× Cookies are disabled! This site requires cookies to be enabled to work properly
SHA256: d654d41b3818a1c8cf657bd8779f69a8ec0e1dadd52b6c5f720bff1fc46f8161
File name: 9d28fc641aa45a569e25e015e6afa4ff.virus
Detection ratio: 41 / 67
Analysis date: 2018-01-03 21:51:08 UTC ( 1 year, 3 months ago ) View latest
Antivirus Result Update
AhnLab-V3 Trojan/Win32.Agent.C2321058 20180103
Arcabit Trojan.Strictor.D25C33 20180103
Avast FileRepMetagen [Malware] 20180103
AVG FileRepMetagen [Malware] 20180103
Avira (no cloud) TR/Crypt.Xpack.uiswx 20180103
AVware Trojan.Win32.Generic!BT 20180103
Baidu Win32.Trojan.WisdomEyes.16070401.9500.9947 20180103
BitDefender Gen:Variant.Strictor.154675 20180103
CrowdStrike Falcon (ML) malicious_confidence_100% (D) 20171016
Cylance Unsafe 20180103
DrWeb Trojan.Encoder.24094 20180103
Emsisoft Trojan-Ransom.GlobeImposter (A) 20180103
Endgame malicious (high confidence) 20171130
ESET-NOD32 a variant of Win32/GenKryptik.BKHW 20180103
F-Secure Gen:Variant.Strictor.154675 20180103
Fortinet W32/Kryptik.FYNO!tr 20180103
GData Gen:Variant.Strictor.154675 20180103
Ikarus Trojan.Win32.Krypt 20180103
Sophos ML heuristic 20170914
Jiangmin Trojan.IRCBot.vy 20180103
K7AntiVirus Trojan ( 00521e3a1 ) 20180103
K7GW Trojan ( 00521e3a1 ) 20180103
Kaspersky HEUR:Trojan.Win32.Generic 20180103
Malwarebytes Trojan.MalPack 20180103
MAX malware (ai score=89) 20180103
McAfee Artemis!9D28FC641AA4 20180102
McAfee-GW-Edition BehavesLike.Win32.Downloader.dc 20180103
Microsoft Trojan:Win32/Krilog.A 20180103
eScan Gen:Variant.Strictor.154675 20180103
NANO-Antivirus Trojan.Win32.IRCbot.ewmxmm 20180103
Panda Trj/Genetic.gen 20180103
Qihoo-360 HEUR/QVM10.1.49AB.Malware.Gen 20180103
Rising Trojan.GenKryptik!8.AA55 (TFE:5:7KGlsezxbmC) 20180103
Sophos AV Mal/Generic-S 20180103
Symantec Trojan.Gen 20180103
TrendMicro TROJ_GEN.R046C0DA218 20180103
TrendMicro-HouseCall TROJ_GEN.R046C0DA218 20180103
VBA32 Malware-Cryptor.Limpopo 20180103
VIPRE Trojan.Win32.Generic!BT 20180103
Webroot W32.Trojan.Gen 20180103
ZoneAlarm by Check Point HEUR:Trojan.Win32.Generic 20180103
Ad-Aware 20171225
AegisLab 20180103
Alibaba 20180103
Antiy-AVL 20180103
Avast-Mobile 20180103
Bkav 20180103
CAT-QuickHeal 20180103
ClamAV 20180103
CMC 20180103
Comodo 20180103
Cybereason 20171103
Cyren 20180103
eGambit 20180103
F-Prot 20180103
Kingsoft 20180103
nProtect 20180103
Palo Alto Networks (Known Signatures) 20180103
SentinelOne (Static ML) 20171224
SUPERAntiSpyware 20180103
Tencent 20180103
TheHacker 20180103
TotalDefense 20180103
Trustlook 20180103
ViRobot 20180103
WhiteArmor 20171226
Yandex 20171229
Zillya 20180103
Zoner 20180103
The file being studied is a Portable Executable file! More specifically, it is a Win32 EXE file for the Windows GUI subsystem.
FileVersionInfo properties
Copyright
Copyright (C) 2017, sfsfgdgdf

