× Cookies are disabled! This site requires cookies to be enabled to work properly
SHA256: dee29e0295062366946b3bafb364c144276238ccd47a49425e7d67a8989e5986
File name: 1e904a48235a4cf666d52291f72ef44c.virus
Detection ratio: 41 / 71
Analysis date: 2019-04-22 14:21:04 UTC ( 1 month ago )
Antivirus Result Update
Ad-Aware Gen:Variant.Ursu.433368 20190422
AegisLab Trojan.Win32.Chapak.4!c 20190422
AhnLab-V3 Malware/Win32.RL_Generic.R266416 20190422
Alibaba Trojan:Win32/Kryptik.d6881437 20190402
ALYac Gen:Variant.Ursu.433368 20190422
Arcabit Trojan.Ursu.D69CD8 20190422
Avast Win32:Trojan-gen 20190422
AVG Win32:Trojan-gen 20190422
Avira (no cloud) TR/Kryptik.vavvi 20190422
BitDefender Gen:Variant.Ursu.433368 20190422
CrowdStrike Falcon (ML) win/malicious_confidence_90% (W) 20190212
Cylance Unsafe 20190422
DrWeb Trojan.Siggen8.25366 20190422
Emsisoft Gen:Variant.Ursu.433368 (B) 20190422
Endgame malicious (high confidence) 20190403
ESET-NOD32 a variant of Win32/Kryptik.GSHU 20190422
F-Secure Trojan.TR/Kryptik.vavvi 20190422
FireEye Generic.mg.1e904a48235a4cf6 20190422
Fortinet W32/Chapak.CWQD!tr 20190422
GData Gen:Variant.Ursu.433368 20190422
Ikarus Trojan.Win32.Krypt 20190422
K7AntiVirus Trojan ( 0054c7c31 ) 20190422
K7GW Trojan ( 0054c7c31 ) 20190422
Kaspersky Trojan.Win32.Chapak.cwqd 20190422
Malwarebytes Trojan.MalPack.GS 20190422
MaxSecure Ransomeware.CRAB.gen 20190420
McAfee Packed-FRT!1E904A48235A 20190422
McAfee-GW-Edition Packed-FRT!1E904A48235A 20190422
Microsoft Trojan:Win32/Gandcrab.AF 20190422
eScan Gen:Variant.Ursu.433368 20190422
Palo Alto Networks (Known Signatures) generic.ml 20190422
Panda Generic Malware 20190422
Qihoo-360 HEUR/QVM10.1.B22B.Malware.Gen 20190422
Rising Malware.Unwaders!8.FFE4 (CLOUD) 20190422
SentinelOne (Static ML) DFI - Suspicious PE 20190420
Sophos AV Mal/Generic-S 20190422
Symantec ML.Attribute.HighConfidence 20190422
Tencent Win32.Trojan.Chapak.Ebrc 20190422
VBA32 BScope.Backdoor.Predator 20190422
ViRobot Trojan.Win32.Z.Predator.992768 20190422
ZoneAlarm by Check Point Trojan.Win32.Chapak.cwqd 20190422
Acronis 20190422
Antiy-AVL 20190422
Avast-Mobile 20190415
Baidu 20190318
Bkav 20190422
CAT-QuickHeal 20190422
ClamAV 20190422
CMC 20190321
Comodo 20190422
Cybereason 20190417
Cyren 20190422
eGambit 20190422
F-Prot 20190422
Sophos ML 20190313
Jiangmin 20190422
Kingsoft 20190422
MAX 20190422
NANO-Antivirus 20190422
SUPERAntiSpyware 20190418
Symantec Mobile Insight 20190418
TACHYON 20190422
TheHacker 20190421
TotalDefense 20190422
Trapmine 20190325
TrendMicro 20190422
TrendMicro-HouseCall 20190422
Trustlook 20190422
VIPRE 20190422
Yandex 20190419
Zillya 20190422
Zoner 20190421
The file being studied is a Portable Executable file! More specifically, it is a Win32 EXE file for the Windows GUI subsystem.
FileVersionInfo properties
PE header basic information
Target machine Intel 386 or later processors and compatible processors
Compilation timestamp 2018-08-23 19:58:35
Entry Point 0x00003DF4
Number of sections 5
PE sections
PE imports
RegRestoreKeyA
QueryServiceConfigA
LookupPrivilegeValueW
RegUnLoadKeyA
RegCreateKeyA
SetSecurityDescriptorDacl
AbortSystemShutdownW
RegConnectRegistryW
PrivilegedServiceAuditAlarmA
ObjectDeleteAuditAlarmW
RegReplaceKeyW
GetFileSecurityA
RegEnumKeyA
AllocateLocallyUniqueId
RegGetKeySecurity
GetTokenInformation
NotifyBootConfigStatus
RegLoadKeyA
RegQueryInfoKeyW
RegisterServiceCtrlHandlerW
GetSecurityDescriptorSacl
DeleteAce
IsValidAcl
RegDeleteValueW
SetKernelObjectSecurity
LogonUserW
FreeSid
MakeSelfRelativeSD
