× Cookies are disabled! This site requires cookies to be enabled to work properly
SHA256: f02048c2d51493b3c428e6bf5231d1bbd6a25a92459cbc70856ff736313f8b49
File name: flwudz_rh4.exe
Detection ratio: 10 / 64
Analysis date: 2018-03-21 10:26:31 UTC ( 1 year, 1 month ago ) View latest
Antivirus Result Update
CrowdStrike Falcon (ML) malicious_confidence_100% (D) 20170201
Cylance Unsafe 20180321
Endgame malicious (high confidence) 20180316
Fortinet W32/GenKryptik.BJOS!tr 20180321
Sophos ML heuristic 20180121
Palo Alto Networks (Known Signatures) generic.ml 20180321
Qihoo-360 HEUR/QVM10.1.F823.Malware.Gen 20180321
SentinelOne (Static ML) static engine - malicious 20180225
Sophos AV Mal/Trickbt-A 20180321
Symantec ML.Attribute.HighConfidence 20180321
Ad-Aware 20180321
AegisLab 20180321
AhnLab-V3 20180321
Alibaba 20180321
ALYac 20180321
Antiy-AVL 20180321
Arcabit 20180321
Avast 20180321
Avast-Mobile 20180321
AVG 20180321
Avira (no cloud) 20180321
AVware 20180321
Baidu 20180321
BitDefender 20180321
Bkav 20180321
CAT-QuickHeal 20180321
ClamAV 20180321
CMC 20180321
Comodo 20180321
Cybereason 20180225
Cyren 20180321
DrWeb 20180321
eGambit 20180321
Emsisoft 20180321
ESET-NOD32 20180321
F-Prot 20180321
F-Secure 20180309
GData 20180321
Jiangmin 20180321
K7AntiVirus 20180321
K7GW 20180321
Kaspersky 20180321
Kingsoft 20180321
Malwarebytes 20180321
MAX 20180321
McAfee 20180321
McAfee-GW-Edition 20180321
Microsoft 20180321
eScan 20180321
NANO-Antivirus 20180321
nProtect 20180321
Panda 20180320
Rising 20180321
SUPERAntiSpyware 20180321
Symantec Mobile Insight 20180311
Tencent 20180321
TheHacker 20180319
TotalDefense 20180321
Trustlook 20180321
VBA32 20180321
VIPRE 20180321
ViRobot 20180321
WhiteArmor 20180223
Yandex 20180321
Zillya 20180321
ZoneAlarm by Check Point 20180321
Zoner 20180321
The file being studied is a Portable Executable file! More specifically, it is a Win32 EXE file for the Windows GUI subsystem.
FileVersionInfo properties
PE header basic information
Target machine Intel 386 or later processors and compatible processors
Compilation timestamp 2015-10-11 14:36:29
Entry Point 0x00049191
Number of sections 4
PE sections
PE imports
RegOpenKeyExA
RegQueryValueExA
RegCloseKey
GetLastError
InitializeCriticalSectionAndSpinCount
HeapFree
GetStdHandle
EnterCriticalSection
LCMapStringW
SetHandleCount
GetOEMCP
LCMapStringA
IsDebuggerPresent
ExitProcess
TlsAlloc
GetEnvironmentStringsW
GetVersionExA
LoadLibraryA
RtlUnwind
GetModuleFileNameA
FreeEnvironmentStringsA
DeleteCriticalSection
GetStartupInfoA
GetEnvironmentStrings
GetLocaleInfoA
GetCurrentProcessId
GetCurrentDirectoryA
UnhandledExceptionFilter
InterlockedDecrement
MultiByteToWideChar
HeapSize
FreeEnvironmentStringsW
GetCommandLineA
GetProcAddress
TlsFree
RaiseException
GetCPInfo
GetStringTypeA
GetModuleHandleA
SetUnhandledExceptionFilter
WriteFile
GetCurrentProcess
GetSystemTimeAsFileTime
GetACP
HeapReAlloc
GetStringTypeW
GetModuleHandleW
HeapAlloc
TerminateProcess
QueryPerformanceCounter
WideCharToMultiByte
IsValidCodePage
HeapCreate
VirtualFree
TlsGetValue
Sleep
GetFileType
TlsSetValue
GetTickCount
GetCurrentThreadId
LeaveCriticalSection
VirtualAlloc
SleepEx
SetLastError
InterlockedIncrement
SetFocus
GetMessageA
UpdateWindow
PostQuitMessage
DefWindowProcA
ShowWindow
LoadBitmapA
SetWindowPos
GetWindowRect
DispatchMessageA
EndDeferWindowPos
SetDlgItemTextA
PostMessageA
MoveWindow
MessageBoxA
SetWindowLongA
TranslateMessage
RegisterClassExA
GetCursorPos
ReleaseDC
SetWindowTextA
ShowCaret
SendMessageW
LoadStringA
CreateWindowExA
SetTimer
LoadIconA
LockWindowUpdate
wsprintfW
DestroyWindow
Number of PE resources by type
RT_GROUP_CURSOR 2
RT_CURSOR 2
RT_DIALOG 1
RT_MANIFEST 1
RT_STRING 1
RT_ACCELERATOR 1
Number of PE resources by language
ENGLISH US 8
PE resources
ExifTool file metadata
MIMEType
application/octet-stream

