× Cookies are disabled! This site requires cookies to be enabled to work properly
SHA256: ea682caa37257a53a7ab0787cfb67859ca9dcf1bf0488e5cb19759edbfcb79b6
File name: b38.exe
Detection ratio: 53 / 69
Analysis date: 2018-06-22 06:24:50 UTC ( 5 months, 3 weeks ago )
Antivirus Result Update
Ad-Aware Trojan.Ransom.Agent.AZ 20180622
AegisLab Filerepmalware.Gen!c 20180622
AhnLab-V3 Win-Trojan/Gandcrab02.Exp 20180621
ALYac Trojan.Bunitu 20180622
Antiy-AVL Trojan/Win32.Chapak 20180622
Arcabit Trojan.Ransom.Agent.AZ 20180622
Avast Win32:Malware-gen 20180622
AVG Win32:Malware-gen 20180622
Avira (no cloud) TR/Dropper.cciio 20180621
AVware Trojan.Win32.Generic!BT 20180621
Baidu Win32.Trojan.WisdomEyes.16070401.9500.9998 20180622
BitDefender Trojan.Ransom.Agent.AZ 20180622
CAT-QuickHeal Trojan.Mauvaise.SL1 20180621
Comodo Backdoor.Win32.Quicdy.A 20180622
CrowdStrike Falcon (ML) malicious_confidence_100% (W) 20180530
Cybereason malicious.b52481 20180225
Cylance Unsafe 20180622
Cyren W32/S-931dd601!Eldorado 20180622
DrWeb Trojan.Siggen7.38831 20180622
Emsisoft Trojan.Ransom.Agent.AZ (B) 20180622
Endgame malicious (high confidence) 20180612
ESET-NOD32 a variant of Win32/Kryptik.GEBP 20180622
F-Prot W32/S-931dd601!Eldorado 20180622
F-Secure Trojan.Ransom.Agent.AZ 20180622
Fortinet W32/Injector.DVHR!tr 20180622
GData Trojan.Ransom.Agent.AZ 20180622
Ikarus Trojan.Dropper 20180621
Sophos ML heuristic 20180601
Jiangmin Backdoor.Kasidet.mr 20180622
K7AntiVirus Trojan ( 005261921 ) 20180621
K7GW Trojan ( 005261921 ) 20180622
Kaspersky HEUR:Trojan.Win32.Generic 20180622
Malwarebytes Trojan.MalPack.Generic 20180622
MAX malware (ai score=99) 20180622
McAfee RDN/Generic.grp 20180622
McAfee-GW-Edition BehavesLike.Win32.SoftPulse.cc 20180622
Microsoft VirTool:Win32/Obfuscator 20180622
eScan Trojan.Ransom.Agent.AZ 20180622
NANO-Antivirus Trojan.Win32.TrjGen.eyrqnk 20180622
Palo Alto Networks (Known Signatures) generic.ml 20180622
Panda Trj/CI.A 20180621
Qihoo-360 Win32/Trojan.Multi.daf 20180622
Sophos AV Mal/GandCrab-B 20180622
SUPERAntiSpyware Ransom.Filecoder/Variant 20180622
Symantec Trojan.Gen.2 20180621
TACHYON Trojan/W32.Chapak.193024 20180622
Tencent Win32.Trojan.Chapak.Ajlc 20180622
TrendMicro TROJ_QADARS.NZO 20180622
TrendMicro-HouseCall TROJ_QADARS.NZO 20180622
VBA32 Trojan.Chapak 20180621
VIPRE Trojan.Win32.Generic!BT 20180622
Yandex Trojan.Agent!bJnZoTy9VvA 20180621
ZoneAlarm by Check Point HEUR:Trojan.Win32.Generic 20180622
Alibaba 20180622
Avast-Mobile 20180621
Babable 20180406
Bkav 20180621
ClamAV 20180622
CMC 20180621
eGambit 20180622
Kingsoft 20180622
Rising 20180622
SentinelOne (Static ML) 20180618
Symantec Mobile Insight 20180619
TheHacker 20180621
TotalDefense 20180621
Trustlook 20180622
ViRobot 20180622
Webroot 20180622
Zillya 20180621
Zoner 20180621
The file being studied is a Portable Executable file! More specifically, it is a Win32 EXE file for the Windows GUI subsystem.
PE header basic information
Target machine Intel 386 or later processors and compatible processors
Compilation timestamp 2018-03-07 11:33:01
Entry Point 0x000016B6
Number of sections 5
PE sections
PE imports
GetLastError
IsValidCodePage
HeapFree
GetStdHandle
EnterCriticalSection
LCMapStringW
SetHandleCount
lstrlenA
GetModuleFileNameW
RequestDeviceWakeup
GetConsoleCP
GetOEMCP
QueryPerformanceCounter
IsDebuggerPresent
HeapAlloc
TlsAlloc
VirtualProtect
FlushFileBuffers
RtlUnwind
HeapSetInformation
GetCurrentProcess
GetStartupInfoW
UnregisterWait
GetConsoleMode
DecodePointer
GetCurrentProcessId
GetConsoleCursorInfo
GetCommandLineW
WideCharToMultiByte
UnhandledExceptionFilter
SetErrorMode
MultiByteToWideChar
HeapSize
SetStdHandle
FreeEnvironmentStringsW
InitializeCriticalSectionAndSpinCount
GetProcAddress
IsProcessInJob
ExitProcess
GetCPInfo
LoadLibraryW
TlsFree
SetFilePointer
GetSystemTimeAsFileTime
DeleteCriticalSection
SetUnhandledExceptionFilter
WriteFile
InterlockedIncrement
CloseHandle
IsProcessorFeaturePresent
TerminateProcess
GetACP
HeapReAlloc
GetStringTypeW
GetModuleHandleW
TransmitCommChar
InterlockedDecrement
GetNumberFormatA
HeapCreate
SetLastError
CreateFileW
GlobalAlloc
GetEnvironmentStringsW
TlsGetValue
Sleep
GetFileType
GetTickCount
TlsSetValue
EncodePointer
GetCurrentThreadId
GetProcessHeap
GetEnvironmentVariableW
WriteConsoleW
LeaveCriticalSection
LoadMenuIndirectA
GetMonitorInfoW
GetKBCodePage
EnumPropsExW
CloseWindow
ReuseDDElParam
GetWindowInfo
ShowWindow
SetMenuInfo
VkKeyScanW
CloseWindowStation
CopyImage
Number of PE resources by type
RT_BITMAP 5
RT_ICON 4
KASAPUSE 1
PENEBILERIFAYILUZUDULA 1
ZENEZEBINUPUPASOBA 1
FILOME 1
RT_MANIFEST 1
QUAVJXNKIY 1
RT_ACCELERATOR 1
XEWIREXUMAHEGACOGUNACU 1
RT_GROUP_ICON 1
Number of PE resources by language
NEUTRAL 17
ENGLISH US 1
PE resources
ExifTool file metadata
MIMEType
application/octet-stream

