× Cookies are disabled! This site requires cookies to be enabled to work properly
SHA256: d74b8ec0e92d26677f2b14d947725e094abde998d0e1329b0b882872182c0d1e
File name: d74b8ec0e92d26677f2b14d947725e094abde998d0e1329b0b882872182c0d1e
Detection ratio: 26 / 64
Analysis date: 2019-03-04 02:59:50 UTC ( 2 months, 2 weeks ago ) View latest
Antivirus Result Update
Acronis suspicious 20190222
Ad-Aware Gen:Trojan.Heur.mq0@Ivh4Pcmi 20190304
Arcabit Trojan.Heur.E41B52 20190303
Avast Win32:Malware-gen 20190303
AVG Win32:Malware-gen 20190303
Avira (no cloud) TR/Crypt.ZPACK.Gen2 20190303
BitDefender Gen:Trojan.Heur.mq0@Ivh4Pcmi 20190304
CrowdStrike Falcon (ML) win/malicious_confidence_90% (W) 20190212
Cybereason malicious.fe6fe7 20190109
Cyren W32/GenBl.451B12BF!Olympus 20190304
Emsisoft Gen:Trojan.Heur.mq0@Ivh4Pcmi (B) 20190304
Endgame malicious (high confidence) 20190215
ESET-NOD32 a variant of Generik.KFAQNAO 20190304
F-Secure Trojan.TR/Crypt.ZPACK.Gen2 20190303
GData Gen:Trojan.Heur.mq0@Ivh4Pcmi 20190304
Ikarus Trojan.Win32.Dynamer 20190303
Sophos ML heuristic 20181128
Malwarebytes Trojan.Injector 20190303
MAX malware (ai score=83) 20190304
McAfee Artemis!451B12BFE6FE 20190304
McAfee-GW-Edition BehavesLike.Win32.BadFile.cc 20190303
eScan Gen:Trojan.Heur.mq0@Ivh4Pcmi 20190304
Palo Alto Networks (Known Signatures) generic.ml 20190304
SentinelOne (Static ML) static engine - malicious 20190203
Tencent Win32.Trojan.Crypt.Pabz 20190304
Trapmine malicious.high.ml.score 20190301
AegisLab 20190304
AhnLab-V3 20190303
Alibaba 20180921
ALYac 20190304
Antiy-AVL 20190304
Avast-Mobile 20190303
Babable 20180918
Baidu 20190215
CAT-QuickHeal 20190303
ClamAV 20190303
CMC 20190303
Comodo 20190304
DrWeb 20190303
eGambit 20190304
Fortinet 20190303
Jiangmin 20190304
K7AntiVirus 20190304
K7GW 20190303
Kaspersky 20190304
Kingsoft 20190304
Microsoft 20190304
NANO-Antivirus 20190303
Panda 20190303
Qihoo-360 20190304
Sophos AV 20190304
SUPERAntiSpyware 20190227
Symantec 20190303
Symantec Mobile Insight 20190220
TACHYON 20190304
TheHacker 20190225
TotalDefense 20190303
Trustlook 20190304
VBA32 20190301
VIPRE 20190228
ViRobot 20190303
Webroot 20190304
Yandex 20190301
ZoneAlarm by Check Point 20190304
Zoner 20190304
The file being studied is a Portable Executable file! More specifically, it is a Win32 EXE file for the Windows GUI subsystem.
FileVersionInfo properties
Copyright
© B-Space ompany. All rights reserved.

