× Cookies are disabled! This site requires cookies to be enabled to work properly
SHA256: fc01e0eb70d86ea2a7f52e5c160d434087775f57e8a12be58ecd546f75234fe4
File name: 1002-cb80db9a7ff37bc23defd320304e6dcb7c65c609
Detection ratio: 50 / 68
Analysis date: 2018-06-12 00:16:33 UTC ( 1 week, 1 day ago )
Antivirus Result Update
Ad-Aware AIT:Trojan.Autoit.AGENT 20180611
AegisLab Ait.Troj.Autoit!c 20180611
AhnLab-V3 Trojan/Win32.Agentb.C2344261 20180611
ALYac AIT:Trojan.Autoit.AGENT 20180612
Antiy-AVL Trojan/Win32.Agentb 20180612
Arcabit AIT:Trojan.Autoit.AGENT 20180611
Avast Win32:Malware-gen 20180611
AVG Win32:Malware-gen 20180611
Avira (no cloud) TR/Drop.Autoit.ykamk 20180612
AVware Trojan.Win32.Generic!BT 20180612
BitDefender AIT:Trojan.Autoit.AGENT 20180611
Bkav W32.eHeur.Malware14 20180611
CAT-QuickHeal Trojan.Autoit 20180611
Comodo UnclassifiedMalware 20180611
CrowdStrike Falcon (ML) malicious_confidence_100% (W) 20180530
Cybereason malicious.ddcfff 20180225
Cylance Unsafe 20180612
Cyren W32/Trojan.UKQQ-3231 20180611
DrWeb Trojan.MulDrop7.39619 20180611
Emsisoft AIT:Trojan.Autoit.AGENT (B) 20180611
Endgame malicious (moderate confidence) 20180507
ESET-NOD32 a variant of Win32/TrojanDropper.Autoit.OD 20180612
F-Secure AIT:Trojan.Autoit.AGENT 20180611
Fortinet AutoIt/TrojanDropper.OY!tr 20180611
GData AIT:Trojan.Autoit.AGENT 20180611
Ikarus Trojan.Win32.CoinMiner 20180611
Sophos ML heuristic 20180601
Jiangmin Trojan.Scar.hm 20180611
K7AntiVirus Trojan ( 700000111 ) 20180611
K7GW Trojan ( 700000111 ) 20180612
Kaspersky Trojan.Win32.Agentb.itgv 20180611
Malwarebytes Trojan.Agent.AutoIt 20180612
MAX malware (ai score=98) 20180612
McAfee RDN/Generic Dropper 20180611
McAfee-GW-Edition BehavesLike.Win32.Ransom.jc 20180611
eScan AIT:Trojan.Autoit.AGENT 20180611
NANO-Antivirus Trojan.Win32.Drop.ewvclw 20180612
Palo Alto Networks (Known Signatures) generic.ml 20180612
Panda Trj/CI.A 20180611
Qihoo-360 Win32/Trojan.11f 20180612
SentinelOne (Static ML) static engine - malicious 20180225
Sophos AV Mal/Generic-S 20180611
Symantec Trojan Horse 20180611
Tencent Win32.Trojan.Agentb.Wqmw 20180612
VBA32 Trojan.Agentb 20180611
VIPRE Trojan.Win32.Generic!BT 20180612
Webroot W32.Trojan.Agent.Gen 20180612
Yandex Trojan.DR.Autoit!yb8DDtuZ9eo 20180609
Zillya Dropper.AutoIt.Win32.3 20180611
ZoneAlarm by Check Point Trojan.Win32.Agentb.itgv 20180611
Alibaba 20180611
Avast-Mobile 20180611
Babable 20180406
Baidu 20180611
ClamAV 20180611
CMC 20180611
eGambit 20180612
F-Prot 20180611
Kingsoft 20180612
Microsoft 20180611
Rising 20180611
SUPERAntiSpyware 20180612
Symantec Mobile Insight 20180605
TACHYON 20180611
TheHacker 20180608
TotalDefense 20180611
TrendMicro 20180611
TrendMicro-HouseCall 20180611
Trustlook 20180612
ViRobot 20180611
Zoner 20180612
The file being studied is a Portable Executable file! More specifically, it is a Win32 EXE file for the Windows GUI subsystem.
Packers identified
F-PROT UPX
PE header basic information
Target machine Intel 386 or later processors and compatible processors
Compilation timestamp 2017-10-27 12:20:25
Entry Point 0x00127DD0
Number of sections 3
PE sections
PE imports
ImageList_Remove
GetOpenFileNameW
LineTo
IcmpSendEcho
VirtualProtect
LoadLibraryA
ExitProcess
GetProcAddress
WNetUseConnectionW
VariantInit
GetProcessMemoryInfo
DragFinish
LoadUserProfileW
IsThemeActive
VerQueryValueW
FtpOpenFileW
timeGetTime
connect
CoGetObject
Number of PE resources by type
RT_ICON 11
RT_STRING 7
RT_GROUP_ICON 4
RT_MANIFEST 1
RT_MENU 1
RT_RCDATA 1
RT_VERSION 1
Number of PE resources by language
ENGLISH UK 25
NEUTRAL 1
PE resources
ExifTool file metadata
UninitializedDataSize
528384

