× Cookies are disabled! This site requires cookies to be enabled to work properly
SHA256: eaf6860588f306d9940b5c52cfd9dd8d504435deb3da435e4be8dd02fd55833f
File name: download.exe
Detection ratio: 51 / 68
Analysis date: 2018-08-21 00:06:19 UTC ( 1 month, 4 weeks ago )
Antivirus Result Update
Ad-Aware Gen:Trojan.Downloader.tmGfae2BSAej 20180820
AegisLab Troj.W32.Siscos!c 20180820
AhnLab-V3 Malware/Win32.Generic.C2543279 20180820
ALYac Gen:Trojan.Downloader.tmGfae2BSAej 20180821
Arcabit Trojan.Downloader.tmGfae2BSAej 20180821
Avast Win32:Dh-A [Heur] 20180820
AVG FileRepMalware 20180820
Avira (no cloud) HEUR/AGEN.1011827 20180821
AVware Trojan.Win32.Generic!BT 20180821
BitDefender Gen:Trojan.Downloader.tmGfae2BSAej 20180821
CAT-QuickHeal Trojan.Vigorf 20180820
Comodo TrojWare.Win32.Kryptik.~FHSF 20180820
CrowdStrike Falcon (ML) malicious_confidence_90% (D) 20180723
Cybereason malicious.845bc1 20180225
Cylance Unsafe 20180821
Cyren W32/Dialer.B.gen!Eldorado 20180821
DrWeb Trojan.DownLoader25.10311 20180821
Emsisoft Gen:Trojan.Downloader.tmGfae2BSAej (B) 20180820
Endgame malicious (moderate confidence) 20180730
ESET-NOD32 a variant of Win32/Kryptik.FHSF 20180821
F-Prot W32/Dialer.B.gen!Eldorado 20180820
F-Secure Gen:Trojan.Downloader.tmGfae2BSAej 20180820
Fortinet W32/Siscos.FHSF!tr 20180820
GData Win32.Trojan.FlyStudio.F 20180821
Ikarus Virus.Win32.CeeInject 20180820
Jiangmin TrojanDownloader.Generic.bbbi 20180820
K7AntiVirus Trojan ( 004fbe731 ) 20180820
K7GW Trojan ( 004fbe731 ) 20180820
Kaspersky Trojan.Win32.Siscos.wgv 20180820
MAX malware (ai score=99) 20180821
McAfee RDN/Generic Downloader.x 20180820
McAfee-GW-Edition BehavesLike.Win32.Trojan.fc 20180820
Microsoft Trojan:Win32/Occamy.C 20180820
eScan Gen:Trojan.Downloader.tmGfae2BSAej 20180820
NANO-Antivirus Trojan.Win32.Siscos.fexrjw 20180821
Palo Alto Networks (Known Signatures) generic.ml 20180821
Panda Trj/GdSda.A 20180820
Qihoo-360 Win32/Trojan.Downloader.19d 20180821
Rising Trojan.Kryptik!8.8 (CLOUD) 20180820
SentinelOne (Static ML) static engine - malicious 20180701
Sophos AV Mal/Generic-S 20180820
Symantec Trojan.Gen.2 20180820
TACHYON Trojan/W32.Siscos.753664.D 20180820
Tencent Win32.Trojan.Siscos.Eel 20180821
TrendMicro TROJ_GEN.R020C0DG618 20180820
TrendMicro-HouseCall TROJ_GEN.R020C0DG618 20180820
VBA32 Trojan.Reconyc 20180820
VIPRE Trojan.Win32.Generic!BT 20180820
Webroot W32.Trojan.Downloader.tmGfae2BS 20180821
Yandex Trojan.Siscos!Bb95RxMn6lo 20180820
ZoneAlarm by Check Point Trojan.Win32.Siscos.wgv 20180820
Alibaba 20180713
Antiy-AVL 20180821
Avast-Mobile 20180820
Babable 20180725
Baidu 20180820
Bkav 20180820
ClamAV 20180820
CMC 20180817
eGambit 20180821
Sophos ML 20180717
Kingsoft 20180821
Malwarebytes 20180821
SUPERAntiSpyware 20180820
Symantec Mobile Insight 20180814
TheHacker 20180818
TotalDefense 20180820
Trustlook 20180821
ViRobot 20180820
Zillya 20180820
Zoner 20180820
The file being studied is a Portable Executable file! More specifically, it is a Win32 EXE file for the Windows GUI subsystem.
Packers identified
F-PROT UPX
PE header basic information
Target machine Intel 386 or later processors and compatible processors
Compilation timestamp 2018-07-06 13:03:55
Entry Point 0x000DC0F0
Number of sections 3
PE sections
PE imports
RegCloseKey
PatBlt
VirtualProtect
LoadLibraryA
ExitProcess
GetProcAddress
LoadTypeLib
RasHangUpA
ShellExecuteA
InternetOpenA
waveOutOpen
OpenPrinterA
inet_ntoa
ChooseColorA
OleInitialize
ExifTool file metadata
MIMEType
application/octet-stream

Subsystem
Windows GUI

MachineType
Intel 386 or later, and compatibles

FileTypeExtension
exe

TimeStamp
2018:07:06 14:03:55+01:00

FileType
Win32 EXE

PEType
PE32

CodeSize
323584

LinkerVersion
6.0

ImageFileCharacteristics
No relocs, Executable, No line numbers, No symbols, 32-bit

EntryPoint
0xdc0f0

InitializedDataSize
4096

SubsystemVersion
4.0

ImageVersion
0.0

OSVersion
4.0

UninitializedDataSize
577536

Compressed bundles
File identification
MD5 0743673845bc10b9d36d8912964173c4
SHA1 2f4a8ff3fb10c834c1a9f452a98200bee7f0c214
SHA256 eaf6860588f306d9940b5c52cfd9dd8d504435deb3da435e4be8dd02fd55833f
ssdeep
6144:RTQzfH06jTIrMm45aMVPJk63KyJUAdJ1biAlYJ9YrI117q:pQDHtjTIrMm0a+i6zS2biIY4kTW

authentihash 5dcc04f30505eb01d5a14a3f9ae5fa22354fb84d33615633de992efa14474ee6
imphash c2ee7d277580fccb850519e0885ea7e1
File size 315.0 KB ( 322560 bytes )
File type Win32 EXE
Magic literal
PE32 executable for MS Windows (GUI) Intel 80386 32-bit

TrID UPX compressed Win32 Executable (61.2%)
Win32 Dynamic Link Library (generic) (14.8%)
Win32 Executable (generic) (10.2%)
OS/2 Executable (generic) (4.5%)
Generic Win/DOS Executable (4.5%)
Tags
peexe upx

VirusTotal metadata
First submission 2018-07-06 15:32:05 UTC ( 3 months, 2 weeks ago )
Last submission 2018-07-10 07:00:53 UTC ( 3 months, 1 week ago )
File names DOWNLOAD.EXE
output.113378718.txt
20_MALWARE.exe
download.exe
392f8c899abf6509f123631c9c936dd55a2ebca6
No comments. No VirusTotal Community member has commented on this item yet, be the first one to do so!

Leave your comment...

?
Post comment

You have not signed in. Only registered users can leave comments, sign in and have a voice!

No votes. No one has voted on this item yet, be the first one to do so!
Condensed report! The following is a condensed report of the behaviour of the file when executed in a controlled environment. The actions and events described were either performed by the file itself or by any other process launched by the executed file or subjected to code injection by the executed file.
Opened files
Read files
Written files
Created processes
Code injections in the following processes
Opened mutexes
Runtime DLLs