× Cookies are disabled! This site requires cookies to be enabled to work properly
SHA256: d97be402740f6a0fc70c90751f499943bf26f7c00791d46432889f1bedf9dbd2
File name: requ4.exe
Detection ratio: 16 / 66
Analysis date: 2017-10-31 12:13:41 UTC ( 1 year, 6 months ago ) View latest
Antivirus Result Update
AegisLab Ransom.Hpcerber.Smaly0A!c 20171031
Baidu Win32.Trojan.WisdomEyes.16070401.9500.9996 20171031
CrowdStrike Falcon (ML) malicious_confidence_100% (W) 20171016
Cylance Unsafe 20171031
Endgame malicious (high confidence) 20171024
Sophos ML heuristic 20170914
Kaspersky UDS:DangerousObject.Multi.Generic 20171031
McAfee-GW-Edition BehavesLike.Win32.PUPXAB.dh 20171031
Palo Alto Networks (Known Signatures) generic.ml 20171031
SentinelOne (Static ML) static engine - malicious 20171019
Sophos AV Mal/Cerber-U 20171031
SUPERAntiSpyware Trojan.Agent/Gen-Kryptik 20171031
TrendMicro Ransom_HPCERBER.SMALY0A 20171031
TrendMicro-HouseCall Ransom_HPCERBER.SMALY0A 20171031
Webroot W32.Trojan.Gen 20171031
ZoneAlarm by Check Point UDS:DangerousObject.Multi.Generic 20171031
Ad-Aware 20171031
AhnLab-V3 20171031
Alibaba 20170911
ALYac 20171031
Antiy-AVL 20171031
Arcabit 20171031
Avast 20171031
Avast-Mobile 20171031
AVG 20171031
Avira (no cloud) 20171031
AVware 20171031
BitDefender 20171031
Bkav 20171031
CAT-QuickHeal 20171031
ClamAV 20171031
CMC 20171031
Comodo 20171031
Cybereason 20170628
Cyren 20171031
DrWeb 20171031
eGambit 20171031
Emsisoft 20171031
ESET-NOD32 20171031
F-Prot 20171031
F-Secure 20171031
Fortinet 20171031
GData 20171031
Ikarus 20171031
Jiangmin 20171031
K7AntiVirus 20171031
K7GW 20171031
Kingsoft 20171031
Malwarebytes 20171031
MAX 20171031
McAfee 20171031
Microsoft 20171031
eScan 20171031
NANO-Antivirus 20171031
nProtect 20171031
Panda 20171030
Qihoo-360 20171031
Symantec 20171031
Symantec Mobile Insight 20171027
Tencent 20171031
TheHacker 20171028
Trustlook 20171031
VBA32 20171030
VIPRE 20171031
ViRobot 20171031
WhiteArmor 20171024
Yandex 20171030
Zillya 20171030
Zoner 20171031
The file being studied is a Portable Executable file! More specifically, it is a Win32 EXE file for the Windows GUI subsystem.
FileVersionInfo properties
PE header basic information
Target machine Intel 386 or later processors and compatible processors
Compilation timestamp 2017-10-31 09:44:14
Entry Point 0x00003E11
Number of sections 4
PE sections
Overlays
MD5 f682500d8603b8c7ac1056c1b367e8a3
File type data
Offset 53248
Size 174784
Entropy 6.96
PE imports
GetLastError
HeapFree
GetStdHandle
EnterCriticalSection
LCMapStringW
SetHandleCount
FileTimeToSystemTime
VirtualProtect
GetOEMCP
QueryPerformanceCounter
HeapDestroy
ExitProcess
TlsAlloc
GetEnvironmentStringsW
GetVersionExA
GetModuleFileNameA
VirtualQuery
RtlUnwind
LoadLibraryA
FreeEnvironmentStringsA
DeleteCriticalSection
GetCurrentProcess
GetEnvironmentStrings
GetLocaleInfoA
GetCurrentProcessId
GetCPInfo
UnhandledExceptionFilter
MultiByteToWideChar
HeapSize
FreeEnvironmentStringsW
GetCommandLineA
GetProcAddress
GetStringTypeA
WideCharToMultiByte
TlsFree
GetModuleHandleA
InterlockedExchange
WriteFile
GetStartupInfoA
GetSystemTimeAsFileTime
GetSystemInfo
GetACP
HeapReAlloc
GetStringTypeW
HeapAlloc
TerminateProcess
LCMapStringA
InitializeCriticalSection
HeapCreate
GlobalAlloc
VirtualFree
TlsGetValue
GetFileType
GetTickCount
TlsSetValue
GetProcessTimes
GetCurrentThreadId
VirtualAlloc
SetLastError
LeaveCriticalSection
Number of PE resources by type
RT_ICON 1
RT_GROUP_ICON 1
Number of PE resources by language
RUSSIAN 2
PE resources
ExifTool file metadata
MIMEType
application/octet-stream

