× Cookies are disabled! This site requires cookies to be enabled to work properly
SHA256: ed523658f822571348299896f753ca9ed5f889452082c03760a79163fb6c4b23
File name: rammst.ein
Detection ratio: 4 / 66
Analysis date: 2018-11-20 18:01:05 UTC ( 4 months ago ) View latest
Antivirus Result Update
Endgame malicious (high confidence) 20181108
Ikarus Trojan-Banker.TrickBot 20181120
VBA32 BScope.Trojan.MereTam 20181120
Webroot W32.Trojan.Gen 20181120
Ad-Aware 20181120
AegisLab 20181120
AhnLab-V3 20181120
Alibaba 20180921
ALYac 20181120
Antiy-AVL 20181120
Arcabit 20181120
Avast 20181123
Avast-Mobile 20181120
AVG 20181120
Avira (no cloud) 20181120
Babable 20180918
Baidu 20181120
BitDefender 20181120
Bkav 20181120
CAT-QuickHeal 20181120
ClamAV 20181120
CMC 20181120
CrowdStrike Falcon (ML) 20181022
Cybereason 20180225
Cyren 20181120
DrWeb 20181120
eGambit 20181120
Emsisoft 20181120
ESET-NOD32 20181120
F-Prot 20181120
F-Secure 20181120
Fortinet 20181120
GData 20181120
Sophos ML 20181108
Jiangmin 20181120
K7AntiVirus 20181120
K7GW 20181120
Kaspersky 20181120
Kingsoft 20181120
Malwarebytes 20181120
MAX 20181120
McAfee 20181120
McAfee-GW-Edition 20181120
Microsoft 20181120
eScan 20181120
NANO-Antivirus 20181120
Palo Alto Networks (Known Signatures) 20181120
Panda 20181120
Qihoo-360 20181120
Rising 20181120
SentinelOne (Static ML) 20181011
Sophos AV 20181120
SUPERAntiSpyware 20181114
Symantec 20181120
Symantec Mobile Insight 20181108
TACHYON 20181120
Tencent 20181120
TheHacker 20181118
TotalDefense 20181118
TrendMicro 20181120
TrendMicro-HouseCall 20181120
Trustlook 20181120
ViRobot 20181120
Yandex 20181119
Zillya 20181119
ZoneAlarm by Check Point 20181120
Zoner 20181120
The file being studied is a Portable Executable file! More specifically, it is a Win32 EXE file for the Windows GUI subsystem.
FileVersionInfo properties
Description Microsofft checker
PE header basic information
Target machine Intel 386 or later processors and compatible processors
Compilation timestamp 2018-11-20 17:02:50
Entry Point 0x00001284
Number of sections 18
PE sections
Overlays
MD5 494524b2795ba79050c58eb55a83bfce
File type data
Offset 424448
Size 21058
Entropy 3.94
PE imports
CryptDestroyKey
CryptReleaseContext
CryptEncrypt
CryptImportKey
DeleteCriticalSection
InitializeCriticalSection
EnterCriticalSection
GetModuleHandleA
GetLastError
VirtualQuery
SetUnhandledExceptionFilter
TlsGetValue
ExitProcess
VirtualProtect
Sleep
GetProcAddress
LeaveCriticalSection
SendMessageA
MessageBoxA
CreateWindowExA
InSendMessage
_cexit
__p__fmode
__p__environ
fwrite
signal
printf
free
_onexit
atexit
abort
_setmode
vfprintf
__getmainargs
calloc
_iob
__set_app_type
Number of PE resources by type
RT_ICON 1
RT_VERSION 1
RT_GROUP_ICON 1
Number of PE resources by language
ENGLISH US 3
PE resources
ExifTool file metadata
SubsystemVersion
4.0

InitializedDataSize
396800

ImageVersion
1.0

FileVersionNumber
0.1.1.1

UninitializedDataSize
5632

LanguageCode
English (U.S.)

FileFlagsMask
0x0000

ImageFileCharacteristics
No relocs, Executable, No line numbers, 32-bit

CharacterSet
Windows, Latin1

LinkerVersion
2.21

FileTypeExtension
exe

MIMEType
application/octet-stream

TimeStamp
2018:11:20 18:02:50+01:00

FileType
Win32 EXE

PEType
PE32

FileDescription
Microsofft checker

OSVersion
4.0

FileOS
Unknown (0)

Subsystem
Windows GUI

MachineType
Intel 386 or later, and compatibles

CodeSize
135168

FileSubtype
0

ProductVersionNumber
0.1.1.1

EntryPoint
0x1284

ObjectFileType
Executable application

Execution parents
File identification
MD5 dc7ba71804acbf8ef87413f2fd611536
SHA1 b28702fd8127e06e51b588af245439461ef4461a
SHA256 ed523658f822571348299896f753ca9ed5f889452082c03760a79163fb6c4b23
ssdeep
12288:DkPSlGyitrRS80nybUvtRupnlLjnw6YtmAIb:DeRtrb0nqcGp7jkbA

authentihash 3d3b3bdfdcf3f3eedb85cb41b34ba3475f0fd5307236b956c5f7989f2668d54d
imphash 4189e9f30359028a4c597ea307ff7dae
File size 435.1 KB ( 445506 bytes )
File type Win32 EXE
Magic literal
PE32 executable for MS Windows (GUI) Intel 80386 32-bit

TrID Win64 Executable (generic) (45.0%)
Microsoft Visual C++ compiled executable (generic) (26.9%)
Win32 Dynamic Link Library (generic) (10.7%)
Win32 Executable (generic) (7.3%)
OS/2 Executable (generic) (3.3%)
Tags
peexe overlay

VirusTotal metadata
First submission 2018-11-20 18:01:05 UTC ( 4 months ago )
Last submission 2018-11-27 07:41:53 UTC ( 3 months, 3 weeks ago )
File names rnts.exe
tmp637.exe
dc7ba71804acbf8ef87413f2fd611536
dc7ba718.gxe
rammst.ein
osgzn.exe
ncthro.exe
No comments. No VirusTotal Community member has commented on this item yet, be the first one to do so!

Leave your comment...

?
Post comment

You have not signed in. Only registered users can leave comments, sign in and have a voice!

No votes. No one has voted on this item yet, be the first one to do so!
Condensed report! The following is a condensed report of the behaviour of the file when executed in a controlled environment. The actions and events described were either performed by the file itself or by any other process launched by the executed file or subjected to code injection by the executed file.
Opened files
Read files
Written files
Copied files
Created processes
Created mutexes
Opened mutexes
Opened service managers
Opened services
Runtime DLLs
HTTP requests
DNS requests
TCP connections