× Cookies are disabled! This site requires cookies to be enabled to work properly
SHA256: ee3009efba176195f787b9699cf311be0277fbfe5d85b8c5444d694d32ea1e56
File name: 24578254.exe
Detection ratio: 11 / 65
Analysis date: 2018-03-28 13:38:40 UTC ( 8 months, 3 weeks ago ) View latest
Antivirus Result Update
Baidu Win32.Trojan.WisdomEyes.16070401.9500.9866 20180328
CrowdStrike Falcon (ML) malicious_confidence_80% (D) 20170201
Cylance Unsafe 20180328
Endgame malicious (high confidence) 20180316
Sophos ML heuristic 20180121
Kaspersky UDS:DangerousObject.Multi.Generic 20180328
Panda Trj/Genetic.gen 20180328
Qihoo-360 HEUR/QVM09.0.2014.Malware.Gen 20180328
SentinelOne (Static ML) static engine - malicious 20180225
SUPERAntiSpyware Trojan.Agent/Gen-Injector 20180328
ZoneAlarm by Check Point UDS:DangerousObject.Multi.Generic 20180328
Ad-Aware 20180328
AegisLab 20180328
AhnLab-V3 20180328
Alibaba 20180328
ALYac 20180328
Antiy-AVL 20180328
Arcabit 20180328
Avast 20180328
Avast-Mobile 20180328
AVG 20180328
Avira (no cloud) 20180328
AVware 20180328
BitDefender 20180328
Bkav 20180328
CAT-QuickHeal 20180328
ClamAV 20180328
CMC 20180328
Comodo 20180328
Cybereason None
Cyren 20180328
DrWeb 20180328
eGambit 20180328
Emsisoft 20180328
ESET-NOD32 20180328
F-Prot 20180328
F-Secure 20180328
Fortinet 20180328
GData 20180328
Ikarus 20180328
Jiangmin 20180328
K7AntiVirus 20180328
K7GW 20180328
Kingsoft 20180328
Malwarebytes 20180328
MAX 20180328
McAfee 20180328
McAfee-GW-Edition 20180328
Microsoft 20180328
eScan 20180328
NANO-Antivirus 20180328
nProtect 20180328
Palo Alto Networks (Known Signatures) 20180328
Rising 20180328
Sophos AV 20180328
Symantec 20180328
Symantec Mobile Insight 20180311
Tencent 20180328
TheHacker 20180327
TotalDefense 20180328
TrendMicro 20180328
TrendMicro-HouseCall 20180328
Trustlook 20180328
VBA32 20180328
VIPRE 20180328
ViRobot 20180328
Yandex 20180328
Zillya 20180328
Zoner 20180327
The file being studied is a Portable Executable file! More specifically, it is a Win32 EXE file for the Windows GUI subsystem.
PE header basic information
Target machine Intel 386 or later processors and compatible processors
Compilation timestamp 2018-03-28 12:06:03
Entry Point 0x0002A019
Number of sections 4
PE sections
PE imports
HeapSize
GetLastError
InitializeCriticalSection
HeapFree
GetStdHandle
EnterCriticalSection
LCMapStringW
SetHandleCount
GetLocaleInfoW
LoadLibraryW
HeapDestroy
LCMapStringA
IsDebuggerPresent
GetTickCount
TlsAlloc
GetDateFormatA
GetEnvironmentStringsW
GetVersionExA
GetModuleFileNameA
RtlUnwind
LoadLibraryA
FreeLibrary
FreeEnvironmentStringsA
DeleteCriticalSection
GetStartupInfoA
EnumSystemLocalesA
GetEnvironmentStrings
GetLocaleInfoA
SetConsoleCtrlHandler
GetCurrentProcessId
UnhandledExceptionFilter
GetCPInfo
ExitProcess
InterlockedDecrement
MultiByteToWideChar
FatalAppExitA
FreeEnvironmentStringsW
GetCommandLineA
GetProcAddress
QueryPerformanceCounter
TlsFree
GetCurrentThread
LeaveCriticalSection
CompareStringW
GetOEMCP
WideCharToMultiByte
GetStringTypeA
GetModuleHandleA
GetSystemTimeAsFileTime
InterlockedExchange
SetUnhandledExceptionFilter
WriteFile
GetCurrentProcess
CompareStringA
GetTimeFormatA
IsValidLocale
GetACP
HeapReAlloc
GetStringTypeW
GetUserDefaultLCID
SetEnvironmentVariableA
GetProcessHeap
FormatMessageW
TerminateProcess
GetTimeZoneInformation
IsValidCodePage
HeapCreate
VirtualFree
TlsGetValue
Sleep
GetFileType
TlsSetValue
HeapAlloc
GetCurrentThreadId
InterlockedIncrement
VirtualAlloc
SetLastError
CloseHandle
CoTaskMemFree
CoInitialize
CoTaskMemAlloc
ReleaseStgMedium
CoCreateGuid
CoCreateInstance
CLSIDFromProgID
CoQueryProxyBlanket
OleSaveToStream
CLSIDFromString
Number of PE resources by type
RT_DIALOG 1
Number of PE resources by language
ENGLISH US 1
PE resources
ExifTool file metadata
MIMEType
application/octet-stream

