× Cookies are disabled! This site requires cookies to be enabled to work properly
SHA256: f2ec1970980fa1fb42575b5cf0b2e7f91fb68e4c0c21e07f8a06ae7df727000c
File name: 264c6b8c31043ccabbf376cbcbd7c42d
Detection ratio: 47 / 68
Analysis date: 2018-12-14 09:36:48 UTC ( 2 days, 20 hours ago )
Antivirus Result Update
Ad-Aware Trojan.GenericKD.40813652 20181214
AegisLab Trojan.Win32.Mansabo.4!c 20181214
AhnLab-V3 Malware/Gen.Generic.C2879179 20181213
ALYac Trojan.Agent.Bayrob 20181214
Antiy-AVL Trojan/Win32.Mansabo 20181214
Arcabit Trojan.Generic.D26EC454 20181214
Avast Win32:Malware-gen 20181214
AVG Win32:Malware-gen 20181214
Avira (no cloud) TR/AD.TrickBot.gnjzl 20181214
BitDefender Trojan.GenericKD.40813652 20181214
CAT-QuickHeal Trojan.Meretam 20181213
Comodo Malware@#2tc115nplo8jg 20181214
CrowdStrike Falcon (ML) malicious_confidence_90% (W) 20181022
Cybereason malicious.c31043 20180225
Cylance Unsafe 20181214
Cyren W32/Trojan.ARZF-2343 20181214
DrWeb Trojan.Hosts.45515 20181214
Endgame malicious (high confidence) 20181108
ESET-NOD32 a variant of Win32/Kryptik.GNLI 20181214
Fortinet Malicious_Behavior.SB 20181214
GData Trojan.GenericKD.40813652 20181214
Ikarus Trojan-Banker.TrickBot 20181214
Sophos ML heuristic 20181128
K7AntiVirus Riskware ( 0040eff71 ) 20181213
K7GW Riskware ( 0040eff71 ) 20181213
Kaspersky Trojan.Win32.Mansabo.bqz 20181213
MAX malware (ai score=100) 20181214
McAfee Trojan-FQGT!264C6B8C3104 20181214
McAfee-GW-Edition BehavesLike.Win32.MultiPlug.gc 20181214
Microsoft Trojan:Win32/MereTam.A 20181214
eScan Trojan.GenericKD.40813652 20181214
NANO-Antivirus Trojan.Win32.Mansabo.fkvnzs 20181214
Palo Alto Networks (Known Signatures) generic.ml 20181214
Panda Trj/Genetic.gen 20181213
Qihoo-360 Win32/Trojan.BO.b83 20181214
Rising Trojan.Kryptik!8.8 (CLOUD) 20181214
Sophos AV Troj/Trickbo-LK 20181214
Symantec Trojan.Trickybot 20181214
TACHYON Trojan/W32.Mansabo.434176 20181214
Trapmine suspicious.low.ml.score 20181205
TrendMicro TROJ_FRS.VSN05L18 20181214
TrendMicro-HouseCall TROJ_FRS.VSN05L18 20181214
VBA32 Trojan.Mansabo 20181213
ViRobot Trojan.Win32.Mansabo.434176 20181214
Webroot W32.Trojan.Gen 20181214
Yandex Trojan.Mansabo! 20181213
ZoneAlarm by Check Point Trojan.Win32.Mansabo.bqz 20181214
Alibaba 20180921
Avast-Mobile 20181214
Babable 20180918
Baidu 20181207
Bkav 20181213
ClamAV 20181214
CMC 20181213
eGambit 20181214
F-Prot 20181214
Jiangmin 20181214
Kingsoft 20181214
Malwarebytes 20181214
SentinelOne (Static ML) 20181011
SUPERAntiSpyware 20181212
Symantec Mobile Insight 20181212
Tencent 20181214
TheHacker 20181213
TotalDefense 20181213
Trustlook 20181214
VIPRE 20181213
Zillya 20181213
Zoner 20181214
The file being studied is a Portable Executable file! More specifically, it is a Win32 EXE file for the Windows GUI subsystem.
PE header basic information
Target machine Intel 386 or later processors and compatible processors
Compilation timestamp 2018-12-04 10:27:06
Entry Point 0x000014C0
Number of sections 8
PE sections
PE imports
GetLastError
EnterCriticalSection
ReleaseMutex
LoadLibraryW
WaitForSingleObject
QueryPerformanceCounter
GetTickCount
TlsAlloc
VirtualProtect
LoadLibraryA
DeleteCriticalSection
GetAtomNameA
SizeofResource
GetCurrentProcessId
AddAtomA
GetCurrentProcess
UnhandledExceptionFilter
MultiByteToWideChar
GetProcAddress
CreateMutexA
IsDBCSLeadByteEx
CreateSemaphoreA
WideCharToMultiByte
TlsFree
GetModuleHandleA
SetUnhandledExceptionFilter
GetStartupInfoA
CloseHandle
GetSystemTimeAsFileTime
TerminateProcess
ReleaseSemaphore
InitializeCriticalSection
LoadResource
CreateFileW
VirtualQuery
FindAtomA
TlsGetValue
Sleep
TlsSetValue
GetCurrentThreadId
FindResourceA
VirtualAlloc
SetLastError
LeaveCriticalSection
strncmp
__lconv_init
malloc
setlocale
realloc
memset
__dllonexit
_cexit
abort
strlen
_fmode
wcslen
_amsg_exit
fputc
_errno
fwrite
_lock
_onexit
__initenv
fputs
_strdup
sprintf
memcmp
exit
__setusermatherr
_acmdln
_unlock
free
getenv
atoi
__getmainargs
calloc
_write
memcpy
localeconv
strchr
strerror
strcmp
__mb_cur_max
_initterm
__set_app_type
signal
_iob
Number of PE resources by type
RT_ICON 6
GOVERMENT 1
RT_GROUP_ICON 1
Number of PE resources by language
NEUTRAL DEFAULT 7
ENGLISH US 1
PE resources
ExifTool file metadata
MIMEType
application/octet-stream