LinkerVersion
12.0

ImageVersion
0.0

FileVersionNumber
0.0.0.0

LanguageCode
English (British)

FileFlagsMask
0x0000

CharacterSet
Unicode

InitializedDataSize
28672

EntryPoint
0x127dd0

MIMEType
application/octet-stream

TimeStamp
2017:10:27 13:20:25+01:00

FileType
Win32 EXE

PEType
PE32

SubsystemVersion
5.1

OSVersion
5.1

FileOS
Win32

Subsystem
Windows GUI

MachineType
Intel 386 or later, and compatibles

CodeSize
679936

FileSubtype
0

ProductVersionNumber
0.0.0.0

FileTypeExtension
exe

ObjectFileType
Executable application

Compressed bundles
File identification
MD5 d74e15cddcfffd02fd81209d76a2b4af
SHA1 cb80db9a7ff37bc23defd320304e6dcb7c65c609
SHA256 fc01e0eb70d86ea2a7f52e5c160d434087775f57e8a12be58ecd546f75234fe4
ssdeep
12288:ZhQbPhyc8gnRP4CxvSPmHhKx6EWP5Vxlm3PMHaFZlNmChMA6eU0qcLh+YjouP2U:ZAhycznRA02mBe6dBw3PiaFThyeU0q4t

authentihash e780c4dd7a6048f0834345dd66e3d48bbafa13669f6665b52b4301151e21ef94
imphash 712f4a29c405ecb576101d367b2180fb
File size 692.0 KB ( 708608 bytes )
File type Win32 EXE
Magic literal
PE32 executable for MS Windows (GUI) Intel 80386 32-bit

TrID UPX compressed Win32 Executable (61.2%)
Win32 Dynamic Link Library (generic) (14.8%)
Win32 Executable (generic) (10.2%)
OS/2 Executable (generic) (4.5%)
Generic Win/DOS Executable (4.5%)
Tags
peexe upx

VirusTotal metadata
First submission 2017-11-03 11:39:53 UTC ( 7 months, 2 weeks ago )
Last submission 2018-05-10 00:22:17 UTC ( 1 month, 1 week ago )
File names 1002-cb80db9a7ff37bc23defd320304e6dcb7c65c609
start.exe
No comments. No VirusTotal Community member has commented on this item yet, be the first one to do so!

Leave your comment...

?
Post comment

You have not signed in. Only registered users can leave comments, sign in and have a voice!

No votes. No one has voted on this item yet, be the first one to do so!
Condensed report! The following is a condensed report of the behaviour of the file when executed in a controlled environment. The actions and events described were either performed by the file itself or by any other process launched by the executed file or subjected to code injection by the executed file.
Opened files
Read files
Runtime DLLs
Additional details
The file uses the IsDebuggerPresent Windows API function in order to see whether it is being debugged.
UDP communications