× Cookies are disabled! This site requires cookies to be enabled to work properly
SHA256: fa7723a946081e1e0c97ef78b44416ddbf41ee034aae7edd1713ef0470ea79f4
File name: 3851413fe074265cedd3a939e72a4b4e
Detection ratio: 32 / 67
Analysis date: 2018-09-30 21:47:54 UTC ( 6 months, 2 weeks ago ) View latest
Antivirus Result Update
Ad-Aware Gen:Variant.Graftor.520109 20180930
AhnLab-V3 Malware/Win32.Generic.C2735115 20180930
ALYac Gen:Variant.Graftor.520109 20180930
Antiy-AVL Trojan[Backdoor]/Win32.Androm 20180930
Arcabit Trojan.Graftor.D7EFAD 20180930
BitDefender Gen:Variant.Graftor.520109 20180930
CrowdStrike Falcon (ML) malicious_confidence_100% (D) 20180723
Cylance Unsafe 20180930
Emsisoft Gen:Variant.Graftor.520109 (B) 20180930
Endgame malicious (high confidence) 20180730
ESET-NOD32 a variant of Win32/Kryptik.GIHO 20180930
F-Secure Gen:Variant.Graftor.520109 20180930
Fortinet W32/Generic.AP.1B1854!tr 20180930
GData Gen:Variant.Graftor.520109 20180930
Sophos ML heuristic 20180717
Kaspersky Backdoor.Win32.Androm.qjsx 20180930
MAX malware (ai score=80) 20180930
McAfee RDN/Generic BackDoor 20180930
McAfee-GW-Edition BehavesLike.Win32.TrojanShifu.dh 20180930
Microsoft Trojan:Win32/Fuerboos.A!cl 20180930
eScan Gen:Variant.Graftor.520109 20180930
Panda Trj/GdSda.A 20180930
Qihoo-360 HEUR/QVM09.0.385B.Malware.Gen 20180930
Rising Malware.Heuristic!ET#99% (RDM+:cmRtazp6X7zdS92VnoBW0iYFpI2u) 20180930
SentinelOne (Static ML) static engine - malicious 20180926
Sophos AV Mal/Generic-S 20180930
Symantec Trojan.Gen.2 20180930
Tencent Win32.Backdoor.Androm.Ljtx 20180930
TrendMicro TROJ_GEN.R004C0WIU18 20180930
TrendMicro-HouseCall TROJ_GEN.R004C0WIU18 20180930
VBA32 BScope.Backdoor.Androm 20180928
ZoneAlarm by Check Point Backdoor.Win32.Androm.qjsx 20180925
AegisLab 20180930
Alibaba 20180921
Avast 20180930
Avast-Mobile 20180928
AVG 20180930
Avira (no cloud) 20180930
AVware 20180925
Babable 20180918
Baidu 20180930
Bkav 20180928
CAT-QuickHeal 20180930
ClamAV 20180930
CMC 20180930
Comodo 20180930
Cybereason 20180225
Cyren 20180930
DrWeb 20180930
eGambit 20180930
F-Prot 20180930
Ikarus 20180930
Jiangmin 20180930
K7AntiVirus 20180930
K7GW 20180930
Kingsoft 20180930
Malwarebytes 20180930
NANO-Antivirus 20180930
Palo Alto Networks (Known Signatures) 20180930
SUPERAntiSpyware 20180907
Symantec Mobile Insight 20180924
TACHYON 20180930
TheHacker 20180927
TotalDefense 20180930
Trustlook 20180930
VIPRE 20180930
ViRobot 20180930
Webroot 20180930
Yandex 20180927
Zillya 20180928
Zoner 20180927
The file being studied is a Portable Executable file! More specifically, it is a Win32 EXE file for the Windows GUI subsystem.
FileVersionInfo properties
PE header basic information
Target machine Intel 386 or later processors and compatible processors
Compilation timestamp 2018-09-21 13:05:49
Entry Point 0x00033524
Number of sections 3
PE sections
PE imports
CreatePalette
HeapSize
GetLastError
InitializeCriticalSection
HeapFree
GetStdHandle
EnterCriticalSection
LCMapStringW
SetHandleCount
GetLocaleInfoW
LoadLibraryW
GetVersionExW
FreeLibrary
QueryPerformanceCounter
IsDebuggerPresent
HeapAlloc
TlsAlloc
GetDateFormatA
GetEnvironmentStringsW
GetVersionExA
GetModuleFileNameA
RtlUnwind
LoadLibraryA
FreeEnvironmentStringsA
DeleteCriticalSection
GetCurrentProcess
EnumSystemLocalesA
GetEnvironmentStrings
GetLocaleInfoA
SetConsoleCtrlHandler
GetCurrentProcessId
LCMapStringA
GetCPInfo
UnhandledExceptionFilter
InterlockedDecrement
MultiByteToWideChar
FatalAppExitA
FreeEnvironmentStringsW
GetCommandLineA
GetProcAddress
SetEnvironmentVariableA
TlsFree
GetCurrentThread
CompareStringW
GetOEMCP
CompareStringA
WideCharToMultiByte
GetStringTypeA
GetModuleHandleA
GetSystemTimeAsFileTime
InterlockedExchange
SetUnhandledExceptionFilter
WriteFile
GetStartupInfoA
CloseHandle
GetTimeFormatA
IsValidLocale
GetACP
HeapReAlloc
GetStringTypeW
GetUserDefaultLCID
HeapDestroy
GetProcessHeap
TerminateProcess
GetTimeZoneInformation
IsValidCodePage
HeapCreate
VirtualFree
FindClose
TlsGetValue
Sleep
GetFileType
GetTickCount
TlsSetValue
ExitProcess
GetCurrentThreadId
InterlockedIncrement
VirtualAlloc
SetLastError
LeaveCriticalSection
OleUninitialize
CoUninitialize
CoInitialize
CoTaskMemAlloc
CreateBindCtx
OleSaveToStream
RegisterDragDrop
CLSIDFromProgID
StringFromCLSID
CoDisconnectObject
CLSIDFromString
ExifTool file metadata
MIMEType
application/octet-stream