Subsystem
Windows GUI

MachineType
Intel 386 or later, and compatibles

FileTypeExtension
exe

TimeStamp
2018:12:04 11:27:06+01:00

FileType
Win32 EXE

PEType
PE32

CodeSize
88576

LinkerVersion
2.22

ImageFileCharacteristics
No relocs, Executable, No line numbers, No symbols, 32-bit, No debug

EntryPoint
0x14c0

InitializedDataSize
433152

SubsystemVersion
4.0

ImageVersion
1.0

OSVersion
4.0

UninitializedDataSize
3584

Execution parents
File identification
MD5 264c6b8c31043ccabbf376cbcbd7c42d
SHA1 5e4b29e76994b8e1e580d5b219a519df8332f110
SHA256 f2ec1970980fa1fb42575b5cf0b2e7f91fb68e4c0c21e07f8a06ae7df727000c
ssdeep
6144:OWZQwhEbaXUnainvlfpuVqz7qLgOmNvZi+L4G50dkLex3blvgrdbjQU2eyh5Buc3:OWZQwhEeE9aGBi+8G523blvg5b0deEB7

authentihash 0a18d5e29894e2d350d43b432c517d7948830d89219783425e801c83c06aeba5
imphash d04a674426c4b114c6e3d68abacb7ef4
File size 424.0 KB ( 434176 bytes )
File type Win32 EXE
Magic literal
PE32 executable for MS Windows (GUI) Intel 80386 32-bit

TrID Win32 Executable MS Visual C++ (generic) (41.0%)
Win64 Executable (generic) (36.3%)
Win32 Dynamic Link Library (generic) (8.6%)
Win32 Executable (generic) (5.9%)
OS/2 Executable (generic) (2.6%)
Tags
peexe

VirusTotal metadata
First submission 2018-12-04 12:39:25 UTC ( 1 week, 5 days ago )
Last submission 2018-12-14 09:36:48 UTC ( 2 days, 20 hours ago )
File names mswvc.exe
mtwvc.exe
output.114634457.txt
mtwvc.exe
mswvc.exe
mswvc.exe
mtwvc.exe
264c6b8c31043ccabbf376cbcbd7c42d
mtwvc.exe
<SAMPLE.EXE>
mtwvc.exe
No comments. No VirusTotal Community member has commented on this item yet, be the first one to do so!

Leave your comment...

?
Post comment

You have not signed in. Only registered users can leave comments, sign in and have a voice!

No votes. No one has voted on this item yet, be the first one to do so!
Condensed report! The following is a condensed report of the behaviour of the file when executed in a controlled environment. The actions and events described were either performed by the file itself or by any other process launched by the executed file or subjected to code injection by the executed file.
Opened files
Read files
Written files
Copied files
Created processes
Created mutexes
Opened mutexes
Opened service managers
Opened services
Runtime DLLs
HTTP requests
DNS requests
TCP connections