× Cookies are disabled! This site requires cookies to be enabled to work properly
SHA256: eb81b6682f05529412ee2bcc4bdf9d551ed4da4918fa3b71e02e614673db2850
File name: FOHPXf3ncjn5UfrlU8
Detection ratio: 8 / 68
Analysis date: 2018-07-06 15:15:06 UTC ( 8 months, 3 weeks ago ) View latest
Antivirus Result Update
AegisLab Troj.W32.Gen.lLnX 20180706
Bkav W32.eHeur.Malware08 20180706
CrowdStrike Falcon (ML) malicious_confidence_90% (D) 20180530
Cylance Unsafe 20180706
Endgame malicious (high confidence) 20180612
ESET-NOD32 a variant of Win32/GenKryptik.CENE 20180706
Fortinet W32/Kryptik.GIMC!tr 20180706
Qihoo-360 HEUR/QVM10.1.52CF.Malware.Gen 20180706
Ad-Aware 20180706
AhnLab-V3 20180706
ALYac 20180706
Antiy-AVL 20180706
Arcabit 20180706
Avast 20180706
Avast-Mobile 20180706
AVG 20180706
Avira (no cloud) 20180706
AVware 20180706
Babable 20180406
Baidu 20180706
BitDefender 20180706
CAT-QuickHeal 20180706
ClamAV 20180706
CMC 20180706
Comodo 20180706
Cybereason 20180225
Cyren 20180706
DrWeb 20180706
eGambit 20180706
Emsisoft 20180706
F-Prot 20180706
F-Secure 20180706
GData 20180706
Ikarus 20180706
Sophos ML 20180601
Jiangmin 20180706
K7AntiVirus 20180706
K7GW 20180706
Kaspersky 20180706
Kingsoft 20180706
Malwarebytes 20180706
MAX 20180706
McAfee 20180706
McAfee-GW-Edition 20180706
Microsoft 20180706
eScan 20180706
NANO-Antivirus 20180706
Palo Alto Networks (Known Signatures) 20180706
Panda 20180705
Rising 20180706
SentinelOne (Static ML) 20180701
Sophos AV 20180706
SUPERAntiSpyware 20180706
Symantec 20180706
TACHYON 20180706
Tencent 20180706
TheHacker 20180628
TotalDefense 20180706
TrendMicro 20180706
TrendMicro-HouseCall 20180706
Trustlook 20180706
VBA32 20180705
VIPRE 20180706
ViRobot 20180706
Webroot 20180706
Yandex 20180706
Zillya 20180706
ZoneAlarm by Check Point 20180706
Zoner 20180705
The file being studied is a Portable Executable file! More specifically, it is a Win32 EXE file for the Windows GUI subsystem.
FileVersionInfo properties
File version 1.0.0.0
Description Microsoft localhost
Comments Modified by an unpaid evaluation copy of Resource Tuner 2. http://www.heaventools.com
PE header basic information
Target machine Intel 386 or later processors and compatible processors
Compilation timestamp 2018-07-06 13:24:27
Entry Point 0x0000772B
Number of sections 4
PE sections
PE imports
CryptDestroyKey
CryptAcquireContextW
CryptReleaseContext
CryptEncrypt
CryptImportKey
CryptStringToBinaryA
GetLastError
HeapFree
LoadLibraryW
FreeLibrary
QueryPerformanceCounter
IsDebuggerPresent
HeapAlloc
VirtualProtect
GetCurrentProcess
SizeofResource
GetCurrentProcessId
LockResource
UnhandledExceptionFilter
GetProcAddress
InterlockedCompareExchange
GetProcessHeap
GetModuleHandleA
InterlockedExchange
SetUnhandledExceptionFilter
GetStartupInfoA
GetSystemTimeAsFileTime
TerminateProcess
LoadResource
VirtualFree
Sleep
IsBadReadPtr
GetTickCount
GetCurrentThreadId
FindResourceA
VirtualAlloc
?_Lock@?$basic_streambuf@DU?$char_traits@D@std@@@std@@QAEXXZ
?eq_int_type@?$char_traits@D@std@@SA_NABH0@Z
?uncaught_exception@std@@YA_NXZ
??6?$basic_ostream@DU?$char_traits@D@std@@@std@@QAEAAV01@P6AAAV01@AAV01@@Z@Z
?flags@ios_base@std@@QBEHXZ
?width@ios_base@std@@QBEHXZ
?endl@std@@YAAAV?$basic_ostream@DU?$char_traits@D@std@@@1@AAV21@@Z
?rdbuf@?$basic_ios@DU?$char_traits@D@std@@@std@@QBEPAV?$basic_streambuf@DU?$char_traits@D@std@@@2@XZ
?sputc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@QAEHD@Z
?fill@?$basic_ios@DU?$char_traits@D@std@@@std@@QBEDXZ
?eof@?$char_traits@D@std@@SAHXZ
?tie@?$basic_ios@DU?$char_traits@D@std@@@std@@QBEPAV?$basic_ostream@DU?$char_traits@D@std@@@2@XZ
?good@ios_base@std@@QBE_NXZ
?sputn@?$basic_streambuf@DU?$char_traits@D@std@@@std@@QAEHPBDH@Z
?_Unlock@?$basic_streambuf@DU?$char_traits@D@std@@@std@@QAEXXZ
?_Osfx@?$basic_ostream@DU?$char_traits@D@std@@@std@@QAEXXZ
?cout@std@@3V?$basic_ostream@DU?$char_traits@D@std@@@1@A
?length@?$char_traits@D@std@@SAIPBD@Z
?flush@?$basic_ostream@DU?$char_traits@D@std@@@std@@QAEAAV12@XZ
?width@ios_base@std@@QAEHH@Z
?setstate@?$basic_ios@DU?$char_traits@D@std@@@std@@QAEXH_N@Z
__p__fmode
malloc
realloc
memset
__dllonexit
_stricmp
_controlfp_s
printf
_invoke_watson
_cexit
?terminate@@YAXXZ
_lock
__p__commode
_onexit
_amsg_exit
exit
_XcptFilter
_encode_pointer
__setusermatherr
_decode_pointer
_adjust_fdiv
_acmdln
_ismbblead
_unlock
_crt_debugger_hook
free
__CxxFrameHandler3
_except_handler4_common
__getmainargs
_initterm
_initterm_e
memcpy
_configthreadlocale
_exit
__set_app_type
MessageBoxA
CreateWindowExA
InSendMessage
SendMessageW
Number of PE resources by type
RT_ICON 5
UIYHUJHGHJF 1
RT_GROUP_ICON 1
RT_VERSION 1
RT_MANIFEST 1
Number of PE resources by language
NEUTRAL 7
ENGLISH US 2
PE resources
Debug information
ExifTool file metadata
UninitializedDataSize
0