Subsystem
Windows GUI

MachineType
Intel 386 or later, and compatibles

FileTypeExtension
exe

TimeStamp
2015:10:11 16:36:29+02:00

FileType
Win32 EXE

PEType
PE32

CodeSize
304128

LinkerVersion
11.0

ImageFileCharacteristics
No relocs, Executable, 32-bit

EntryPoint
0x49191

InitializedDataSize
120320

SubsystemVersion
5.1

ImageVersion
0.0

OSVersion
5.1

UninitializedDataSize
0

File identification
MD5 8fed59d5bc87c3b5794bca3e519ff2f4
SHA1 f88cf2413c11d4fef36fc8cce1caf3ec5b77a707
SHA256 f02048c2d51493b3c428e6bf5231d1bbd6a25a92459cbc70856ff736313f8b49
ssdeep
6144:2/RaUNrBeDX42q8oaHrDwWsuaccLFWt1bxmeDGEKwfd2K2n:gjbFV8oWrEWYLclGEKwfdZ

authentihash 118cbddf89930de09a2aef499474f939ed95aa9e804369d8d476efb66664d809
imphash 421ad9da587e31541e06f1608ac2a5fb
File size 412.0 KB ( 421888 bytes )
File type Win32 EXE
Magic literal
PE32 executable for MS Windows (GUI) Intel 80386 32-bit

TrID Win64 Executable (generic) (61.7%)
Win32 Dynamic Link Library (generic) (14.7%)
Win32 Executable (generic) (10.0%)
OS/2 Executable (generic) (4.5%)
Generic Win/DOS Executable (4.4%)
Tags
peexe

VirusTotal metadata
First submission 2018-03-21 10:26:31 UTC ( 1 year, 1 month ago )
Last submission 2018-05-16 17:57:57 UTC ( 11 months, 1 week ago )
File names flwudz_rh4.exe
f02049c2d61493b3c429e7bf6231d1bbd7a26a92469cbc80967ff837313f9b49.exe
farestod.png
No comments. No VirusTotal Community member has commented on this item yet, be the first one to do so!

Leave your comment...

?
Post comment

You have not signed in. Only registered users can leave comments, sign in and have a voice!

No votes. No one has voted on this item yet, be the first one to do so!
Condensed report! The following is a condensed report of the behaviour of the file when executed in a controlled environment. The actions and events described were either performed by the file itself or by any other process launched by the executed file or subjected to code injection by the executed file.
Opened files
Read files
Written files
Copied files
Created processes
Created mutexes
Opened mutexes
Runtime DLLs
HTTP requests
DNS requests
TCP connections
UDP communications