× Cookies are disabled! This site requires cookies to be enabled to work properly
SHA256: e7edad8af4064ef9dfe74e5623139fd2d700f2e39c68821a9c39b236081a2223
File name: 2a0aa36717c8f404a4d2a0c07110d112.virus
Detection ratio: 33 / 68
Analysis date: 2018-09-15 06:43:00 UTC ( 7 months, 1 week ago ) View latest
Antivirus Result Update
ALYac Trojan.GenericKD.40474930 20180915
Arcabit Trojan.Generic.D2699932 20180915
Avast FileRepMalware 20180915
AVG FileRepMalware 20180915
Avira (no cloud) TR/Kryptik.owqme 20180914
BitDefender Trojan.GenericKD.40474930 20180915
CrowdStrike Falcon (ML) malicious_confidence_100% (D) 20180723
Cybereason malicious.35a236 20180225
Cylance Unsafe 20180915
Emsisoft Trojan.GenericKD.40474930 (B) 20180915
Endgame malicious (high confidence) 20180730
ESET-NOD32 a variant of Win32/GenKryptik.CKYW 20180915
F-Secure Trojan.GenericKD.40474930 20180915
Fortinet W32/Propagate.RF!tr 20180915
GData Trojan.GenericKD.40474930 20180915
Ikarus Trojan.Inject 20180914
Sophos ML heuristic 20180717
Kaspersky Trojan.Win32.Propagate.rf 20180915
Malwarebytes Trojan.MalPack.VAK 20180915
MAX malware (ai score=85) 20180915
McAfee Artemis!2A0AA36717C8 20180915
McAfee-GW-Edition BehavesLike.Win32.Generic.ch 20180915
Microsoft Trojan:Win32/Dynamer!rfn 20180915
eScan Trojan.GenericKD.40474930 20180915
Palo Alto Networks (Known Signatures) generic.ml 20180915
Qihoo-360 HEUR/QVM19.1.E08F.Malware.Gen 20180915
Rising Trojan.Kryptik!1.B3BF (CLOUD) 20180915
SentinelOne (Static ML) static engine - malicious 20180830
Symantec Packed.Generic.493 20180914
TrendMicro TROJ_GEN.R004C0OIE18 20180915
TrendMicro-HouseCall TROJ_GEN.R004C0OIE18 20180915
VBA32 BScope.Trojan.SpyBot 20180914
ZoneAlarm by Check Point Trojan.Win32.Propagate.rf 20180915
Ad-Aware 20180913
AegisLab 20180915
AhnLab-V3 20180914
Alibaba 20180713
Antiy-AVL 20180915
Avast-Mobile 20180915
AVware 20180915
Babable 20180907
Baidu 20180914
Bkav 20180915
CAT-QuickHeal 20180912
ClamAV 20180915
CMC 20180914
Comodo 20180915
Cyren 20180915
DrWeb 20180915
eGambit 20180915
F-Prot 20180915
Jiangmin 20180915
K7AntiVirus 20180915
K7GW 20180915
Kingsoft 20180915
NANO-Antivirus 20180915
Panda 20180914
Sophos AV 20180915
SUPERAntiSpyware 20180907
Symantec Mobile Insight 20180911
TACHYON 20180915
Tencent 20180915
TheHacker 20180914
TotalDefense 20180915
Trustlook 20180915
VIPRE 20180915
ViRobot 20180915
Webroot 20180915
Yandex 20180915
Zillya 20180914
Zoner 20180914
The file being studied is a Portable Executable file! More specifically, it is a Win32 EXE file for the Windows GUI subsystem.
FileVersionInfo properties
PE header basic information
Target machine Intel 386 or later processors and compatible processors
Compilation timestamp 2014-11-08 18:30:24
Entry Point 0x0000DA45
Number of sections 4
PE sections
PE imports
OpenMutexA
CreateProcessW
LoadLibraryExW
SystemTimeToFileTime
OpenFileMappingW
GetPrivateProfileStringA
LoadLibraryA
HeapCreate
WaitForSingleObject
GlobalAddAtomA
CreateFileA
CopyFileA
GetTickCount
FindNextFileW
VirtualProtect
GetACP
GetProcAddress
GetLocalTime
SetEnvironmentVariableA
drvGetDefaultCommConfigA
CountryRunOnce
drvSetDefaultCommConfigA
drvCommConfigDialogA
NDdeShareEnumA
NDdeShareSetInfoA
wsprintfA
PeekMessageW
GetMessageA
GetClassLongW
CreateDesktopA
MessageBoxA
InsertMenuW
DialogBoxParamA
GetDlgItemTextW
DrawStateW
GetPropA
WTSVirtualChannelPurgeInput
WTSQuerySessionInformationA
WTSQueryUserToken
WTSVirtualChannelWrite
WTSVirtualChannelRead
WTSVirtualChannelClose
WTSRegisterSessionNotification
WTSLogoffSession
WTSSetSessionInformationW
WTSEnumerateSessionsW
WTSSetUserConfigW
WTSVirtualChannelQuery
WTSEnumerateServersA
Number of PE resources by type
HAB 3
Number of PE resources by language
ENGLISH US 3
PE resources
ExifTool file metadata
MIMEType
application/octet-stream

Subsystem
Windows GUI

MachineType
Intel 386 or later, and compatibles

FileTypeExtension
exe

TimeStamp
2014:11:08 10:30:24-08:00

FileType
Win32 EXE

PEType
PE32

CodeSize
69120

LinkerVersion
10.0

ImageFileCharacteristics
No relocs, Executable, 32-bit

EntryPoint
0xda45

InitializedDataSize
38400

SubsystemVersion
4.0

ImageVersion
0.0

OSVersion
4.0

UninitializedDataSize
0

File identification
MD5 2a0aa36717c8f404a4d2a0c07110d112
SHA1 133ba2835a236640e7afdd93c7536a754f23736b
SHA256 e7edad8af4064ef9dfe74e5623139fd2d700f2e39c68821a9c39b236081a2223
ssdeep
1536:bIKALFV35KfRX+jUcq6NurnTvGIPkFJEBJ04:baVJKZ+tQ/fnBW4

authentihash 8ee980f1ad393bf1f7936a7de3d15e97fc7a3f0d82e2be4c96046f0cd43419f9
imphash 62a66092f842804f1134070172a36627
File size 106.0 KB ( 108544 bytes )
File type Win32 EXE
Magic literal
PE32 executable for MS Windows (GUI) Intel 80386 32-bit

TrID Win32 Dynamic Link Library (generic) (38.4%)
Win32 Executable (generic) (26.3%)
OS/2 Executable (generic) (11.8%)
Generic Win/DOS Executable (11.6%)
DOS Executable Generic (11.6%)
Tags
peexe

VirusTotal metadata
First submission 2018-09-15 06:43:00 UTC ( 7 months, 1 week ago )
Last submission 2018-09-15 06:43:00 UTC ( 7 months, 1 week ago )
File names 2a0aa36717c8f404a4d2a0c07110d112.virus
No comments. No VirusTotal Community member has commented on this item yet, be the first one to do so!

Leave your comment...

?
Post comment

You have not signed in. Only registered users can leave comments, sign in and have a voice!

No votes. No one has voted on this item yet, be the first one to do so!
Condensed report! The following is a condensed report of the behaviour of the file when executed in a controlled environment. The actions and events described were either performed by the file itself or by any other process launched by the executed file or subjected to code injection by the executed file.
Opened files
Copied files
Opened mutexes
Runtime DLLs