× Cookies are disabled! This site requires cookies to be enabled to work properly
SHA256: e2209f339b2e5afbb40d4f3dfddf4939ffdb9accbb5253121707a5b1cde15dd2
File name: UYTd46732.exe
Detection ratio: 7 / 68
Analysis date: 2017-12-01 10:49:56 UTC ( 1 year, 1 month ago ) View latest
Antivirus Result Update
Baidu Win32.Trojan.WisdomEyes.16070401.9500.9968 20171201
CrowdStrike Falcon (ML) malicious_confidence_90% (D) 20171016
Cylance Unsafe 20171201
Endgame malicious (high confidence) 20171130
Sophos ML heuristic 20170914
Rising Malware.Heuristic!ET#88% (RDM+:cmRtazrOkEa9sQMZgruLJD0MIh+o) 20171201
Tencent Suspicious.Heuristic.Gen.b.0 20171201
Ad-Aware 20171201
AegisLab 20171201
AhnLab-V3 20171130
Alibaba 20171201
ALYac 20171201
Antiy-AVL 20171201
Arcabit 20171201
Avast 20171201
Avast-Mobile 20171201
AVG 20171201
Avira (no cloud) 20171201
AVware 20171201
BitDefender 20171201
Bkav 20171201
CAT-QuickHeal 20171130
ClamAV 20171201
CMC 20171201
Comodo 20171201
Cybereason 20171103
Cyren 20171201
DrWeb 20171201
eGambit 20171201
Emsisoft 20171201
ESET-NOD32 20171201
F-Prot 20171201
F-Secure 20171201
Fortinet 20171201
GData 20171201
Ikarus 20171201
Jiangmin 20171201
K7AntiVirus 20171201
K7GW 20171201
Kaspersky 20171201
Kingsoft 20171201
Malwarebytes 20171201
MAX 20171201
McAfee 20171201
McAfee-GW-Edition 20171201
Microsoft 20171201
eScan 20171201
NANO-Antivirus 20171201
nProtect 20171201
Palo Alto Networks (Known Signatures) 20171201
Panda 20171130
Qihoo-360 20171201
SentinelOne (Static ML) 20171113
Sophos AV 20171201
SUPERAntiSpyware 20171201
Symantec 20171201
Symantec Mobile Insight 20171201
TheHacker 20171130
TotalDefense 20171201
TrendMicro 20171201
TrendMicro-HouseCall 20171201
Trustlook 20171201
VBA32 20171130
VIPRE 20171201
ViRobot 20171201
Webroot 20171201
WhiteArmor 20171104
Yandex 20171201
Zillya 20171129
ZoneAlarm by Check Point 20171201
Zoner 20171201
The file being studied is a Portable Executable file! More specifically, it is a Win32 EXE file for the Windows GUI subsystem.
PE header basic information
Target machine Intel 386 or later processors and compatible processors
Compilation timestamp 2017-12-01 10:11:52
Entry Point 0x00003C5B
Number of sections 5
PE sections
PE imports
GetLastError
InitializeCriticalSectionAndSpinCount
HeapFree
GetStdHandle
GetDriveTypeW
LCMapStringW
TerminateThread
GetModuleFileNameW
GetConsoleCP
GetOEMCP
QueryPerformanceCounter
EnterCriticalSection
IsDebuggerPresent
GetTickCount
SetProcessShutdownParameters
TlsAlloc
VirtualProtect
FlushFileBuffers
GetModuleFileNameA
RtlUnwind
GetACP
RaiseException
HeapAlloc
SetProcessWorkingSetSize
GetProcessIoCounters
GetStartupInfoW
GetWindowsDirectoryW
GetConsoleMode
DecodePointer
LocalAlloc
AddAtomA
UnhandledExceptionFilter
WideCharToMultiByte
ExitProcess
LoadLibraryExW
MultiByteToWideChar
GetAtomNameW
SetFilePointerEx
FreeEnvironmentStringsW
GetCommandLineA
GetProcAddress
HeapSize
SetStdHandle
GetTempPathA
GlobalMemoryStatus
GetCPInfo
TlsFree
GetModuleHandleA
GetSystemTimeAsFileTime
DeleteCriticalSection
GetCurrentProcessId
SetUnhandledExceptionFilter
WriteFile
GetCurrentProcess
CloseHandle
IsProcessorFeaturePresent
GetSystemTimes
ExitThread
HeapReAlloc
GetStringTypeW
GetModuleHandleW
TerminateProcess
GetProcessAffinityMask
GetModuleHandleExW
IsValidCodePage
OutputDebugStringW
SetLastError
CreateFileW
FatalExit
GetEnvironmentStringsW
TlsGetValue
Sleep
GetFileType
TlsSetValue
EncodePointer
GetCurrentThreadId
GetProcessHeap
GetFileSize
WriteConsoleW
LeaveCriticalSection
TransparentBlt
LoadImageA
GetMenuInfo
CopyImage
WinHttpQueryOption
WinHttpOpen
WinHttpConnect
WinHttpWriteData
WinHttpSetOption
Number of PE resources by type
RT_ICON 8
RT_STRING 4
OJVTYM 1
RT_GROUP_CURSOR 1
AFX_DIALOG_LAYOUT 1
DUVOCATA 1
RT_BITMAP 1
RT_CURSOR 1
TEWINITEVEPINACIMEBAZAFO 1
RT_GROUP_ICON 1
Number of PE resources by language
NEUTRAL 11
ENGLISH UK 5
ENGLISH US 2
LITHUANIAN NEUTRAL 1
GAELIC SCOTTISH 1
PE resources
ExifTool file metadata
MIMEType
application/octet-stream

