× Cookies are disabled! This site requires cookies to be enabled to work properly
SHA256: f90827388b49fda103b04ef93b808141c0552ab974b9aaabd02c22bb0de61ca7
File name: 54bf738d4c7b3be0dc774be24661426c.virus
Detection ratio: 65 / 68
Analysis date: 2017-11-27 18:17:08 UTC ( 1 year, 3 months ago ) View latest
Antivirus Result Update
Ad-Aware Trojan.Delf.Agent.AH 20171127
AegisLab Troj.W32.Gen.lnLt 20171127
AhnLab-V3 Trojan/Win32.Injector.R5297 20171127
ALYac Trojan.Delf.Agent.AH 20171127
Antiy-AVL Trojan[Backdoor]/Win32.Xtreme.bqj 20171127
Arcabit Trojan.Delf.Agent.AH 20171127
Avast Win32:Malware-gen 20171127
AVG Win32:Malware-gen 20171127
Avira (no cloud) BDS/Backdoor.Gen5 20171127
AVware Trojan.Win32.Xpack.a (v) 20171127
Baidu Win32.Backdoor.Agent.ag 20171127
BitDefender Trojan.Delf.Agent.AH 20171127
Bkav W32.FeylarmQ.Trojan 20171127
CAT-QuickHeal Backdoor.Xtrat.AA8 20171127
ClamAV Win.Trojan.Agent-36788 20171127
CMC Backdoor.Win32.Xtrat.1!O 20171126
Comodo TrojWare.Win32.Kryptik.BTN 20171127
CrowdStrike Falcon (ML) malicious_confidence_100% (D) 20171016
Cybereason malicious.1b8fb7 20171103
Cylance Unsafe 20171127
Cyren W32/Xtrat.A.gen!Eldorado 20171127
DrWeb BackDoor.Siggen.52725 20171127
eGambit Trojan.Generic 20171127
Emsisoft Trojan.Delf.Agent.AH (B) 20171127
Endgame malicious (moderate confidence) 20171024
ESET-NOD32 Win32/AutoRun.Remtasu.E 20171127
F-Prot W32/Xtrat.A.gen!Eldorado 20171127
F-Secure Rogue:W32/FakeAv.BI 20171127
Fortinet W32/Sasfis.BZMX!tr 20171127
GData Win32.Backdoor.Xtrat.L 20171127
Ikarus Trojan-Spy.Win32.KeyLogger 20171127
Sophos ML heuristic 20170914
Jiangmin TrojanSpy.Keylogger.grj 20171127
K7AntiVirus Trojan ( 0038dcf91 ) 20171127
K7GW Trojan ( 0038dcf91 ) 20171127
Kaspersky Backdoor.Win32.Xtreme.bqj 20171127
Malwarebytes Trojan.Agent 20171127
MAX malware (ai score=81) 20171127
McAfee GenericRXAA-EO!54BF738D4C7B 20171127
McAfee-GW-Edition BehavesLike.Win32.Generic.nc 20171127
Microsoft Backdoor:Win32/Xtrat.A 20171127
eScan Trojan.Delf.Agent.AH 20171127
NANO-Antivirus Trojan.Win32.Sasfis.dzcfs 20171127
nProtect Trojan/W32.Sasfis.33792.P 20171127
Panda Trj/Keylogger.GM 20171127
Qihoo-360 HEUR/QVM11.1.7841.Malware.Gen 20171127
Rising Backdoor.Xtrat!1.6A25 (CLASSIC) 20171127
SentinelOne (Static ML) static engine - malicious 20171113
Sophos AV Mal/SillyFDC-A 20171127
SUPERAntiSpyware Trojan.Agent/Gen-CryptedInstaller 20171127
Symantec W32.Extrat!gen1 20171127
Tencent Trojan.Win32.Injector.r 20171127
TheHacker Trojan/Remtasu.a 20171126
TotalDefense Win32/Sipay.ADC 20171127
TrendMicro TSPY_KEYLOG.SMC 20171127
TrendMicro-HouseCall TSPY_KEYLOG.SMC 20171127
VBA32 Backdoor.Xtreme 20171127
VIPRE Trojan.Win32.Xpack.a (v) 20171127
ViRobot Backdoor.Win32.Xtreme.Gen 20171127
Webroot System.Monitor.Ardamax.Keylogge 20171127
WhiteArmor Malware.HighConfidence 20171104
Yandex Trojan.Agent!UOk6gm5UPxU 20171120
Zillya Trojan.Sasfis.Win32.18817 20171124
ZoneAlarm by Check Point HEUR:Trojan.Win32.Generic 20171127
Zoner Trojan.Remtasu.F 20171127
Alibaba 20171127
Avast-Mobile 20171127
Kingsoft 20171127
Palo Alto Networks (Known Signatures) 20171127
Symantec Mobile Insight 20171124
Trustlook 20171127
The file being studied is a Portable Executable file! More specifically, it is a Win32 EXE file for the Windows GUI subsystem.
FileVersionInfo properties
Packers identified
F-PROT UPX
PEiD UPX 2.90 [LZMA] -> Markus Oberhumer, Laszlo Molnar & John Reiser
PE header basic information
Target machine Intel 386 or later processors and compatible processors
Compilation timestamp 1992-06-19 22:22:17
Entry Point 0x0004B900
Number of sections 3
PE sections
PE imports
VirtualFree
ExitProcess
VirtualProtect
LoadLibraryA
VirtualAlloc
GetProcAddress
URLDownloadToCacheFileW
RegCloseKey
NtUnmapViewOfSection
SysFreeString
SHGetMalloc
SHDeleteKeyW
CharNextW
FtpPutFileW
Number of PE resources by type
RT_RCDATA 3
Number of PE resources by language
NEUTRAL 3
PE resources
ExifTool file metadata
MIMEType
application/octet-stream

