× Cookies are disabled! This site requires cookies to be enabled to work properly
SHA256: debde4c1390fcacd952c59f46c1f9cec109db7063a14ca97e23c116a6f13fe52
File name: worming.png.exe
Detection ratio: 27 / 71
Analysis date: 2019-02-12 07:14:45 UTC ( 3 months, 1 week ago ) View latest
Antivirus Result Update
AegisLab Trojan.Multi.Generic.4!c 20190212
Avast Win32:Malware-gen 20190212
AVG Win32:Malware-gen 20190212
Avira (no cloud) TR/AD.TrickBot.nvufj 20190212
CrowdStrike Falcon (ML) malicious_confidence_80% (W) 20181023
Cylance Unsafe 20190212
DrWeb Trojan.Trick.46210 20190212
Endgame malicious (high confidence) 20181108
ESET-NOD32 a variant of Win32/GenKryptik.CZDC 20190212
F-Secure Trojan.TR/AD.TrickBot.nvufj 20190212
Fortinet W32/GenKryptik.CZDC!tr 20190212
GData Win32.Trojan-Spy.TrickBot.RNOCUF 20190212
K7GW Riskware ( 0040eff71 ) 20190212
Kaspersky Trojan.Win32.Inject.alfct 20190212
McAfee RDN/Generic.grp 20190212
McAfee-GW-Edition BehavesLike.Win32.Dropper.jc 20190212
Microsoft Trojan:Win32/MereTam.A 20190212
Palo Alto Networks (Known Signatures) generic.ml 20190212
Qihoo-360 Win32/Trojan.BO.e5c 20190212
Rising Trojan.MereTam!8.E4CE (TFE:dGZlOgVXXEOtaBriWw) 20190212
SentinelOne (Static ML) static engine - malicious 20190203
Symantec ML.Attribute.HighConfidence 20190212
Trapmine malicious.high.ml.score 20190123
TrendMicro TrojanSpy.Win32.TRICKBOT.THBABAI 20190212
TrendMicro-HouseCall TrojanSpy.Win32.TRICKBOT.THBABAI 20190212
Webroot W32.Trojan.Gen 20190212
ZoneAlarm by Check Point Trojan.Win32.Inject.alfct 20190212
Acronis 20190208
Ad-Aware 20190212
AhnLab-V3 20190212
Alibaba 20180921
ALYac 20190212
Antiy-AVL 20190212
Arcabit 20190211
Avast-Mobile 20190211
Babable 20180918
Baidu 20190202
BitDefender 20190212
Bkav 20190201
CAT-QuickHeal 20190210
ClamAV 20190211
CMC 20190211
Comodo 20190212
Cybereason 20190109
Cyren 20190212
eGambit 20190212
Emsisoft 20190212
F-Prot 20190212
Ikarus 20190211
Sophos ML 20181128
Jiangmin 20190212
K7AntiVirus 20190212
Kingsoft 20190212
Malwarebytes 20190212
MAX 20190212
eScan 20190212
NANO-Antivirus 20190212
Panda 20190211
Sophos AV 20190212
SUPERAntiSpyware 20190206
Symantec Mobile Insight 20190207
TACHYON 20190212
Tencent 20190212
TheHacker 20190203
TotalDefense 20190212
Trustlook 20190212
VBA32 20190211
VIPRE 20190212
ViRobot 20190212
Yandex 20190210
Zillya 20190211
Zoner 20190212
The file being studied is a Portable Executable file! More specifically, it is a Win32 EXE file for the Windows GUI subsystem.
FileVersionInfo properties
PE header basic information
Target machine Intel 386 or later processors and compatible processors
Compilation timestamp 2019-02-11 11:12:18
Entry Point 0x00001284
Number of sections 17
PE sections
Overlays
MD5 d274e455eff9d7006039fed8606a77fc
File type data
Offset 613376
Size 46820
Entropy 4.25
PE imports
GetLastError
AddAtomA
EnterCriticalSection
ReleaseMutex
LoadLibraryW
WaitForSingleObject
ExitProcess
TlsAlloc
VirtualProtect
DeleteCriticalSection
GetAtomNameA
CreateSemaphoreA
TlsGetValue
GetCommandLineA
GetProcAddress
CreateMutexA
ReleaseSemaphore
TlsFree
GetModuleHandleA
SetUnhandledExceptionFilter
GetStartupInfoA
CloseHandle
InitializeCriticalSection
VirtualQuery
FindAtomA
InterlockedDecrement
Sleep
TlsSetValue
GetCurrentThreadId
InterlockedIncrement
SetLastError
LeaveCriticalSection
ShellExecuteA
GetMessageA
CreateWindowExA
LoadCursorA
LoadIconA
DispatchMessageA
TranslateMessage
PostQuitMessage
DefWindowProcA
ShowWindow
RegisterClassExA
__p__fmode
malloc
__p__environ
realloc
atexit
abort
_setmode
_access
_cexit
fputc
fwrite
_onexit
fputs
sprintf
free
vfprintf
__getmainargs
calloc
_write
signal
strcpy
__set_app_type
strcmp
_iob
ExifTool file metadata
MIMEType
application/octet-stream

Subsystem
Windows GUI

MachineType
Intel 386 or later, and compatibles

FileTypeExtension
exe

TimeStamp
2019:02:11 03:12:18-08:00

FileType
Win32 EXE

PEType
PE32

CodeSize
43520

LinkerVersion
2.21

ImageFileCharacteristics
No relocs, Executable, No line numbers, 32-bit

EntryPoint
0x1284

InitializedDataSize
558080

SubsystemVersion
4.0

ImageVersion
1.0

OSVersion
4.0

UninitializedDataSize
19456

File identification
MD5 64e4c40a21f1f7a4e57495f44091da94
SHA1 d37f97cc25c35a3ecf27133755a0ff9b5bda6042
SHA256 debde4c1390fcacd952c59f46c1f9cec109db7063a14ca97e23c116a6f13fe52
ssdeep
12288:ZZEUXLdkeqITyBocgGkjkxHZ2UZGkjkxHZ2U/caH:ZdXyeqoGg5kNZNZ5kNZN5

authentihash ea4be2e0105fad5bf4aa4e75507c63318ef247ce5d8fc5b8fa868c4972b35a95
imphash c9d41796d9423f756e4152b168bd5bc7
File size 644.7 KB ( 660196 bytes )
File type Win32 EXE
Magic literal
PE32 executable for MS Windows (GUI) Intel 80386 32-bit

TrID Win64 Executable (generic) (45.0%)
Microsoft Visual C++ compiled executable (generic) (26.9%)
Win32 Dynamic Link Library (generic) (10.7%)
Win32 Executable (generic) (7.3%)
OS/2 Executable (generic) (3.3%)
Tags
peexe overlay

VirusTotal metadata
First submission 2019-02-11 21:49:29 UTC ( 3 months, 1 week ago )
Last submission 2019-02-11 21:49:29 UTC ( 3 months, 1 week ago )
File names worming.png
worming.png.exe
No comments. No VirusTotal Community member has commented on this item yet, be the first one to do so!

Leave your comment...

?
Post comment

You have not signed in. Only registered users can leave comments, sign in and have a voice!

No votes. No one has voted on this item yet, be the first one to do so!
Condensed report! The following is a condensed report of the behaviour of the file when executed in a controlled environment. The actions and events described were either performed by the file itself or by any other process launched by the executed file or subjected to code injection by the executed file.
Opened files
Read files
Created processes
Created mutexes
Opened mutexes
Runtime DLLs