× Cookies are disabled! This site requires cookies to be enabled to work properly
SHA256: f179a400e05a3ad948cdbd354d9412547d07ad86af97136db14ca8edb5ddc096
File name: F179A400E05A3AD948CDBD354D9412547D07AD86AF97136DB14CA8EDB5DDC096
Detection ratio: 12 / 68
Analysis date: 2018-09-11 23:13:40 UTC ( 8 months, 2 weeks ago ) View latest
Antivirus Result Update
Avast Win32:Malware-gen 20180911
AVG Win32:Malware-gen 20180911
Bkav HW32.Packed. 20180911
CrowdStrike Falcon (ML) malicious_confidence_90% (D) 20180723
Cybereason malicious.82e31d 20180225
Cylance Unsafe 20180912
Endgame malicious (high confidence) 20180730
ESET-NOD32 a variant of Win32/GenKryptik.CKVW 20180911
Fortinet W32/GenKryptik.CKRG!tr 20180911
Palo Alto Networks (Known Signatures) generic.ml 20180912
Rising Trojan.MereTam!8.E4CE (TFE:dGZlOgU5pDp73gzy5A) 20180911
Webroot Trojan.Spy.Trickbot 20180912
Ad-Aware 20180911
AegisLab 20180911
AhnLab-V3 20180911
Alibaba 20180713
ALYac 20180911
Antiy-AVL 20180911
Arcabit 20180911
Avast-Mobile 20180911
Avira (no cloud) 20180911
AVware 20180911
Babable 20180907
Baidu 20180910
BitDefender 20180911
CAT-QuickHeal 20180909
ClamAV 20180911
CMC 20180911
Comodo 20180911
Cyren 20180911
DrWeb 20180911
eGambit 20180912
Emsisoft 20180911
F-Prot 20180911
F-Secure 20180911
GData 20180911
Ikarus 20180911
Sophos ML 20180717
Jiangmin 20180911
K7AntiVirus 20180911
K7GW 20180911
Kaspersky 20180911
Kingsoft 20180912
Malwarebytes 20180911
MAX 20180912
McAfee 20180911
McAfee-GW-Edition 20180911
Microsoft 20180911
eScan 20180911
NANO-Antivirus 20180911
Panda 20180911
Qihoo-360 20180912
SentinelOne (Static ML) 20180830
Sophos AV 20180911
SUPERAntiSpyware 20180907
Symantec 20180911
Symantec Mobile Insight 20180911
TACHYON 20180911
Tencent 20180912
TheHacker 20180907
TotalDefense 20180911
TrendMicro 20180911
TrendMicro-HouseCall 20180911
Trustlook 20180912
VBA32 20180911
VIPRE 20180911
ViRobot 20180911
Yandex 20180910
Zillya 20180911
ZoneAlarm by Check Point 20180911
Zoner 20180911
The file being studied is a Portable Executable file! More specifically, it is a Win32 EXE file for the Windows GUI subsystem.
FileVersionInfo properties
Product LocalHosted
File version 1.0.0.91
Description LocalHosted
PE header basic information
Target machine Intel 386 or later processors and compatible processors
Compilation timestamp 2018-09-11 15:10:59
Entry Point 0x000014C0
Number of sections 8
PE sections
PE imports
CryptDestroyKey
CryptReleaseContext
DeleteCriticalSection
GetCurrentProcess
TerminateProcess
EnterCriticalSection
InitializeCriticalSection
TlsGetValue
GetCurrentProcessId
GetModuleHandleA
GetLastError
SetUnhandledExceptionFilter
QueryPerformanceCounter
UnhandledExceptionFilter
GetStartupInfoA
GetTickCount
GetSystemTimeAsFileTime
VirtualProtect
Sleep
GetCurrentThreadId
VirtualQuery
GetProcAddress
LeaveCriticalSection
strncmp
__lconv_init
malloc
__dllonexit
_cexit
abort
fprintf
_fmode
_amsg_exit
fwrite
_lock
_onexit
__initenv
exit
__setusermatherr
_acmdln
_unlock
free
vfprintf
__getmainargs
calloc
strlen
memcpy
signal
_initterm
__set_app_type
_iob
Number of PE resources by type
RT_ICON 31
RT_VERSION 1
RT_GROUP_ICON 1
Number of PE resources by language
ENGLISH US 33
PE resources
ExifTool file metadata
UninitializedDataSize
1536

LinkerVersion
2.24

ImageVersion
1.0

FileSubtype
0

FileVersionNumber
1.0.0.91

LanguageCode
Finnish

FileFlagsMask
0x0000

FileDescription
LocalHosted

ImageFileCharacteristics
No relocs, Executable, No line numbers, No symbols, 32-bit, No debug

CharacterSet
Windows, Latin1

InitializedDataSize
308736

EntryPoint
0x14c0

MIMEType
application/octet-stream

FileVersion
1.0.0.91

TimeStamp
2018:09:11 17:10:59+02:00

FileType
Win32 EXE

PEType
PE32

ProductVersion
1.0.0.91

SubsystemVersion
4.0

OSVersion
4.0

FileOS
Unknown (0)

Subsystem
Windows GUI

MachineType
Intel 386 or later, and compatibles

CodeSize
7168

ProductName
LocalHosted

ProductVersionNumber
1.0.0.91

FileTypeExtension
exe

ObjectFileType
Executable application

File identification
MD5 eed5d5f82e31d751b0cd8ac1739c2ae4
SHA1 c8b97741153a1b97dfee0bdb3d09df04fca24df8
SHA256 f179a400e05a3ad948cdbd354d9412547d07ad86af97136db14ca8edb5ddc096
ssdeep
6144:o5UTw/ZV27YtH7f2/2w8ewbd/OhMnKtEQFlOVTloVpvhT8sp:o5UTEZr73wC6+uxmloLhT8

authentihash 34f7b61769c159766ed4e1835841190a7f61811e51255ac679692bd593f2290c
imphash 59b4856e7c9abc4f58e440e835da7d6c
File size 309.5 KB ( 316928 bytes )
File type Win32 EXE
Magic literal
PE32 executable for MS Windows (GUI) Intel 80386 32-bit

TrID Win64 Executable (generic) (45.0%)
Microsoft Visual C++ compiled executable (generic) (26.9%)
Win32 Dynamic Link Library (generic) (10.7%)
Win32 Executable (generic) (7.3%)
OS/2 Executable (generic) (3.3%)
Tags
peexe

VirusTotal metadata
First submission 2018-09-11 23:13:37 UTC ( 8 months, 2 weeks ago )
Last submission 2018-09-18 05:52:01 UTC ( 8 months, 1 week ago )
File names 45.exe
Kafan_Sample_f179a400e05a3ad948cdbd354d9412547d07ad86af97136db14ca8edb5ddc096.exe
46.exe
logo.hmk
No comments. No VirusTotal Community member has commented on this item yet, be the first one to do so!

Leave your comment...

?
Post comment

You have not signed in. Only registered users can leave comments, sign in and have a voice!

No votes. No one has voted on this item yet, be the first one to do so!
Condensed report! The following is a condensed report of the behaviour of the file when executed in a controlled environment. The actions and events described were either performed by the file itself or by any other process launched by the executed file or subjected to code injection by the executed file.
Opened files
Read files
Written files
Copied files
Created processes
Created mutexes
Opened mutexes
Opened service managers
Opened services
Runtime DLLs
HTTP requests
DNS requests
TCP connections
UDP communications