Subsystem
Windows GUI

MachineType
Intel 386 or later, and compatibles

FileTypeExtension
exe

TimeStamp
1992:06:19 23:22:17+01:00

FileType
Win32 EXE

PEType
PE32

CodeSize
32768

LinkerVersion
2.25

ImageFileCharacteristics
No relocs, Executable, No line numbers, No symbols, Bytes reversed lo, 32-bit, Bytes reversed hi

EntryPoint
0x4b900

InitializedDataSize
4096

SubsystemVersion
4.0

ImageVersion
0.0

OSVersion
4.0

UninitializedDataSize
274432

File identification
MD5 54bf738d4c7b3be0dc774be24661426c
SHA1 cc940e82e0290d4884056e1d8282f82a18752b7d
SHA256 f90827388b49fda103b04ef93b808141c0552ab974b9aaabd02c22bb0de61ca7
ssdeep
768:KMuijtHf5g7/IIG3bGcYDBSvFIWuePQtv66lOYVJ2/PbHiSIr:3NW71rcYDAWeotvXlXwi

authentihash 276c5b8fc59681f23affccfca61cec11159f1a03714e834098637f8c2f6de420
imphash e0f7991d50ceee521d7190effa3c494e
File size 33.0 KB ( 33792 bytes )
File type Win32 EXE
Magic literal
PE32 executable for MS Windows (GUI) Intel 80386 32-bit

TrID UPX compressed Win32 Executable (38.2%)
Win32 EXE Yoda's Crypter (37.5%)
Win32 Dynamic Link Library (generic) (9.2%)
Win32 Executable (generic) (6.3%)
OS/2 Executable (generic) (2.8%)
Tags
peexe upx

VirusTotal metadata
First submission 2017-11-27 18:17:08 UTC ( 1 year, 3 months ago )
Last submission 2019-03-22 13:31:48 UTC ( 1 day, 7 hours ago )
File names server.jpg
VirusShare_54bf738d4c7b3be0dc774be24661426c
54bf738d4c7b3be0dc774be24661426c.virus
54bf738d4c7b3be0dc774be24661426c
No comments. No VirusTotal Community member has commented on this item yet, be the first one to do so!

Leave your comment...

?
Post comment

You have not signed in. Only registered users can leave comments, sign in and have a voice!

No votes. No one has voted on this item yet, be the first one to do so!
Condensed report! The following is a condensed report of the behaviour of the file when executed in a controlled environment. The actions and events described were either performed by the file itself or by any other process launched by the executed file or subjected to code injection by the executed file.
Opened files
Read files
Deleted files
Created processes
Created mutexes
Opened mutexes
Opened service managers
Opened services
Runtime DLLs
DNS requests
UDP communications