× Cookies are disabled! This site requires cookies to be enabled to work properly
SHA256: fb9bc507b7f351aa19b50f5a55a35be9cce122beb1ed23e2612849ed2e5655e0
File name: windows.exe
Detection ratio: 48 / 67
Analysis date: 2018-04-09 21:10:19 UTC ( 1 year ago ) View latest
Antivirus Result Update
Ad-Aware Gen:Variant.Kazy.252581 20180409
AhnLab-V3 Spyware/Win32.Recam.R216767 20180409
ALYac Gen:Variant.Kazy.252581 20180409
Antiy-AVL Trojan/Win32.TSGeneric 20180409
Arcabit Trojan.Kazy.D3DAA5 20180409
Avast Win32:Malware-gen 20180409
AVG Win32:Malware-gen 20180409
Avira (no cloud) TR/Spy.Gen 20180409
Baidu Win32.Trojan.WisdomEyes.16070401.9500.9997 20180409
BitDefender Gen:Variant.Kazy.252581 20180409
Bkav W32.TisetoLTH.Trojan 20180409
Comodo TrojWare.Win32.Weecnaw.A 20180409
CrowdStrike Falcon (ML) malicious_confidence_100% (D) 20170201
Cylance Unsafe 20180409
Cyren W32/Fsysna.C.gen!Eldorado 20180409
DrWeb BackDoor.Wirenet.351 20180409
Emsisoft Gen:Variant.Kazy.252581 (B) 20180409
Endgame malicious (high confidence) 20180403
ESET-NOD32 a variant of Win32/Spy.Weecnaw.A 20180409
F-Prot W32/Fsysna.C.gen!Eldorado 20180409
F-Secure Gen:Variant.Kazy.252581 20180409
Fortinet W32/Generic.AP.ABA36!tr 20180409
GData Gen:Variant.Kazy.252581 20180409
Ikarus Trojan-Spy.Agent 20180409
Sophos ML heuristic 20180121
Jiangmin TrojanSpy.Recam.bqa 20180409
K7AntiVirus Spyware ( 004b89b01 ) 20180409
K7GW Spyware ( 004b89b01 ) 20180409
Kaspersky HEUR:Trojan.Win32.Generic 20180409
Malwarebytes Backdoor.NetWiredRC 20180409
MAX malware (ai score=83) 20180409
McAfee GenericRXCN-CE!0CBE4AFBFB90 20180409
McAfee-GW-Edition BehavesLike.Win32.Generic.mh 20180408
Microsoft TrojanSpy:Win32/Loyeetro.B!bit 20180409
eScan Gen:Variant.Kazy.252581 20180409
NANO-Antivirus Trojan.Win32.Wirenet.esoevx 20180409
nProtect Trojan-Spy/W32.Recam.91136.E 20180409
Palo Alto Networks (Known Signatures) generic.ml 20180409
Panda Trj/Genetic.gen 20180409
Qihoo-360 HEUR/QVM20.1.6461.Malware.Gen 20180409
Rising Spyware.Weecnaw!8.14E (TFE:2:s75Fr1FCArI) 20180409
SentinelOne (Static ML) static engine - malicious 20180225
Sophos AV Mal/Recam-A 20180409
Symantec Infostealer 20180409
TheHacker Trojan/Spy.Weecnaw.a 20180404
VBA32 TrojanSpy.Recam 20180409
Zillya Trojan.Recam.Win32.2139 20180409
ZoneAlarm by Check Point HEUR:Trojan.Win32.Generic 20180409
AegisLab 20180409
Alibaba 20180409
Avast-Mobile 20180409
AVware 20180409
CAT-QuickHeal 20180409
ClamAV 20180409
CMC 20180409
Cybereason None
eGambit 20180409
Kingsoft 20180409
SUPERAntiSpyware 20180409
Symantec Mobile Insight 20180406
Tencent 20180409
TotalDefense 20180409
TrendMicro 20180409
TrendMicro-HouseCall 20180409
Trustlook 20180409
VIPRE 20180409
ViRobot 20180409
Webroot 20180409
WhiteArmor 20180408
Yandex 20180408
Zoner 20180409
The file being studied is a Portable Executable file! More specifically, it is a Win32 EXE file for the Windows GUI subsystem.
PE header basic information
Target machine Intel 386 or later processors and compatible processors
Compilation timestamp 2017-09-03 19:50:03
Entry Point 0x000022CA
Number of sections 4
PE sections
PE imports
RegDeleteKeyA
CryptReleaseContext
RegCloseKey
CryptAcquireContextA
RegEnumValueA
CryptGetHashParam
RegQueryValueExA
RegSetValueExA
RegDeleteValueA
RegCreateKeyExA
RegOpenKeyExA
CryptHashData
RegEnumKeyExA
CryptDestroyHash
CryptCreateHash
CryptUnprotectData
DeleteDC
SelectObject
GetDIBits
BitBlt
CreateCompatibleDC
DeleteObject
CreateCompatibleBitmap
CreateToolhelp32Snapshot
GetSystemTime
GetLastError
EnterCriticalSection
PeekNamedPipe
ReadFile
Process32First
FileTimeToSystemTime
GetFileAttributesA
GetDriveTypeA
ExitProcess
GetVersionExA
GetModuleFileNameA
LoadLibraryA
GetLocalTime
CreatePipe
GetStartupInfoA
GetVolumeInformationA
GetCurrentProcessId
OpenProcess
CreateDirectoryA
DeleteFileA
ReleaseMutex
SetErrorMode
Process32Next
GetCommandLineA
GetProcAddress
GetSystemInfo
CreateMutexA
WideCharToMultiByte
SetFilePointer
FindFirstFileA
WriteFile
CloseHandle
GetComputerNameA
FindNextFileA
TerminateProcess
SetFileAttributesA
FreeLibrary
LocalFree
MoveFileA
GetDiskFreeSpaceExA
ResumeThread
CreateProcessA
GetLogicalDriveStringsA
InitializeCriticalSection
FindClose
Sleep
GetTickCount
GetFileAttributesExA
CreateFileA
GetProcessTimes
GetCurrentThreadId
LeaveCriticalSection
NetWkstaGetInfo
NetApiBufferFree
SHFileOperationA
GetMessageA
MapVirtualKeyA
GetForegroundWindow
EnumWindows
keybd_event
PostQuitMessage
DefWindowProcA
ShowWindow
GetSystemMetrics
DispatchMessageA
TranslateMessage
GetDC
RegisterClassExA
ReleaseDC
SetWindowTextA
GetKeyNameTextA
mouse_event
IsWindowVisible
SendMessageA
ToAscii
SetCursorPos
CreateWindowExA
GetKeyboardState
GetDesktopWindow
GetWindowTextA
GetKeyState
__WSAFDIsSet
gethostname
socket
setsockopt
recv
send
WSACleanup
WSAStartup
gethostbyname
select
ioctlsocket
WSAGetLastError
shutdown
ntohs
inet_ntoa
htons
closesocket
WSAIoctl
connect
strchr
getenv
_vsnprintf
fwrite
_vscprintf
fgetpos
fclose
malloc
free
fsetpos
strcat
fgets
_filelengthi64
_beginthreadex
realloc
calloc
fflush
fopen
strcpy
fread
ExifTool file metadata
MIMEType
application/octet-stream