Subsystem
Windows GUI

MachineType
Intel 386 or later, and compatibles

FileTypeExtension
exe

TimeStamp
2017:12:01 11:11:52+01:00

FileType
Win32 EXE

PEType
PE32

CodeSize
56320

LinkerVersion
12.0

ImageFileCharacteristics
Executable, 32-bit

EntryPoint
0x3c5b

InitializedDataSize
1183232

SubsystemVersion
5.1

ImageVersion
0.0

OSVersion
5.1

UninitializedDataSize
0

Compressed bundles
File identification
MD5 06c82e99dc35ab88f2db7868d30012a8
SHA1 4bcba41741021833e193e721f4461645ab7fdb43
SHA256 e2209f339b2e5afbb40d4f3dfddf4939ffdb9accbb5253121707a5b1cde15dd2
ssdeep
3072:glhbCOnBy2BY+JRz6T0sBTQqgnl0tPQTVo9:glhb3nPiWU6mtIRo9

authentihash e6b21019babed2d46ee3f120f04aa0e818ba24eef40fe1e578028bbb2cedc13a
imphash e4fd7bd65f92565abe6ebb5858ca70ae
File size 173.5 KB ( 177664 bytes )
File type Win32 EXE
Magic literal
PE32 executable for MS Windows (GUI) Intel 80386 32-bit

TrID Win32 Executable MS Visual C++ (generic) (64.5%)
Win32 Dynamic Link Library (generic) (13.6%)
Win32 Executable (generic) (9.3%)
OS/2 Executable (generic) (4.1%)
Generic Win/DOS Executable (4.1%)
Tags
peexe

VirusTotal metadata
First submission 2017-12-01 10:49:56 UTC ( 1 year, 1 month ago )
Last submission 2017-12-05 00:51:05 UTC ( 1 year, 1 month ago )
File names UYTd46732.exe
UYTd46732.exe
UYTd46732
UYTd46732.exe
06c82e99.gxe
GlobeImposter.exe
UYTd46732.exe
Advanced heuristic and reputation engines
No comments. No VirusTotal Community member has commented on this item yet, be the first one to do so!

Leave your comment...

?
Post comment

You have not signed in. Only registered users can leave comments, sign in and have a voice!

No votes. No one has voted on this item yet, be the first one to do so!
Condensed report! The following is a condensed report of the behaviour of the file when executed in a controlled environment. The actions and events described were either performed by the file itself or by any other process launched by the executed file or subjected to code injection by the executed file.
Opened files
Read files
Written files
Copied files
Moved files
Created processes
Code injections in the following processes
Terminated processes
Opened mutexes
Runtime DLLs
UDP communications