× Cookies are disabled! This site requires cookies to be enabled to work properly
SHA256: e6e93c7744d20e2cac2c2b257868686c861d43c6cf3de146b8812778c8283f7d
File name: ec57bb4980ea0190f4ad05d0ea9c9447.virus
Detection ratio: 34 / 70
Analysis date: 2019-01-23 17:12:32 UTC ( 1 month, 3 weeks ago ) View latest
Antivirus Result Update
Ad-Aware Gen:Trojan.Heur.AutoIT.2 20190123
AegisLab Trojan.Win32.Zebrocy.4!c 20190123
Antiy-AVL Trojan[Dropper]/Win32.Sysn 20190123
Arcabit Trojan.Heur.AutoIT.2 20190123
Avast FileRepMalware 20190123
AVG FileRepMalware 20190123
Avira (no cloud) TR/Dldr.Sednit.icuki 20190123
BitDefender Gen:Trojan.Heur.AutoIT.2 20190123
ClamAV Win.Malware.Moderate-6823939-0 20190123
CrowdStrike Falcon (ML) malicious_confidence_90% (W) 20181023
Cybereason malicious.980ea0 20190109
Cylance Unsafe 20190123
Cyren W32/GenBl.EC57BB49!Olympus 20190123
Emsisoft Gen:Trojan.Heur.AutoIT.2 (B) 20190123
ESET-NOD32 a variant of Win32/TrojanDownloader.Sednit.AV 20190123
F-Secure Gen:Trojan.Heur.AutoIT.2 20190123
Fortinet W32/Zebrocy.KG!tr.bdr 20190123
GData Gen:Trojan.Heur.AutoIT.2 20190123
Sophos ML heuristic 20181128
Jiangmin Trojan.Blocker.imx 20190123
K7AntiVirus Trojan ( 700000111 ) 20190123
K7GW Trojan ( 700000111 ) 20190123
Kaspersky Backdoor.Win32.Zebrocy.kg 20190123
MAX malware (ai score=83) 20190123
McAfee RDN/Generic BackDoor 20190123
McAfee-GW-Edition BehavesLike.Win32.Downloader.jc 20190123
eScan Gen:Trojan.Heur.AutoIT.2 20190123
Palo Alto Networks (Known Signatures) generic.ml 20190123
SentinelOne (Static ML) static engine - malicious 20190118
Sophos AV Mal/Generic-S 20190123
Tencent Win32.Backdoor.Zebrocy.Alsh 20190123
Trapmine malicious.moderate.ml.score 20190123
TrendMicro-HouseCall TROJ_GEN.R002H0CAN19 20190123
ZoneAlarm by Check Point Backdoor.Win32.Zebrocy.kg 20190123
Acronis 20190119
AhnLab-V3 20190123
Alibaba 20180921
ALYac 20190123
Avast-Mobile 20190123
Babable 20180918
Baidu 20190123
Bkav 20190123
CAT-QuickHeal 20190123
CMC 20190123
Comodo 20190123
DrWeb 20190123
eGambit 20190123
Endgame 20181108
F-Prot 20190123
Ikarus 20190123
Kingsoft 20190123
Malwarebytes 20190123
Microsoft 20190123
NANO-Antivirus 20190123
Panda 20190123
Qihoo-360 20190123
Rising 20190123
SUPERAntiSpyware 20190116
Symantec 20190123
TACHYON 20190123
TheHacker 20190118
TrendMicro 20190123
Trustlook 20190123
VBA32 20190123
VIPRE 20190123
ViRobot 20190123
Webroot 20190123
Yandex 20190122
Zillya 20190123
Zoner 20190123
The file being studied is a Portable Executable file! More specifically, it is a Win32 EXE file for the Windows GUI subsystem.
FileVersionInfo properties
Copyright
© Microsoft Corporation. All rights reserved.

