× Cookies are disabled! This site requires cookies to be enabled to work properly
SHA256: da3ab88c61deabf4cb4d296cc0b4a586eeedc89e87adc4ea648ab8fe6a41346c
File name: GWMadFzby2.exe
Detection ratio: 11 / 68
Analysis date: 2017-12-22 11:15:43 UTC ( 1 year ago ) View latest
Antivirus Result Update
CrowdStrike Falcon (ML) malicious_confidence_70% (D) 20171016
Cylance Unsafe 20171222
Endgame malicious (high confidence) 20171130
Fortinet W32/GenKryptik.BJKZ!tr 20171222
Sophos ML heuristic 20170914
McAfee-GW-Edition BehavesLike.Win32.Downloader.ch 20171222
Palo Alto Networks (Known Signatures) generic.ml 20171222
Qihoo-360 HEUR/QVM10.1.03BD.Malware.Gen 20171222
Rising Malware.Obscure/Heur!1.A89E (CLASSIC) 20171222
Tencent Win32.Trojan.Raas.Auto 20171222
Webroot W32.Adware.Gen 20171222
Ad-Aware 20171222
AegisLab 20171222
AhnLab-V3 20171222
Alibaba 20171222
ALYac 20171222
Antiy-AVL 20171222
Arcabit 20171222
Avast 20171222
Avast-Mobile 20171222
AVG 20171222
Avira (no cloud) 20171222
AVware 20171222
Baidu 20171222
BitDefender 20171222
Bkav 20171222
CAT-QuickHeal 20171222
ClamAV 20171222
CMC 20171222
Comodo 20171222
Cybereason 20171103
Cyren 20171222
DrWeb 20171222
eGambit 20171222
Emsisoft 20171222
ESET-NOD32 20171222
F-Prot 20171222
F-Secure 20171222
GData 20171222
Ikarus 20171222
Jiangmin 20171221
K7AntiVirus 20171222
K7GW 20171222
Kaspersky 20171222
Kingsoft 20171222
Malwarebytes 20171222
MAX 20171222
McAfee 20171222
Microsoft 20171222
eScan 20171222
NANO-Antivirus 20171222
nProtect 20171222
Panda 20171221
SentinelOne (Static ML) 20171207
Sophos AV 20171222
SUPERAntiSpyware 20171222
Symantec 20171222
Symantec Mobile Insight 20171222
TheHacker 20171219
TotalDefense 20171222
TrendMicro 20171222
TrendMicro-HouseCall 20171222
Trustlook 20171222
VBA32 20171222
VIPRE 20171222
ViRobot 20171222
WhiteArmor 20171204
Yandex 20171221
Zillya 20171221
ZoneAlarm by Check Point 20171222
Zoner 20171222
The file being studied is a Portable Executable file! More specifically, it is a Win32 EXE file for the Windows GUI subsystem.
FileVersionInfo properties
Copyright
Copyright (C) 2017, xcmvbxcvbvxcm

File version 11.0.0.1
PE header basic information
Target machine Intel 386 or later processors and compatible processors
Compilation timestamp 2017-12-22 04:55:17
Entry Point 0x000031E0
Number of sections 5
PE sections
PE imports
SetSecurityDescriptorControl
GetUserNameA
InitiateSystemShutdownA
OpenEventLogW
LookupPrivilegeNameW
StretchBlt
FillPath
GetLastError
InitializeCriticalSectionAndSpinCount
HeapFree
GetStdHandle
EnterCriticalSection
LCMapStringW
GetModuleFileNameW
GetConsoleCP
GetOEMCP
QueryPerformanceCounter
HeapReAlloc
IsDebuggerPresent
GetTickCount
TlsAlloc
VirtualProtect
FlushFileBuffers
GetModuleFileNameA
RtlUnwind
GetProcessId
HeapAlloc
SetProcessWorkingSetSize
GetStartupInfoW
GetWindowsDirectoryW
GetConsoleMode
DecodePointer
GetCurrentProcessId
UnhandledExceptionFilter
WideCharToMultiByte
GetCommProperties
LoadLibraryExW
MultiByteToWideChar
GetAtomNameW
SetFilePointerEx
GetFileInformationByHandle
GetCommandLineA
GetProcAddress
AddAtomW
EncodePointer
HeapSize
SetStdHandle
GetTempPathA
RaiseException
GetFileSizeEx
GetCPInfo
TlsFree
FreeEnvironmentStringsW
GetSystemTimeAsFileTime
DeleteCriticalSection
SetUnhandledExceptionFilter
WriteFile
GetCurrentProcess
CloseHandle
IsProcessorFeaturePresent
GetProcessWorkingSetSize
GetThreadTimes
GetSystemTimes
GetACP
GetLongPathNameW
GetStringTypeW
GetModuleHandleW
GetProcessAffinityMask
GetFileType
TerminateProcess
GetThreadPriority
GetProcessHandleCount
GetProcessShutdownParameters
GetModuleHandleExW
IsValidCodePage
OutputDebugStringW
CreateFileW
GlobalAlloc
GetEnvironmentStringsW
TlsGetValue
Sleep
SetLastError
TlsSetValue
ExitProcess
GetCurrentThreadId
GetProcessHeap
WriteConsoleW
LeaveCriticalSection
GradientFill
ShowScrollBar
SetScrollRange
GetPropW
SetPropW
WinHttpOpen
WinHttpQueryDataAvailable
WinHttpConnect
WinHttpCloseHandle
WinHttpQueryOption
Number of PE resources by type
RT_ICON 6
RT_STRING 4
RT_DIALOG 1
RT_GROUP_CURSOR 1
OEIO 1
RT_CURSOR 1
RT_VERSION 1
RT_GROUP_ICON 1
Number of PE resources by language
NEUTRAL 16
PE resources
ExifTool file metadata
UninitializedDataSize
0

