× Cookies are disabled! This site requires cookies to be enabled to work properly
SHA256: e2f4ae6024b1b063b5743f0b3849b710c9f2ef856ab16a875a982fb1d72113e2
File name: malware
Detection ratio: 8 / 66
Analysis date: 2018-10-24 12:29:01 UTC ( 4 months, 3 weeks ago ) View latest
Antivirus Result Update
Cybereason malicious.ca7743 20180225
Cylance Unsafe 20181024
Ikarus Trojan-Banker.TrickBot 20181024
Sophos ML heuristic 20180717
Microsoft Trojan:Win32/MereTam.A 20181024
Palo Alto Networks (Known Signatures) generic.ml 20181024
Qihoo-360 HEUR/QVM20.1.BD31.Malware.Gen 20181024
Webroot W32.Trojan.Trickbot 20181024
Ad-Aware 20181024
AegisLab 20181024
AhnLab-V3 20181024
Alibaba 20180921
ALYac 20181024
Antiy-AVL 20181023
Arcabit 20181024
Avast 20181024
Avast-Mobile 20181024
AVG 20181024
Avira (no cloud) 20181024
Babable 20180918
Baidu 20181024
BitDefender 20181024
Bkav 20181024
CAT-QuickHeal 20181022
ClamAV 20181024
CMC 20181024
CrowdStrike Falcon (ML) 20180723
Cyren 20181024
DrWeb 20181024
eGambit 20181024
Emsisoft 20181024
Endgame 20180730
ESET-NOD32 20181024
F-Prot 20181024
F-Secure 20181024
Fortinet 20181024
GData 20181024
Jiangmin 20181024
K7AntiVirus 20181024
K7GW 20181024
Kaspersky 20181024
Kingsoft 20181024
Malwarebytes 20181024
MAX 20181024
McAfee 20181024
McAfee-GW-Edition 20181024
eScan 20181024
NANO-Antivirus 20181024
Panda 20181024
Rising 20181024
SentinelOne (Static ML) 20181011
Sophos AV 20181024
SUPERAntiSpyware 20181022
Symantec 20181024
Symantec Mobile Insight 20181001
TACHYON 20181024
Tencent 20181024
TheHacker 20181023
TrendMicro-HouseCall 20181024
Trustlook 20181024
VBA32 20181024
VIPRE 20181024
ViRobot 20181024
Yandex 20181024
Zillya 20181023
ZoneAlarm by Check Point 20181024
Zoner 20181023
The file being studied is a Portable Executable file! More specifically, it is a Win32 EXE file for the Windows GUI subsystem.
FileVersionInfo properties
PE header basic information
Target machine Intel 386 or later processors and compatible processors
Compilation timestamp 2018-10-24 08:40:12
Entry Point 0x000014E0
Number of sections 8
PE sections
PE imports
CryptDestroyKey
CryptReleaseContext
CryptEncrypt
CryptImportKey
CryptAcquireContextA
GetLastError
EnterCriticalSection
ReleaseMutex
TryEnterCriticalSection
ResumeThread
SetEvent
QueryPerformanceCounter
CopyFileA
GetTickCount
TlsAlloc
GetHandleInformation
DeleteCriticalSection
GetAtomNameA
SetThreadPriority
GetCurrentProcessId
AddAtomA
LockResource
GetCurrentProcess
UnhandledExceptionFilter
TlsGetValue
VirtualProtect
SetProcessAffinityMask
GetProcAddress
InterlockedCompareExchange
GetThreadContext
GetCurrentThread
SuspendThread
CreateMutexA
InterlockedExchangeAdd
CreateSemaphoreA
GetModuleHandleA
InterlockedExchange
SetUnhandledExceptionFilter
GetStartupInfoA
CloseHandle
GetSystemTimeAsFileTime
DuplicateHandle
WaitForMultipleObjects
GetThreadPriority
SetThreadContext
TerminateProcess
GetProcessAffinityMask
ReleaseSemaphore
ResetEvent
InitializeCriticalSection
WaitForSingleObject
VirtualQuery
CreateEventA
FindAtomA
InterlockedDecrement
Sleep
TlsSetValue
GetCurrentThreadId
LeaveCriticalSection
SetLastError
InterlockedIncrement
strncmp
__lconv_init
malloc
realloc
memset
__dllonexit
_cexit
abort
fprintf
_setjmp3
printf
_fmode
_endthreadex
_amsg_exit
fputc
fwrite
_lock
_onexit
__initenv
fputs
exit
sprintf
memcmp
strlen
__setusermatherr
_acmdln
longjmp
_unlock
free
vfprintf
__getmainargs
calloc
_write
memcpy
memmove
signal
_beginthreadex
_initterm
__set_app_type
strcmp
_ftime
_iob
Number of PE resources by type
RT_ICON 2
TRWKO 1
RT_GROUP_ICON 1
Number of PE resources by language
ENGLISH US 4
PE resources
ExifTool file metadata
MIMEType
application/octet-stream

