× Cookies are disabled! This site requires cookies to be enabled to work properly
SHA256: f3ceeebc6b4aac43f463797123f9c896bd2107af275fe49c43e223e6b7159ab9
File name: output.114903726.txt
Detection ratio: 42 / 71
Analysis date: 2019-01-11 16:42:33 UTC ( 3 months, 1 week ago ) View latest
Antivirus Result Update
AhnLab-V3 Malware/Gen.Generic.C2920405 20190111
Arcabit Trojan.Generic.D2707493 20190111
Avast Win32:Trojan-gen 20190111
AVG Win32:Trojan-gen 20190111
Avira (no cloud) TR/Injector.rjbxl 20190111
BitDefender Trojan.GenericKD.40924307 20190111
Bkav HW32.Packed. 20190108
Comodo Malware@#1b7yzi033qpo6 20190111
CrowdStrike Falcon (ML) malicious_confidence_60% (W) 20181023
Cybereason malicious.8ba023 20190109
Cylance Unsafe 20190111
Cyren W32/Trojan.XKCG-4127 20190111
Emsisoft Trojan.GenericKD.40924307 (B) 20190111
Endgame malicious (high confidence) 20181108
ESET-NOD32 a variant of Win32/Injector.ECRJ 20190111
F-Secure Trojan.GenericKD.40924307 20190111
Fortinet W32/Injector.DZGU!tr 20190111
GData Trojan.GenericKD.40924307 20190111
Ikarus Trojan.NSIS.Agent 20190111
Sophos ML heuristic 20181128
K7AntiVirus Trojan ( 005451b41 ) 20190111
K7GW Trojan ( 005451b41 ) 20190111
Kaspersky HEUR:Trojan-Ransom.Win32.Blocker.gen 20190111
Malwarebytes Trojan.Injector 20190111
MAX malware (ai score=100) 20190111
McAfee Artemis!6D34C748BA02 20190111
McAfee-GW-Edition BehavesLike.Win32.Generic.jc 20190111
Microsoft Trojan:Win32/Tiggre!plock 20190111
eScan Trojan.GenericKD.40924307 20190111
Palo Alto Networks (Known Signatures) generic.ml 20190111
Panda Trj/CI.A 20190111
Qihoo-360 Win32/Trojan.Ransom.ed7 20190111
Rising Trojan.Injector!8.C4 (CLOUD) 20190111
SentinelOne (Static ML) static engine - malicious 20181223
Sophos AV Mal/Generic-S 20190111
Symantec Trojan.Gen.2 20190111
Tencent Win32.Trojan.Blocker.Wptk 20190111
Trapmine malicious.moderate.ml.score 20190103
TrendMicro TROJ_GEN.F0C2C00A819 20190111
TrendMicro-HouseCall TROJ_GEN.F0C2C00A819 20190111
VIPRE Trojan.Win32.Generic!BT 20190110
ZoneAlarm by Check Point HEUR:Trojan-Ransom.Win32.Blocker.gen 20190111
Acronis 20190111
Ad-Aware 20190111
AegisLab 20190111
Alibaba 20180921
ALYac 20190111
Antiy-AVL 20190111
Avast-Mobile 20190111
Babable 20180918
Baidu 20190111
CAT-QuickHeal 20190111
ClamAV 20190111
CMC 20190110
DrWeb 20190111
eGambit 20190111
F-Prot 20190111
Jiangmin 20190111
Kingsoft 20190111
NANO-Antivirus 20190111
SUPERAntiSpyware 20190109
TACHYON 20190111
TheHacker 20190106
TotalDefense 20190111
Trustlook 20190111
VBA32 20190111
ViRobot 20190111
Webroot 20190111
Yandex 20190111
Zillya 20190110
Zoner 20190111
The file being studied is a Portable Executable file! More specifically, it is a Win32 EXE file for the Windows GUI subsystem.
FileVersionInfo properties
Packers identified
F-PROT NSIS, appended
PE header basic information
Target machine Intel 386 or later processors and compatible processors
Compilation timestamp 2016-04-03 20:20:52
Entry Point 0x000036C6
Number of sections 5
PE sections
Overlays
MD5 66ac6fab5e660bab32e921eae2b688fa
File type data
Offset 42496
Size 645970
Entropy 8.00
PE imports
RegCreateKeyExW
RegEnumValueW
RegCloseKey
OpenProcessToken
RegSetValueExW
RegDeleteValueW
RegOpenKeyExW
SetFileSecurityW
AdjustTokenPrivileges
LookupPrivilegeValueW
RegEnumKeyW
RegDeleteKeyW
RegQueryValueExW
ImageList_Create
Ord(17)
ImageList_Destroy
ImageList_AddMasked
GetDeviceCaps
CreateFontIndirectW
SelectObject
CreateBrushIndirect
SetBkMode
SetBkColor
DeleteObject
SetTextColor
SetFilePointer
GetLastError
CopyFileW
GetShortPathNameW
lstrlenA
GetModuleFileNameW
GlobalFree
WaitForSingleObject
GetExitCodeProcess
ExitProcess
GlobalUnlock
GetFileAttributesW
lstrcmpiW
GetCurrentProcess
CompareFileTime
GetWindowsDirectoryW
GetFileSize
SetFileTime
GetCommandLineW
WideCharToMultiByte
SetErrorMode
MultiByteToWideChar
lstrlenW
CreateDirectoryW
DeleteFileW
GlobalLock
ReadFile
lstrcpyA
GetPrivateProfileStringW
WritePrivateProfileStringW
GetTempFileNameW
lstrcpynW
RemoveDirectoryW
ExpandEnvironmentStringsW
lstrcpyW
SetFileAttributesW
lstrcmpiA
CreateThread
SetEnvironmentVariableW
MoveFileExW
GetModuleHandleA
GetSystemDirectoryW
GetDiskFreeSpaceW
FindNextFileW
GetTempPathW
CloseHandle
FindFirstFileW
lstrcmpW
GetModuleHandleW
lstrcatW
FreeLibrary
SearchPathW
SetCurrentDirectoryW
WriteFile
CreateFileW
GlobalAlloc
CreateProcessW
FindClose
Sleep
MoveFileW
GetFullPathNameW
GetTickCount
GetVersion
GetProcAddress
LoadLibraryExW
MulDiv
SHBrowseForFolderW
SHFileOperationW
ShellExecuteW
SHGetPathFromIDListW
SHGetSpecialFolderLocation
SHGetFileInfoW
EmptyClipboard
GetMessagePos
EndPaint
EndDialog
LoadBitmapW
SetClassLongW
DefWindowProcW
CharPrevW
PostQuitMessage
SendMessageTimeoutW
SetWindowPos
wvsprintfW
GetSystemMetrics
SetWindowLongW
IsWindow
PeekMessageW
GetWindowRect
DestroyWindow
EnableWindow
GetDC
DialogBoxParamW
AppendMenuW
IsWindowEnabled
GetDlgItemTextW
MessageBoxIndirectW
GetSysColor
CheckDlgButton
DispatchMessageW
GetAsyncKeyState
ReleaseDC
BeginPaint
CreatePopupMenu
SendMessageW
ShowWindow
SetWindowTextW
SetClipboardData
wsprintfW
FindWindowExW
IsWindowVisible
SetForegroundWindow
GetClientRect
SetTimer
GetDlgItem
SystemParametersInfoW
DrawTextW
LoadImageW
EnableMenuItem
ScreenToClient
InvalidateRect
CreateDialogParamW
wsprintfA
CharNextW
CallWindowProcW
TrackPopupMenu
RegisterClassW
FillRect
IsDlgButtonChecked
CharNextA
SetDlgItemTextW
LoadCursorW
GetSystemMenu
GetClassInfoW
CreateWindowExW
GetWindowLongW
CloseClipboard
SetCursor
ExitWindowsEx
OpenClipboard
OleUninitialize
CoTaskMemFree
OleInitialize
CoCreateInstance
Number of PE resources by type
RT_DIALOG 5
RT_ICON 1
RT_GROUP_ICON 1
RT_MANIFEST 1
Number of PE resources by language
ENGLISH US 8
PE resources
ExifTool file metadata
MIMEType
application/octet-stream

