× Cookies are disabled! This site requires cookies to be enabled to work properly
SHA256: eaa2dfb647e4df0e13f6b6642dea2d8eb8ee1aea1378806f5ccdf63450c3a3eb
File name: fabfc503eb52ce5d44363bfa139aed69.exe
Detection ratio: 18 / 66
Analysis date: 2018-04-12 11:27:21 UTC ( 1 year ago ) View latest
Antivirus Result Update
AegisLab Ml.Attribute.Gen!c 20180412
Baidu Win32.Trojan.WisdomEyes.16070401.9500.9872 20180412
CrowdStrike Falcon (ML) malicious_confidence_80% (W) 20170201
Cylance Unsafe 20180412
eGambit Unsafe.AI_Score_72% 20180412
Endgame malicious (high confidence) 20180403
Sophos ML heuristic 20180121
Kaspersky UDS:DangerousObject.Multi.Generic 20180412
MAX malware (ai score=95) 20180412
McAfee Artemis!FABFC503EB52 20180412
McAfee-GW-Edition Artemis 20180411
Palo Alto Networks (Known Signatures) generic.ml 20180412
SentinelOne (Static ML) static engine - malicious 20180225
Sophos AV Mal/Trickbt-A 20180412
Symantec ML.Attribute.HighConfidence 20180412
Webroot W32.Trojan.Gen 20180412
WhiteArmor Malware.HighConfidence 20180408
ZoneAlarm by Check Point UDS:DangerousObject.Multi.Generic 20180412
Ad-Aware 20180412
AhnLab-V3 20180411
Alibaba 20180412
ALYac 20180412
Antiy-AVL 20180412
Arcabit 20180412
Avast 20180412
Avast-Mobile 20180412
AVG 20180412
Avira (no cloud) 20180412
AVware 20180412
BitDefender 20180412
Bkav 20180410
CAT-QuickHeal 20180411
ClamAV 20180412
CMC 20180411
Comodo 20180412
Cybereason None
Cyren 20180412
DrWeb 20180412
Emsisoft 20180412
ESET-NOD32 20180412
F-Prot 20180412
F-Secure 20180412
Fortinet 20180412
GData 20180412
Ikarus 20180411
Jiangmin 20180412
K7AntiVirus 20180412
K7GW 20180412
Kingsoft 20180412
Malwarebytes 20180412
Microsoft 20180412
eScan 20180412
NANO-Antivirus 20180412
nProtect 20180412
Panda 20180411
Qihoo-360 20180412
Rising 20180412
SUPERAntiSpyware 20180412
Symantec Mobile Insight 20180412
Tencent 20180412
TheHacker 20180410
TrendMicro 20180412
TrendMicro-HouseCall 20180412
Trustlook 20180412
VBA32 20180411
VIPRE 20180412
ViRobot 20180412
Yandex 20180412
Zillya 20180411
Zoner 20180412
The file being studied is a Portable Executable file! More specifically, it is a Win32 EXE file for the Windows GUI subsystem.
PE header basic information
Target machine Intel 386 or later processors and compatible processors
Compilation timestamp 2015-12-27 04:35:44
Entry Point 0x00030550
Number of sections 4
PE sections
PE imports
GetOpenFileNameA
GetLastError
InitializeCriticalSectionAndSpinCount
HeapFree
GetStdHandle
EnterCriticalSection
GetSystemInfo
LoadLibraryW
GetConsoleCP
GetOEMCP
QueryPerformanceCounter
IsDebuggerPresent
HeapAlloc
FlsGetValue
GetVersionExA
GetEnvironmentStringsW
FlushFileBuffers
GetModuleFileNameA
RtlUnwind
FlsSetValue
IsProcessorFeaturePresent
DeleteCriticalSection
GetStartupInfoA
GetStartupInfoW
GetFileType
GetConsoleMode
DecodePointer
lstrcatA
UnhandledExceptionFilter
WriteConsoleW
ExitProcess
LoadLibraryExW
MultiByteToWideChar
HeapSize
SetFilePointerEx
FreeEnvironmentStringsW
FlsAlloc
GetCommandLineA
GetProcAddress
FlsFree
GetProcessHeap
GetTickCount64
SetStdHandle
GetTempPathA
GetCPInfo
GetModuleFileNameW
GetModuleHandleA
GetSystemTimeAsFileTime
SetUnhandledExceptionFilter
lstrcpyA
GetCurrentProcess
CloseHandle
InitOnceExecuteOnce
GetACP
HeapReAlloc
GetStringTypeW
GetModuleHandleW
TerminateProcess
WideCharToMultiByte
GetModuleHandleExW
IsValidCodePage
OutputDebugStringW
WriteFile
CreateFileW
InterlockedDecrement
Sleep
SetLastError
EncodePointer
GetCurrentThreadId
LeaveCriticalSection
LCMapStringEx
InterlockedIncrement
SetFocus
GetMessageA
GetParent
UpdateWindow
LoadBitmapW
PostQuitMessage
DefWindowProcA
ShowWindow
LoadBitmapA
SetWindowLongA
DispatchMessageA
PostMessageA
MoveWindow
DestroyCursor
TranslateMessage
GetMenuItemID
RegisterClassExA
GetMenu
LoadStringA
SendMessageA
SetWindowTextW
CreateWindowExA
FrameRect
InvalidateRect
LoadAcceleratorsA
SetTimer
LoadCursorA
LoadIconA
TranslateAcceleratorA
GetClassNameW
DestroyWindow
Number of PE resources by type
RT_ACCELERATOR 1
RT_MANIFEST 1
RT_STRING 1
RT_MENU 1
Number of PE resources by language
ENGLISH US 4
PE resources
ExifTool file metadata
MIMEType
application/octet-stream

