× Cookies are disabled! This site requires cookies to be enabled to work properly
SHA256: d97a821f29cbc6db6057629de7ad6f6bf8356927033068d906dddb4a1f8f9240
File name: a8ef0efcf72ff63097c2a4205942ad9b019719dc
Detection ratio: 41 / 65
Analysis date: 2018-11-13 19:36:34 UTC ( 3 months ago )
Antivirus Result Update
Ad-Aware Gen:Variant.Zusy.268334 20181112
AhnLab-V3 Malware/Win32.Generic.C1506764 20181113
Antiy-AVL Trojan/Win32.AGeneric 20181113
Arcabit Trojan.Zusy.D4182E 20181113
Avast Win32:Evo-gen [Susp] 20181113
AVG FileRepMalware 20181113
Avira (no cloud) HEUR/AGEN.1019248 20181113
BitDefender Gen:Variant.Zusy.268334 20181113
CrowdStrike Falcon (ML) malicious_confidence_100% (D) 20181022
Cybereason malicious.ee8040 20180225
Cylance Unsafe 20181113
Cyren W32/S-9c3daa8b!Eldorado 20181113
DrWeb Trojan.Siggen6.58358 20181113
Emsisoft Gen:Variant.Zusy.268334 (B) 20181113
Endgame malicious (high confidence) 20181108
ESET-NOD32 a variant of Win32/Kryptik.FCPL 20181113
F-Prot W32/S-9c3daa8b!Eldorado 20181113
F-Secure Gen:Variant.Zusy.268334 20181113
Fortinet W32/Kryptik.FAPE!tr 20181113
GData Gen:Variant.Zusy.268334 20181113
Ikarus Trojan-Downloader.Win32.Wauchos 20181113
Sophos ML heuristic 20181108
Jiangmin TrojanDownloader.Gootkit.gn 20181113
K7AntiVirus Trojan ( 004f49011 ) 20181113
K7GW Trojan ( 004f49011 ) 20181113
Kaspersky HEUR:Trojan.Win32.Generic 20181113
MAX malware (ai score=81) 20181113
McAfee RDN/Generic Downloader.x 20181113
McAfee-GW-Edition RDN/Generic Downloader.x 20181113
Microsoft TrojanDownloader:Win32/Talalpek.A 20181113
eScan Gen:Variant.Zusy.268334 20181113
NANO-Antivirus Trojan.Win32.Gootkit.ehecqs 20181113
Palo Alto Networks (Known Signatures) generic.ml 20181113
Qihoo-360 HEUR/QVM10.1.2F5A.Malware.Gen 20181113
SentinelOne (Static ML) static engine - malicious 20181011
Sophos AV Mal/Generic-S 20181113
Symantec Packed.Generic.521 20181113
TrendMicro WORM_HPKASIDET.SM0 20181113
TrendMicro-HouseCall WORM_HPKASIDET.SM0 20181113
Yandex Trojan.Kryptik!+z/UmfcTrJ8 20181113
ZoneAlarm by Check Point HEUR:Trojan.Win32.Generic 20181113
AegisLab 20181113
Alibaba 20180921
Avast-Mobile 20181113
Babable 20180918
Bkav 20181113
CAT-QuickHeal 20181113
ClamAV 20181113
CMC 20181113
eGambit 20181113
Kingsoft 20181113
Malwarebytes 20181113
Panda 20181113
Rising 20181113
SUPERAntiSpyware 20181107
Symantec Mobile Insight 20181108
TACHYON 20181113
Tencent 20181113
TheHacker 20181108
TotalDefense 20181113
Trustlook 20181113
VBA32 20181113
ViRobot 20181113
Webroot 20181113
Zillya 20181113
Zoner 20181113
The file being studied is a Portable Executable file! More specifically, it is a Win32 EXE file for the Windows GUI subsystem.
PE header basic information
Target machine Intel 386 or later processors and compatible processors
Compilation timestamp 2016-07-19 07:48:12
Entry Point 0x00003982
Number of sections 4
PE sections
PE imports
GetStdHandle
GetFileAttributesA
WaitForSingleObject
HeapDestroy
GetExitCodeProcess
FreeEnvironmentStringsA
DeleteCriticalSection
GetCurrentProcess
GetLocaleInfoA
LocalAlloc
SetErrorMode
FreeEnvironmentStringsW
FindResourceExA
WideCharToMultiByte
GetStringTypeA
WriteFile
GetSystemTimeAsFileTime
HeapReAlloc
GetStringTypeW
SetFileAttributesA
SetEvent
LocalFree
InitializeCriticalSection
LoadResource
TlsGetValue
FormatMessageA
OutputDebugStringA
SetLastError
GetUserDefaultLangID
UpdateResourceW
CopyFileA
HeapAlloc
GetModuleFileNameA
SetProcessWorkingSetSize
LoadLibraryExA
GetPrivateProfileStringA
UnhandledExceptionFilter
InterlockedDecrement
MultiByteToWideChar
LockFileEx
SetUnhandledExceptionFilter
TerminateProcess
GlobalAlloc
GetCurrentThreadId
InterlockedIncrement
HeapFree
EnterCriticalSection
SetHandleCount
GetOEMCP
QueryPerformanceCounter
GetTickCount
TlsAlloc
VirtualProtect
GetVersionExA
RtlUnwind
GetStartupInfoA
AddAtomA
GetPrivateProfileIntA
CreateDirectoryA
DeleteFileA
GetWindowsDirectoryA
GlobalLock
CompareStringW
lstrcpyA
CompareStringA
GetTempFileNameA
GetProcAddress
RemoveDirectoryA
GetNamedPipeInfo
GetFileType
TlsSetValue
CreateFileA
ExitProcess
LeaveCriticalSection
GetLastError
LCMapStringW
GetSystemInfo
lstrlenA
GlobalFree
LCMapStringA
GetEnvironmentStringsW
GlobalUnlock
VirtualQuery
lstrlenW
GetShortPathNameA
GetAtomNameA
GetEnvironmentStrings
GetCurrentProcessId
LockResource
GetCPInfo
GetCommandLineA
GetTempPathA
TlsFree
GetModuleHandleA
CloseHandle
GetACP
GetModuleHandleW
OpenEventA
CreateProcessA
HeapCreate
VirtualFree
Sleep
FindResourceA
VirtualAlloc
MapVirtualKeyA
AllowSetForegroundWindow
ChildWindowFromPointEx
EndDialog
BeginPaint
CreateDialogIndirectParamA
CreateIconFromResourceEx
CharLowerA
GetWindowRect
DispatchMessageA
EndPaint
SetDlgItemTextA
MoveWindow
MessageBoxA
PeekMessageA
SetWindowLongA
TranslateMessage
CharUpperA
GetDC
DrawCaption
ReleaseDC
wsprintfA
GetSystemMetrics
SendMessageA
GetClientRect
GetDlgItem
CreateDialogParamA
GetWindowLongA
CharNextA
GetDesktopWindow
LoadImageA
DialogBoxIndirectParamA
IsDialogMessageA
DestroyWindow
Number of PE resources by type
RT_DIALOG 5
RT_MANIFEST 1
Number of PE resources by language
ENGLISH US 5
ENGLISH CARIBBEAN 1
PE resources
ExifTool file metadata
MIMEType
application/octet-stream