Original name gagspace.exe
File version 2.5.4.0
Description Spacegag
PE header basic information
Target machine Intel 386 or later processors and compatible processors
Compilation timestamp 2019-02-21 01:14:48
Entry Point 0x00001260
Number of sections 4
PE sections
PE imports
CreateRoundRectRgn
GetStockObject
GetLastError
HeapFree
GetStdHandle
EnterCriticalSection
LCMapStringW
SetHandleCount
GetOEMCP
LCMapStringA
HeapDestroy
ExitProcess
TlsAlloc
GetEnvironmentStringsW
LoadLibraryA
RtlUnwind
ExitThread
FreeEnvironmentStringsA
GetStartupInfoA
GetEnvironmentStrings
WideCharToMultiByte
UnhandledExceptionFilter
MultiByteToWideChar
FreeEnvironmentStringsW
GetCommandLineA
GetProcAddress
GetCPInfo
GetStringTypeA
GetModuleHandleA
WriteFile
GetCurrentProcess
GetACP
HeapReAlloc
GetStringTypeW
GetCurrentThreadId
TerminateProcess
GetModuleFileNameA
InitializeCriticalSection
HeapCreate
VirtualFree
TlsGetValue
GetFileType
TlsSetValue
HeapAlloc
GetVersion
VirtualAlloc
SetLastError
LeaveCriticalSection
GetMessageA
CreateWindowExA
LoadCursorA
SetWindowRgn
UpdateWindow
DispatchMessageA
EnumChildWindows
SendMessageA
MessageBoxA
PostQuitMessage
DefWindowProcA
ShowWindow
RegisterClassA
LoadIconA
Number of PE resources by type
RT_ICON 2
RT_VERSION 1
RT_GROUP_ICON 1
Number of PE resources by language
NEUTRAL 3
ENGLISH US 1
PE resources
ExifTool file metadata
SubsystemVersion
4.0

InitializedDataSize
184320

ImageVersion
0.0

FileVersionNumber
1.0.0.0

UninitializedDataSize
0

LanguageCode
English (U.S.)

FileFlagsMask
0x003f

ImageFileCharacteristics
No relocs, Executable, No line numbers, No symbols, 32-bit

CharacterSet
Unicode

LinkerVersion
6.0

FileTypeExtension
exe

OriginalFileName
gagspace.exe

MIMEType
application/octet-stream

Subsystem
Windows GUI

FileVersion
2.5.4.0

TimeStamp
2019:02:21 02:14:48+01:00

FileType
Win32 EXE

PEType
PE32

ProductVersion
2.5.0.0

FileDescription
Spacegag

OSVersion
4.0

FileOS
Windows NT 32-bit

LegalCopyright
B-Space ompany. All rights reserved.

MachineType
Intel 386 or later, and compatibles

CompanyName
B-Space Company

CodeSize
12288

FileSubtype
0

ProductVersionNumber
1.0.0.0

EntryPoint
0x1260

ObjectFileType
Executable application

File identification
MD5 451b12bfe6fe7d120fca748acbaa1793
SHA1 72829ab9759ed8803b2c9916637291bb4418e753
SHA256 d74b8ec0e92d26677f2b14d947725e094abde998d0e1329b0b882872182c0d1e
ssdeep
3072:GgDTok3pvqbyJsX+hiNrd2go8gIkhhMf2NvPAOtTNOM5sXkna/jaCD9mOzNM:GmpvqAo+hiNJ2goddmoAXk0mI5

authentihash 39305812015ae06fc5592faf50d763b0fb6a7d0cad875b6f04bb6ab7b6079d76
imphash f2f8626d06b8f24c0b558697e58eba46
File size 196.0 KB ( 200704 bytes )
File type Win32 EXE
Magic literal
PE32 executable for MS Windows (GUI) Intel 80386 32-bit

TrID Win32 Executable MS Visual C++ (generic) (41.0%)
Win64 Executable (generic) (36.3%)
Win32 Dynamic Link Library (generic) (8.6%)
Win32 Executable (generic) (5.9%)
OS/2 Executable (generic) (2.6%)
Tags
peexe

VirusTotal metadata
First submission 2019-03-03 06:45:13 UTC ( 2 months, 2 weeks ago )
Last submission 2019-03-05 10:45:28 UTC ( 2 months, 2 weeks ago )
File names stan.exe
gagspace.exe
d74b8ec0e92d26677f2b14d947725e094abde998d0e1329b0b882872182c0d1e.bin
stan.exe
No comments. No VirusTotal Community member has commented on this item yet, be the first one to do so!

Leave your comment...

?
Post comment

You have not signed in. Only registered users can leave comments, sign in and have a voice!

No votes. No one has voted on this item yet, be the first one to do so!
Condensed report! The following is a condensed report of the behaviour of the file when executed in a controlled environment. The actions and events described were either performed by the file itself or by any other process launched by the executed file or subjected to code injection by the executed file.
Opened files
Read files
Written files
Created processes
Code injections in the following processes
Opened mutexes
Runtime DLLs