× Cookies are disabled! This site requires cookies to be enabled to work properly
SHA256: e1d238b07bf404545f21f105471160ad66e893cbb323df504794cdac6133711e
File name: f54c9acc1fdc807313c5c171c47bed0d
Detection ratio: 37 / 67
Analysis date: 2017-12-28 06:42:53 UTC ( 1 year, 1 month ago ) View latest
Antivirus Result Update
AegisLab Uds.Dangerousobject.Multi!c 20171228
Antiy-AVL Trojan/Win32.Trickster 20171228
Arcabit Trojan.Generic.D608E5A 20171228
Avast FileRepMetagen [Malware] 20171228
AVG FileRepMetagen [Malware] 20171228
Avira (no cloud) TR/Crypt.ZPACK.iwxjq 20171228
AVware Trojan.Win32.Generic!BT 20171228
BitDefender Trojan.GenericKD.6327898 20171228
CAT-QuickHeal Trojan.Multi 20171227
CrowdStrike Falcon (ML) malicious_confidence_100% (W) 20171016
Cylance Unsafe 20171228
DrWeb Trojan.DownLoad3.62940 20171228
Emsisoft Trojan.GenericKD.6327898 (B) 20171228
Endgame malicious (high confidence) 20171130
ESET-NOD32 a variant of Generik.NPCILNT 20171228
F-Secure Trojan.GenericKD.6327898 20171228
Fortinet Generik.NPCILNT!tr 20171228
GData Win32.Trojan-Spy.Trickbot.P 20171228
Ikarus Trojan.SuspectCRC 20171227
Sophos ML heuristic 20170914
Jiangmin Trojan.Trickster.acn 20171228
Kaspersky Trojan.Win32.Trickster.bid 20171228
MAX malware (ai score=66) 20171228
McAfee GenericRXDP-RO!F54C9ACC1FDC 20171228
McAfee-GW-Edition BehavesLike.Win32.Dropper.gc 20171228
Microsoft Ransom:Win32/HydraCrypt.B 20171227
eScan Trojan.GenericKD.6327898 20171228
Palo Alto Networks (Known Signatures) generic.ml 20171228
Rising Ransom.HydraCrypt!8.864F (TFE:4:lq3DFMPb7QI) 20171228
SentinelOne (Static ML) static engine - malicious 20171224
Sophos AV Mal/Generic-S 20171228
Symantec Trojan Horse 20171227
TrendMicro-HouseCall TROJ_GEN.R002H0CLR17 20171228
VIPRE Trojan.Win32.Generic!BT 20171228
Webroot W32.Adware.Gen 20171228
WhiteArmor Malware.HighConfidence 20171226
ZoneAlarm by Check Point Trojan.Win32.Trickster.bid 20171228
Ad-Aware 20171225
AhnLab-V3 20171227
Alibaba 20171228
ALYac 20171228
Avast-Mobile 20171227
Baidu 20171227
Bkav 20171227
ClamAV 20171228
CMC 20171228
Comodo 20171228
Cybereason 20171103
Cyren 20171228
eGambit 20171228
F-Prot 20171228
K7AntiVirus 20171228
K7GW 20171228
Kingsoft 20171228
Malwarebytes 20171228
NANO-Antivirus 20171228
nProtect 20171228
Panda 20171227
Qihoo-360 20171228
SUPERAntiSpyware 20171228
Symantec Mobile Insight 20171227
Tencent 20171228
TheHacker 20171226
TrendMicro 20171228
Trustlook 20171228
VBA32 20171227
ViRobot 20171228
Yandex 20171225
Zillya 20171226
Zoner 20171228
The file being studied is a Portable Executable file! More specifically, it is a Win32 EXE file for the Windows GUI subsystem.
FileVersionInfo properties
PE header basic information
Target machine Intel 386 or later processors and compatible processors
Compilation timestamp 2015-12-31 08:42:37
Entry Point 0x00010B30
Number of sections 4
PE sections
PE imports
InitCommonControlsEx
SelectObject
CreateCompatibleDC
CreateCompatibleBitmap
DeleteDC
GetLastError
GetEnvironmentVariableA
HeapFree
GetStdHandle
EnterCriticalSection
LCMapStringW
SetHandleCount
lstrlenA
GetOEMCP
LCMapStringA
HeapDestroy
HeapAlloc
TlsAlloc
GetEnvironmentStringsW
GetVersionExA
LoadLibraryA
RtlUnwind
GetModuleFileNameA
FreeEnvironmentStringsA
GetStartupInfoA
GetEnvironmentStrings
lstrcatA
GetCommandLineW
GetCurrentDirectoryA
UnhandledExceptionFilter
TlsGetValue
MultiByteToWideChar
FreeEnvironmentStringsW
GetCommandLineA
GetProcAddress
GetTempPathA
GetCPInfo
MapViewOfFile
GetStringTypeA
GetModuleHandleA
lstrcmpA
WriteFile
GetCurrentProcess
GetACP
HeapReAlloc
GetStringTypeW
GetVersion
TerminateProcess
WideCharToMultiByte
InitializeCriticalSection
HeapCreate
VirtualFree
InterlockedDecrement
GetFileType
TlsSetValue
CreateFileA
ExitProcess
GetCurrentThreadId
InterlockedIncrement
VirtualAlloc
SetLastError
LeaveCriticalSection
ExtractIconA
CommandLineToArgvW
SetFocus
GetMessageA
RegisterClassA
RedrawWindow
GetScrollRange
EndDialog
BeginPaint
GetScrollPos
PostQuitMessage
DefWindowProcA
MessageBeep
LoadBitmapA
MapWindowPoints
MessageBoxW
DispatchMessageA
EndPaint
SetMenu
SetDlgItemTextA
PostMessageA
SetMenuItemInfoA
ModifyMenuA
MessageBoxA
SetWindowLongA
TranslateMessage
DialogBoxParamA
GetDlgItemInt
RegisterClassExA
GetCursorPos
GetDlgCtrlID
SetWindowTextA
ShowCaret
LoadStringA
PtInRect
SendMessageA
GetClientRect
CreateWindowExA
SetScrollRange
EnableMenuItem
FrameRect
SetTimer
LoadCursorA
LoadIconA
GetActiveWindow
GetDesktopWindow
LockWindowUpdate
GetClassNameA
EndDeferWindowPos
OpenClipboard
DestroyWindow
Number of PE resources by type
RT_GROUP_CURSOR 2
RT_CURSOR 2
RT_ICON 1
RT_MANIFEST 1
RT_STRING 1
RT_BITMAP 1
RT_VERSION 1
RT_GROUP_ICON 1
Number of PE resources by language
FINNISH DEFAULT 9
ENGLISH US 1
PE resources
ExifTool file metadata
UninitializedDataSize
0

