× Cookies are disabled! This site requires cookies to be enabled to work properly
SHA256: d6ba7613022091eb0b12a24a009271f3dd0cf52a3b94180febb804d24b1d22e2
Detection ratio: 54 / 72
Analysis date: 2019-04-26 13:38:02 UTC ( 3 weeks, 3 days ago )
Antivirus Result Update
Acronis suspicious 20190425
Ad-Aware Dropped:Trojan.Script.418723 20190426
AegisLab Trojan.Win32.Lunam.tpLz 20190426
AhnLab-V3 Trojan/Win32.Lunam.R261674 20190426
ALYac Dropped:Trojan.Script.418723 20190426
Antiy-AVL Trojan/Win32.Lunam 20190426
Arcabit Trojan.Script.D663A3 20190426
Avast Win32:Malware-gen 20190426
AVG Win32:Malware-gen 20190426
Avira (no cloud) TR/Crypt.PEPM.Gen 20190426
BitDefender Dropped:Trojan.Script.418723 20190426
CAT-QuickHeal Trojan.Lunam 20190426
ClamAV Win.Malware.Lunam-6901822-0 20190426
CMC Trojan.Win32.Lunam!O 20190321
Comodo TrojWare.Win32.Spy.Agent.1396070@1qn3u3 20190426
CrowdStrike Falcon (ML) win/malicious_confidence_80% (D) 20190212
Cybereason malicious.41aa92 20190417
Cylance Unsafe 20190426
Cyren W32/Trojan.NEIG-3448 20190426
DrWeb Trojan.PWS.Banker1.30100 20190426
Emsisoft Dropped:Trojan.Script.418723 (B) 20190426
Endgame malicious (high confidence) 20190403
ESET-NOD32 Win32/Otfrem.A 20190426
F-Prot W32/Trojan3.ANVL 20190426
F-Secure Trojan.TR/Crypt.PEPM.Gen 20190426
FireEye Generic.mg.dc6e2b841aa929d1 20190426
Fortinet W32/Lunam.A!tr 20190426
GData Dropped:Trojan.Script.418723 20190426
Ikarus Trojan.Win32.Delf 20190426
Sophos ML heuristic 20190313
Jiangmin Trojan/PSW.Lmir.dah 20190426
K7AntiVirus Trojan ( 0029f2001 ) 20190426
K7GW Trojan ( 0029f2001 ) 20190426
Kaspersky Trojan.Win32.Lunam.a 20190426
Malwarebytes Spyware.PasswordStealer 20190426
MAX malware (ai score=85) 20190426
McAfee Artemis!DC6E2B841AA9 20190426
McAfee-GW-Edition BehavesLike.Win32.Rimecud.tc 20190426
Microsoft Trojan:Win32/Lunam.A 20190426
eScan Dropped:Trojan.Script.418723 20190426
NANO-Antivirus Trojan.Win32.Lunam.foufld 20190426
Panda Trj/Genetic.gen 20190426
Qihoo-360 HEUR/QVM17.0.C877.Malware.Gen 20190426
Rising Trojan.Otfrem!8.466E (RDM+:cmRtazpCXM7s3sUbPZ/iyu/usV8O) 20190426
SentinelOne (Static ML) DFI - Malicious PE 20190420
Sophos AV Mal/SillyFDC-K 20190426
Symantec ML.Attribute.HighConfidence 20190426
Tencent Trojan.Win32.FakeFolder.pb 20190426
Trapmine malicious.high.ml.score 20190325
TrendMicro PE_LUNAM.A-O 20190426
TrendMicro-HouseCall PE_LUNAM.A-O 20190426
VBA32 Trojan.VBO.012939 20190426
Zillya Trojan.Lunam.Win32.171 20190424
ZoneAlarm by Check Point Trojan.Win32.Lunam.a 20190426
Alibaba 20190425
Avast-Mobile 20190426
Babable 20190424
Baidu 20190318
Bkav 20190425
eGambit 20190426
Kingsoft 20190426
Palo Alto Networks (Known Signatures) 20190426
SUPERAntiSpyware 20190423
Symantec Mobile Insight 20190418
TACHYON 20190426
TheHacker 20190421
TotalDefense 20190426
Trustlook 20190426
VIPRE 20190426
ViRobot 20190426
Webroot 20190426
Yandex 20190426
Zoner 20190426
The file being studied is a Portable Executable file! More specifically, it is a Win32 EXE file for the Windows GUI subsystem.
FileVersionInfo properties
Packers identified
PEiD PECompact 2.xx --> BitSum Technologies
PE header basic information
Target machine Intel 386 or later processors and compatible processors
Compilation timestamp 2008-11-16 03:29:47
Entry Point 0x00001E60
Number of sections 2
PE sections
Overlays
MD5 c6290428e16d0bec675afc84fb699a55
File type image/jpeg
Offset 32768
Size 1631364
Entropy 7.09
PE imports
VirtualFree
LoadLibraryA
VirtualAlloc
GetProcAddress
Number of PE resources by type
RT_ICON 6
RT_VERSION 1
RT_GROUP_ICON 1
Number of PE resources by language
NEUTRAL 7
ENGLISH US 1
PE resources
ExifTool file metadata
MIMEType
application/octet-stream

Subsystem
Windows GUI

MachineType
Intel 386 or later, and compatibles

TimeStamp
2008:11:16 04:29:47+01:00

FileType
Win32 EXE

PEType
PE32

CodeSize
106496

LinkerVersion
6.0

ImageFileCharacteristics
No relocs, Executable, No line numbers, No symbols, 32-bit

Warning
Error processing PE data dictionary

FileTypeExtension
exe

InitializedDataSize
32768

SubsystemVersion
4.0

EntryPoint
0x1e60

OSVersion
4.0

ImageVersion
1.0

UninitializedDataSize
0

File identification
MD5 dc6e2b841aa929d169ae6295e1b2542a
SHA1 fffe036506a704dd505aba2151cf100e910ac3ac
SHA256 d6ba7613022091eb0b12a24a009271f3dd0cf52a3b94180febb804d24b1d22e2
ssdeep
24576:PK9EPK9EKoaoj+oFzqk2KrTtiK9EPK9EKoaoj+oFzqk2KrTto:PIMIMaojhFV2KHMIMIMaojhFV2KHK

authentihash de2206fdf4ae9e9cb883ba874342ca28bd1b861fa881f5b0eb7f545ec0f602de
imphash 09d0478591d4f788cb3e5ea416c25237
File size 1.6 MB ( 1664132 bytes )
File type Win32 EXE
Magic literal
PE32 executable for MS Windows (GUI) Intel 80386 32-bit

TrID Win32 EXE PECompact compressed (v2.x) (39.6%)
Win32 EXE PECompact compressed (generic) (27.9%)
Win32 Executable MS Visual C++ (generic) (20.9%)
Win32 Dynamic Link Library (generic) (4.4%)
Win32 Executable (generic) (3.0%)
Tags
pecompact peexe overlay

VirusTotal metadata
First submission 2019-04-26 13:38:02 UTC ( 3 weeks, 3 days ago )
Last submission 2019-04-26 13:38:02 UTC ( 3 weeks, 3 days ago )
No comments. No VirusTotal Community member has commented on this item yet, be the first one to do so!

Leave your comment...

?
Post comment

You have not signed in. Only registered users can leave comments, sign in and have a voice!

No votes. No one has voted on this item yet, be the first one to do so!
Condensed report! The following is a condensed report of the behaviour of the file when executed in a controlled environment. The actions and events described were either performed by the file itself or by any other process launched by the executed file or subjected to code injection by the executed file.
Runtime DLLs