Subsystem
Windows GUI

MachineType
Intel 386 or later, and compatibles

FileTypeExtension
exe

TimeStamp
2018:10:24 10:40:12+02:00

FileType
Win32 EXE

PEType
PE32

CodeSize
89088

LinkerVersion
2.23

ImageFileCharacteristics
No relocs, Executable, No line numbers, No symbols, 32-bit, No debug

EntryPoint
0x14e0

InitializedDataSize
385024

SubsystemVersion
4.0

ImageVersion
1.0

OSVersion
4.0

UninitializedDataSize
1536

File identification
MD5 b64e26659c66bb3245a8e1adfc1cfc54
SHA1 2368ddeca77431fb414ec23b208bc3c324db64d8
SHA256 e2f4ae6024b1b063b5743f0b3849b710c9f2ef856ab16a875a982fb1d72113e2
ssdeep
6144:TIjBVfddFJUnANuo2sNterYatgSKS5GwvMoQrTCAt5GJlo6KGIEo6a6ZnsiZA:MtVfd7W+toYafKSYCMoQrTCAkpKGIQFD

authentihash 72c1138b1a86ee76e10739650b6904cbcff5432dde9e2b79dcde90cf9bb0d3a1
imphash 40a3e391ef3792257e8517c30dccf4c7
File size 377.0 KB ( 386048 bytes )
File type Win32 EXE
Magic literal
PE32 executable for MS Windows (GUI) Intel 80386 32-bit

TrID Win32 Executable MS Visual C++ (generic) (33.7%)
Win64 Executable (generic) (29.8%)
Microsoft Visual C++ compiled executable (generic) (17.8%)
Win32 Dynamic Link Library (generic) (7.1%)
Win32 Executable (generic) (4.8%)
Tags
peexe

VirusTotal metadata
First submission 2018-10-24 11:25:46 UTC ( 4 months, 3 weeks ago )
Last submission 2018-11-05 14:22:39 UTC ( 4 months, 2 weeks ago )
File names malware
lunar.pony
updsun.exe
updrun.exe
b64e26659c66bb3245a8e1adfc1cfc54_exe
updsun.exe
No comments. No VirusTotal Community member has commented on this item yet, be the first one to do so!

Leave your comment...

?
Post comment

You have not signed in. Only registered users can leave comments, sign in and have a voice!

No votes. No one has voted on this item yet, be the first one to do so!
Condensed report! The following is a condensed report of the behaviour of the file when executed in a controlled environment. The actions and events described were either performed by the file itself or by any other process launched by the executed file or subjected to code injection by the executed file.
Opened files
Read files
Written files
Copied files
Created processes
Created mutexes
Opened mutexes
Opened service managers
Opened services
Runtime DLLs
HTTP requests
DNS requests
TCP connections