× Cookies are disabled! This site requires cookies to be enabled to work properly
SHA256: d6d6dfbfca68f96f91d1fea8d2c6fe8624b6e83f487955f76aec331d09dc6c12
File name: abb7b0801cc1cc174d9d9127c006c004.virus
Detection ratio: 38 / 69
Analysis date: 2018-10-08 04:37:54 UTC ( 7 months, 2 weeks ago ) View latest
Antivirus Result Update
Ad-Aware Win32.Induc.A 20181008
AhnLab-V3 Win32/Induc 20181007
Arcabit Win32.Induc.A 20181008
Avast Win32:Induc 20181008
AVG Win32:Induc 20181008
Avira (no cloud) W32/Induc.ienb 20181007
AVware Trojan.Win32.Malware.a (fs) 20180925
BitDefender Win32.Induc.A 20181007
CAT-QuickHeal W32.Induc.A 20181007
Comodo Virus.Win32.Induc.A0 20181007
Cybereason malicious.01cc1c 20180225
Cylance Unsafe 20181008
DrWeb Win32.Induc 20181008
Emsisoft Win32.Induc.A (B) 20181008
ESET-NOD32 a variant of Win32/Induc.A 20181008
F-Secure Win32.Induc.A 20181008
GData Win32.Induc.A 20181008
Ikarus W32.Induc 20181007
Kaspersky Virus.Win32.Induc.b 20181008
MAX malware (ai score=81) 20181008
McAfee Artemis!ABB7B0801CC1 20181008
McAfee-GW-Edition W32/Induc 20181008
Microsoft Virus:Win32/Induc.A 20181007
eScan Win32.Induc.A 20181007
NANO-Antivirus Virus.Win32.Induc.dffkeg 20181008
Panda Generic Malware 20181007
Qihoo-360 Malware.Radar03.Gen 20181008
Rising Virus.Induc!1.9B53 (CLASSIC) 20181008
SentinelOne (Static ML) static engine - malicious 20180926
Sophos AV W32/Induc-A 20181008
Symantec W32.Induc.A 20181007
Tencent Win32.Virus.Induc.Lpvb 20181008
TrendMicro TROJ_GEN.R02DC0DJ718 20181007
TrendMicro-HouseCall TROJ_GEN.R02DC0DJ718 20181008
VBA32 Virus.Win32.Induc.c 20181005
VIPRE Trojan.Win32.Malware.a (fs) 20181008
Yandex Win32.Induc 20181005
ZoneAlarm by Check Point Virus.Win32.Induc.b 20181008
AegisLab 20181007
Alibaba 20180921
ALYac 20181008
Antiy-AVL 20181008
Avast-Mobile 20181007
Babable 20180918
Baidu 20180930
Bkav 20181005
ClamAV 20181007
CMC 20181007
CrowdStrike Falcon (ML) 20180723
Cyren 20181008
eGambit 20181008
Endgame 20180730
F-Prot 20181007
Fortinet 20181008
Sophos ML 20180717
Jiangmin 20181008
K7AntiVirus 20181007
K7GW 20181007
Kingsoft 20181008
Malwarebytes 20181008
Palo Alto Networks (Known Signatures) 20181008
SUPERAntiSpyware 20181006
Symantec Mobile Insight 20181001
TACHYON 20181008
TheHacker 20181001
TotalDefense 20181007
Trustlook 20181008
ViRobot 20181007
Webroot 20181008
Zillya 20181005
Zoner 20181008
The file being studied is a Portable Executable file! More specifically, it is a Win32 EXE file for the Windows GUI subsystem.
FileVersionInfo properties
Packers identified
F-PROT PECompact, PecBundle
PEiD ExeShield 3.6 -> www.exeshield.com
PE header basic information
Target machine Intel 386 or later processors and compatible processors
Compilation timestamp 1992-06-19 22:22:17
Entry Point 0x00001000
Number of sections 2
PE sections
PE imports
RegQueryValueExA
FlatSB_SetScrollPos
PageSetupDlgA
UnrealizeObject
ImmGetOpenStatus
VirtualFree
LoadLibraryA
VirtualAlloc
GetProcAddress
CreateStreamOnHGlobal
SysFreeString
OleUIObjectPropertiesA
ShellExecuteA
GetKeyboardType
VerQueryValueA
WritePrinter
Number of PE resources by type
RT_BITMAP 174
RT_RCDATA 121
RT_STRING 44
RT_GROUP_CURSOR 12
RT_CURSOR 12
RT_DIALOG 1
RT_ICON 1
RT_GROUP_ICON 1
Number of PE resources by language
NEUTRAL 313
ENGLISH US 45
RUSSIAN 6
KOREAN 2
PE resources
ExifTool file metadata
MIMEType
application/octet-stream

Subsystem
Windows GUI

MachineType
Intel 386 or later, and compatibles

TimeStamp
1992:06:19 22:22:17+00:00

FileType
Win32 EXE

PEType
PE32

CodeSize
2978816

LinkerVersion
2.25

ImageFileCharacteristics
Executable, No line numbers, No symbols, Bytes reversed lo, 32-bit, Bytes reversed hi

FileTypeExtension
exe

InitializedDataSize
2885120

SubsystemVersion
4.0

EntryPoint
0x1000

OSVersion
4.0

ImageVersion
0.0

UninitializedDataSize
0

File identification
MD5 abb7b0801cc1cc174d9d9127c006c004
SHA1 1488517179a6f48341cf6cf4046227ca7b18d093
SHA256 d6d6dfbfca68f96f91d1fea8d2c6fe8624b6e83f487955f76aec331d09dc6c12
ssdeep
24576:oeUZKiZenBK/Jey3CV2+StTgT/ZDriqpdZ2NVj:OZKi4s33CwTg7ZHiqpdsV

authentihash cb47220ae1ddfead5d2c4f343c01844787d7cb45a7a3ed2b57abdef62666831e
imphash 43d72c2c81627a1674758aaf2c2abe6b
File size 1.0 MB ( 1088512 bytes )
File type Win32 EXE
Magic literal
PE32 executable for MS Windows (GUI) Intel 80386 32-bit

TrID Win32 EXE PECompact compressed (v2.x) (49.2%)
Win32 EXE PECompact compressed (generic) (34.6%)
Win32 Dynamic Link Library (generic) (5.4%)
Win32 Executable (generic) (3.7%)
Win16/32 Executable Delphi generic (1.7%)
Tags
pecompact exeshield peexe

VirusTotal metadata
First submission 2018-10-08 04:37:54 UTC ( 7 months, 2 weeks ago )
Last submission 2019-02-09 19:39:48 UTC ( 3 months, 1 week ago )
File names Bun_20181015.exe
bun_20181015.exe
d6d6dfbfca68f96f91d1fea8d2c6fe8624b6e83f487955f76aec331d09dc6c12.exe
abb7b0801cc1cc174d9d9127c006c004.virus
No comments. No VirusTotal Community member has commented on this item yet, be the first one to do so!

Leave your comment...

?
Post comment

You have not signed in. Only registered users can leave comments, sign in and have a voice!

No votes. No one has voted on this item yet, be the first one to do so!
Condensed report! The following is a condensed report of the behaviour of the file when executed in a controlled environment. The actions and events described were either performed by the file itself or by any other process launched by the executed file or subjected to code injection by the executed file.
Opened files
Read files
Written files
Created processes
Code injections in the following processes
Opened mutexes
Searched windows
Runtime DLLs