Subsystem
Windows GUI

MachineType
Intel 386 or later, and compatibles

FileTypeExtension
exe

TimeStamp
2018:03:07 12:33:01+01:00

FileType
Win32 EXE

PEType
PE32

CodeSize
23552

LinkerVersion
10.0

EntryPoint
0x16b6

InitializedDataSize
168448

SubsystemVersion
5.1

ImageVersion
0.0

OSVersion
5.1

UninitializedDataSize
0

File identification
MD5 e1a425877f5b0fb3045c145160a49e14
SHA1 761db1fb524811524038dbd228800637ecfd37d5
SHA256 ea682caa37257a53a7ab0787cfb67859ca9dcf1bf0488e5cb19759edbfcb79b6
ssdeep
3072:VTNrSlmeVlWQcjOD4CbOGvF2VigKo1uqpqXeSuPBaqokoTpAXbf:VTRSlJAc4CbL2VigKorwXPUPoDAXbf

authentihash 7c28d14c2fad003760bfea0c07b886db1a70598b26d6490e28cabf25e595a1e9
imphash ef24c1bd87d2098e0b315cd03fb81b7a
File size 188.5 KB ( 193024 bytes )
File type Win32 EXE
Magic literal
PE32 executable for MS Windows (GUI) Intel 80386 32-bit

TrID Win32 Executable MS Visual C++ (generic) (64.5%)
Win32 Dynamic Link Library (generic) (13.6%)
Win32 Executable (generic) (9.3%)
OS/2 Executable (generic) (4.1%)
Generic Win/DOS Executable (4.1%)
Tags
peexe

VirusTotal metadata
First submission 2018-03-07 19:42:37 UTC ( 9 months, 1 week ago )
Last submission 2018-03-08 15:16:30 UTC ( 9 months, 1 week ago )
File names b38.exe
b38.exe
No comments. No VirusTotal Community member has commented on this item yet, be the first one to do so!

Leave your comment...

?
Post comment

You have not signed in. Only registered users can leave comments, sign in and have a voice!

No votes. No one has voted on this item yet, be the first one to do so!
Condensed report! The following is a condensed report of the behaviour of the file when executed in a controlled environment. The actions and events described were either performed by the file itself or by any other process launched by the executed file or subjected to code injection by the executed file.
Opened mutexes
Runtime DLLs