× Cookies are disabled! This site requires cookies to be enabled to work properly
SHA256: e2962e106f19d4dc1c72395f72f82472f55b8514b26342c136aafaf5ac04a4c7
File name: press_file_v2.0.exe.bin
Detection ratio: 18 / 69
Analysis date: 2019-02-06 00:02:20 UTC ( 1 month, 1 week ago ) View latest
Antivirus Result Update
Acronis suspicious 20190130
Ad-Aware DeepScan:Generic.CBL.Carbanak.3.C51277B6 20190205
ALYac DeepScan:Generic.CBL.Carbanak.3.C51277B6 20190205
Arcabit DeepScan:Generic.CBL.Carbanak.3.C51277B6 20190205
BitDefender DeepScan:Generic.CBL.Carbanak.3.C51277B6 20190205
CrowdStrike Falcon (ML) malicious_confidence_80% (D) 20181023
Cylance Unsafe 20190205
Emsisoft DeepScan:Generic.CBL.Carbanak.3.C51277B6 (B) 20190205
Endgame malicious (high confidence) 20181108
GData DeepScan:Generic.CBL.Carbanak.3.C51277B6 20190205
Kaspersky HEUR:Trojan.Win32.Generic 20190205
MAX malware (ai score=83) 20190205
Microsoft VirTool:Win32/Atosev.A 20190205
eScan DeepScan:Generic.CBL.Carbanak.3.C51277B6 20190205
SentinelOne (Static ML) static engine - malicious 20190203
Trapmine malicious.moderate.ml.score 20190123
VBA32 BScope.TrojanDownloader.Small 20190205
ZoneAlarm by Check Point HEUR:Trojan.Win32.Generic 20190205
AegisLab 20190205
AhnLab-V3 20190205
Alibaba 20180921
Antiy-AVL 20190205
Avast 20190205
Avast-Mobile 20190205
AVG 20190205
Avira (no cloud) 20190205
Babable 20180917
Baidu 20190201
Bkav 20190201
CAT-QuickHeal 20190205
ClamAV 20190205
CMC 20190205
Comodo 20190205
Cyren 20190205
DrWeb 20190205
eGambit 20190205
ESET-NOD32 20190205
F-Prot 20190205
F-Secure 20190205
Fortinet 20190205
Ikarus 20190205
Sophos ML 20181128
Jiangmin 20190205
K7AntiVirus 20190205
K7GW 20190205
Kingsoft 20190205
Malwarebytes 20190205
McAfee 20190205
McAfee-GW-Edition 20190205
NANO-Antivirus 20190205
Palo Alto Networks (Known Signatures) 20190205
Panda 20190205
Qihoo-360 20190205
Rising 20190205
Sophos AV 20190205
SUPERAntiSpyware 20190130
Symantec 20190205
TACHYON 20190204
Tencent 20190205
TheHacker 20190203
TotalDefense 20190205
TrendMicro 20190205
TrendMicro-HouseCall 20190205
Trustlook 20190205
ViRobot 20190205
Webroot 20190205
Yandex 20190204
Zillya 20190204
Zoner 20190205
The file being studied is a Portable Executable file! More specifically, it is a Win32 EXE file for the Windows command line subsystem.
FileVersionInfo properties
PE header basic information
Target machine Intel 386 or later processors and compatible processors
Compilation timestamp 2019-02-04 11:47:23
Entry Point 0x000014E0
Number of sections 15
PE sections
Overlays
MD5 fa68a5b2f87d1f250ce2cde6b5f2f2c9
File type data
Offset 291840
Size 29267
Entropy 3.75
PE imports
GetLastError
EnterCriticalSection
WriteProcessMemory
VirtualAllocEx
QueryPerformanceCounter
GetTickCount
VirtualProtect
DeleteCriticalSection
GetCurrentProcess
GetCurrentProcessId
UnhandledExceptionFilter
GetThreadContext
SetUnhandledExceptionFilter
GetStartupInfoA
CloseHandle
GetSystemTimeAsFileTime
SetThreadContext
TerminateProcess
CreateProcessA
InitializeCriticalSection
VirtualQuery
TlsGetValue
Sleep
GetCurrentThreadId
LeaveCriticalSection
strncmp
__lconv_init
malloc
memset
__dllonexit
_cexit
abort
fprintf
_fmode
_amsg_exit
fwrite
_lock
_onexit
__initenv
exit
__setusermatherr
_acmdln
_unlock
free
vfprintf
__getmainargs
calloc
strlen
memcpy
signal
_initterm
__set_app_type
_iob
ExifTool file metadata
MIMEType
application/octet-stream

Subsystem
Windows command line

MachineType
Intel 386 or later, and compatibles

FileTypeExtension
exe

TimeStamp
2019:02:04 03:47:23-08:00

FileType
Win32 EXE

PEType
PE32

CodeSize
7168

LinkerVersion
2.24

ImageFileCharacteristics
No relocs, Executable, No line numbers, 32-bit

EntryPoint
0x14e0

InitializedDataSize
217600

SubsystemVersion
4.0

ImageVersion
1.0

OSVersion
4.0

UninitializedDataSize
214016

File identification
MD5 8dce7567944752bc47604fccdf1cc323
SHA1 55055c51e649ea84e421787e8e0adf4597272b22
SHA256 e2962e106f19d4dc1c72395f72f82472f55b8514b26342c136aafaf5ac04a4c7
ssdeep
6144:29Yb9mHTGwb+W6MJabQzyS1myKLhhhLjCK1j+o3frcHvYHI:2QcGwDkMtkywhhhLjCK1j+o3AHQo

authentihash 66d831106c07716853863e3bd072bc547741b716465a7400724796c96c803a3c
imphash 835cc947b18fa9e31c3232a3684131d9
File size 313.6 KB ( 321107 bytes )
File type Win32 EXE
Magic literal
PE32 executable for MS Windows (console) Intel 80386 32-bit

TrID Win64 Executable (generic) (45.0%)
Microsoft Visual C++ compiled executable (generic) (26.9%)
Win32 Dynamic Link Library (generic) (10.7%)
Win32 Executable (generic) (7.3%)
OS/2 Executable (generic) (3.3%)
Tags
peexe overlay

VirusTotal metadata
First submission 2019-02-06 00:02:20 UTC ( 1 month, 1 week ago )
Last submission 2019-02-06 00:02:20 UTC ( 1 month, 1 week ago )
File names press_file_v2.0.exe.bin
No comments. No VirusTotal Community member has commented on this item yet, be the first one to do so!

Leave your comment...

?
Post comment

You have not signed in. Only registered users can leave comments, sign in and have a voice!

No votes. No one has voted on this item yet, be the first one to do so!
Condensed report! The following is a condensed report of the behaviour of the file when executed in a controlled environment. The actions and events described were either performed by the file itself or by any other process launched by the executed file or subjected to code injection by the executed file.
Opened files
Created processes