× Cookies are disabled! This site requires cookies to be enabled to work properly
SHA256: f5f18bde881d683557e79c1cef333467c538d9c4ae80b441921327184c0656be
File name: F5F18BDE881D683557E79C1CEF333467C538D9C4AE80B441921327184C0656BE
Detection ratio: 35 / 71
Analysis date: 2019-03-07 01:45:39 UTC ( 1 month, 1 week ago ) View latest
Antivirus Result Update
Acronis suspicious 20190222
Ad-Aware Trojan.GenericKD.41072604 20190307
AhnLab-V3 Malware/Win32.Generic.C2950469 20190306
Arcabit Trojan.Generic.D272B7DC 20190306
Avast Win32:Adware-gen [Adw] 20190307
AVG Win32:Adware-gen [Adw] 20190307
Avira (no cloud) HEUR/AGEN.1010414 20190306
BitDefender Trojan.GenericKD.41072604 20190306
CrowdStrike Falcon (ML) win/malicious_confidence_100% (D) 20190212
Cybereason malicious.1f908c 20190109
Cylance Unsafe 20190307
Emsisoft Trojan.GenericKD.41072604 (B) 20190307
Endgame malicious (high confidence) 20190215
ESET-NOD32 a variant of Win32/Adware.OxyPumper.BP 20190307
F-Secure Heuristic.HEUR/AGEN.1010414 20190306
Fortinet W32/Generic.BP!tr.dldr 20190307
GData Trojan.GenericKD.41072604 20190307
Ikarus PUA.OxyPumper 20190306
Jiangmin RiskTool.BitCoinMiner.jrn 20190307
K7AntiVirus Adware ( 005460da1 ) 20190306
K7GW Adware ( 005460da1 ) 20190306
Kaspersky HEUR:Trojan-Downloader.Win32.Generic 20190306
MAX malware (ai score=100) 20190307
McAfee Artemis!41695961F908 20190307
McAfee-GW-Edition BehavesLike.Win32.Injector.dh 20190306
Microsoft Trojan:Win32/Tiggre!plock 20190307
eScan Trojan.GenericKD.41072604 20190307
Panda Trj/Genetic.gen 20190306
Rising Downloader.Generic!8.141 (CLOUD) 20190307
SentinelOne (Static ML) static engine - malicious 20190203
Sophos AV Generic PUA GJ (PUA) 20190307
Symantec ML.Attribute.HighConfidence 20190307
VBA32 suspected of Trojan.Downloader.gen.h 20190306
VIPRE Trojan.Win32.Generic!BT 20190306
ZoneAlarm by Check Point HEUR:Trojan-Downloader.Win32.Generic 20190307
AegisLab 20190307
Alibaba 20190306
ALYac 20190306
Antiy-AVL 20190307
Avast-Mobile 20190306
Babable 20180918
Baidu 20190306
Bkav 20190306
CAT-QuickHeal 20190306
ClamAV 20190306
CMC 20190306
Comodo 20190306
Cyren 20190307
DrWeb 20190307
eGambit 20190307
F-Prot 20190307
Sophos ML 20181128
Kingsoft 20190307
Malwarebytes 20190307
NANO-Antivirus 20190307
Palo Alto Networks (Known Signatures) 20190307
Qihoo-360 20190307
SUPERAntiSpyware 20190307
Symantec Mobile Insight 20190220
TACHYON 20190306
Tencent 20190307
TheHacker 20190304
TotalDefense 20190306
Trapmine 20190301
TrendMicro 20190307
TrendMicro-HouseCall 20190307
Trustlook 20190307
ViRobot 20190306
Webroot 20190307
Yandex 20190306
Zillya 20190306
Zoner 20190307
The file being studied is a Portable Executable file! More specifically, it is a Win32 EXE file for the Windows GUI subsystem.
FileVersionInfo properties
PE header basic information
Target machine Intel 386 or later processors and compatible processors
Compilation timestamp 2019-03-05 22:47:18
Entry Point 0x00016FC7
Number of sections 5
PE sections
PE imports
RegCreateKeyExW
RegDeleteValueW
RegCloseKey
RegSetValueExW
RegQueryInfoKeyW
RegEnumValueW
RegOpenKeyExW
RegCreateKeyW
RegOpenKeyW
RegQueryValueExW
GetStdHandle
FileTimeToSystemTime
WaitForSingleObject
EncodePointer
SystemTimeToTzSpecificLocalTime
DeleteCriticalSection
GetCurrentProcess
GetConsoleMode
EnumSystemLocalesW
LoadLibraryExW
FreeEnvironmentStringsW
InitializeSListHead
GetLocaleInfoW
SetStdHandle
GetFileTime
GetCPInfo
GetTempPathW
GetSystemTimeAsFileTime
HeapReAlloc
GetStringTypeW
GetOEMCP
LocalFree
FormatMessageW
OutputDebugStringW
FindClose
TlsGetValue
SetLastError
GetSystemTime
GetModuleFileNameW
IsDebuggerPresent
HeapAlloc
UnhandledExceptionFilter
InterlockedDecrement
MultiByteToWideChar
SetFilePointerEx
SetUnhandledExceptionFilter
IsProcessorFeaturePresent
DecodePointer
TerminateProcess
GetModuleHandleExW
GetCurrentThreadId
WriteConsoleW
CreateToolhelp32Snapshot
InitializeCriticalSectionAndSpinCount
HeapFree
EnterCriticalSection
GetVersionExW
GetExitCodeProcess
QueryPerformanceCounter
TlsAlloc
FlushFileBuffers
RtlUnwind
FreeLibrary
OpenProcess
GetStartupInfoW
GetUserDefaultLCID
GetProcessHeap
GetTempFileNameW
FindNextFileW
IsValidLocale
FindFirstFileExW
GetProcAddress
CreateFileW
GetFileType
TlsSetValue
ExitProcess
LeaveCriticalSection
GetLastError
LCMapStringW
GetConsoleCP
GetEnvironmentStringsW
lstrlenW
Process32NextW
SwitchToThread
GetCurrentProcessId
GetCommandLineW
WideCharToMultiByte
HeapSize
GetCommandLineA
Process32FirstW
RaiseException
TlsFree
CloseHandle
GetACP
GetModuleHandleW
GetFileAttributesExW
IsValidCodePage
WriteFile
CreateProcessW
Sleep
SysAllocStringLen
VariantClear
SysAllocString
GetErrorInfo
SysFreeString
VariantInit
UuidCreate
UuidToStringW
SHGetFolderPathW
wvsprintfW
InternetConnectW
InternetReadFile
InternetCloseHandle
HttpSendRequestW
InternetOpenW
HttpOpenRequestW
CoCreateInstance
CoUninitialize
CoInitialize
CoSetProxyBlanket
URLDownloadToFileW
Number of PE resources by type
RT_MANIFEST 1
Number of PE resources by language
ENGLISH US 1
PE resources
Debug information
ExifTool file metadata
MIMEType
application/octet-stream