Subsystem
Windows GUI

MachineType
Intel 386 or later, and compatibles

FileTypeExtension
exe

TimeStamp
2015:12:27 05:35:44+01:00

FileType
Win32 EXE

PEType
PE32

CodeSize
286208

LinkerVersion
9.0

ImageFileCharacteristics
No relocs, Executable, 32-bit

EntryPoint
0x30550

InitializedDataSize
144896

SubsystemVersion
5.0

ImageVersion
0.0

OSVersion
5.0

UninitializedDataSize
0

File identification
MD5 fabfc503eb52ce5d44363bfa139aed69
SHA1 ddfa6af6f2a6f55aff7e64078aecdb92d5f225ac
SHA256 eaa2dfb647e4df0e13f6b6642dea2d8eb8ee1aea1378806f5ccdf63450c3a3eb
ssdeep
6144:zkz2zDxjcGiss4tOdw6riVERyddansGYwIJ:oqrd6GVERyddHr

authentihash a2fee40ee35d50fe360d48cb1fed330fb9ab756f704ea165b0820b2b21ab9892
imphash baf66f89251f7e09bcc7da22537a8e63
File size 412.5 KB ( 422400 bytes )
File type Win32 EXE
Magic literal
PE32 executable for MS Windows (GUI) Intel 80386 32-bit

TrID Win32 Executable MS Visual C++ (generic) (41.0%)
Win64 Executable (generic) (36.3%)
Win32 Dynamic Link Library (generic) (8.6%)
Win32 Executable (generic) (5.9%)
OS/2 Executable (generic) (2.6%)
Tags
peexe

VirusTotal metadata
First submission 2018-04-12 10:44:18 UTC ( 1 year ago )
Last submission 2018-05-10 17:54:37 UTC ( 11 months, 2 weeks ago )
File names ertsf.rtf
fabfc503eb52ce5d44363bfa139aed69.exe
ser0412.bin
lockcysano.exe
No comments. No VirusTotal Community member has commented on this item yet, be the first one to do so!

Leave your comment...

?
Post comment

You have not signed in. Only registered users can leave comments, sign in and have a voice!

No votes. No one has voted on this item yet, be the first one to do so!