× Cookies are disabled! This site requires cookies to be enabled to work properly
SHA256: f7b20bfdcc0e85ead1da4ba73358ab61a3cad1e6ae3dec2516ee2942edb8eac4
File name: 2876.exe
Detection ratio: 17 / 66
Analysis date: 2018-05-24 22:54:01 UTC ( 9 months ago ) View latest
Antivirus Result Update
Avast FileRepMalware 20180524
AVG FileRepMalware 20180524
Baidu Win32.Trojan.WisdomEyes.16070401.9500.9999 20180524
BitDefender Trojan.GenericKDZ.44200 20180524
Cylance Unsafe 20180524
Emsisoft Trojan.GenericKDZ.44200 (B) 20180524
Endgame malicious (high confidence) 20180507
ESET-NOD32 a variant of Win32/Kryptik.GHBV 20180524
Fortinet W32/GenKryptik.BTIX!tr 20180524
Sophos ML heuristic 20180503
Malwarebytes Spyware.PasswordStealer 20180524
MAX malware (ai score=82) 20180524
eScan Trojan.GenericKDZ.44200 20180524
Qihoo-360 HEUR/QVM20.1.630E.Malware.Gen 20180524
SentinelOne (Static ML) static engine - malicious 20180225
Sophos AV Mal/EncPk-ANX 20180524
Symantec ML.Attribute.HighConfidence 20180524
Ad-Aware 20180524
AegisLab 20180524
AhnLab-V3 20180524
Alibaba 20180524
ALYac 20180524
Antiy-AVL 20180524
Arcabit 20180524
Avast-Mobile 20180524
Avira (no cloud) 20180524
AVware 20180524
Babable 20180406
Bkav 20180524
CAT-QuickHeal 20180524
ClamAV 20180521
CMC 20180524
Comodo 20180524
CrowdStrike Falcon (ML) 20180202
Cybereason None
Cyren 20180524
DrWeb 20180524
eGambit 20180524
F-Prot 20180524
F-Secure 20180524
GData 20180524
Ikarus 20180524
Jiangmin 20180524
K7AntiVirus 20180524
K7GW 20180524
Kaspersky 20180524
Kingsoft 20180524
McAfee 20180524
McAfee-GW-Edition 20180524
Microsoft 20180524
NANO-Antivirus 20180524
nProtect 20180524
Palo Alto Networks (Known Signatures) 20180524
Panda 20180524
Rising 20180524
SUPERAntiSpyware 20180524
Symantec Mobile Insight 20180522
Tencent 20180524
TheHacker 20180524
TotalDefense 20180524
TrendMicro 20180524
TrendMicro-HouseCall 20180524
Trustlook 20180524
VBA32 20180524
VIPRE 20180524
ViRobot 20180524
Webroot 20180524
Yandex 20180524
Zillya 20180524
ZoneAlarm by Check Point 20180524
Zoner 20180524
The file being studied is a Portable Executable file! More specifically, it is a Win32 EXE file for the Windows GUI subsystem.
PE header basic information
Target machine Intel 386 or later processors and compatible processors
Compilation timestamp 2028-12-25 04:27:37
Entry Point 0x00001E86
Number of sections 4
PE sections
PE imports
GetUserNameA
CertOpenSystemStoreA
CertGetCertificateChain
CreateWaitableTimerW
GetNumberFormatA
LocalHandle
FlsGetValue
GetComputerNameExW
FindVolumeMountPointClose
FlsFree
FindFirstVolumeW
LZSeek
VarUI4FromUI8
SetActivePwrScheme
SetupDiGetDeviceInstanceIdW
SHCopyKeyW
SHSetValueW
StrCpyNW
GetAncestor
waveOutGetErrorTextW
GetPrinterDataExW
WintrustRemoveActionID
SCardForgetCardTypeW
SCardDisconnect
STGMEDIUM_UserMarshal
OleConvertOLESTREAMToIStorage
Number of PE resources by type
RT_VERSION 1
Number of PE resources by language
JAPANESE DEFAULT 1
PE resources
ExifTool file metadata
UninitializedDataSize
0

LinkerVersion
12.164

ImageVersion
0.0

FileVersionNumber
1.0.124.0

LanguageCode
Japanese

FileFlagsMask
0x003f

CharacterSet
Unicode

InitializedDataSize
188416

EntryPoint
0x1e86

MIMEType
application/octet-stream

TimeStamp
2028:12:25 05:27:37+01:00

FileType
Win32 EXE

PEType
PE32

SubsystemVersion
5.0

OSVersion
5.0

FileOS
Win32

Subsystem
Windows GUI

MachineType
Intel 386 or later, and compatibles

CompanyName
25 4 3

CodeSize
0

FileSubtype
0

ProductVersionNumber
24.0.55.0

FileTypeExtension
exe

ObjectFileType
Dynamic link library

File identification
MD5 522c4e5e3cc1b545960746154354d9c9
SHA1 678716d313db9f99b1bb6163c6b4af7c6d177df5
SHA256 f7b20bfdcc0e85ead1da4ba73358ab61a3cad1e6ae3dec2516ee2942edb8eac4
ssdeep
1536:IZJFW0yZ4xCI1vkzv06L1SjXysCBcUK7x2WZV59KRjt:I/sI1oMM1sXysCcUDWZCjt

authentihash fa3bf5b4be0103c67b66f568c1010f7b2ae0c6ce3bfacdb6174cc9f5a2fa3003
imphash 09980dba84398e3c6f769f5b6d6a8643
File size 200.0 KB ( 204800 bytes )
File type Win32 EXE
Magic literal
PE32 executable for MS Windows (GUI) Intel 80386 32-bit system file

TrID Win32 Dynamic Link Library (generic) (38.4%)
Win32 Executable (generic) (26.3%)
OS/2 Executable (generic) (11.8%)
Generic Win/DOS Executable (11.6%)
DOS Executable Generic (11.6%)
Tags
peexe

VirusTotal metadata
First submission 2018-05-24 22:54:01 UTC ( 9 months ago )
Last submission 2018-05-28 09:59:24 UTC ( 8 months, 3 weeks ago )
File names 96df793dbd48a4c1ee219100424cdca3f1dccb7c
96860.exe
2876.exe
No comments. No VirusTotal Community member has commented on this item yet, be the first one to do so!

Leave your comment...

?
Post comment

You have not signed in. Only registered users can leave comments, sign in and have a voice!

No votes. No one has voted on this item yet, be the first one to do so!