LinkerVersion
5.0

ImageVersion
0.0

FileSubtype
0

FileVersionNumber
1.1.1.6

LanguageCode
Unknown (044B)

FileFlagsMask
0x0000

FileDescription
TuelFragtan 1.6

ImageFileCharacteristics
No relocs, Executable, No line numbers, No symbols, 32-bit

CharacterSet
Unknown (0470)

InitializedDataSize
331776

EntryPoint
0x10b30

OriginalFileName
fragtan.exe

MIMEType
application/octet-stream

LegalCopyright
TuelFragtan Corporation. All rights reserv

FileVersion
1.1.1.6 (040817-106)

TimeStamp
2015:12:31 00:42:37-08:00

FileType
Win32 EXE

PEType
PE32

InternalName
TuelFragtan

ProductVersion
1.1.1.6

SubsystemVersion
4.0

OSVersion
4.0

FileOS
Windows NT 32-bit

Subsystem
Windows GUI

MachineType
Intel 386 or later, and compatibles

CompanyName
TuelFragtan Corporation

CodeSize
90112

ProductName
TuelFragtan XApplication

ProductVersionNumber
1.1.1.6

FileTypeExtension
exe

ObjectFileType
Dynamic link library

Compressed bundles
File identification
MD5 f54c9acc1fdc807313c5c171c47bed0d
SHA1 5d234cdbd360b7b89400ac875bc48a512cc837e5
SHA256 e1d238b07bf404545f21f105471160ad66e893cbb323df504794cdac6133711e
ssdeep
6144:62d51Ntgty3g8jd4RMyyJxJg0suBHBvNG6+YA95xK/dGDqS:62dbUx8p4ROJxJtsqvQTjIeT

authentihash e2af332c6ba710c37ebed254b7a68a729f48b1782d37a1ab8835f3c016ea2eba
imphash 57d13fbb3a229360b128a81d6213e952
File size 416.0 KB ( 425984 bytes )
File type Win32 EXE
Magic literal
PE32 executable for MS Windows (GUI) Intel 80386 32-bit

TrID Win32 Executable MS Visual C++ (generic) (39.9%)
Win64 Executable (generic) (35.3%)
Win32 Dynamic Link Library (generic) (8.4%)
Win32 Executable (generic) (5.7%)
Win16/32 Executable Delphi generic (2.6%)
Tags
peexe

VirusTotal metadata
First submission 2017-12-26 21:43:30 UTC ( 1 year, 1 month ago )
Last submission 2018-05-07 17:55:02 UTC ( 9 months, 2 weeks ago )
File names meronto.png
VirusShare_f54c9acc1fdc807313c5c171c47bed0d
1024-5d234cdbd360b7b89400ac875bc48a512cc837e5
Advanced heuristic and reputation engines
No comments. No VirusTotal Community member has commented on this item yet, be the first one to do so!

Leave your comment...

?
Post comment

You have not signed in. Only registered users can leave comments, sign in and have a voice!

No votes. No one has voted on this item yet, be the first one to do so!
Condensed report! The following is a condensed report of the behaviour of the file when executed in a controlled environment. The actions and events described were either performed by the file itself or by any other process launched by the executed file or subjected to code injection by the executed file.
HTTP requests
DNS requests
TCP connections
UDP communications