Subsystem
Windows GUI

MachineType
Intel 386 or later, and compatibles

FileTypeExtension
exe

TimeStamp
2018:09:21 15:05:49+02:00

FileType
Win32 EXE

PEType
PE32

CodeSize
262144

LinkerVersion
9.0

ImageFileCharacteristics
No relocs, Executable, No line numbers, No symbols, Aggressive working-set trim, 32-bit, No debug

EntryPoint
0x33524

InitializedDataSize
19968

SubsystemVersion
5.0

ImageVersion
0.0

OSVersion
5.0

UninitializedDataSize
0

File identification
MD5 3851413fe074265cedd3a939e72a4b4e
SHA1 2813f6ea31f059d59543f5280aac3313399a7962
SHA256 fa7723a946081e1e0c97ef78b44416ddbf41ee034aae7edd1713ef0470ea79f4
ssdeep
6144:2xmfAczuGS3XFxd4bM4LlLO57z3rcvqtKu7:2kfA4uG4XuP52Iv

authentihash 78a2e118e72ae8c32399d41e2cb3f19c8f89a5d786b5980eb94dca17abb9b843
imphash 2532d79608e455a4d7dcb017e8f5c91e
File size 273.5 KB ( 280064 bytes )
File type Win32 EXE
Magic literal
PE32 executable for MS Windows (GUI) Intel 80386 32-bit

TrID Win32 Executable MS Visual C++ (generic) (41.0%)
Win64 Executable (generic) (36.3%)
Win32 Dynamic Link Library (generic) (8.6%)
Win32 Executable (generic) (5.9%)
OS/2 Executable (generic) (2.6%)
Tags
peexe

VirusTotal metadata
First submission 2018-09-30 21:47:54 UTC ( 6 months, 2 weeks ago )
Last submission 2018-09-30 21:47:54 UTC ( 6 months, 2 weeks ago )
No comments. No VirusTotal Community member has commented on this item yet, be the first one to do so!

Leave your comment...

?
Post comment

You have not signed in. Only registered users can leave comments, sign in and have a voice!

No votes. No one has voted on this item yet, be the first one to do so!
Condensed report! The following is a condensed report of the behaviour of the file when executed in a controlled environment. The actions and events described were either performed by the file itself or by any other process launched by the executed file or subjected to code injection by the executed file.
Opened files
Read files
Written files
Deleted files
Created processes
Shell commands
Opened mutexes
Runtime DLLs
Additional details
The file uses the IsDebuggerPresent Windows API function in order to see whether it is being debugged.