× Cookies are disabled! This site requires cookies to be enabled to work properly
SHA256: e093fe448ed372556f02d2993689825c4a49db2b4213fc3e6bf3f357c206a031
File name: .
Detection ratio: 40 / 65
Analysis date: 2019-03-04 20:33:13 UTC ( 1 month, 3 weeks ago )
Antivirus Result Update
Acronis suspicious 20190222
Ad-Aware Trojan.Ppatre.Gen.1 20190304
ALYac Trojan.Ppatre.Gen.1 20190304
Arcabit Trojan.Ppatre.Gen.1 20190304
Avast Win32:FakeMail-N [Trj] 20190304
AVG Win32:FakeMail-N [Trj] 20190304
Avira (no cloud) TR/Crypt.XPACK.Gen 20190304
BitDefender Trojan.Ppatre.Gen.1 20190304
CAT-QuickHeal Trojan.Generic 20190304
Comodo TrojWare.Win32.TrojanDownloader.Waski.E@5ag7i4 20190304
CrowdStrike Falcon (ML) win/malicious_confidence_100% (D) 20190212
Cybereason malicious.ea5722 20190109
DrWeb Trojan.DownLoad3.33216 20190304
Emsisoft Trojan.Ppatre.Gen.1 (B) 20190304
Endgame malicious (high confidence) 20190215
ESET-NOD32 a variant of Win32/GenKryptik.CZUJ 20190304
F-Secure Trojan.TR/Crypt.XPACK.Gen 20190304
Fortinet W32/Waski.E!tr 20190304
GData Trojan.Ppatre.Gen.1 20190304
Ikarus Trojan.Vundo 20190304
Sophos ML heuristic 20181128
K7AntiVirus Trojan ( 005488ba1 ) 20190304
K7GW Trojan ( 005488ba1 ) 20190304
Kaspersky HEUR:Trojan.Win32.Generic 20190304
MAX malware (ai score=88) 20190304
McAfee Downloader-FACY!9A119D956183 20190304
McAfee-GW-Edition Downloader-FACY!9A119D956183 20190304
Microsoft TrojanDownloader:Win32/Upatre.AA 20190304
eScan Trojan.Ppatre.Gen.1 20190304
NANO-Antivirus Trojan.Win32.Zbot.cykpux 20190304
Panda Trj/Genetic.gen 20190302
Qihoo-360 HEUR/QVM19.1.A00D.Malware.Gen 20190304
SentinelOne (Static ML) static engine - malicious 20190203
Sophos AV Troj/DwnLdr-LOQ 20190304
Symantec ML.Attribute.HighConfidence 20190304
Trapmine malicious.high.ml.score 20190228
VBA32 TrojanSpy.Zbot 20190304
Yandex Trojan.Agent!XDRpTNLGk3I 20190301
ZoneAlarm by Check Point HEUR:Trojan.Win32.Generic 20190304
Zoner Trojan.Win32.23633 20190303
AegisLab 20190304
AhnLab-V3 20190304
Alibaba 20180921
Antiy-AVL 20190304
Avast-Mobile 20190304
Babable 20180917
Baidu 20190214
Bkav 20190304
ClamAV 20190304
CMC 20190304
Cyren 20190304
eGambit 20190304
Jiangmin 20190304
Kingsoft 20190304
Malwarebytes 20190304
Palo Alto Networks (Known Signatures) 20190304
SUPERAntiSpyware 20190227
Symantec Mobile Insight 20190220
TACHYON 20190303
Tencent 20190304
TheHacker 20190304
TotalDefense 20190304
TrendMicro 20190305
Trustlook 20190305
ViRobot 20190304
Webroot 20190304
The file being studied is a Portable Executable file! More specifically, it is a Win32 EXE file for the Windows GUI subsystem.
FileVersionInfo properties
PE header basic information
Target machine Intel 386 or later processors and compatible processors
Compilation timestamp 2014-05-19 11:25:38
Entry Point 0x00001C95
Number of sections 3
PE sections
Overlays
MD5 260414805c93b693f98d96600ea0f744
File type ASCII text
Offset 17682
Size 558
Entropy 3.30
PE imports
GetModuleHandleA
VirtualFree
ExitProcess
VirtualProtect
GetProcAddress
VirtualAlloc
LoadLibraryA
wsprintfA
MessageBoxA
Number of PE resources by type
RT_ICON 1
JPEG 1
RT_GROUP_ICON 1
Number of PE resources by language
NEUTRAL 3
PE resources
ExifTool file metadata
MIMEType
application/octet-stream

Subsystem
Windows GUI

SubsystemVersion
4.0

MachineType
Intel 386 or later, and compatibles

TimeStamp
2014:05:19 04:25:38-07:00

FileType
Win32 EXE

PEType
PE32

CodeSize
3584

LinkerVersion
5.12

FileTypeExtension
exe

InitializedDataSize
13074

ImageFileCharacteristics
No relocs, Executable, No line numbers, No symbols, 32-bit

EntryPoint
0x1c95

OSVersion
4.0

ImageVersion
4.0

UninitializedDataSize
0

File identification
MD5 49588edea57228b3ef4d0d8798659862
SHA1 ad72e831d779498ed5a44b41ed0a0791159695d2
SHA256 e093fe448ed372556f02d2993689825c4a49db2b4213fc3e6bf3f357c206a031
ssdeep
192:41wxuvRJrUOVEOrtKiHbtgQmQ0M8wCOvolgl2Iia6pa:AxpEstKiHbABwCW2MSa6pa

authentihash 8ef1836cfc70b45def7fe102d0f322c15bb7eb2eefd62295c5f39369a2accdb9
imphash cdf5bbb8693f29ef22aef04d2a161dd7
File size 17.8 KB ( 18240 bytes )
File type Win32 EXE
Magic literal
PE32 executable for MS Windows (GUI) Intel 80386 32-bit

TrID Win32 Executable (generic) (42.7%)
OS/2 Executable (generic) (19.2%)
Generic Win/DOS Executable (18.9%)
DOS Executable Generic (18.9%)
Tags
peexe overlay

VirusTotal metadata
First submission 2019-03-04 20:33:13 UTC ( 1 month, 3 weeks ago )
Last submission 2019-03-04 20:33:13 UTC ( 1 month, 3 weeks ago )
File names .
No comments. No VirusTotal Community member has commented on this item yet, be the first one to do so!

Leave your comment...

?
Post comment

You have not signed in. Only registered users can leave comments, sign in and have a voice!

No votes. No one has voted on this item yet, be the first one to do so!
Condensed report! The following is a condensed report of the behaviour of the file when executed in a controlled environment. The actions and events described were either performed by the file itself or by any other process launched by the executed file or subjected to code injection by the executed file.
Opened files
Read files
Written files
Deleted files
Created processes
Shell commands
Runtime DLLs