Subsystem
Windows GUI

SubsystemVersion
5.1

MachineType
Intel 386 or later, and compatibles

TimeStamp
2019:03:05 23:47:18+01:00

FileType
Win32 EXE

PEType
PE32

CodeSize
189952

LinkerVersion
14.16

FileTypeExtension
exe

InitializedDataSize
105984

ImageFileCharacteristics
Executable, 32-bit

EntryPoint
0x16fc7

OSVersion
5.1

ImageVersion
0.0

UninitializedDataSize
0

File identification
MD5 41695961f908c38773c2dc1653521e57
SHA1 696646c6cdc73df1a138308be658eb63ad82ceb6
SHA256 f5f18bde881d683557e79c1cef333467c538d9c4ae80b441921327184c0656be
ssdeep
6144:wCc+cJd9KdnPiS0j4q03g5irnbZeVRAOcFzD+5fR1VYa5:wHFJd9KdnPiS0j9kggJe/WFz+7VYa5

authentihash 24729a570182938190411faf55177c6aa13c82d1b40c6be46ae8fef54821526f
imphash 4b9d26e7e9191ba2b55f7296311bded3
File size 286.5 KB ( 293376 bytes )
File type Win32 EXE
Magic literal
PE32 executable for MS Windows (GUI) Intel 80386 32-bit

TrID Win64 Executable (generic) (72.3%)
Win32 Executable (generic) (11.8%)
OS/2 Executable (generic) (5.3%)
Generic Win/DOS Executable (5.2%)
DOS Executable Generic (5.2%)
Tags
peexe

VirusTotal metadata
First submission 2019-03-06 02:45:09 UTC ( 1 month, 1 week ago )
Last submission 2019-03-06 02:45:09 UTC ( 1 month, 1 week ago )
No comments. No VirusTotal Community member has commented on this item yet, be the first one to do so!

Leave your comment...

?
Post comment

You have not signed in. Only registered users can leave comments, sign in and have a voice!

No votes. No one has voted on this item yet, be the first one to do so!
Condensed report! The following is a condensed report of the behaviour of the file when executed in a controlled environment. The actions and events described were either performed by the file itself or by any other process launched by the executed file or subjected to code injection by the executed file.
HTTP requests
DNS requests
TCP connections