LinkerVersion
12.0

ImageVersion
0.0

FileVersionNumber
1.0.0.1

LanguageCode
English (British)

FileFlagsMask
0x003f

ImageFileCharacteristics
Executable, 32-bit

CharacterSet
Unicode

InitializedDataSize
1134080

EntryPoint
0x31e0

MIMEType
application/octet-stream

Subsystem
Windows GUI

FileVersion
11.0.0.1

TimeStamp
2017:12:22 05:55:17+01:00

FileType
Win32 EXE

PEType
PE32

ProductVersion
11.0.0.1

SubsystemVersion
5.1

OSVersion
5.1

FileOS
Windows NT 32-bit

LegalCopyright
Copyright (C) 2017, xcmvbxcvbvxcm

MachineType
Intel 386 or later, and compatibles

CodeSize
55296

FileSubtype
0

ProductVersionNumber
1.0.0.1

FileTypeExtension
exe

ObjectFileType
Executable application

Compressed bundles
File identification
MD5 af961493e65629c755ce0de085a10c33
SHA1 c46ad783978d3247b0a530151b104a703dfeab5e
SHA256 da3ab88c61deabf4cb4d296cc0b4a586eeedc89e87adc4ea648ab8fe6a41346c
ssdeep
3072:CtYhLtxoCXBbW5+1zNXPzXK3yVS/tscgLyExVgQ:CtaLtxoGY5U6CVS+byOgQ

authentihash dbab738b66b2f43e2ad6f811ee1ad4da434d6f4ae57f66364c0e1c4938e83b01
imphash c24efae85417388443dc993c4a13d171
File size 151.5 KB ( 155136 bytes )
File type Win32 EXE
Magic literal
PE32 executable for MS Windows (GUI) Intel 80386 32-bit

TrID Win32 Executable MS Visual C++ (generic) (41.0%)
Win64 Executable (generic) (36.3%)
Win32 Dynamic Link Library (generic) (8.6%)
Win32 Executable (generic) (5.9%)
OS/2 Executable (generic) (2.6%)
Tags
peexe

VirusTotal metadata
First submission 2017-12-22 11:15:43 UTC ( 1 year ago )
Last submission 2018-01-17 08:58:07 UTC ( 1 year ago )
File names da3ab88c61deabf4cb4d296cc0b4a586eeedc89e87adc4ea648ab8fe6a41346c
GWMadFzby2.exe
tOldHSYW
FILE_14.1
af961493e65629c755ce0de085a10c33.bin
Advanced heuristic and reputation engines
No comments. No VirusTotal Community member has commented on this item yet, be the first one to do so!

Leave your comment...

?
Post comment

You have not signed in. Only registered users can leave comments, sign in and have a voice!

No votes. No one has voted on this item yet, be the first one to do so!
Condensed report! The following is a condensed report of the behaviour of the file when executed in a controlled environment. The actions and events described were either performed by the file itself or by any other process launched by the executed file or subjected to code injection by the executed file.
Opened files
Read files
Written files
Copied files
Moved files
Runtime DLLs
UDP communications