× Cookies are disabled! This site requires cookies to be enabled to work properly
SHA256: e8542c07b2af63ee7e72ce5d97d91036c5da56e2b091aa2afe737b224305d230
Detection ratio: 1 / 66
Analysis date: 2017-12-14 15:17:15 UTC ( 10 months, 1 week ago ) View latest
Antivirus Result Update
Symantec Trojan.Trisis 20171214
Ad-Aware 20171214
AegisLab 20171214
AhnLab-V3 20171214
Alibaba 20171214
ALYac 20171214
Antiy-AVL 20171214
Arcabit 20171214
Avast 20171214
Avast-Mobile 20171214
AVG 20171214
Avira (no cloud) 20171214
AVware 20171214
Baidu 20171212
BitDefender 20171214
Bkav 20171214
CAT-QuickHeal 20171214
ClamAV 20171214
CMC 20171214
Comodo 20171214
CrowdStrike Falcon (ML) 20171016
Cybereason 20171103
Cylance 20171214
Cyren 20171214
DrWeb 20171214
eGambit 20171214
Emsisoft 20171214
Endgame 20171130
ESET-NOD32 20171214
F-Prot 20171214
F-Secure 20171214
Fortinet 20171214
GData 20171214
Ikarus 20171214
Sophos ML 20170914
Jiangmin 20171214
K7AntiVirus 20171214
K7GW 20171214
Kaspersky 20171214
Kingsoft 20171214
Malwarebytes 20171214
MAX 20171214
McAfee 20171214
McAfee-GW-Edition 20171214
Microsoft 20171214
eScan 20171214
NANO-Antivirus 20171214
nProtect 20171214
Palo Alto Networks (Known Signatures) 20171214
Panda 20171214
Qihoo-360 20171214
Rising 20171214
SentinelOne (Static ML) 20171207
Sophos AV 20171214
SUPERAntiSpyware 20171214
Symantec Mobile Insight 20171213
Tencent 20171214
TheHacker 20171210
TrendMicro 20171214
TrendMicro-HouseCall 20171214
Trustlook 20171214
VBA32 20171214
VIPRE 20171214
ViRobot 20171214
WhiteArmor 20171204
Yandex 20171214
Zillya 20171214
ZoneAlarm by Check Point 20171214
Zoner 20171214
The file being studied is a Portable Executable file! More specifically, it is a Win32 EXE file for the Windows command line subsystem.
PE header basic information
Target machine Intel 386 or later processors and compatible processors
Compilation timestamp 2008-11-10 09:40:34
Entry Point 0x00002B28
Number of sections 4
PE sections
PE imports
GetLastError
HeapFree
LoadResource
FreeLibrary
QueryPerformanceCounter
IsDebuggerPresent
HeapAlloc
VirtualProtect
LoadLibraryA
GetModuleFileNameA
GetCurrentProcess
GetCurrentProcessId
LockResource
UnhandledExceptionFilter
GetProcAddress
InterlockedCompareExchange
GetProcessHeap
MapViewOfFile
GetModuleHandleA
FormatMessageA
InterlockedExchange
SetUnhandledExceptionFilter
CloseHandle
GetSystemTimeAsFileTime
CreateFileMappingA
OutputDebugStringA
GetFullPathNameA
LocalFree
TerminateProcess
UnmapViewOfFile
VirtualFree
Sleep
IsBadReadPtr
CreateFileA
GetTickCount
GetCurrentThreadId
FindResourceA
VirtualAlloc
GetFileSize
SetLastError
strncmp
__p__fmode
malloc
_crt_debugger_hook
realloc
memset
__dllonexit
_stricmp
_controlfp_s
fprintf
_invoke_watson
strncpy
_cexit
?terminate@@YAXXZ
_lock
qsort
_onexit
__initenv
exit
_XcptFilter
_encode_pointer
__setusermatherr
_initterm_e
_adjust_fdiv
_amsg_exit
_unlock
strrchr
__p__commode
memcpy
getenv
_except_handler4_common
atoi
free
__getmainargs
setbuf
_exit
_decode_pointer
__iob_func
bsearch
_snprintf
_configthreadlocale
_initterm
_strdup
__set_app_type
Number of PE resources by type
RT_MANIFEST 1
PYTHONSCRIPT 1
Number of PE resources by language
NEUTRAL 2
PE resources
ExifTool file metadata
MIMEType
application/octet-stream

Subsystem
Windows command line

MachineType
Intel 386 or later, and compatibles

FileTypeExtension
exe

TimeStamp
2008:11:10 10:40:34+01:00

FileType
Win32 EXE

PEType
PE32

CodeSize
8704

LinkerVersion
9.0

ImageFileCharacteristics
No relocs, Executable, 32-bit

EntryPoint
0x2b28

InitializedDataSize
11776

SubsystemVersion
5.0

ImageVersion
0.0

OSVersion
5.0

UninitializedDataSize
0

File identification
MD5 6c39c3f4a08d3d78f2eb973a94bd7718
SHA1 dc81f383624955e0c0441734f9f1dabfe03f373c
SHA256 e8542c07b2af63ee7e72ce5d97d91036c5da56e2b091aa2afe737b224305d230
ssdeep
384:eIn2vPeqUfmEZ+nUn0fJCfMdXWgugoL2RrXdUWJCXXtB:eBPeqYmEb0kUX9XdUzXv

authentihash 868ea37678807aadf27fe4b4ce469fdc2e2c10ce328ae7471c1c30c42efeb0dd
imphash b28c641d753fb51b62a00fe6115070ae
File size 21.0 KB ( 21504 bytes )
File type Win32 EXE
Magic literal
PE32 executable for MS Windows (console) Intel 80386 32-bit

TrID Win32 Executable MS Visual C++ (generic) (41.0%)
Win64 Executable (generic) (36.3%)
Win32 Dynamic Link Library (generic) (8.6%)
Win32 Executable (generic) (5.9%)
OS/2 Executable (generic) (2.6%)
Tags
peexe

VirusTotal metadata
First submission 2017-08-29 18:21:39 UTC ( 1 year, 1 month ago )
Last submission 2018-10-04 21:31:28 UTC ( 1 week, 6 days ago )
File names 1000-dc81f383624955e0c0441734f9f1dabfe03f373c
localfile~
trilog.exe
6c39c3f4a08d3d78f2eb973a94bd7718.virus
No comments. No VirusTotal Community member has commented on this item yet, be the first one to do so!

Leave your comment...

?
Post comment

You have not signed in. Only registered users can leave comments, sign in and have a voice!

No votes. No one has voted on this item yet, be the first one to do so!
Condensed report! The following is a condensed report of the behaviour of the file when executed in a controlled environment. The actions and events described were either performed by the file itself or by any other process launched by the executed file or subjected to code injection by the executed file.
Opened files
Runtime DLLs