ImpersonateLoggedOnUser
CreateServiceW
EnumDependentServicesW
RegSetKeySecurity
ReportEventA
PlayEnhMetaFileRecord
ColorMatchToTarget
SetBitmapBits
SetStretchBltMode
GetCurrentPositionEx
GetCharABCWidthsA
CombineRgn
PlayMetaFile
GetBitmapBits
GetCharABCWidthsI
SetMapMode
GetGlyphIndicesW
CreateColorSpaceW
SetMetaFileBitsEx
SetWorldTransform
GetMetaFileA
AngleArc
RemoveFontResourceExW
CreateMetaFileW
EnumObjects
CreateBrushIndirect
AddFontMemResourceEx
CreateEllipticRgnIndirect
GetViewportExtEx
GetDCPenColor
SetPixelFormat
GetEnhMetaFileBits
CreateCompatibleDC
GetTextFaceA
AddFontResourceExA
RemoveFontResourceA
SetDIBColorTable
EnumEnhMetaFile
RemoveFontResourceW
CreateSolidBrush
SetBkColor
GetDIBits
CheckColorsInGamut
GetLastError
InitializeCriticalSectionAndSpinCount
HeapFree
GetStdHandle
EnterCriticalSection
LCMapStringW
lstrlenW
SetHandleCount
lstrlenA
GetModuleFileNameW
GetConsoleCP
GetOEMCP
QueryPerformanceCounter
IsDebuggerPresent
ExitProcess
TlsAlloc
GetEnvironmentStringsW
FlushFileBuffers
GetModuleFileNameA
RtlUnwind
LoadLibraryA
DeleteCriticalSection
GetStartupInfoA
EnumSystemLocalesA
GetStartupInfoW
GetConsoleMode
GetLocaleInfoA
GetCurrentProcessId
GetUserDefaultLCID
WriteConsoleW
GetCommandLineW
GetCPInfo
UnhandledExceptionFilter
GetCPInfoExA
MultiByteToWideChar
HeapSize
FreeEnvironmentStringsW
VirtualProtect
GetProcAddress
GetStringTypeA
GetLocaleInfoW
SetStdHandle
GetVolumeNameForVolumeMountPointA
RaiseException
InterlockedDecrement
InitializeCriticalSection
WideCharToMultiByte
TlsFree
SetFilePointer
SetUnhandledExceptionFilter
GetModuleHandleA
CreateFileA
WriteFile
GetCurrentProcess
CloseHandle
GetSystemTimeAsFileTime
IsValidLocale
GetACP
HeapReAlloc
GetStringTypeW
GetModuleHandleW
TerminateProcess
LCMapStringA
WriteConsoleA
IsValidCodePage
HeapCreate
VirtualFree
GetPrivateProfileStringA
TlsGetValue
Sleep
GetFileType
GetTickCount
TlsSetValue
GetConsoleOutputCP
HeapAlloc
GetCurrentThreadId
LeaveCriticalSection
VirtualAlloc
LocalAlloc
SetLastError
InterlockedIncrement
SetFocus
SendNotifyMessageA
EnumDisplaySettingsW
SetWindowRgn
GetOpenClipboardWindow
GetKeyboardLayoutNameA
DrawMenuBar
SetMenuDefaultItem
InSendMessage
OpenWindowStationW
TileWindows
CreatePopupMenu
SetClipboardViewer
SetDebugErrorLevel
HiliteMenuItem
PeekMessageW
InsertMenuItemW
ScrollWindowEx
MessageBoxIndirectA
LoadImageA
GetMenuStringA
GrayStringA
GetMessageExtraInfo
CascadeWindows
SetWindowLongA
wvsprintfA
GetMenuItemRect
SetUserObjectInformationW
GetDlgItemInt
SendMessageCallbackW
GetAsyncKeyState
WaitMessage
GetWindowModuleFileNameA
GetKeyNameTextA
LookupIconIdFromDirectoryEx
CharPrevA
SetMessageExtraInfo
IsZoomed
DefFrameProcA
GetClientRect
SetCursorPos
RemovePropW
SystemParametersInfoW
BringWindowToTop
MoveWindow
EnumDisplayDevicesW
OpenDesktopA
GetMenuItemCount
GetSubMenu
GetWindowTextLengthA
LoadIconA
DlgDirListA
DdeFreeStringHandle
CountClipboardFormats
SetWindowTextW
CheckDlgButton
CloseDesktop
UnregisterDeviceNotification
LoadCursorW
GetClassNameA
ReuseDDElParam
GetMenuItemInfoA
IsChild
TranslateAcceleratorW
DeviceCapabilitiesA
PE exports
Number of PE resources by type
RT_ICON 2
AFX_DIALOG_LAYOUT 2
ZEYIWIYUPUVUGUFIREDAGI 1
SUGIYAWIMUYITEFO 1
ZABUJEMAVIWIJAMETICIMIDEMUCOPUDE 1
RT_GROUP_CURSOR 1
GOCARACUDICUVAMUZILAYAZUZIFILI 1
RT_MANIFEST 1
KEYUNIMITIPISOPIYENOCILUKO 1
RT_CURSOR 1
RT_GROUP_ICON 1
Number of PE resources by language
KYRGYZ DEFAULT 5
ENGLISH BELIZE 3
ARABIC JORDAN 2
NEUTRAL ARABIC ALGERIA 2
NEUTRAL 1
PE resources
ExifTool file metadata
MIMEType
application/octet-stream

