× Cookies are disabled! This site requires cookies to be enabled to work properly
SHA256: d7ee2ec18778ee99efa43ef35f01e0e8ab7de1dce673a08c9fdef6daa8e8444e
File name: DB_Bank_client.exe
Detection ratio: 18 / 68
Analysis date: 2018-09-01 13:39:32 UTC ( 8 months, 3 weeks ago ) View latest
Antivirus Result Update
Baidu Win32.Trojan.WisdomEyes.16070401.9500.9997 20180830
Bkav W32.eHeur.Malware03 20180831
CrowdStrike Falcon (ML) malicious_confidence_100% (D) 20180723
Cybereason malicious.546f2b 20180225
Cylance Unsafe 20180901
Endgame malicious (high confidence) 20180730
Sophos ML heuristic 20180717
K7AntiVirus Trojan ( 00516fdf1 ) 20180901
K7GW Trojan ( 00516fdf1 ) 20180901
Kaspersky UDS:DangerousObject.Multi.Generic 20180901
McAfee-GW-Edition BehavesLike.Win32.Generic.ch 20180901
Microsoft Trojan:Win32/Vigorf.A 20180901
Palo Alto Networks (Known Signatures) generic.ml 20180901
Qihoo-360 HEUR/QVM10.1.9355.Malware.Gen 20180901
Rising Malware.Heuristic!ET#100% (RDM+:cmRtazrbFOpNKdWRpwkZC9BohSPw) 20180901
SentinelOne (Static ML) static engine - malicious 20180830
Symantec ML.Attribute.HighConfidence 20180901
ZoneAlarm by Check Point UDS:DangerousObject.Multi.Generic 20180901
Ad-Aware 20180901
AegisLab 20180901
AhnLab-V3 20180901
ALYac 20180901
Antiy-AVL 20180901
Arcabit 20180901
Avast 20180901
Avast-Mobile 20180901
AVG 20180901
Avira (no cloud) 20180901
AVware 20180823
Babable 20180822
BitDefender 20180901
CAT-QuickHeal 20180901
ClamAV 20180901
CMC 20180901
Comodo 20180901
Cyren 20180901
DrWeb 20180901
eGambit 20180901
Emsisoft 20180901
ESET-NOD32 20180901
F-Prot 20180901
F-Secure 20180901
Fortinet 20180901
GData 20180901
Ikarus 20180901
Jiangmin 20180901
Kingsoft 20180901
Malwarebytes 20180901
MAX 20180901
McAfee 20180901
eScan 20180901
NANO-Antivirus 20180901
Panda 20180901
Sophos AV 20180901
SUPERAntiSpyware 20180901
Symantec Mobile Insight 20180831
TACHYON 20180901
Tencent 20180901
TheHacker 20180829
TotalDefense 20180901
TrendMicro 20180901
TrendMicro-HouseCall 20180901
Trustlook 20180901
VBA32 20180831
VIPRE 20180901
ViRobot 20180901
Webroot 20180901
Yandex 20180831
Zillya 20180831
Zoner 20180831
The file being studied is a Portable Executable file! More specifically, it is a Win32 EXE file for the Windows GUI subsystem.
FileVersionInfo properties
PE header basic information
Target machine Intel 386 or later processors and compatible processors
Compilation timestamp 2018-03-05 10:14:21
Entry Point 0x00004814
Number of sections 5
PE sections
PE imports
ReportEventA
BeginPath
StretchBlt
GetSystemTime
GetLastError
InitializeCriticalSectionAndSpinCount
HeapFree
GetStdHandle
EnterCriticalSection
LCMapStringW
SetHandleCount
GetModuleFileNameW
GetOEMCP
QueryPerformanceCounter
GetEnvironmentStringsW
GetTickCount
SetProcessShutdownParameters
TlsAlloc
GetSystemTimes
VirtualProtect
FillConsoleOutputCharacterW
GetCommandLineW
RtlUnwind
ExitThread
FindFirstChangeNotificationW
IsProcessorFeaturePresent
DeleteCriticalSection
EnumTimeFormatsW
EnumSystemLocalesA
GetCurrentDirectoryW
GetLocaleInfoA
GetCurrentProcessId
UnhandledExceptionFilter
GetModuleHandleW
GetCPInfo
ExitProcess
InterlockedDecrement
MultiByteToWideChar
GetStartupInfoW
FreeEnvironmentStringsW
IsDebuggerPresent
GetUserDefaultLCID
InterlockedCompareExchange
HeapSize
LeaveCriticalSection
RaiseException
InitializeCriticalSection
WideCharToMultiByte
LoadLibraryW
TlsFree
HeapSetInformation
InterlockedExchange
SetUnhandledExceptionFilter
lstrcpyA
GetConsoleDisplayMode
DecodePointer
GetSystemTimeAsFileTime
IsValidLocale
GetACP
HeapReAlloc
GetStringTypeW
GetProcAddress
HeapAlloc
GetSystemTimeAdjustment
TerminateProcess
GetCurrentProcess
IsValidCodePage
HeapCreate
WriteFile
FindAtomA
TlsGetValue
Sleep
GetFileType
TlsSetValue
GetProcessVersion
EncodePointer
GetCurrentThreadId
GetLocaleInfoW
VirtualAlloc
SetLastError
InterlockedIncrement
ExtractIconA
GetMenuState
GetDesktopWindow
Number of PE resources by type
RT_BITMAP 4
RT_DIALOG 1
RT_VERSION 1
Number of PE resources by language
NEUTRAL 6
PE resources
ExifTool file metadata
UninitializedDataSize
0

