× Cookies are disabled! This site requires cookies to be enabled to work properly
SHA256: f595baaa34a4e417b2fe74a362d70a88bf2813b2fc843d92fc98ac768d4c3f9d
File name: output.114677010.txt
Detection ratio: 38 / 70
Analysis date: 2018-12-10 10:14:02 UTC ( 5 months, 1 week ago ) View latest
Antivirus Result Update
Ad-Aware Trojan.GenericKD.40828678 20181210
AegisLab Trojan.Win32.Inject.4!c 20181210
Arcabit Trojan.Generic.D26EFF06 20181210
Avast Win32:Malware-gen 20181210
AVG Win32:Malware-gen 20181210
Avira (no cloud) TR/AD.MoksSteal.cllsv 20181209
BitDefender Trojan.GenericKD.40828678 20181210
CrowdStrike Falcon (ML) malicious_confidence_80% (D) 20181022
Cylance Unsafe 20181210
Emsisoft Trojan.GenericKD.40828678 (B) 20181210
Endgame malicious (moderate confidence) 20181108
ESET-NOD32 a variant of Win32/Injector.ECES 20181210
F-Secure Trojan.GenericKD.40828678 20181210
Fortinet W32/Injector.EBXN!tr 20181210
GData Trojan.GenericKD.40828678 20181210
Ikarus Trojan-Ransom.Win32.Zerber 20181209
Sophos ML heuristic 20181128
Jiangmin Trojan.Patchwork.i 20181210
K7GW Trojan ( 005434cc1 ) 20181210
Kaspersky Trojan.Win32.Inject.akzzd 20181210
MAX malware (ai score=85) 20181210
McAfee RDN/Generic.dx 20181210
McAfee-GW-Edition BehavesLike.Win32.Conficker.fc 20181210
Microsoft Trojan:Win32/Fuerboos.D!cl 20181210
eScan Trojan.GenericKD.40828678 20181210
NANO-Antivirus Trojan.Win32.Inject.fkyiws 20181210
Palo Alto Networks (Known Signatures) generic.ml 20181210
Panda Trj/CI.A 20181209
Rising Trojan.Injector!8.C4 (CLOUD) 20181210
SentinelOne (Static ML) static engine - malicious 20181011
Sophos AV Mal/Generic-S 20181210
Symantec ML.Attribute.HighConfidence 20181210
Tencent Win32.Trojan.Inject.Llhn 20181210
Trapmine malicious.moderate.ml.score 20181205
TrendMicro TROJ_GEN.F0C2C00L918 20181210
TrendMicro-HouseCall TROJ_GEN.F0C2C00L918 20181210
Webroot W32.Trojan.Gen 20181210
ZoneAlarm by Check Point Trojan.Win32.Inject.akzzd 20181210
AhnLab-V3 20181210
Alibaba 20180921
ALYac 20181210
Antiy-AVL 20181210
Avast-Mobile 20181209
Babable 20180918
Baidu 20181207
Bkav 20181208
CAT-QuickHeal 20181210
ClamAV 20181210
CMC 20181209
Comodo 20181210
Cybereason 20180225
Cyren 20181210
DrWeb 20181210
eGambit 20181210
F-Prot 20181210
K7AntiVirus 20181210
Kingsoft 20181210
Malwarebytes 20181210
Qihoo-360 20181210
SUPERAntiSpyware 20181205
Symantec Mobile Insight 20181207
TACHYON 20181210
TheHacker 20181202
TotalDefense 20181209
Trustlook 20181210
VBA32 20181207
VIPRE 20181210
ViRobot 20181209
Yandex 20181207
Zillya 20181208
Zoner 20181207
The file being studied is a Portable Executable file! More specifically, it is a Win32 EXE file for the Windows GUI subsystem.
FileVersionInfo properties
Packers identified
F-PROT UPX
PE header basic information
Target machine Intel 386 or later processors and compatible processors
Compilation timestamp 2018-12-08 10:47:15
Entry Point 0x000273A0
Number of sections 3
PE sections
Overlays
MD5 58e2b4670f3a4e1a9f0ade9b710fa7ba
File type data
Offset 60416
Size 260620
Entropy 7.46
PE imports
CreateBitmap
VirtualFree
ExitProcess
VirtualProtect
LoadLibraryA
VirtualAlloc
GetProcAddress
SetFormA
CoFileTimeNow
ExifTool file metadata
MIMEType
application/octet-stream

Subsystem
Windows GUI

MachineType
Intel 386 or later, and compatibles

FileTypeExtension
exe

TimeStamp
2018:12:08 11:47:15+01:00

FileType
Win32 EXE

PEType
PE32

CodeSize
61440

LinkerVersion
7.1

ImageFileCharacteristics
No relocs, Executable, No line numbers, No symbols, 32-bit

EntryPoint
0x273a0

InitializedDataSize
4096

SubsystemVersion
4.0

ImageVersion
0.0

OSVersion
4.0

UninitializedDataSize
98304

Execution parents
File identification
MD5 39875e5f8f6f31d6f94953bb94088c1b
SHA1 7ea918755aff43126b957b044b5fa4ca4249e621
SHA256 f595baaa34a4e417b2fe74a362d70a88bf2813b2fc843d92fc98ac768d4c3f9d
ssdeep
6144:Rqa7VjnRaKliSP2Re8J2AehiQxOHSERtIIEiSP2Re8J2xiSP2Re8J2m:PVjRaNk8e0yEDFpk8kK

authentihash f96a1f133322960add9e57cbca4b9caefa727e3992b9b23b55ecc1a993732a26
imphash 49a9e544a8b8d652083b671da422bae3
File size 313.5 KB ( 321036 bytes )
File type Win32 EXE
Magic literal
PE32 executable for MS Windows (GUI) Intel 80386 32-bit

TrID Win64 Executable (generic) (28.0%)
UPX compressed Win32 Executable (27.5%)
Win32 EXE Yoda's Crypter (27.0%)
Win32 Dynamic Link Library (generic) (6.6%)
Win32 Executable (generic) (4.5%)
Tags
peexe upx overlay

VirusTotal metadata
First submission 2018-12-09 11:40:42 UTC ( 5 months, 1 week ago )
Last submission 2019-01-22 07:39:48 UTC ( 3 months, 4 weeks ago )
File names 39875e5f8f6f31d6f94953bb94088c1b
security%20update.exe
d6fd.tmp.securityupdate.exe
securityupdate.exe
23d4.tmp.securityupdate.exe
output.114677010.txt
No comments. No VirusTotal Community member has commented on this item yet, be the first one to do so!

Leave your comment...

?
Post comment

You have not signed in. Only registered users can leave comments, sign in and have a voice!

No votes. No one has voted on this item yet, be the first one to do so!
Condensed report! The following is a condensed report of the behaviour of the file when executed in a controlled environment. The actions and events described were either performed by the file itself or by any other process launched by the executed file or subjected to code injection by the executed file.
Opened files
Read files
Created processes
Code injections in the following processes
Opened mutexes
Runtime DLLs