× Cookies are disabled! This site requires cookies to be enabled to work properly
SHA256: d3ea14f712cb145fc2a5c98543afd1fcd16a24c40f599fc5f0bfced2f080ec32
File name: e0a95462e6aad14ab800db8bed6ede8786b0d9ae
Detection ratio: 33 / 66
Analysis date: 2018-06-04 10:20:19 UTC ( 8 months, 2 weeks ago )
Antivirus Result Update
Ad-Aware Trojan.GenericKD.30915828 20180604
ALYac Trojan.GenericKD.30915828 20180604
Antiy-AVL Trojan/Win32.TSGeneric 20180604
Arcabit Trojan.Generic.D1D7BCF4 20180604
Baidu Win32.Trojan.WisdomEyes.16070401.9500.9999 20180604
BitDefender Trojan.GenericKD.30915828 20180604
Cylance Unsafe 20180604
Cyren W32/Trojan.SMYU-4117 20180604
Emsisoft Trojan.GenericKD.30915828 (B) 20180604
Endgame malicious (high confidence) 20180507
ESET-NOD32 a variant of Win32/Kryptik.GHIT 20180604
F-Secure Trojan.GenericKD.30915828 20180604
Fortinet W32/GandCrab.B!tr 20180604
GData Trojan.GenericKD.30915828 20180604
Sophos ML heuristic 20180601
K7AntiVirus Riskware ( 0040eff71 ) 20180604
K7GW Riskware ( 0040eff71 ) 20180604
Kaspersky UDS:DangerousObject.Multi.Generic 20180604
Malwarebytes Trojan.MalPack 20180604
MAX malware (ai score=81) 20180604
McAfee Artemis!F4D806ABA614 20180604
McAfee-GW-Edition BehavesLike.Win32.MultiPlug.dh 20180604
Microsoft Trojan:Win32/Fuerboos.C!cl 20180604
eScan Trojan.GenericKD.30915828 20180604
Palo Alto Networks (Known Signatures) generic.ml 20180604
Panda Trj/CI.A 20180603
Qihoo-360 HEUR/QVM10.1.9DF3.Malware.Gen 20180604
Sophos AV Mal/GandCrab-B 20180604
Symantec Packed.Generic.525 20180604
TrendMicro Possible_HPGen-32a 20180604
TrendMicro-HouseCall Possible_HPGen-32a 20180604
Webroot W32.Trojan.Gen 20180604
ZoneAlarm by Check Point UDS:DangerousObject.Multi.Generic 20180604
AegisLab 20180604
AhnLab-V3 20180603
Alibaba 20180604
Avast 20180604
Avast-Mobile 20180603
AVG 20180604
Avira (no cloud) 20180604
AVware 20180604
Babable 20180406
Bkav 20180604
CAT-QuickHeal 20180603
ClamAV 20180604
CMC 20180604
Comodo 20180604
CrowdStrike Falcon (ML) 20180202
Cybereason None
DrWeb 20180604
eGambit 20180604
F-Prot 20180604
Ikarus 20180604
Jiangmin 20180604
Kingsoft 20180604
NANO-Antivirus 20180604
nProtect 20180604
Rising 20180604
SentinelOne (Static ML) 20180225
SUPERAntiSpyware 20180604
Symantec Mobile Insight 20180601
Tencent 20180604
TheHacker 20180531
TotalDefense 20180604
Trustlook 20180604
VBA32 20180601
VIPRE 20180604
ViRobot 20180604
Yandex 20180529
Zillya 20180601
Zoner 20180604
The file being studied is a Portable Executable file! More specifically, it is a Win32 EXE file for the Windows GUI subsystem.
PE header basic information
Target machine Intel 386 or later processors and compatible processors
Compilation timestamp 2018-06-03 01:09:14
Entry Point 0x0000709F
Number of sections 6
PE sections
PE imports
ReportEventW
GetLastError
InitializeCriticalSectionAndSpinCount
HeapFree
IsProcessorFeaturePresent
EnterCriticalSection
LCMapStringW
GetStartupInfoW
lstrlenA
LoadLibraryW
GetConsoleCP
SetEvent
QueryPerformanceCounter
IsDebuggerPresent
EncodePointer
TlsAlloc
IsValidLocale
GetEnvironmentStringsW
FlushFileBuffers
GetModuleFileNameA
WaitForSingleObjectEx
RtlUnwind
GetStdHandle
DeleteCriticalSection
GetCurrentProcess
AddConsoleAliasA
GetFileType
GetConsoleMode
GetStringTypeW
GetCurrentProcessId
GetUserDefaultLCID
EnumSystemLocalesW
GetCommandLineW
GetCPInfo
UnhandledExceptionFilter
LoadLibraryExW
MultiByteToWideChar
HeapSize
SetFilePointerEx
FreeEnvironmentStringsW
GetCommandLineA
GetProcAddress
InitializeSListHead
GetLocaleInfoW
SetStdHandle
GetOEMCP
RaiseException
EraseTape
WideCharToMultiByte
TlsFree
FindFirstFileExA
SetUnhandledExceptionFilter
WriteFile
PulseEvent
CloseHandle
GetSystemTimeAsFileTime
FindNextFileA
GetSystemTimes
GetACP
HeapReAlloc
DecodePointer
GetModuleHandleW
ExitProcess
FreeLibrary
TerminateProcess
GetThreadPriority
CreateEventW
ResetEvent
GetModuleHandleExW
IsValidCodePage
FindFirstVolumeMountPointW
CreateFileW
FindClose
TlsGetValue
SetLastError
TlsSetValue
HeapAlloc
GetCurrentThreadId
GetProcessHeap
VirtualAlloc
WriteConsoleW
LeaveCriticalSection
GetWindowTextLengthA
UpdateWindow
MapVirtualKeyW
DestroyCursor
LoadCursorFromFileW
SetMenuInfo
DrawCaption
SetWindowsHookA
PostMessageW
CreateCursor
RemoveMenu
Number of PE resources by type
RT_STRING 46
HKIAB 1
Number of PE resources by language
NEUTRAL 47
PE resources
Debug information
ExifTool file metadata
MIMEType
application/octet-stream