Comments
Modified by an unpaid evaluation copy of Resource Tuner 2. http://www.heaventools.com

LinkerVersion
9.0

ImageVersion
0.0

FileVersionNumber
1.0.0.0

LanguageCode
Neutral

FileFlagsMask
0x003f

FileDescription
Microsoft localhost

ImageFileCharacteristics
No relocs, Executable, 32-bit

CharacterSet
Windows, Latin1

InitializedDataSize
291328

EntryPoint
0x772b

MIMEType
application/octet-stream

FileVersion
1.0.0.0

TimeStamp
2018:07:06 13:24:27+00:00

FileType
Win32 EXE

PEType
PE32

ProductVersion
1.0.0.0

SubsystemVersion
5.0

OSVersion
5.0

FileOS
Win32

Subsystem
Windows GUI

MachineType
Intel 386 or later, and compatibles

CodeSize
28160

FileSubtype
0

ProductVersionNumber
1.0.0.0

FileTypeExtension
exe

ObjectFileType
Dynamic link library

Execution parents
File identification
MD5 2bcac6bd4ea7790a9f037a4038b9d6c4
SHA1 e59ebe6b6633d040a3024274f6a417c4d5989734
SHA256 eb81b6682f05529412ee2bcc4bdf9d551ed4da4918fa3b71e02e614673db2850
ssdeep
6144:HNHhzDrGGtvXioAuFiaBxA0l1NyHFvid229N:tBzDaGtvioLiazAikFviz

authentihash 6d513d139cf02b0c37d88507bf1b980242f032ea02e637de479cf7347efca888
imphash 542b279e4b5f96262323bf688e151461
File size 313.0 KB ( 320512 bytes )
File type Win32 EXE
Magic literal
PE32 executable for MS Windows (GUI) Intel 80386 32-bit

TrID Win32 Executable MS Visual C++ (generic) (33.7%)
Win64 Executable (generic) (29.8%)
Microsoft Visual C++ compiled executable (generic) (17.8%)
Win32 Dynamic Link Library (generic) (7.1%)
Win32 Executable (generic) (4.8%)
Tags
peexe

VirusTotal metadata
First submission 2018-07-06 15:15:06 UTC ( 8 months, 3 weeks ago )
Last submission 2018-10-26 21:17:46 UTC ( 5 months ago )
File names <SAMPLE.EXE>
FOHPXf3ncjn5UfrlU8
pom.pim
2bcac6bd4ea7790a9f037a4038b9d6c4.vir
No comments. No VirusTotal Community member has commented on this item yet, be the first one to do so!

Leave your comment...

?
Post comment

You have not signed in. Only registered users can leave comments, sign in and have a voice!

No votes. No one has voted on this item yet, be the first one to do so!
Condensed report! The following is a condensed report of the behaviour of the file when executed in a controlled environment. The actions and events described were either performed by the file itself or by any other process launched by the executed file or subjected to code injection by the executed file.
Opened files
Read files
Written files
Created processes
Opened mutexes
Runtime DLLs