Subsystem
Windows GUI

MachineType
Intel 386 or later, and compatibles

TimeStamp
2016:07:19 08:48:12+01:00

FileType
Win32 EXE

PEType
PE32

CodeSize
35840

LinkerVersion
9.0

ImageFileCharacteristics
No relocs, Executable, 32-bit

FileTypeExtension
exe

InitializedDataSize
248320

SubsystemVersion
5.0

EntryPoint
0x3982

OSVersion
5.0

ImageVersion
0.0

UninitializedDataSize
0

File identification
MD5 6499016ee8040479b2ddd276fa32e173
SHA1 a8ef0efcf72ff63097c2a4205942ad9b019719dc
SHA256 d97a821f29cbc6db6057629de7ad6f6bf8356927033068d906dddb4a1f8f9240
ssdeep
3072:u1Cij5GTiaF/VI0UW6gpcQX+oHIXj14KAKpHM5iXUMrNzzzYQiEKju0xQfQ1h+4:WCij+i/g6SX+ow54oVbzbiEdL

authentihash cb6b74ff0105310b9da83a23ad68c50825e1e1c8ee8e0ffcdf9493174b6941d1
imphash 526864908fad58cf0269a91b4079f03b
File size 211.0 KB ( 216064 bytes )
File type Win32 EXE
Magic literal
PE32 executable for MS Windows (GUI) Intel 80386 32-bit

TrID Win32 Executable MS Visual C++ (generic) (41.0%)
Win64 Executable (generic) (36.3%)
Win32 Dynamic Link Library (generic) (8.6%)
Win32 Executable (generic) (5.9%)
OS/2 Executable (generic) (2.6%)
Tags
peexe

VirusTotal metadata
First submission 2018-11-13 19:36:34 UTC ( 3 months ago )
Last submission 2018-11-13 19:36:34 UTC ( 3 months ago )
No comments. No VirusTotal Community member has commented on this item yet, be the first one to do so!

Leave your comment...

?
Post comment

You have not signed in. Only registered users can leave comments, sign in and have a voice!

No votes. No one has voted on this item yet, be the first one to do so!
Condensed report! The following is a condensed report of the behaviour of the file when executed in a controlled environment. The actions and events described were either performed by the file itself or by any other process launched by the executed file or subjected to code injection by the executed file.
Created processes
Code injections in the following processes
Created mutexes
Opened mutexes
Runtime DLLs
DNS requests
TCP connections