× Cookies are disabled! This site requires cookies to be enabled to work properly
SHA256: df8a250654700b51e5dcf430ac311a51f9edeb0b8422a1c201bd1d419d321191
File name: output.113046258.txt
Detection ratio: 38 / 66
Analysis date: 2018-03-29 23:04:10 UTC ( 10 months, 3 weeks ago ) View latest
Antivirus Result Update
Ad-Aware Gen:Variant.Graftor.451588 20180329
AegisLab Troj.W32.Generic!c 20180329
ALYac Gen:Variant.Graftor.451588 20180329
Antiy-AVL Trojan/Win32.AGeneric 20180329
Arcabit Trojan.Graftor.D6E404 20180329
Avast Win32:Malware-gen 20180329
AVG Win32:Malware-gen 20180329
Avira (no cloud) DR/Delphi.pvpos 20180329
BitDefender Gen:Variant.Graftor.451588 20180329
CrowdStrike Falcon (ML) malicious_confidence_90% (W) 20170201
Cylance Unsafe 20180329
Cyren W32/Trojan.DMNZ-2211 20180329
DrWeb Trojan.PWS.Stealer.23374 20180329
Emsisoft Gen:Variant.Graftor.451588 (B) 20180329
Endgame malicious (moderate confidence) 20180316
ESET-NOD32 a variant of Generik.KYDOAJP 20180329
F-Secure Gen:Variant.Graftor.451588 20180329
Fortinet W32/Kryptik.GCFM!tr 20180329
GData Gen:Variant.Graftor.451588 20180329
Ikarus Trojan.Inject 20180329
Sophos ML heuristic 20180120
Kaspersky Trojan.Win32.Delf.eoti 20180329
MAX malware (ai score=98) 20180329
McAfee Artemis!6B64D9FD1B2C 20180329
McAfee-GW-Edition BehavesLike.Win32.Generic.tc 20180329
Microsoft Backdoor:Win32/Xtrat.AC 20180329
eScan Gen:Variant.Graftor.451588 20180329
NANO-Antivirus Trojan.Win32.Stealer.ezenvf 20180329
Panda Trj/GdSda.A 20180329
Rising Trojan.Kryptik!8.8 (TFE:5:MwydmETm56Q) 20180329
SentinelOne (Static ML) static engine - malicious 20180225
Sophos AV Troj/Agent-AHEI 20180329
Symantec Ransom.Cryptodefense 20180329
Tencent Win32.Trojan.Inject.Auto 20180329
TrendMicro Mal_Zvrek4 20180329
TrendMicro-HouseCall Suspicious_GEN.F47V0328 20180329
ViRobot Trojan.Win32.Z.Graftor.2048512 20180329
ZoneAlarm by Check Point Trojan.Win32.Delf.eoti 20180329
AhnLab-V3 20180329
Alibaba 20180329
Avast-Mobile 20180329
AVware 20180329
Baidu 20180329
Bkav 20180329
CAT-QuickHeal 20180329
ClamAV 20180329
CMC 20180329
Comodo 20180329
Cybereason None
eGambit 20180329
F-Prot 20180329
Jiangmin 20180329
K7AntiVirus 20180329
K7GW 20180329
Kingsoft 20180329
Malwarebytes 20180329
nProtect 20180329
Palo Alto Networks (Known Signatures) 20180329
Qihoo-360 20180329
SUPERAntiSpyware 20180329
Symantec Mobile Insight 20180311
TheHacker 20180327
TotalDefense 20180329
Trustlook 20180329
VBA32 20180329
VIPRE 20180329
WhiteArmor 20180324
Yandex 20180329
Zillya 20180329
Zoner 20180329
The file being studied is a Portable Executable file! More specifically, it is a Win32 EXE file for the Windows GUI subsystem.
FileVersionInfo properties
Packers identified
F-PROT UPX
PEiD UPX 2.90 [LZMA] -> Markus Oberhumer, Laszlo Molnar & John Reiser
PE header basic information
Target machine Intel 386 or later processors and compatible processors
Compilation timestamp 1992-06-19 22:22:17
Entry Point 0x003F3DB0
Number of sections 3
PE sections
PE imports
VirtualProtect
LoadLibraryA
ExitProcess
GetProcAddress
RegCloseKey
ImageList_Add
SaveDC
CoInitialize
VariantCopy
SHGetFolderPathA
VerQueryValueA
Number of PE resources by type
RT_STRING 17
RT_GROUP_CURSOR 7
RT_CURSOR 7
RT_RCDATA 3
RT_ICON 1
RT_GROUP_ICON 1
Number of PE resources by language
NEUTRAL 34
RUSSIAN 2
PE resources
ExifTool file metadata
MIMEType
application/octet-stream

Subsystem
Windows GUI

MachineType
Intel 386 or later, and compatibles

FileTypeExtension
exe

TimeStamp
1992:06:19 23:22:17+01:00

FileType
Win32 EXE

PEType
PE32

CodeSize
2043904

LinkerVersion
2.25

ImageFileCharacteristics
No relocs, Executable, No line numbers, No symbols, Bytes reversed lo, 32-bit, Bytes reversed hi

EntryPoint
0x3f3db0

InitializedDataSize
4096

SubsystemVersion
4.0

ImageVersion
0.0

OSVersion
4.0

UninitializedDataSize
2097152

File identification
MD5 6b64d9fd1b2c3057c25dd450308cb18d
SHA1 9ba70c65c8dbeb0a3ec1169dd57643895c68fc8a
SHA256 df8a250654700b51e5dcf430ac311a51f9edeb0b8422a1c201bd1d419d321191
ssdeep
49152:RIJozLNnb5OLbVUOQEfyrzyiP2TZYXZfGfxg3W9CSdBr1a:RI2vNNOLbqOQCeyieyxGpLCSdBr

authentihash a2843831ab4939dee1780fb79b2053a0dc459d8247dd066041ee0b14d5d3887e
imphash ba51ae3506daa79899407e3d078b79f4
File size 2.0 MB ( 2048512 bytes )
File type Win32 EXE
Magic literal
PE32 executable for MS Windows (GUI) Intel 80386 32-bit

TrID UPX compressed Win32 Executable (37.1%)
Win32 EXE Yoda's Crypter (36.4%)
Win32 Dynamic Link Library (generic) (9.0%)
Win32 Executable (generic) (6.1%)
Win16/32 Executable Delphi generic (2.8%)
Tags
peexe upx

VirusTotal metadata
First submission 2018-03-28 02:47:20 UTC ( 10 months, 3 weeks ago )
Last submission 2018-04-05 21:28:12 UTC ( 10 months, 2 weeks ago )
File names output.113046258.txt
DF8A250654700B51E5DCF430AC311A51F9EDEB0B8422A1C201BD1D419D321191
iri.exe
No comments. No VirusTotal Community member has commented on this item yet, be the first one to do so!

Leave your comment...

?
Post comment

You have not signed in. Only registered users can leave comments, sign in and have a voice!

No votes. No one has voted on this item yet, be the first one to do so!
Condensed report! The following is a condensed report of the behaviour of the file when executed in a controlled environment. The actions and events described were either performed by the file itself or by any other process launched by the executed file or subjected to code injection by the executed file.
Opened files
Read files
Written files
Created processes
Code injections in the following processes
Opened mutexes
Runtime DLLs