× Cookies are disabled! This site requires cookies to be enabled to work properly
SHA256: f8fac9db92878b280f47fc878941453ba52fb56f0caedce74920ddfdb36a01af
File name: .
Detection ratio: 45 / 71
Analysis date: 2018-12-06 18:21:40 UTC ( 3 months, 2 weeks ago ) View latest
Antivirus Result Update
Ad-Aware Trojan.Agent.CZMZ 20181206
AhnLab-V3 Malware/Win32.Generic.C2546253 20181206
ALYac Trojan.Agent.CZMZ 20181206
Antiy-AVL Trojan/Win32.AGeneric 20181205
Arcabit Trojan.Agent.CZMZ 20181206
Avast Win32:Trojan-gen 20181206
AVG Win32:Trojan-gen 20181206
Avira (no cloud) HEUR/AGEN.1030874 20181206
BitDefender Trojan.Agent.CZMZ 20181206
CAT-QuickHeal Trojan.IcedID.S2796937 20181206
Comodo TrojWare.Win32.IcedId.E@7o1x8b 20181206
CrowdStrike Falcon (ML) malicious_confidence_70% (D) 20181022
Cybereason malicious.b3571f 20180225
Cyren W32/S-6d593769!Eldorado 20181206
DrWeb Trojan.IcedID.12 20181206
Emsisoft Trojan.Agent.CZMZ (B) 20181206
Endgame malicious (high confidence) 20181108
ESET-NOD32 a variant of Win32/Kryptik.GHDH 20181206
F-Prot W32/S-6d593769!Eldorado 20181206
F-Secure Trojan.Agent.CZMZ 20181206
Fortinet W32/GenKryptij.CRRJ!tr 20181206
GData Trojan.Agent.CZMZ 20181206
Ikarus Trojan.Agent 20181206
Sophos ML heuristic 20181128
Jiangmin Trojan.Generic.cdqav 20181206
K7AntiVirus Trojan ( 005329e71 ) 20181206
K7GW Trojan ( 005329e71 ) 20181206
Kaspersky HEUR:Trojan.Win32.Generic 20181206
Malwarebytes Trojan.Crypt 20181206
MAX malware (ai score=88) 20181206
McAfee GenericRXFO-OF!B7DF11A38A2D 20181206
McAfee-GW-Edition BehavesLike.Win32.PUPXAV.bt 20181206
eScan Trojan.Agent.CZMZ 20181206
NANO-Antivirus Trojan.Win32.IcedID.fcsgat 20181206
Panda Trj/Genetic.gen 20181206
Rising Trojan.Kryptik!8.8 (RDM+:cmRtazrkVFZv60eWX7NTij8tLyg6) 20181206
Symantec Trojan.IcedID 20181206
Trapmine malicious.high.ml.score 20181205
TrendMicro TrojanSpy.Win32.URSNIF.SMKA0.hp 20181206
TrendMicro-HouseCall TrojanSpy.Win32.URSNIF.SMKA0.hp 20181206
VBA32 BScope.Trojan.IcedID 20181206
Webroot W32.Trojan.Dropper 20181206
Yandex Trojan.PWS.IcedID! 20181204
Zillya Trojan.Kryptik.Win32.1428293 20181206
ZoneAlarm by Check Point HEUR:Trojan.Win32.Generic 20181206
AegisLab 20181206
Alibaba 20180921
Avast-Mobile 20181206
AVware 20180925
Babable 20180918
Baidu 20181206
Bkav 20181205
ClamAV 20181206
CMC 20181205
Cylance 20181206
eGambit 20181206
Kingsoft 20181206
Microsoft 20181206
Palo Alto Networks (Known Signatures) 20181206
Qihoo-360 20181206
SentinelOne (Static ML) 20181011
Sophos AV 20181206
SUPERAntiSpyware 20181205
Symantec Mobile Insight 20181204
TACHYON 20181206
Tencent 20181206
TheHacker 20181202
TotalDefense 20181206
Trustlook 20181206
VIPRE 20181206
ViRobot 20181206
Zoner 20181206
The file being studied is a Portable Executable file! More specifically, it is a Win32 EXE file for the Windows GUI subsystem.
FileVersionInfo properties
Product Count Tell
File version 8, 5, 7048, 5248
Description Count Tell
PE header basic information
Target machine Intel 386 or later processors and compatible processors
Compilation timestamp 2010-05-23 10:09:46
Entry Point 0x00023D87
Number of sections 4
PE sections
PE imports
GetLastError
IsValidCodePage
HeapFree
GetStdHandle
EnterCriticalSection
LCMapStringW
SetHandleCount
GetLocaleInfoW
LoadLibraryW
GetConsoleCP
GetOEMCP
LCMapStringA
IsDebuggerPresent
HeapAlloc
TlsAlloc
GetEnvironmentStringsW
FlushFileBuffers
GetModuleFileNameA
RtlUnwind
LoadLibraryA
DeleteCriticalSection
GetCurrentProcess
EnumSystemLocalesA
GetWindowsDirectoryW
GetConsoleMode
GetLocaleInfoA
GetCurrentProcessId
GetUserDefaultLCID
WriteConsoleW
GetCommandLineW
GetCPInfo
UnhandledExceptionFilter
TlsGetValue
MultiByteToWideChar
GetStartupInfoW
FreeEnvironmentStringsW
InitializeCriticalSectionAndSpinCount
GetProcAddress
GetStringTypeA
HeapSize
SetStdHandle
SetFilePointer
RaiseException
CreateFileA
WideCharToMultiByte
GetModuleFileNameW
TlsFree
GetModuleHandleA
ReadFile
InterlockedExchange
SetUnhandledExceptionFilter
WriteFile
GetStartupInfoA
CloseHandle
GetSystemTimeAsFileTime
IsValidLocale
GetACP
HeapReAlloc
GetStringTypeW
GetModuleHandleW
TerminateProcess
QueryPerformanceCounter
WriteConsoleA
InitializeCriticalSection
HeapCreate
VirtualFree
InterlockedDecrement
Sleep
GetFileType
GetTickCount
TlsSetValue
GetConsoleOutputCP
ExitProcess
GetCurrentThreadId
InterlockedIncrement
VirtualAlloc
GetEnvironmentVariableW
SetLastError
LeaveCriticalSection
Number of PE resources by type
RT_ICON 15
RT_DIALOG 9
RT_GROUP_ICON 1
RT_VERSION 1
RT_MANIFEST 1
Number of PE resources by language
ENGLISH US 27
PE resources
Debug information
ExifTool file metadata
CodeSize
217088

