× Cookies are disabled! This site requires cookies to be enabled to work properly
SHA256: f364194296c45f395f68391806531ccd94e10d63914d8cf5dcbc5a4e3a807bed
File name: szWyBGWdSrArvuR.exe
Detection ratio: 12 / 68
Analysis date: 2017-11-10 23:34:45 UTC ( 6 months, 2 weeks ago ) View latest
Antivirus Result Update
Baidu Win32.Trojan.WisdomEyes.16070401.9500.9999 20171109
CrowdStrike Falcon (ML) malicious_confidence_100% (D) 20171016
Cylance Unsafe 20171111
eGambit Unsafe.AI_Score_100% 20171111
Endgame malicious (high confidence) 20171024
Fortinet W32/GenKryptik.AVEL!tr.ransom 20171110
Sophos ML heuristic 20170914
McAfee-GW-Edition BehavesLike.Win32.VTFlooder.dt 20171110
Qihoo-360 HEUR/QVM20.1.1A2C.Malware.Gen 20171111
SentinelOne (Static ML) static engine - malicious 20171019
Sophos AV Mal/EncPk-ANR 20171110
TrendMicro TSPY_EMOTET.SMD12 20171110
Ad-Aware 20171110
AegisLab 20171110
AhnLab-V3 20171110
Alibaba 20170911
ALYac 20171110
Antiy-AVL 20171111
Arcabit 20171110
Avast 20171110
Avast-Mobile 20171110
AVG 20171110
Avira (no cloud) 20171110
AVware 20171110
BitDefender 20171110
Bkav 20171110
CAT-QuickHeal 20171110
ClamAV 20171110
CMC 20171109
Comodo 20171110
Cybereason 20171030
Cyren 20171110
DrWeb 20171110
Emsisoft 20171110
ESET-NOD32 20171110
F-Prot 20171110
F-Secure 20171110
GData 20171110
Ikarus 20171110
Jiangmin 20171110
K7AntiVirus 20171110
K7GW 20171110
Kaspersky 20171110
Kingsoft 20171111
Malwarebytes 20171110
MAX 20171110
McAfee 20171110
Microsoft 20171110
eScan 20171110
NANO-Antivirus 20171110
nProtect 20171110
Palo Alto Networks (Known Signatures) 20171111
Panda 20171110
Rising 20171110
SUPERAntiSpyware 20171110
Symantec 20171110
Symantec Mobile Insight 20171110
Tencent 20171111
TheHacker 20171102
TotalDefense 20171110
TrendMicro-HouseCall 20171110
Trustlook 20171111
VBA32 20171110
VIPRE 20171110
ViRobot 20171110
Webroot 20171111
WhiteArmor 20171104
Yandex 20171110
Zillya 20171110
ZoneAlarm by Check Point 20171110
Zoner 20171110
The file being studied is a Portable Executable file! More specifically, it is a Win32 EXE file for the Windows GUI subsystem.
PE header basic information
Target machine Intel 386 or later processors and compatible processors
Compilation timestamp 2017-11-10 23:31:23
Entry Point 0x0000101E
Number of sections 5
PE sections
PE imports
FindFirstFreeAce
AddAccessDeniedObjectAce
GetCurrentHwProfileA
CreateMetaFileA
FillRgn
EnumSystemCodePagesW
GetACP
ConvertFiberToThread
GetSystemDefaultLangID
SwitchToThread
GetUserDefaultLangID
GetBinaryTypeW
GetVersion
GetUserDefaultLCID
GlobalFindAtomW
GetShortPathNameW
GetPrivateProfileSectionNamesW
GetEnvironmentStringsW
GetCurrentThreadId
GetNumaNodeProcessorMask
lstrcmpW
CopyFileExW
GetPrivateProfileStringW
GetCurrentThread
MprAdminMIBEntryCreate
acmDriverAddW
VariantChangeType
SetupDiGetActualSectionToInstallW
SHGetFileInfoA
PathFindNextComponentW
FreeContextBuffer
GetUserNameExA
IsCharAlphaW
GetUserObjectInformationW
GetMessageExtraInfo
LoadIconW
IsCharLowerW
GetWindowWord
GetMenuItemID
InternetInitializeAutoProxyDll
GetStandardColorSpaceProfileW
fwprintf
mbtowc
strncmp
memset
CoRegisterClassObject
IsValidURL
ExifTool file metadata
MIMEType
application/octet-stream

Subsystem
Windows GUI

MachineType
Intel 386 or later, and compatibles

TimeStamp
2017:11:11 00:31:23+01:00

FileType
Win32 EXE

PEType
PE32

CodeSize
1104966662

LinkerVersion
12.0

FileTypeExtension
exe

InitializedDataSize
101376

SubsystemVersion
5.0

EntryPoint
0x101e

OSVersion
5.0

ImageVersion
0.0

UninitializedDataSize
0

File identification
MD5 97c872e68da87bfd44ffe3a335c146e9
SHA1 04e892e7f888570190808c98a63e0e55cfeda91a
SHA256 f364194296c45f395f68391806531ccd94e10d63914d8cf5dcbc5a4e3a807bed
ssdeep
1536:DsU2ZaodOF/iPB0D8ZFPvCTb5LrbqsNGx8uGileF0gB:DB2YooF/uiDmFnCf5L/LS8TileCu

authentihash 7ac95c3ed02b0a12155c195137c0d31c0ff0ccc05deab9c77d796149bfa4540f
imphash cc588988094d76ed3b42114c5cf29bde
File size 220.0 KB ( 225280 bytes )
File type Win32 EXE
Magic literal
PE32 executable for MS Windows (GUI) Intel 80386 32-bit system file

TrID Win32 Dynamic Link Library (generic) (43.5%)
Win32 Executable (generic) (29.8%)
Generic Win/DOS Executable (13.2%)
DOS Executable Generic (13.2%)
Tags
peexe

VirusTotal metadata
First submission 2017-11-10 23:34:45 UTC ( 6 months, 2 weeks ago )
Last submission 2017-11-10 23:34:45 UTC ( 6 months, 2 weeks ago )
File names ab.exe
szWyBGWdSrArvuR.exe
No comments. No VirusTotal Community member has commented on this item yet, be the first one to do so!

Leave your comment...

?
Post comment

You have not signed in. Only registered users can leave comments, sign in and have a voice!

No votes. No one has voted on this item yet, be the first one to do so!
Condensed report! The following is a condensed report of the behaviour of the file when executed in a controlled environment. The actions and events described were either performed by the file itself or by any other process launched by the executed file or subjected to code injection by the executed file.
Opened files
Read files
Created mutexes
Opened mutexes
Opened service managers
Opened services
Runtime DLLs