Subsystem
Windows GUI

MachineType
Intel 386 or later, and compatibles

FileTypeExtension
exe

TimeStamp
2016:04:03 21:20:52+01:00

FileType
Win32 EXE

PEType
PE32

CodeSize
26624

LinkerVersion
6.0

ImageFileCharacteristics
No relocs, Executable, No line numbers, No symbols, 32-bit

EntryPoint
0x36c6

InitializedDataSize
152064

SubsystemVersion
4.0

ImageVersion
6.0

OSVersion
4.0

UninitializedDataSize
2048

File identification
MD5 6d34c748ba023115b44ffa52dfdcca44
SHA1 08641842206508e03f5accb11516c6d9790b249f
SHA256 f3ceeebc6b4aac43f463797123f9c896bd2107af275fe49c43e223e6b7159ab9
ssdeep
12288:KmIToHIT2zXae3+6K3ptdoZ9efFjoizM6YYCjMZbabCaTL6P60IS/pMqXPc:CMjWe3elFj09YCj+at90ISqqk

authentihash d67487d5a6afdef13c3f59c5c1e2476c0e2e68b978c5f92263f347c35198831f
imphash aa1bddb976cc14514caf3362a94d13f7
File size 672.3 KB ( 688466 bytes )
File type Win32 EXE
Magic literal
PE32 executable for MS Windows (GUI) Intel 80386 32-bit

TrID Win32 Executable MS Visual C++ (generic) (64.5%)
Win32 Dynamic Link Library (generic) (13.6%)
Win32 Executable (generic) (9.3%)
OS/2 Executable (generic) (4.1%)
Generic Win/DOS Executable (4.1%)
Tags
nsis peexe overlay

VirusTotal metadata
First submission 2019-01-08 17:55:56 UTC ( 3 months, 1 week ago )
Last submission 2019-01-12 13:58:45 UTC ( 3 months, 1 week ago )
File names output.114903726.txt
image.jpg
.
Advanced heuristic and reputation engines
No comments. No VirusTotal Community member has commented on this item yet, be the first one to do so!

Leave your comment...

?
Post comment

You have not signed in. Only registered users can leave comments, sign in and have a voice!

No votes. No one has voted on this item yet, be the first one to do so!
Condensed report! The following is a condensed report of the behaviour of the file when executed in a controlled environment. The actions and events described were either performed by the file itself or by any other process launched by the executed file or subjected to code injection by the executed file.
Opened files
Read files
Written files
Copied files
Deleted files
Created mutexes
Runtime DLLs