SubsystemVersion
5.0

LinkerVersion
9.0

ImageVersion
0.0

FileSubtype
0

FileVersionNumber
8.5.7048.5248

LanguageCode
English (U.S.)

FileFlagsMask
0x0000

FileDescription
Count Tell

ImageFileCharacteristics
No relocs, Executable, 32-bit

CharacterSet
Unicode

InitializedDataSize
551936

EntryPoint
0x23d87

MIMEType
application/octet-stream

FileVersion
8, 5, 7048, 5248

TimeStamp
2010:05:23 11:09:46+01:00

FileType
Win32 EXE

PEType
PE32

ProductVersion
8, 5, 7048, 5248

UninitializedDataSize
0

OSVersion
5.0

FileOS
Win32

Subsystem
Windows GUI

MachineType
Intel 386 or later, and compatibles

CompanyName
LostHat

LegalTrademarks
Count Tell

ProductName
Count Tell

ProductVersionNumber
8.5.7048.5248

FileTypeExtension
exe

ObjectFileType
Executable application

File identification
MD5 b7df11a38a2d77720294f4470bd8f0f8
SHA1 a800ed3b3571f89c9a83a46212242ce121923549
SHA256 f8fac9db92878b280f47fc878941453ba52fb56f0caedce74920ddfdb36a01af
ssdeep
12288:rH7jdSRVGMO2vvHz7PbT1uKfUACTKMbpsF3:rbjgbO6XPIojCTKMts

authentihash 23e95bd22865a0bdba34602ef9900214385f9171c12fed691ea06e40d6afd59e
imphash e6b4a8228e957b251d082030b86b2fb5
File size 702.5 KB ( 719360 bytes )
File type Win32 EXE
Magic literal
PE32 executable for MS Windows (GUI) Intel 80386 32-bit

TrID Win32 Executable MS Visual C++ (generic) (41.0%)
Win64 Executable (generic) (36.3%)
Win32 Dynamic Link Library (generic) (8.6%)
Win32 Executable (generic) (5.9%)
OS/2 Executable (generic) (2.6%)
Tags
peexe

VirusTotal metadata
First submission 2018-12-06 18:21:40 UTC ( 3 months, 2 weeks ago )
Last submission 2018-12-06 18:21:40 UTC ( 3 months, 2 weeks ago )
File names .
No comments. No VirusTotal Community member has commented on this item yet, be the first one to do so!

Leave your comment...

?
Post comment

You have not signed in. Only registered users can leave comments, sign in and have a voice!

No votes. No one has voted on this item yet, be the first one to do so!
Condensed report! The following is a condensed report of the behaviour of the file when executed in a controlled environment. The actions and events described were either performed by the file itself or by any other process launched by the executed file or subjected to code injection by the executed file.
Runtime DLLs