× Cookies are disabled! This site requires cookies to be enabled to work properly
SHA256: f57c3d8d0f34fb6c8c53d55570a278b3b5bee3727ae81a11e19f07d89acb51eb
File name: f57c3d8d0f34fb6c8c53d55570a278b3b5bee3727ae81a11e19f07d89acb51eb_...
Detection ratio: 36 / 69
Analysis date: 2018-11-21 15:21:18 UTC ( 4 months ago ) View latest
Antivirus Result Update
Ad-Aware Gen:Variant.Inject.12 20181121
AegisLab Trojan.Win32.Inject.4!c 20181121
AhnLab-V3 Trojan/Win32.Kryptik.C2847911 20181121
ALYac Gen:Variant.Inject.12 20181121
Avast Win32:Trojan-gen 20181121
AVG Win32:Trojan-gen 20181121
Avira (no cloud) TR/Injector.jhnem 20181121
BitDefender Gen:Variant.Inject.12 20181121
CrowdStrike Falcon (ML) malicious_confidence_90% (W) 20181022
Cybereason malicious.16b28c 20180225
Cylance Unsafe 20181121
eGambit Unsafe.AI_Score_97% 20181121
Emsisoft Gen:Variant.Inject.12 (B) 20181121
Endgame malicious (high confidence) 20181108
ESET-NOD32 a variant of Win32/GenKryptik.CRTA 20181121
F-Secure Gen:Variant.Inject.12 20181121
Fortinet W32/Trojan.FPST!tr 20181121
GData Gen:Variant.Inject.12 20181121
Sophos ML heuristic 20181108
Kaspersky Trojan.Win32.Chapak.bhky 20181121
Malwarebytes Trojan.MalPack.VB 20181121
MAX malware (ai score=100) 20181121
McAfee Trojan-FPST!46F5D0D16B28 20181121
McAfee-GW-Edition BehavesLike.Win32.CryptDoma.fm 20181121
Microsoft Trojan:Win32/Occamy.C 20181121
eScan Gen:Variant.Inject.12 20181121
Palo Alto Networks (Known Signatures) generic.ml 20181121
Panda Trj/GdSda.A 20181120
Qihoo-360 HEUR/QVM10.2.572F.Malware.Gen 20181121
Rising Downloader.Vigorf!8.F626 (CLOUD) 20181121
Symantec ML.Attribute.HighConfidence 20181121
TrendMicro TROJ_GEN.F0C2C00KL18 20181121
TrendMicro-HouseCall TROJ_GEN.F0C2C00KL18 20181121
VBA32 BScope.Trojan.Pushdo 20181121
Webroot W32.Trojan.Gen 20181121
ZoneAlarm by Check Point Trojan.Win32.Chapak.bhky 20181121
Alibaba 20180921
Antiy-AVL 20181121
Arcabit 20181121
Avast-Mobile 20181121
Babable 20180918
Baidu 20181121
Bkav 20181121
CAT-QuickHeal 20181121
ClamAV 20181121
CMC 20181121
Comodo 20181121
Cyren 20181121
DrWeb 20181121
F-Prot 20181121
Ikarus 20181121
Jiangmin 20181121
K7AntiVirus 20181121
K7GW 20181121
Kingsoft 20181121
NANO-Antivirus 20181121
SentinelOne (Static ML) 20181011
Sophos AV 20181121
SUPERAntiSpyware 20181121
Symantec Mobile Insight 20181121
TACHYON 20181121
Tencent 20181121
TheHacker 20181118
TotalDefense 20181121
Trustlook 20181121
VIPRE 20181121
ViRobot 20181121
Yandex 20181119
Zillya 20181121
Zoner 20181121
The file being studied is a Portable Executable file! More specifically, it is a Win32 EXE file for the Windows GUI subsystem.
FileVersionInfo properties
PE header basic information
Target machine Intel 386 or later processors and compatible processors
Compilation timestamp 2017-11-25 17:19:35
Entry Point 0x00008327
Number of sections 5
PE sections
PE imports
ReportEventW
GetEnhMetaFileHeader
FillPath
BitBlt
GetStdHandle
GetConsoleOutputCP
FreeEnvironmentStringsA
DeleteCriticalSection
GetCurrentProcess
GetConsoleMode
GetLocaleInfoA
LocalAlloc
FreeEnvironmentStringsW
GetLocaleInfoW
SetStdHandle
GetCPInfo
GetStringTypeA
WriteFile
GetSystemTimeAsFileTime
HeapReAlloc
GetStringTypeW
LocalFree
InitializeCriticalSection
TlsGetValue
SetLastError
IsDebuggerPresent
ExitProcess
GetModuleFileNameA
EnumSystemLocalesA
UnhandledExceptionFilter
InterlockedDecrement
MultiByteToWideChar
GetModuleHandleA
SetUnhandledExceptionFilter
TerminateProcess
WriteConsoleA
GlobalAlloc
FindAtomA
GetCurrentThreadId
InterlockedIncrement
WriteConsoleW
InitializeCriticalSectionAndSpinCount
HeapFree
EnterCriticalSection
SetHandleCount
TerminateThread
GetOEMCP
QueryPerformanceCounter
GetTickCount
TlsAlloc
FlushFileBuffers
LoadLibraryA
RtlUnwind
GetStartupInfoA
AddAtomA
GetUserDefaultLCID
AddAtomW
IsValidLocale
GetProcAddress
GetFileType
TlsSetValue
CreateFileA
HeapAlloc
LeaveCriticalSection
GetLastError
LCMapStringW
GetConsoleCP
LCMapStringA
GetEnvironmentStringsW
FindFirstChangeNotificationW
EnumTimeFormatsW
GetEnvironmentStrings
GetCurrentProcessId
GetCurrentDirectoryA
HeapSize
GetCommandLineA
RaiseException
TlsFree
SetFilePointer
CloseHandle
GetACP
GetModuleHandleW
GetSystemTimeAdjustment
WideCharToMultiByte
IsValidCodePage
HeapCreate
VirtualFree
WriteConsoleOutputCharacterA
Sleep
VirtualAlloc
CreateWindowExA
PeekMessageA
LoadIconA
SetParent
BeginPaint
GetMessageExtraInfo
GetDlgCtrlID
ScrollWindow
SetThreadDesktop
GetAltTabInfoW
GetRawInputDeviceInfoW
Number of PE resources by type
RT_ICON 6
RT_ACCELERATOR 1
ROJUDE 1
RT_VERSION 1
RT_GROUP_ICON 1
Number of PE resources by language
SERBIAN DEFAULT 10
PE resources
ExifTool file metadata
UninitializedDataSize
0