Subsystem
Windows GUI

MachineType
Intel 386 or later, and compatibles

TimeStamp
2018:06:03 02:09:14+01:00

FileType
Win32 EXE

PEType
PE32

CodeSize
124928

LinkerVersion
14.0

FileTypeExtension
exe

InitializedDataSize
58104320

SubsystemVersion
5.1

EntryPoint
0x709f

OSVersion
5.1

ImageVersion
0.0

UninitializedDataSize
0

File identification
MD5 f4d806aba614099ff6191f9d405d759b
SHA1 bd3a6eab293c78d4f8a2b01fd420f8ee9b1fd2cf
SHA256 d3ea14f712cb145fc2a5c98543afd1fcd16a24c40f599fc5f0bfced2f080ec32
ssdeep
6144:6d6ThaioSY3Cuqg9AOhoi9+44nvd+PuIW:6WaibDg9QE+pnvdaW

authentihash ebdcdccca28d37b9454ad86c7e09cfa7faf6eb66b9a47699aece0de7c9dd61d4
imphash d8ba9d7fb482b9fd9727ecce15a0efc4
File size 242.0 KB ( 247808 bytes )
File type Win32 EXE
Magic literal
PE32 executable for MS Windows (GUI) Intel 80386 32-bit

TrID Win64 Executable (generic) (61.7%)
Win32 Dynamic Link Library (generic) (14.7%)
Win32 Executable (generic) (10.0%)
OS/2 Executable (generic) (4.5%)
Generic Win/DOS Executable (4.4%)
Tags
peexe

VirusTotal metadata
First submission 2018-06-04 10:20:19 UTC ( 8 months, 2 weeks ago )
Last submission 2018-06-04 10:20:19 UTC ( 8 months, 2 weeks ago )
File names e0a95462e6aad14ab800db8bed6ede8786b0d9ae
No comments. No VirusTotal Community member has commented on this item yet, be the first one to do so!

Leave your comment...

?
Post comment

You have not signed in. Only registered users can leave comments, sign in and have a voice!

No votes. No one has voted on this item yet, be the first one to do so!
Condensed report! The following is a condensed report of the behaviour of the file when executed in a controlled environment. The actions and events described were either performed by the file itself or by any other process launched by the executed file or subjected to code injection by the executed file.
Opened files
Read files
Created processes
Opened mutexes
Runtime DLLs