× Cookies are disabled! This site requires cookies to be enabled to work properly
SHA256: dc8e34497ba1b30b2eec3a1f6b9669b4c648e21ef0ad405adc018380e914bfa3
File name: 601905345d1d33de1855a45790ab3c0b
Detection ratio: 45 / 68
Analysis date: 2018-08-26 19:20:17 UTC ( 6 months, 3 weeks ago )
Antivirus Result Update
Ad-Aware Trojan.GenericKD.40418521 20180826
AhnLab-V3 Win-Trojan/Gandcrab08.Exp 20180826
ALYac Trojan.GenericKD.40418521 20180826
Antiy-AVL Trojan/Win32.Chapak 20180826
Arcabit Trojan.Generic.D268BCD9 20180826
Avast Win32:Malware-gen 20180826
AVG Win32:Malware-gen 20180826
Baidu Win32.Trojan.WisdomEyes.16070401.9500.9999 20180820
BitDefender Trojan.GenericKD.40418521 20180826
Bkav W32.eHeur.Malware08 20180824
CAT-QuickHeal Trojan.Vigorf 20180826
CrowdStrike Falcon (ML) malicious_confidence_100% (D) 20180723
Cybereason malicious.54d901 20180225
Cylance Unsafe 20180826
DrWeb Trojan.PWS.Panda.13495 20180826
Emsisoft Trojan.GenericKD.40418521 (B) 20180826
Endgame malicious (high confidence) 20180730
ESET-NOD32 a variant of Win32/Kryptik.GKBE 20180826
F-Secure Trojan.GenericKD.40418521 20180826
Fortinet W32/Kryptik.GKAN!tr 20180826
GData Trojan.GenericKD.40418521 20180826
Ikarus Trojan.Win32.Crypt 20180826
Sophos ML heuristic 20180717
Jiangmin Trojan.PSW.Coins.auh 20180826
K7GW Hacktool ( 700007861 ) 20180826
Kaspersky Trojan.Win32.Chapak.aqic 20180826
Malwarebytes Trojan.MalPack 20180826
MAX malware (ai score=81) 20180826
McAfee Trojan-FPYT!601905345D1D 20180826
McAfee-GW-Edition BehavesLike.Win32.Generic.dc 20180826
Microsoft PWS:Win32/Zbot 20180826
eScan Trojan.GenericKD.40418521 20180826
NANO-Antivirus Trojan.Win32.Kryptik.fgwvyh 20180826
Panda Trj/GdSda.A 20180826
Qihoo-360 HEUR/QVM10.1.7243.Malware.Gen 20180826
Rising Trojan.Vigorf!8.EAEA (CLOUD) 20180826
SentinelOne (Static ML) static engine - malicious 20180701
Sophos AV Mal/Generic-S 20180826
Symantec ML.Attribute.HighConfidence 20180826
Tencent Win32.Trojan.Chapak.Wkbx 20180826
TrendMicro TROJ_GEN.R004C0DHQ18 20180826
TrendMicro-HouseCall TROJ_GEN.R004C0DHQ18 20180826
VBA32 Trojan.Vigorf 20180824
Webroot W32.Trojan.Gen 20180826
ZoneAlarm by Check Point Trojan.Win32.Chapak.aqic 20180826
AegisLab 20180826
Alibaba 20180713
Avast-Mobile 20180826
Avira (no cloud) 20180826
AVware 20180823
Babable 20180822
ClamAV 20180826
CMC 20180826
Comodo 20180826
Cyren 20180826
eGambit 20180826
F-Prot 20180826
K7AntiVirus 20180826
Kingsoft 20180826
Palo Alto Networks (Known Signatures) 20180826
SUPERAntiSpyware 20180826
Symantec Mobile Insight 20180822
TACHYON 20180826
TheHacker 20180824
TotalDefense 20180826
Trustlook 20180826
VIPRE 20180826
ViRobot 20180826
Yandex 20180824
Zillya 20180824
Zoner 20180825
The file being studied is a Portable Executable file! More specifically, it is a Win32 EXE file for the Windows GUI subsystem.
PE header basic information
Target machine Intel 386 or later processors and compatible processors
Compilation timestamp 2018-08-21 14:13:33
Entry Point 0x00006B49
Number of sections 5
PE sections
Overlays
MD5 7a6205982dac54c2047a26ad0695ffc1
File type data
Offset 230912
Size 12
Entropy 3.25
PE imports
EndPath
GetSystemTime
GetLastError
InitializeCriticalSection
HeapFree
GetStdHandle
EnterCriticalSection
LCMapStringW
SetHandleCount
LoadLibraryW
GetConsoleCP
HeapSize
QueryPerformanceCounter
IsDebuggerPresent
GetTickCount
TlsAlloc
GetOEMCP
GetEnvironmentStringsW
FlushFileBuffers
FillConsoleOutputCharacterW
GetCommandLineW
RtlUnwind
DeleteCriticalSection
GetCurrentProcess
EnumSystemLocalesA
GetFileType
GetConsoleMode
GetLocaleInfoA
GetCurrentProcessId
UnhandledExceptionFilter
GetModuleHandleW
GetCurrentDirectoryA
ExitProcess
TlsGetValue
MultiByteToWideChar
GetStartupInfoW
FreeEnvironmentStringsW
GetCPInfo
GetUserDefaultLCID
AddAtomW
GetLocaleInfoW
SetStdHandle
InitializeCriticalSectionAndSpinCount
RaiseException
WideCharToMultiByte
GetModuleFileNameW
TlsFree
SetFilePointer
GetSystemTimeAsFileTime
HeapSetInformation
InterlockedExchange
SetUnhandledExceptionFilter
WriteFile
CloseHandle
IsProcessorFeaturePresent
IsValidLocale
GetACP
HeapReAlloc
DecodePointer
GetProcAddress
HeapAlloc
GetThreadSelectorEntry
TerminateProcess
FindCloseChangeNotification
GetProcessShutdownParameters
IsValidCodePage
HeapCreate
CreateFileW
GetStringTypeW
WriteConsoleOutputCharacterA
InterlockedDecrement
Sleep
SetLastError
TlsSetValue
EncodePointer
GetCurrentThreadId
LeaveCriticalSection
WriteConsoleW
InterlockedIncrement
Number of PE resources by type
WEXEPENIWANEGIKICUDOSO 1
Number of PE resources by language
ALBANIAN DEFAULT 1
PE resources
ExifTool file metadata
MIMEType
application/octet-stream