Subsystem
Windows GUI

MachineType
Intel 386 or later, and compatibles

FileTypeExtension
exe

TimeStamp
2017:10:31 10:44:14+01:00

FileType
Win32 EXE

PEType
PE32

CodeSize
32768

LinkerVersion
7.1

ImageFileCharacteristics
No relocs, Executable, No line numbers, No symbols, 32-bit

EntryPoint
0x3e11

InitializedDataSize
20480

SubsystemVersion
4.0

ImageVersion
0.0

OSVersion
4.0

UninitializedDataSize
0

Compressed bundles
PCAP parents
File identification
MD5 1916150b3356fe6e6da7ec2e2a78e189
SHA1 7e8bf6cc4bb2540dce895244347a017565fddbc5
SHA256 d97be402740f6a0fc70c90751f499943bf26f7c00791d46432889f1bedf9dbd2
ssdeep
3072:8ha3WAlHHJEsiT2ZX/zWoxfO5bl8IygVbHgyWNCMFETidDnnINsQX/lW:b3fJuT2p/25R8eVaNCMFETiBnID/E

authentihash 981ca8b75813e22c0896556253cc0304adf37330faacd4e7647df331cb7c912b
imphash a7d184a81608cb8a15b3ddcb761d9710
File size 222.7 KB ( 228032 bytes )
File type Win32 EXE
Magic literal
PE32 executable for MS Windows (GUI) Intel 80386 32-bit

TrID Win32 Executable MS Visual C++ (generic) (41.0%)
Win64 Executable (generic) (36.3%)
Win32 Dynamic Link Library (generic) (8.6%)
Win32 Executable (generic) (5.9%)
OS/2 Executable (generic) (2.6%)
Tags
peexe overlay

VirusTotal metadata
First submission 2017-10-31 10:26:39 UTC ( 1 year, 6 months ago )
Last submission 2018-10-23 21:04:16 UTC ( 7 months ago )
File names Samp(17)_2.vir.rename
requ4.exe
1 stage malware
1st-stage-malware-requ4.exe
requ4.exe.3.dr
requ4.exe.1216098799.DROPPED
1916150b3356fe6e6da7ec2e2a78e189.virus
i8745fydd(1)
VirusShare_1916150b3356fe6e6da7ec2e2a78e189
i8745fydd
No comments. No VirusTotal Community member has commented on this item yet, be the first one to do so!

Leave your comment...

?
Post comment

You have not signed in. Only registered users can leave comments, sign in and have a voice!

No votes. No one has voted on this item yet, be the first one to do so!
Condensed report! The following is a condensed report of the behaviour of the file when executed in a controlled environment. The actions and events described were either performed by the file itself or by any other process launched by the executed file or subjected to code injection by the executed file.
Opened files
Read files
Created processes
Code injections in the following processes
Opened mutexes
Runtime DLLs