Subsystem
Windows GUI

SubsystemVersion
4.0

MachineType
Intel 386 or later, and compatibles

TimeStamp
2017:09:03 20:50:03+01:00

FileType
Win32 EXE

PEType
PE32

CodeSize
75776

LinkerVersion
2.25

FileTypeExtension
exe

InitializedDataSize
14336

ImageFileCharacteristics
No relocs, Executable, No line numbers, No symbols, 32-bit, No debug

EntryPoint
0x22ca

OSVersion
4.0

ImageVersion
1.0

UninitializedDataSize
26624

File identification
MD5 0cbe4afbfb90a94fb7e7faeb7ce668d8
SHA1 70b8d31e0aa94480f21dbf8655b2d2f8d9acba13
SHA256 fb9bc507b7f351aa19b50f5a55a35be9cce122beb1ed23e2612849ed2e5655e0
ssdeep
1536:AsOrUazrEh/mPmJTDslBjQx1XcbjyS548cC1fG928OfuDGw:AsOQ2QmPwTDsM1XcbjyccC1fb8uw

authentihash d3079580810074638915a05fa9450a7eb67dc7c973c5875aaacc37164b144f19
imphash 8e97a1515090baa46f52cf0ff6a6d12f
File size 89.0 KB ( 91136 bytes )
File type Win32 EXE
Magic literal
PE32 executable for MS Windows (GUI) Intel 80386 32-bit

TrID Win32 Executable MS Visual C++ (generic) (39.9%)
Win64 Executable (generic) (35.4%)
Win32 Dynamic Link Library (generic) (8.4%)
Win32 Executable (generic) (5.7%)
Win16/32 Executable Delphi generic (2.6%)
Tags
peexe

VirusTotal metadata
First submission 2018-04-09 21:10:19 UTC ( 1 year ago )
Last submission 2018-05-24 12:31:03 UTC ( 11 months ago )
File names windows.exe
No comments. No VirusTotal Community member has commented on this item yet, be the first one to do so!

Leave your comment...

?
Post comment

You have not signed in. Only registered users can leave comments, sign in and have a voice!

No votes. No one has voted on this item yet, be the first one to do so!
Condensed report! The following is a condensed report of the behaviour of the file when executed in a controlled environment. The actions and events described were either performed by the file itself or by any other process launched by the executed file or subjected to code injection by the executed file.
Opened files
Written files
Created mutexes
Runtime DLLs
DNS requests