LinkerVersion
9.0

ImageVersion
0.0

FileVersionNumber
7.0.0.0

LanguageCode
Unknown (457A)

FileFlagsMask
0x004f

ImageFileCharacteristics
Executable, Large address aware, 32-bit, System file

CharacterSet
Unknown (A56B)

InitializedDataSize
377856

EntryPoint
0x8327

MIMEType
application/octet-stream

LegalCopyright
Copyright (C) 2018, iomicslusge

FileVersion
1.6.5.1

TimeStamp
2017:11:25 18:19:35+01:00

FileType
Win32 EXE

PEType
PE32

InternalName
ubetebmi

ProductVersion
1.0.0.1

SubsystemVersion
5.0

OSVersion
5.0

FileOS
Unknown (0x40534)

Subsystem
Windows GUI

MachineType
Intel 386 or later, and compatibles

CodeSize
101888

FileSubtype
0

ProductVersionNumber
3.0.0.0

FileTypeExtension
exe

ObjectFileType
Executable application

File identification
MD5 46f5d0d16b28cfd0a92deebf0055642a
SHA1 64fd9ba87fa18459fec392781cf57b44f413eaea
SHA256 f57c3d8d0f34fb6c8c53d55570a278b3b5bee3727ae81a11e19f07d89acb51eb
ssdeep
1536:WoFaj2NV2/Jqu42sD1Je9xsEYtkGstZeY1jhHeI05wX5agCYjevWRyFMqIDHcf:WoFaj2NVzubTze3505KYaWYiqIDHc

authentihash ff42905f9f0afd8c558e2f254bc27c17c15e9cc044416f885f344e6052f39474
imphash 44fbc9c4762092b6b91557840c65fef4
File size 312.0 KB ( 319488 bytes )
File type Win32 EXE
Magic literal
PE32 executable for MS Windows (GUI) Intel 80386 32-bit system file

TrID Win32 Executable MS Visual C++ (generic) (41.0%)
Win64 Executable (generic) (36.3%)
Win32 Dynamic Link Library (generic) (8.6%)
Win32 Executable (generic) (5.9%)
OS/2 Executable (generic) (2.6%)
Tags
peexe

VirusTotal metadata
First submission 2018-11-20 22:04:12 UTC ( 4 months ago )
Last submission 2018-11-28 02:47:36 UTC ( 3 months, 3 weeks ago )
File names 46f5d0d16b28cfd0a92deebf0055642a
f57c3d8d0f34fb6c8c53d55570a278b3b5bee3727ae81a11e19f07d89acb51eb_s.exe
s.exe
No comments. No VirusTotal Community member has commented on this item yet, be the first one to do so!

Leave your comment...

?
Post comment

You have not signed in. Only registered users can leave comments, sign in and have a voice!

No votes. No one has voted on this item yet, be the first one to do so!
Condensed report! The following is a condensed report of the behaviour of the file when executed in a controlled environment. The actions and events described were either performed by the file itself or by any other process launched by the executed file or subjected to code injection by the executed file.
Opened files
Read files
Created mutexes
Opened mutexes
Opened service managers
Opened services
Runtime DLLs
HTTP requests
TCP connections