× Cookies are disabled! This site requires cookies to be enabled to work properly
SHA256: e5ceeb1f78b683a3efecf77e2d5b8251b04281cd12ebfc374d36cfb62a92d657
File name: 6a0190e160f60478558dc40415e8464d
Detection ratio: 48 / 70
Analysis date: 2018-12-14 05:25:28 UTC ( 2 days, 23 hours ago )
Antivirus Result Update
Ad-Aware Trojan.GenericKD.40813879 20181214
AhnLab-V3 Malware/Gen.Generic.C2879179 20181213
ALYac Trojan.Mansabo.gen 20181214
Antiy-AVL Trojan/Win32.Mansabo 20181214
Arcabit Trojan.Generic.D26EC537 20181214
Avast Win32:Trojan-gen 20181214
AVG Win32:Trojan-gen 20181214
Avira (no cloud) TR/AD.TrickBot.qfold 20181214
BitDefender Trojan.GenericKD.40813879 20181214
CAT-QuickHeal Trojan.Multi 20181213
Comodo Malware@#2cqdzpvbznmnl 20181214
CrowdStrike Falcon (ML) malicious_confidence_90% (W) 20181022
Cybereason malicious.160f60 20180225
Cylance Unsafe 20181214
DrWeb Trojan.Hosts.45515 20181214
Emsisoft Trojan.GenericKD.40813879 (B) 20181214
Endgame malicious (high confidence) 20181108
ESET-NOD32 a variant of Win32/Kryptik.GNLI 20181214
F-Secure Trojan.GenericKD.40813879 20181214
Fortinet W32/Kryptik.GNLI!tr 20181214
GData Trojan.GenericKD.40813879 20181214
Ikarus Trojan-Banker.TrickBot 20181214
Sophos ML heuristic 20181128
K7AntiVirus Trojan ( 00542ea21 ) 20181213
K7GW Trojan ( 00542ea21 ) 20181213
Kaspersky Trojan.Win32.Mansabo.bqx 20181213
MAX malware (ai score=81) 20181214
McAfee Trojan-FQGT!6A0190E160F6 20181214
McAfee-GW-Edition BehavesLike.Win32.MultiPlug.gc 20181214
Microsoft Trojan:Win32/MereTam.A 20181214
eScan Trojan.GenericKD.40813879 20181214
NANO-Antivirus Trojan.Win32.Mansabo.fkvnzs 20181214
Palo Alto Networks (Known Signatures) generic.ml 20181214
Panda Trj/TrickBot.A 20181213
Qihoo-360 Win32/Trojan.BO.c18 20181214
Rising Trojan.Kryptik!8.8 (CLOUD) 20181214
Sophos AV Troj/Trickbo-LM 20181213
Symantec Trojan.Gen.2 20181213
TACHYON Trojan/W32.Mansabo.434176 20181213
Tencent Win32.Trojan.Mansabo.Wnmf 20181214
Trapmine suspicious.low.ml.score 20181205
TrendMicro TROJ_GEN.F0C2C00L518 20181213
TrendMicro-HouseCall TROJ_GEN.F0C2C00L518 20181213
VBA32 Trojan.Mansabo 20181213
VIPRE Trojan.Win32.Generic!BT 20181213
ViRobot Trojan.Win32.Z.Trickbot.434176 20181213
Webroot W32.Trojan.Gen 20181214
ZoneAlarm by Check Point Trojan.Win32.Mansabo.bqx 20181214
AegisLab 20181213
Alibaba 20180921
Avast-Mobile 20181213
Babable 20180918
Baidu 20181207
Bkav 20181213
ClamAV 20181214
CMC 20181213
Cyren 20181214
eGambit 20181214
F-Prot 20181214
Jiangmin 20181214
Kingsoft 20181214
Malwarebytes 20181214
SentinelOne (Static ML) 20181011
SUPERAntiSpyware 20181212
Symantec Mobile Insight 20181212
TheHacker 20181213
TotalDefense 20181213
Trustlook 20181214
Yandex 20181213
Zillya 20181213
Zoner 20181214
The file being studied is a Portable Executable file! More specifically, it is a Win32 EXE file for the Windows GUI subsystem.
PE header basic information
Target machine Intel 386 or later processors and compatible processors
Compilation timestamp 2018-12-04 10:26:32
Entry Point 0x000014C0
Number of sections 8
PE sections
PE imports
GetLastError
EnterCriticalSection
ReleaseMutex
LoadLibraryW
WaitForSingleObject
QueryPerformanceCounter
GetTickCount
TlsAlloc
VirtualProtect
LoadLibraryA
DeleteCriticalSection
GetAtomNameA
SizeofResource
GetCurrentProcessId
AddAtomA
GetCurrentProcess
UnhandledExceptionFilter
MultiByteToWideChar
GetProcAddress
CreateMutexA
IsDBCSLeadByteEx
CreateSemaphoreA
WideCharToMultiByte
TlsFree
GetModuleHandleA
SetUnhandledExceptionFilter
GetStartupInfoA
CloseHandle
GetSystemTimeAsFileTime
TerminateProcess
ReleaseSemaphore
InitializeCriticalSection
LoadResource
CreateFileW
VirtualQuery
FindAtomA
TlsGetValue
Sleep
TlsSetValue
GetCurrentThreadId
FindResourceA
VirtualAlloc
SetLastError
LeaveCriticalSection
strncmp
__lconv_init
malloc
setlocale
realloc
memset
__dllonexit
_cexit
abort
strlen
_fmode
wcslen
_amsg_exit
fputc
_errno
fwrite
_lock
_onexit
__initenv
fputs
_strdup
sprintf
memcmp
exit
__setusermatherr
_acmdln
_unlock
free
getenv
atoi
__getmainargs
calloc
_write
memcpy
localeconv
strchr
strerror
strcmp
__mb_cur_max
_initterm
__set_app_type
signal
_iob
Number of PE resources by type
RT_ICON 6
GOVERMENT 1
RT_GROUP_ICON 1
Number of PE resources by language
NEUTRAL DEFAULT 7
ENGLISH US 1
PE resources
ExifTool file metadata
MIMEType
application/octet-stream

