× Cookies are disabled! This site requires cookies to be enabled to work properly
SHA256: ea16c221e6bb47c514bfdb077268bdd8c7693bc14615c6f8680de4ab599e6512
File name: RelayMTA18.exe
Detection ratio: 30 / 67
Analysis date: 2017-10-21 06:44:18 UTC ( 1 year, 4 months ago ) View latest
Antivirus Result Update
Ad-Aware Trojan.GenericKD.6130926 20171021
AegisLab Ml.Attribute.Gen!c 20171021
AhnLab-V3 Trojan/Win32.Mansabo.R210617 20171020
Arcabit Trojan.Generic.D5D8CEE 20171021
Avast Win32:Malware-gen 20171021
AVG Win32:Malware-gen 20171021
Baidu Win32.Trojan.WisdomEyes.16070401.9500.9997 20171020
BitDefender Trojan.GenericKD.6130926 20171021
CrowdStrike Falcon (ML) malicious_confidence_100% (W) 20171016
Cylance Unsafe 20171021
eGambit malicious_confidence_98% 20171021
Emsisoft Trojan.GenericKD.6130926 (B) 20171021
Endgame malicious (high confidence) 20171016
ESET-NOD32 a variant of Generik.HTAITQV 20171021
F-Secure Trojan.GenericKD.6130926 20171021
Fortinet Generik.HTAITQV!tr 20171021
GData Trojan.GenericKD.6130926 20171021
Ikarus Win32.Outbreak 20171020
Sophos ML heuristic 20170914
Kaspersky UDS:DangerousObject.Multi.Generic 20171021
McAfee Artemis!153909E3626E 20171021
McAfee-GW-Edition BehavesLike.Win32.FakeAlert.ph 20171021
eScan Trojan.GenericKD.6130926 20171021
Palo Alto Networks (Known Signatures) generic.ml 20171021
Rising Malware.Heuristic!ET#97% (RDM+:cmRtazo8TbeXX5N8lq8Ml/PZfF0U) 20171021
SentinelOne (Static ML) static engine - malicious 20171019
Symantec ML.Attribute.HighConfidence 20171020
TrendMicro-HouseCall Suspicious_GEN.F47V1020 20171021
Webroot W32.Trojan.Gen 20171021
ZoneAlarm by Check Point UDS:DangerousObject.Multi.Generic 20171021
Alibaba 20170911
ALYac 20171021
Antiy-AVL 20171021
Avast-Mobile 20171020
Avira (no cloud) 20171020
AVware 20171021
Bkav 20171020
CAT-QuickHeal 20171020
ClamAV 20171021
CMC 20171018
Comodo 20171021
Cyren 20171021
DrWeb 20171021
F-Prot 20171021
Jiangmin 20171021
K7AntiVirus 20171019
K7GW 20171021
Kingsoft 20171021
Malwarebytes 20171021
MAX 20171021
Microsoft 20171020
NANO-Antivirus 20171021
nProtect 20171021
Panda 20171020
Qihoo-360 20171021
Sophos AV 20171021
SUPERAntiSpyware 20171021
Symantec Mobile Insight 20171011
Tencent 20171021
TheHacker 20171017
TotalDefense 20171021
TrendMicro 20171021
Trustlook 20171021
VBA32 20171020
VIPRE 20171021
ViRobot 20171021
WhiteArmor 20171016
Yandex 20171020
Zillya 20171019
Zoner 20171021
The file being studied is a Portable Executable file! More specifically, it is a Win32 EXE file for the Windows GUI subsystem.
FileVersionInfo properties
Packers identified
PEiD InstallShield 2000
PE header basic information
Target machine Intel 386 or later processors and compatible processors
Compilation timestamp 2015-06-29 18:19:17
Entry Point 0x000010B0
Number of sections 4
PE sections
PE imports
GetLastError
GetStartupInfoA
lstrcpyW
GetCurrentDirectoryW
GetModuleHandleA
LoadLibraryW
CreateFileW
SleepEx
CloseHandle
CreateFileMappingA
CreateFileA
GetModuleHandleW
_except_handler3
__p__fmode
memset
_exit
__p__commode
__setusermatherr
__p__acmdln
exit
_XcptFilter
__getmainargs
_initterm
_controlfp
_adjust_fdiv
__set_app_type
UpdateWindow
LoadBitmapW
DefWindowProcW
GetMessageW
PostQuitMessage
ShowWindow
MessageBoxW
GetWindowRect
EndPaint
TranslateMessage
DispatchMessageW
BeginPaint
SendMessageW
wsprintfW
GetWindowPlacement
GetWindowLongA
SetTimer
GetDesktopWindow
LoadCursorW
LoadIconW
CreateWindowExW
RegisterClassExW
GetWindowTextA
DestroyWindow
ExifTool file metadata
MIMEType
application/octet-stream

Subsystem
Windows GUI

MachineType
Intel 386 or later, and compatibles

FileTypeExtension
exe

TimeStamp
2015:06:29 11:19:17-07:00

FileType
Win32 EXE

PEType
PE32

CodeSize
32256

LinkerVersion
7.1

ImageFileCharacteristics
No relocs, Executable, No line numbers, No symbols, 32-bit

EntryPoint
0x10b0

InitializedDataSize
18432

SubsystemVersion
4.0

ImageVersion
0.0

OSVersion
4.0

UninitializedDataSize
0

File identification
MD5 153909e3626ebd60eead4ec580785f26
SHA1 fe58b77595914af18d74cf2ca85af3436705ffeb
SHA256 ea16c221e6bb47c514bfdb077268bdd8c7693bc14615c6f8680de4ab599e6512
ssdeep
768:wj3CTFCAurmtQuwUCltA+/9lm74G/sk5TtIsnWHEM5eDIwbS:WCT8AurmtPwUCltA+FQ74G/swWsnWkMt

authentihash 9b672643ccead849ee71c7e511698db8e7d2d8509a665da4f0a82a2f0a8e0e3b
imphash 4a2e4080e63aa5820521dfbe2cf15a34
File size 48.0 KB ( 49152 bytes )
File type Win32 EXE
Magic literal
PE32 executable for MS Windows (GUI) Intel 80386 32-bit

TrID Win32 Executable MS Visual C++ (generic) (33.7%)
Win64 Executable (generic) (29.8%)
Microsoft Visual C++ compiled executable (generic) (17.8%)
Win32 Dynamic Link Library (generic) (7.1%)
Win32 Executable (generic) (4.8%)
Tags
peexe installshield

VirusTotal metadata
First submission 2017-10-20 16:31:50 UTC ( 1 year, 4 months ago )
Last submission 2017-11-21 09:57:00 UTC ( 1 year, 3 months ago )
File names RelayMTA18.exe
tmp33A5.tmp
output.112350621.txt
No comments. No VirusTotal Community member has commented on this item yet, be the first one to do so!

Leave your comment...

?
Post comment

You have not signed in. Only registered users can leave comments, sign in and have a voice!

No votes. No one has voted on this item yet, be the first one to do so!
Condensed report! The following is a condensed report of the behaviour of the file when executed in a controlled environment. The actions and events described were either performed by the file itself or by any other process launched by the executed file or subjected to code injection by the executed file.
Opened files
Deleted files
Created processes
Created mutexes
Opened mutexes
Runtime DLLs
DNS requests
UDP communications