InitializedDataSize
110592

ImageVersion
0.0

FileVersionNumber
11.0.0.0

LanguageCode
Unknown (3436)

FileFlagsMask
0x003f

ImageFileCharacteristics
Executable, 32-bit

CharacterSet
Unknown (77B0)

LinkerVersion
10.0

FileTypeExtension
exe

MIMEType
application/octet-stream

FileVersion
2.4.8

TimeStamp
2018:03:05 11:14:21+01:00

FileType
Win32 EXE

PEType
PE32

SubsystemVersion
5.1

OSVersion
5.1

FileOS
Unknown (0x588891)

Subsystem
Windows GUI

MachineType
Intel 386 or later, and compatibles

CodeSize
90112

FileSubtype
0

ProductVersionNumber
12.0.0.0

EntryPoint
0x4814

ObjectFileType
VxD

Execution parents
File identification
MD5 d7ba1e14e64c0588e175da2d4154411e
SHA1 6fe787b546f2b54bbb873fa0f65113c32aaa1d38
SHA256 d7ee2ec18778ee99efa43ef35f01e0e8ab7de1dce673a08c9fdef6daa8e8444e
ssdeep
3072:eNaFxaQbiqsBjFxMgQ3G1Av6Ut58BN+3K3d/4V6:eNa1OvZFI3GMW4K

authentihash d8e111ee10b4eee84e6c4e4f499ab8a5d8e190d41d3eeb7ce92f72f7f253c81a
imphash e59406f11c66680310f0ea4e45c56a7c
File size 192.5 KB ( 197120 bytes )
File type Win32 EXE
Magic literal
PE32 executable for MS Windows (GUI) Intel 80386 32-bit

TrID Win32 Executable MS Visual C++ (generic) (41.0%)
Win64 Executable (generic) (36.3%)
Win32 Dynamic Link Library (generic) (8.6%)
Win32 Executable (generic) (5.9%)
OS/2 Executable (generic) (2.6%)
Tags
peexe

VirusTotal metadata
First submission 2018-09-01 13:39:32 UTC ( 8 months, 3 weeks ago )
Last submission 2018-09-01 13:39:32 UTC ( 8 months, 3 weeks ago )
File names DB_Bank_client.exe
ckjsmzl26jnkrkt.exe
No comments. No VirusTotal Community member has commented on this item yet, be the first one to do so!

Leave your comment...

?
Post comment

You have not signed in. Only registered users can leave comments, sign in and have a voice!

No votes. No one has voted on this item yet, be the first one to do so!
Condensed report! The following is a condensed report of the behaviour of the file when executed in a controlled environment. The actions and events described were either performed by the file itself or by any other process launched by the executed file or subjected to code injection by the executed file.
Opened files
Read files
Written files
Deleted files
Created mutexes
Opened mutexes
Searched windows
Opened service managers
Opened services
Hooking activity
Runtime DLLs
Additional details
The file installs an application-defined hook procedure into a hook chain. You would install a hook procedure to monitor the system for certain types of events. These events are associated either with a specific thread or with all threads in the same desktop as the calling thread. This is done making use of the SetWindowsHook Windows API function.
HTTP requests
DNS requests
TCP connections