Subsystem
Windows GUI

MachineType
Intel 386 or later, and compatibles

FileTypeExtension
exe

TimeStamp
2018:03:28 13:06:03+01:00

FileType
Win32 EXE

PEType
PE32

CodeSize
237568

LinkerVersion
7.1

ImageFileCharacteristics
No relocs, Executable, No line numbers, No symbols, 32-bit

EntryPoint
0x2a019

InitializedDataSize
32768

SubsystemVersion
4.0

ImageVersion
0.0

OSVersion
4.0

UninitializedDataSize
0

File identification
MD5 5ed1f9b433b2a3fb9cf396e119463462
SHA1 ad7df5769a3877a8fa3d0735848b891122dbcee1
SHA256 ee3009efba176195f787b9699cf311be0277fbfe5d85b8c5444d694d32ea1e56
ssdeep
6144:Jg4uJy17srTCB6xE7bKDclr2w5p6SjN/J5dsmXsdQs:jP17ZEy7bUclb7Zh/J5dPXsdQs

authentihash b7cb83bde15136d4fbcec269a0392dbd51ccbcd2289bb09169f287449a3c83a7
imphash c0977ee5929eb092294d62b3ceef2438
File size 268.0 KB ( 274432 bytes )
File type Win32 EXE
Magic literal
PE32 executable for MS Windows (GUI) Intel 80386 32-bit

TrID Win32 Executable MS Visual C++ (generic) (41.0%)
Win64 Executable (generic) (36.3%)
Win32 Dynamic Link Library (generic) (8.6%)
Win32 Executable (generic) (5.9%)
OS/2 Executable (generic) (2.6%)
Tags
peexe

VirusTotal metadata
First submission 2018-03-28 13:38:40 UTC ( 8 months, 3 weeks ago )
Last submission 2018-03-29 04:48:37 UTC ( 8 months, 3 weeks ago )
File names outprintinv.pdf
RoamingYhT19.exe
24578254.exe
outprintinv.jpg
No comments. No VirusTotal Community member has commented on this item yet, be the first one to do so!

Leave your comment...

?
Post comment

You have not signed in. Only registered users can leave comments, sign in and have a voice!

No votes. No one has voted on this item yet, be the first one to do so!
Condensed report! The following is a condensed report of the behaviour of the file when executed in a controlled environment. The actions and events described were either performed by the file itself or by any other process launched by the executed file or subjected to code injection by the executed file.
Opened files
Read files
Written files
Deleted files
Created processes
Shell commands
Opened mutexes
Runtime DLLs
Additional details
The file uses the IsDebuggerPresent Windows API function in order to see whether it is being debugged.