Product Microsoft Windows Operating System
File version 13.3.1223.2
Description ServicesTray
Comments services tray
Packers identified
F-PROT UPX
PE header basic information
Target machine Intel 386 or later processors and compatible processors
Compilation timestamp 2019-01-16 12:10:59
Entry Point 0x0011D070
Number of sections 3
PE sections
PE imports
ImageList_Remove
GetOpenFileNameW
LineTo
IcmpSendEcho
VirtualFree
ExitProcess
VirtualProtect
LoadLibraryA
VirtualAlloc
GetProcAddress
WNetUseConnectionW
VariantInit
GetProcessMemoryInfo
DragFinish
LoadUserProfileW
IsThemeActive
VerQueryValueW
FtpOpenFileW
timeGetTime
connect
CoGetObject
Number of PE resources by type
RT_ICON 11
RT_STRING 7
RT_GROUP_ICON 4
RT_MANIFEST 1
RT_MENU 1
RT_RCDATA 1
RT_VERSION 1
Number of PE resources by language
ENGLISH UK 25
NEUTRAL 1
PE resources
ExifTool file metadata
SubsystemVersion
5.1

LegalTradeMarks
Microsoft Corporation. All rights reserved.

Comments
services tray

LinkerVersion
12.0

ImageVersion
0.0

FileSubtype
0

FileVersionNumber
13.3.1223.2

LanguageCode
English (British)

FileFlagsMask
0x0000

FileDescription
ServicesTray

ImageFileCharacteristics
Executable, Large address aware, 32-bit

CharacterSet
Unicode

InitializedDataSize
282624

EntryPoint
0x11d070

MIMEType
application/octet-stream

LegalCopyright
Microsoft Corporation. All rights reserved.

FileVersion
13.3.1223.2

TimeStamp
2019:01:16 13:10:59+01:00

FileType
Win32 EXE

PEType
PE32

ProductVersion
13.3.1223.2

UninitializedDataSize
811008

OSVersion
5.1

FileOS
Win32

Subsystem
Windows GUI

MachineType
Intel 386 or later, and compatibles

CompanyName
Microsoft Windows Operating System

CodeSize
356352

ProductName
Microsoft Windows Operating System

ProductVersionNumber
13.3.1223.2

FileTypeExtension
exe

ObjectFileType
Unknown

File identification
MD5 ec57bb4980ea0190f4ad05d0ea9c9447
SHA1 6b300486d17d07a02365d32b673cd6638bd384f3
SHA256 e6e93c7744d20e2cac2c2b257868686c861d43c6cf3de146b8812778c8283f7d
ssdeep
12288:QYV6MorX7qzuC3QHO9FQVHPF51jgcSj2EtPo/V7I6R+Lqaw8i6hG0:vBXu9HGaVHh4Po/VU6RkqaQ6F

authentihash b13808023b9032d933d72f0ea27719c40097ce5316d759cb5383c6ea0625e492
imphash fc6683d30d9f25244a50fd5357825e79
File size 621.5 KB ( 636416 bytes )
File type Win32 EXE
Magic literal
PE32 executable for MS Windows (GUI) Intel 80386 32-bit

TrID UPX compressed Win32 Executable (38.2%)
Win32 EXE Yoda's Crypter (37.5%)
Win32 Dynamic Link Library (generic) (9.2%)
Win32 Executable (generic) (6.3%)
OS/2 Executable (generic) (2.8%)
Tags
peexe upx

VirusTotal metadata
First submission 2019-01-23 06:41:17 UTC ( 1 month, 3 weeks ago )
Last submission 2019-01-23 06:41:17 UTC ( 1 month, 3 weeks ago )
File names ec57bb4980ea0190f4ad05d0ea9c9447.virus
No comments. No VirusTotal Community member has commented on this item yet, be the first one to do so!

Leave your comment...

?
Post comment

You have not signed in. Only registered users can leave comments, sign in and have a voice!

No votes. No one has voted on this item yet, be the first one to do so!
Condensed report! The following is a condensed report of the behaviour of the file when executed in a controlled environment. The actions and events described were either performed by the file itself or by any other process launched by the executed file or subjected to code injection by the executed file.
Opened files
Read files
Written files
Deleted files
Created processes
Code injections in the following processes
Opened mutexes
Searched windows
Runtime DLLs
Additional details
The file uses the IsDebuggerPresent Windows API function in order to see whether it is being debugged.
TCP connections