Subsystem
Windows GUI

SubsystemVersion
5.1

MachineType
Intel 386 or later, and compatibles

TimeStamp
2018:08:21 15:13:33+01:00

FileType
Win32 EXE

PEType
PE32

CodeSize
173568

LinkerVersion
10.0

FileTypeExtension
exe

InitializedDataSize
65024

ImageFileCharacteristics
Executable, 32-bit

EntryPoint
0x6b49

OSVersion
5.1

ImageVersion
0.0

UninitializedDataSize
0

File identification
MD5 601905345d1d33de1855a45790ab3c0b
SHA1 58a59d354d90162868ccc4c0fcfcd9acf8b2549d
SHA256 dc8e34497ba1b30b2eec3a1f6b9669b4c648e21ef0ad405adc018380e914bfa3
ssdeep
3072:2oMQTG+VHV4F1B7JnRx41QvFK+BgAQDmjyZju6dWBNp4UVe:2ovP61pRKav/gnmjYjAI3

authentihash 57e43bb74449f836230cd2375dac8f39aa632f2c4452515e34fc80e659ce9e6e
imphash 88a9c7dd1a4962e73a8b55b116c06428
File size 225.5 KB ( 230924 bytes )
File type Win32 EXE
Magic literal
PE32 executable for MS Windows (GUI) Intel 80386 32-bit

TrID Win32 Executable MS Visual C++ (generic) (41.0%)
Win64 Executable (generic) (36.3%)
Win32 Dynamic Link Library (generic) (8.6%)
Win32 Executable (generic) (5.9%)
OS/2 Executable (generic) (2.6%)
Tags
peexe overlay

VirusTotal metadata
First submission 2018-08-26 19:20:17 UTC ( 6 months, 3 weeks ago )
Last submission 2018-08-26 19:20:17 UTC ( 6 months, 3 weeks ago )
No comments. No VirusTotal Community member has commented on this item yet, be the first one to do so!

Leave your comment...

?
Post comment

You have not signed in. Only registered users can leave comments, sign in and have a voice!

No votes. No one has voted on this item yet, be the first one to do so!
Condensed report! The following is a condensed report of the behaviour of the file when executed in a controlled environment. The actions and events described were either performed by the file itself or by any other process launched by the executed file or subjected to code injection by the executed file.
Opened files
Read files
Written files
Deleted files
Created processes
Created mutexes
Opened mutexes
Runtime DLLs