Subsystem
Windows GUI

MachineType
Intel 386 or later, and compatibles

FileTypeExtension
exe

TimeStamp
2018:12:04 11:26:32+01:00

FileType
Win32 EXE

PEType
PE32

CodeSize
88576

LinkerVersion
2.22

ImageFileCharacteristics
No relocs, Executable, No line numbers, No symbols, 32-bit, No debug

EntryPoint
0x14c0

InitializedDataSize
433152

SubsystemVersion
4.0

ImageVersion
1.0

OSVersion
4.0

UninitializedDataSize
3584

Execution parents
File identification
MD5 6a0190e160f60478558dc40415e8464d
SHA1 7b1a180099f4df582487a40516bf7c52d0093086
SHA256 e5ceeb1f78b683a3efecf77e2d5b8251b04281cd12ebfc374d36cfb62a92d657
ssdeep
6144:GWZQwhEbaXUn8jSpVikEctxlhGSHJ3R+FpvGTPYYaZfE4lW3ZoQXZy6Buc3:GWZQwhEeBMViaO2ZR+FJfDEAu/B7

authentihash cbdd51152d38a20db063bf70718980aac740da6e82991293ad24d2c09bfdc936
imphash d04a674426c4b114c6e3d68abacb7ef4
File size 424.0 KB ( 434176 bytes )
File type Win32 EXE
Magic literal
PE32 executable for MS Windows (GUI) Intel 80386 32-bit

TrID Win32 Executable MS Visual C++ (generic) (41.0%)
Win64 Executable (generic) (36.3%)
Win32 Dynamic Link Library (generic) (8.6%)
Win32 Executable (generic) (5.9%)
OS/2 Executable (generic) (2.6%)
Tags
peexe

VirusTotal metadata
First submission 2018-12-04 13:46:37 UTC ( 1 week, 5 days ago )
Last submission 2018-12-14 05:25:28 UTC ( 2 days, 23 hours ago )
File names 44783m8uh77g8l8_nkubyhu5vfxxbh878xo6hlttkppzf28tsdu5kwppk_11c1jl.exe
p4uvq578yx720_zzz85dv__6hktbh1dy6fkiyvb_nw_xlutjmdawvith8wbxcm44.exe
5xpmjo438k6xi8hz4jq7jj653icv0q_f4vdcbctfu12bucofiusfcongxsfq3y00.exe
<SAMPLE.EXE>
6a0190e160f60478558dc40415e8464d
sfhyiil.exe
44783m8uh77g8l8_nkubyhu5vfxxbh878xo6hlttkppzf28tsdu5kwppk_11c1jl.exe
6a0190e160f60478558dc40415e8464d
No comments. No VirusTotal Community member has commented on this item yet, be the first one to do so!

Leave your comment...

?
Post comment

You have not signed in. Only registered users can leave comments, sign in and have a voice!

No votes. No one has voted on this item yet, be the first one to do so!
Condensed report! The following is a condensed report of the behaviour of the file when executed in a controlled environment. The actions and events described were either performed by the file itself or by any other process launched by the executed file or subjected to code injection by the executed file.
Opened files
Read files
Written files
Copied files
Created processes
Created mutexes
Opened mutexes
Opened service managers
Opened services
Runtime DLLs
HTTP requests
DNS requests
TCP connections