Subsystem
Windows GUI

MachineType
Intel 386 or later, and compatibles

FileTypeExtension
exe

TimeStamp
2018:08:23 21:58:35+02:00

FileType
Win32 EXE

PEType
PE32

CodeSize
913920

LinkerVersion
9.0

ImageFileCharacteristics
Executable, 32-bit

EntryPoint
0x3df4

InitializedDataSize
540160

SubsystemVersion
5.0

ImageVersion
0.0

OSVersion
5.0

UninitializedDataSize
0

File identification
MD5 1e904a48235a4cf666d52291f72ef44c
SHA1 9fa69fa459f48795050bd218e048b5a9394e0353
SHA256 dee29e0295062366946b3bafb364c144276238ccd47a49425e7d67a8989e5986
ssdeep
24576:/v1TJ55Mj+ly/PuflLWDvUA3HG23jssKUmaExMNxznycUeh9FnicyW7:/NTJ7Pynu0DvT3HG26UmrMNxznsehzia

authentihash 437a947cf0195bb463843ffe8f3217a80f339804dc6cd6b6132234326e7156da
imphash b3fb5830811f4c1c87b3bf00c36e4ab8
File size 969.5 KB ( 992768 bytes )
File type Win32 EXE
Magic literal
PE32 executable for MS Windows (GUI) Intel 80386 32-bit

TrID Win32 EXE PECompact compressed (generic) (35.3%)
Win32 Executable MS Visual C++ (generic) (26.5%)
Win64 Executable (generic) (23.5%)
Win32 Dynamic Link Library (generic) (5.5%)
Win32 Executable (generic) (3.8%)
Tags
peexe

VirusTotal metadata
First submission 2019-04-21 10:40:16 UTC ( 1 month ago )
Last submission 2019-04-21 10:40:16 UTC ( 1 month ago )
File names 1e904a48235a4cf666d52291f72ef44c.virus
No comments. No VirusTotal Community member has commented on this item yet, be the first one to do so!

Leave your comment...

?
Post comment

You have not signed in. Only registered users can leave comments, sign in and have a voice!

No votes. No one has voted on this item yet, be the first one to do so!
Condensed report! The following is a condensed report of the behaviour of the file when executed in a controlled environment. The actions and events described were either performed by the file itself or by any other process launched by the executed file or subjected to code injection by the executed file.
Opened files
Read files
Runtime DLLs
Additional details
The file uses the IsDebuggerPresent Windows API function in order to see whether it is being debugged.