 20180501
Qihoo-360 Win32/Trojan.cb1 20180501
SentinelOne (Static ML) static engine - malicious 20180225
Sophos AV Mal/Generic-S 20180501
Symantec ML.Attribute.HighConfidence 20180501
TrendMicro TROJ_DOFOIL.YUYJD 20180501
TrendMicro-HouseCall TROJ_DOFOIL.YUYJD 20180501
Webroot W32.Trojan.Gen 20180501
ZoneAlarm by Check Point UDS:DangerousObject.Multi.Generic 20180501
AegisLab 20180501
AhnLab-V3 20180501
Alibaba 20180428
ALYac 20180501
Antiy-AVL 20180501
Arcabit 20180501
Avast-Mobile 20180501
AVware 20180428
Bkav 20180426
CAT-QuickHeal 20180501
ClamAV 20180501
CMC 20180501
Comodo 20180501
Cybereason None
Cyren 20180501
DrWeb 20180501
eGambit 20180501
F-Prot 20180501
F-Secure 20180501
Ikarus 20180501
Jiangmin 20180501
K7AntiVirus 20180501
K7GW 20180501
Kingsoft 20180501
Malwarebytes 20180501
NANO-Antivirus 20180501
nProtect 20180501
Panda 20180501
Rising 20180501
SUPERAntiSpyware 20180501
Symantec Mobile Insight 20180501
Tencent 20180501
TheHacker 20180430
Trustlook 20180501
VBA32 20180428
VIPRE 20180501
ViRobot 20180501
Yandex 20180428
Zillya 20180430
Zoner 20180430
The file being studied is a Portable Executable file! More specifically, it is a Win32 EXE file for the Windows GUI subsystem.
FileVersionInfo properties
PE header basic information
Target machine Intel 386 or later processors and compatible processors
Compilation timestamp 2015-04-17 18:24:07
Entry Point 0x0000658E
Number of sections 4
PE sections
PE imports
CmMalloc
CmRealloc
CmAtolA
Ctl3dRegister
Ctl3dGetVer
GetFileAttributesA
WaitForSingleObject
lstrlen
CreateJobObjectW
GetTickCount
TlsAlloc
LoadLibraryA
lstrlenW
LoadLibraryExA
GetCommandLineW
SetErrorMode
GetProcAddress
FindResourceExA
FindNextFileW
lstrcpy
GetTempFileNameA
SetLocalTime
CreateProcessA
CreateEventW
LocalFileTimeToFileTime
ReadConsoleW
TlsSetValue
CreateFileA
InterlockedIncrement
InsertMenuA
MessageBoxExA
LoadImageW
LoadIconA
DispatchMessageA
CharToOemW
PostMessageA
LoadBitmapA
GetMessageW
GetWindow
LoadMenuW
GetClassLongA
PE exports
Number of PE resources by type
TREH 2
Number of PE resources by language
ENGLISH US 2
PE resources
ExifTool file metadata
MIMEType
application/octet-stream

Subsystem
Windows GUI

MachineType
Intel 386 or later, and compatibles

FileTypeExtension
exe

TimeStamp
2015:04:17 20:24:07+02:00

FileType
Win32 EXE

PEType
PE32

CodeSize
42496

LinkerVersion
6.0

ImageFileCharacteristics
No relocs, Executable, No line numbers, No symbols, 32-bit, No debug

EntryPoint
0x658e

InitializedDataSize
40448

SubsystemVersion
4.0

ImageVersion
0.0

OSVersion
4.0

UninitializedDataSize
0

File identification
MD5 d7b4f35ff3c660a0dbfc3ce84a74680d
SHA1 eb98f8f283ff2eb7b57a22ebac15978b790fb47f
SHA256 d1542300c9eb8ca823956917aeb23fcf00753a11c3fc5a26586e29757ec3a64f
ssdeep
768:eUGKKDVX7piAfvR3uQCQ88ZcoexnnnnnnnnnnnnnnnnnnSqlzI4KklsugzPjk+Ok:ePDRN7Rl7cLa4Kk8zLkpioU/qfxTzdq

authentihash 68f06e9a054cf744717e324ed0ddf28c4dab750375260997047e64c3eac6f6f3
imphash cd0c1ee2ab62082e5d6b31e73a4e45e7
File size 83.5 KB ( 85504 bytes )
File type Win32 EXE
Magic literal
PE32 executable for MS Windows (GUI) Intel 80386 32-bit

TrID Win32 Dynamic Link Library (generic) (34.2%)
Win32 Executable (generic) (23.4%)
Win16/32 Executable Delphi generic (10.7%)
OS/2 Executable (generic) (10.5%)
Generic Win/DOS Executable (10.4%)
Tags
peexe

VirusTotal metadata
First submission 2018-05-01 15:08:20 UTC ( 1 year ago )
Last submission 2018-05-06 18:38:47 UTC ( 1 year ago )
File names 656b584f7ed5e1375c3b8dc4330517df82f45f44
output.113229407.txt
you2.exe
No comments. No VirusTotal Community member has commented on this item yet, be the first one to do so!

Leave your comment...

?
Post comment

You have not signed in. Only registered users can leave comments, sign in and have a voice!

No votes. No one has voted on this item yet, be the first one to do so!
Condensed report! The following is a condensed report of the behaviour of the file when executed in a controlled environment. The actions and events described were either performed by the file itself or by any other process launched by the executed file or subjected to code injection by the executed file.
Runtime DLLs