File version 11.0.0.1
PE header basic information
Target machine Intel 386 or later processors and compatible processors
Compilation timestamp 2017-12-27 22:59:26
Entry Point 0x0000419D
Number of sections 5
PE sections
PE imports
SetSecurityDescriptorControl
GetUserNameA
InitiateSystemShutdownA
OpenEventLogW
LookupPrivilegeNameW
StretchBlt
FillPath
GetStdHandle
EncodePointer
DeleteCriticalSection
GetCurrentProcess
GetConsoleMode
EnumSystemLocalesW
GetFileInformationByHandle
GetLocaleInfoW
SetStdHandle
GetTempPathA
WideCharToMultiByte
WriteFile
GetSystemTimeAsFileTime
GetThreadTimes
HeapReAlloc
GetStringTypeW
FreeLibrary
GetThreadPriority
OutputDebugStringW
TlsGetValue
SetLastError
GetModuleFileNameW
IsDebuggerPresent
ExitProcess
SetProcessWorkingSetSize
SetConsoleCtrlHandler
UnhandledExceptionFilter
LoadLibraryExW
MultiByteToWideChar
FatalAppExitA
SetFilePointerEx
SetUnhandledExceptionFilter
IsProcessorFeaturePresent
GetSystemTimes
DecodePointer
GetThreadSelectorEntry
TerminateProcess
CreateSemaphoreW
GetModuleHandleExW
GlobalAlloc
GetCurrentThreadId
WriteConsoleW
AreFileApisANSI
InitializeCriticalSectionAndSpinCount
HeapFree
EnterCriticalSection
GetOEMCP
QueryPerformanceCounter
GetTickCount
TlsAlloc
FlushFileBuffers
RtlUnwind
GetWindowsDirectoryW
GetFileSize
AddAtomA
OpenProcess
GetDateFormatW
GetStartupInfoW
GetProcAddress
AddAtomW
GetProcessHeap
GetTimeFormatW
FreeEnvironmentStringsW
IsValidLocale
GetUserDefaultLCID
CreateEventW
CreateFileW
GetFileType
TlsSetValue
HeapAlloc
LeaveCriticalSection
GetLastError
LCMapStringW
GetConsoleCP
CompareStringW
SetProcessShutdownParameters
GetEnvironmentStringsW
HeapSize
GetCurrentProcessId
GetCommandLineW
GetCPInfo
GetAtomNameW
GetCurrentThread
RaiseException
TlsFree
CloseHandle
GetACP
GetModuleHandleW
GetLongPathNameW
GetProcessHandleCount
IsValidCodePage
Sleep
GradientFill
SetPropA
SetScrollRange
ShowScrollBar
BeginPaint
GetPropA
WinHttpOpen
WinHttpQueryDataAvailable
WinHttpConnect
WinHttpCloseHandle
WinHttpQueryOption
Number of PE resources by type
RT_STRING 4
RT_ICON 2
RT_DIALOG 1
RT_GROUP_CURSOR 1
RT_BITMAP 1
ODVOLEH 1
RT_CURSOR 1
RT_VERSION 1
RT_GROUP_ICON 1
Number of PE resources by language
NEUTRAL 13
PE resources
ExifTool file metadata
UninitializedDataSize
0

InitializedDataSize
1168384

ImageVersion
0.0

FileVersionNumber
1.0.0.1

LanguageCode
English (British)

FileFlagsMask
0x003f

ImageFileCharacteristics
Executable, 32-bit

CharacterSet
Unicode

LinkerVersion
12.0

FileTypeExtension
exe

MIMEType
application/octet-stream

Subsystem
Windows GUI

FileVersion
11.0.0.1

TimeStamp
2017:12:27 23:59:26+01:00

FileType
Win32 EXE

PEType
PE32

ProductVersion
11.0.0.1

SubsystemVersion
5.1

OSVersion
5.1

FileOS
Windows NT 32-bit

LegalCopyright
Copyright (C) 2017, sfsfgdgdf

MachineType
Intel 386 or later, and compatibles

CodeSize
151552

FileSubtype
0

ProductVersionNumber
1.0.0.1

EntryPoint
0x419d

ObjectFileType
Executable application

Compressed bundles
File identification
MD5 9d28fc641aa45a569e25e015e6afa4ff
SHA1 9fe2e392dc11d253d363c956dd27977b72a77faa
SHA256 d654d41b3818a1c8cf657bd8779f69a8ec0e1dadd52b6c5f720bff1fc46f8161
ssdeep
6144:uIf4yhyE228wbHEnDM4NWYLy3GwZCRiA:us4yhyE2JwbkY+opP

authentihash 5aba5c5c4d04b8914ddb588fbd9fd469aaecd6502a337c62cce284c4bd2b8923
imphash 15058d288d0821d21a6c3bea7329704c
File size 279.0 KB ( 285696 bytes )
File type Win32 EXE
Magic literal
PE32 executable for MS Windows (GUI) Intel 80386 32-bit

TrID Win32 Executable MS Visual C++ (generic) (41.0%)
Win64 Executable (generic) (36.3%)
Win32 Dynamic Link Library (generic) (8.6%)
Win32 Executable (generic) (5.9%)
OS/2 Executable (generic) (2.6%)
Tags
peexe

VirusTotal metadata
First submission 2018-01-03 21:51:08 UTC ( 1 year, 3 months ago )
Last submission 2018-01-03 21:51:08 UTC ( 1 year, 3 months ago )
File names 9d28fc641aa45a569e25e015e6afa4ff.virus
1024-9fe2e392dc11d253d363c956dd27977b72a77faa
No comments. No VirusTotal Community member has commented on this item yet, be the first one to do so!

Leave your comment...

?
Post comment

You have not signed in. Only registered users can leave comments, sign in and have a voice!

No votes. No one has voted on this item yet, be the first one to do so!
Condensed report! The following is a condensed report of the behaviour of the file when executed in a controlled environment. The actions and events described were either performed by the file itself or by any other process launched by the executed file or subjected to code injection by the executed file.
Opened files
Read files
Written files
Deleted files
Created processes
Created mutexes
Opened mutexes
Runtime DLLs