× Cookies are disabled! This site requires cookies to be enabled to work properly
SHA256: de29ce23169fb764f3a867111b998d37fbde96dbba1eb9e001fcb89db0097d51
File name: DE29CE23169FB764F3A867111B998D37FBDE96DBBA1EB9E001FCB89DB0097D51
Detection ratio: 28 / 69
Analysis date: 2019-01-23 05:00:13 UTC ( 2 months ago ) View latest
Antivirus Result Update
Acronis suspicious 20190119
Ad-Aware Gen:Trojan.Heur.RP.nmKfayQQDbjO 20190123
AhnLab-V3 Trojan/Win32.TesA.C163721 20190122
Arcabit Trojan.Heur.RP.nmKfayQQDbjO 20190123
Avast Win32:PWSX-gen [Trj] 20190123
AVG Win32:PWSX-gen [Trj] 20190123
BitDefender Gen:Trojan.Heur.RP.nmKfayQQDbjO 20190123
CrowdStrike Falcon (ML) malicious_confidence_70% (D) 20181023
Cybereason malicious.54e646 20190109
Cylance Unsafe 20190123
DrWeb Trojan.PWS.Stealer.24943 20190123
Emsisoft Gen:Trojan.Heur.RP.nmKfayQQDbjO (B) 20190123
Endgame malicious (moderate confidence) 20181108
ESET-NOD32 a variant of Win32/Kryptik.GOWX 20190123
F-Secure Gen:Trojan.Heur.RP.nmKfayQQDbjO 20190123
Fortinet W32/Generic.AP.25FBB6!tr 20190123
Sophos ML heuristic 20181128
K7GW Riskware ( 0040eff71 ) 20190123
Kaspersky UDS:DangerousObject.Multi.Generic 20190122
MAX malware (ai score=94) 20190123
McAfee-GW-Edition BehavesLike.Win32.Generic.dc 20190123
Microsoft Trojan:Win32/Sonbokli.A!cl 20190123
eScan Gen:Trojan.Heur.RP.nmKfayQQDbjO 20190123
Rising Trojan.Bitrep!8.F596/N3#99% (RDM+:cmRtazoiX8LZi8L2QlNSF5Va+lpi) 20190123
SentinelOne (Static ML) static engine - malicious 20190118
Symantec ML.Attribute.HighConfidence 20190122
Trapmine malicious.moderate.ml.score 20190103
ZoneAlarm by Check Point UDS:DangerousObject.Multi.Generic 20190123
AegisLab 20190123
Alibaba 20180921
ALYac 20190123
Antiy-AVL 20190123
Avast-Mobile 20190122
Avira (no cloud) 20190122
Babable 20180918
Baidu 20190122
Bkav 20190122
CAT-QuickHeal 20190122
ClamAV 20190123
CMC 20190122
Comodo 20190123
Cyren 20190123
eGambit 20190123
F-Prot 20190123
Ikarus 20190122
Jiangmin 20190123
K7AntiVirus 20190122
Kingsoft 20190123
Malwarebytes 20190123
McAfee 20190123
NANO-Antivirus 20190123
Palo Alto Networks (Known Signatures) 20190123
Panda 20190122
Qihoo-360 20190123
Sophos AV 20190123
SUPERAntiSpyware 20190116
TACHYON 20190123
Tencent 20190123
TheHacker 20190118
TotalDefense 20190122
TrendMicro 20190123
TrendMicro-HouseCall 20190123
Trustlook 20190123
VBA32 20190122
ViRobot 20190122
Webroot 20190123
Yandex 20190122
Zillya 20190122
Zoner 20190123
The file being studied is a Portable Executable file! More specifically, it is a Win32 EXE file for the Windows GUI subsystem.
FileVersionInfo properties
Copyright
Copyright (C) enterolithiasis 2018

Product broadcloth
Original name adscititiously.exe
Internal name karuna.exe
File version 7.1.1.4
Description septifolious
Packers identified
F-PROT UPX
PE header basic information
Target machine Intel 386 or later processors and compatible processors
Compilation timestamp 2019-01-21 22:19:28
Entry Point 0x00048B20
Number of sections 3
PE sections
PE imports
VirtualProtect
LoadLibraryA
ExitProcess
GetProcAddress
Number of PE resources by type
RT_ICON 3
RT_RCDATA 2
RT_MANIFEST 1
RT_VERSION 1
RT_GROUP_ICON 1
Number of PE resources by language
NEUTRAL 6
ENGLISH US 1
DUTCH 1
PE resources
ExifTool file metadata
SubsystemVersion
5.0

InitializedDataSize
12288

ImageVersion
0.0

ProductName
broadcloth

FileVersionNumber
7.1.1.4

UninitializedDataSize
81920

LanguageCode
English (U.S.)

FileFlagsMask
0x0000

ImageFileCharacteristics
Executable, 32-bit

CharacterSet
Unicode

LinkerVersion
9.0

FileTypeExtension
exe

OriginalFileName
adscititiously.exe

MIMEType
application/octet-stream

Subsystem
Windows GUI

FileVersion
7.1.1.4

TimeStamp
2019:01:21 23:19:28+01:00

FileType
Win32 EXE

PEType
PE32

InternalName
karuna.exe

ProductVersion
3.6.6.5

FileDescription
septifolious

OSVersion
5.0

FileOS
Windows NT 32-bit

LegalCopyright
Copyright (C) enterolithiasis 2018

MachineType
Intel 386 or later, and compatibles

CompanyName
ingulfment

CodeSize
212992

FileSubtype
0

ProductVersionNumber
3.6.6.5

EntryPoint
0x48b20

ObjectFileType
Executable application

File identification
MD5 dcf704754e646013ecec2f5c0e55d44a
SHA1 af8326ef7ff4069ff1e5d921e54fd99a72e7d4d4
SHA256 de29ce23169fb764f3a867111b998d37fbde96dbba1eb9e001fcb89db0097d51
ssdeep
6144:3GTIuWMSLk9xmlZNbZbmmU51k92oBeRWS/p:3V5JLk0ZNbZbcS9Mp

authentihash 1fb4fa33d990458d19d203509c4674203779753a5f81c3d792d263b448c1eac5
imphash 6ed4f5f04d62b18d96b26d6db7c18840
File size 218.0 KB ( 223232 bytes )
File type Win32 EXE
Magic literal
PE32 executable for MS Windows (GUI) Intel 80386 32-bit

TrID UPX compressed Win32 Executable (61.2%)
Win32 Dynamic Link Library (generic) (14.8%)
Win32 Executable (generic) (10.2%)
OS/2 Executable (generic) (4.5%)
Generic Win/DOS Executable (4.5%)
Tags
peexe upx

VirusTotal metadata
First submission 2019-01-23 05:00:13 UTC ( 2 months ago )
Last submission 2019-01-23 05:00:13 UTC ( 2 months ago )
File names adscititiously.exe
karuna.exe
No comments. No VirusTotal Community member has commented on this item yet, be the first one to do so!

Leave your comment...

?
Post comment

You have not signed in. Only registered users can leave comments, sign in and have a voice!

No votes. No one has voted on this item yet, be the first one to do so!
Condensed report! The following is a condensed report of the behaviour of the file when executed in a controlled environment. The actions and events described were either performed by the file itself or by any other process launched by the executed file or subjected to code injection by the executed file.
Opened files
Read files
Created processes
Opened mutexes
Runtime DLLs