× Cookies are disabled! This site requires cookies to be enabled to work properly
SHA256: fc7e1b8710931a3391465a2003e95170dd18721efdf88c2086cefca5d2c4bafc
File name: 142131.exe
Detection ratio: 33 / 65
Analysis date: 2017-09-21 18:35:28 UTC ( 1 year, 4 months ago ) View latest
Antivirus Result Update
Ad-Aware Gen:Variant.Trojan.Crypt.38 20170921
AegisLab AdWare.W32.MegaSearch.m8Dm 20170921
Arcabit Trojan.Trojan.Crypt.38 20170921
Avast Win32:Malware-gen 20170921
AVG Win32:Malware-gen 20170921
Avira (no cloud) TR/AD.LockyLoader.gtsog 20170921
Baidu Win32.Trojan.WisdomEyes.16070401.9500.9947 20170921
BitDefender Gen:Variant.Trojan.Crypt.38 20170921
CrowdStrike Falcon (ML) malicious_confidence_90% (D) 20170804
Cylance Unsafe 20170921
Emsisoft Gen:Variant.Trojan.Crypt.38 (B) 20170921
Endgame malicious (high confidence) 20170821
ESET-NOD32 a variant of Win32/Injector.DRVG 20170921
F-Secure Gen:Variant.Trojan.Crypt.38 20170921
Fortinet W32/GenKryptik.AWPY!tr 20170921
GData Gen:Variant.Trojan.Crypt.38 20170921
Sophos ML heuristic 20170914
Kaspersky Trojan.Win32.Inject.agrga 20170921
Malwarebytes Trojan.Injector 20170921
MAX malware (ai score=89) 20170921
McAfee RDN/Generic.grp 20170921
McAfee-GW-Edition BehavesLike.Win32.FakeAlertSecurityTool.dc 20170921
eScan Gen:Variant.Trojan.Crypt.38 20170921
Palo Alto Networks (Known Signatures) generic.ml 20170921
Qihoo-360 HEUR/QVM10.1.FDE0.Malware.Gen 20170921
Rising Malware.Heuristic!ET#97% (RDM+:cmRtazrwFSTyTPsTJaVxvuZuwtgF) 20170921
SentinelOne (Static ML) static engine - malicious 20170806
Symantec ML.Attribute.HighConfidence 20170921
TrendMicro TSPY_EMOTET.SMD1 20170921
TrendMicro-HouseCall TSPY_EMOTET.SMD1 20170921
ViRobot Trojan.Win32.Inject.687104 20170921
Webroot W32.Rogue.Gen 20170921
ZoneAlarm by Check Point UDS:DangerousObject.Multi.Generic 20170921
AhnLab-V3 20170921
Alibaba 20170911
ALYac 20170921
Antiy-AVL 20170921
Avast-Mobile 20170921
AVware 20170921
CAT-QuickHeal 20170921
ClamAV 20170921
CMC 20170920
Comodo 20170921
Cyren 20170921
DrWeb 20170921
F-Prot 20170921
Ikarus 20170921
Jiangmin 20170921
K7AntiVirus 20170921
K7GW 20170921
Kingsoft 20170921
Microsoft 20170921
NANO-Antivirus 20170921
nProtect 20170921
Panda 20170921
Sophos AV 20170921
SUPERAntiSpyware 20170921
Symantec Mobile Insight 20170921
Tencent 20170921
TheHacker 20170921
TotalDefense 20170921
Trustlook 20170921
VBA32 20170921
VIPRE 20170921
WhiteArmor 20170829
Yandex 20170908
Zillya 20170921
Zoner 20170921
The file being studied is a Portable Executable file! More specifically, it is a Win32 EXE file for the Windows GUI subsystem.
PE header basic information
Target machine Intel 386 or later processors and compatible processors
Compilation timestamp 2017-09-20 16:28:55
Entry Point 0x00003709
Number of sections 4
PE sections
PE imports
LookupPrivilegeNameW
InitiateSystemShutdownA
OpenEventLogA
GetUserNameW
GetLastError
InitializeCriticalSectionAndSpinCount
HeapFree
IsProcessorFeaturePresent
EnterCriticalSection
LCMapStringW
TerminateThread
LoadLibraryW
GetConsoleCP
GetExitCodeProcess
QueryPerformanceCounter
IsDebuggerPresent
GetSystemWow64DirectoryA
TlsAlloc
VirtualProtect
FlushFileBuffers
RtlUnwind
GetACP
GetStdHandle
GetProcessId
HeapAlloc
GetCurrentProcess
GetProcessIoCounters
GetStartupInfoW
GetFileType
GetConsoleMode
DecodePointer
LocalAlloc
UnhandledExceptionFilter
GetCommandLineW
WideCharToMultiByte
ExitProcess
LoadLibraryExW
MultiByteToWideChar
HeapSize
SetFilePointerEx
FreeEnvironmentStringsW
SetProcessAffinityMask
GetProcAddress
EncodePointer
GetProcessHeap
SetStdHandle
RaiseException
GetCPInfo
GetModuleFileNameW
TlsFree
GetSystemTimeAsFileTime
DeleteCriticalSection
ReadFile
SetUnhandledExceptionFilter
WriteFile
CloseHandle
GetMailslotInfo
GetSystemTimes
GetProcessWorkingSetSizeEx
HeapReAlloc
GetStringTypeW
GetModuleHandleW
GetOEMCP
TerminateProcess
GetProcessAffinityMask
GetProcessHandleCount
GetModuleHandleExW
IsValidCodePage
OutputDebugStringW
CreateFileW
GetEnvironmentStringsW
TlsGetValue
Sleep
SetLastError
ReadConsoleW
TlsSetValue
GetProcessTimes
GetCurrentThreadId
GetCurrentProcessId
WriteConsoleW
LeaveCriticalSection
Ord(180)
ShellExecuteW
SHGetDiskFreeSpaceExA
ShellAboutA
ShowScrollBar
LoadImageW
CopyImage
WinHttpCreateUrl
WinHttpCloseHandle
WinHttpOpen
Number of PE resources by type
RT_BITMAP 6
RT_ICON 3
C 1
RT_MANIFEST 1
RT_ACCELERATOR 1
RT_GROUP_ICON 1
Number of PE resources by language
NEUTRAL 13
PE resources
ExifTool file metadata
MIMEType
application/octet-stream

Subsystem
Windows GUI

MachineType
Intel 386 or later, and compatibles

FileTypeExtension
exe

TimeStamp
2017:09:20 17:28:55+01:00

FileType
Win32 EXE

PEType
PE32

CodeSize
66560

LinkerVersion
12.0

EntryPoint
0x3709

InitializedDataSize
171008

SubsystemVersion
5.1

ImageVersion
0.0

OSVersion
5.1

UninitializedDataSize
0

Compressed bundles
File identification
MD5 f83cfbd82acccfc03d58b6feaa6e0bb4
SHA1 d8616d5dceef98a67be649a5b7545a109c43563c
SHA256 fc7e1b8710931a3391465a2003e95170dd18721efdf88c2086cefca5d2c4bafc
ssdeep
3072:68ze1676/9iuxICO4+rBNw5zBZXXtKd/miu7s0xDvceWbuR74SnGv9d+J6NZkpXY:t76ViAYyjYwRMupXY

authentihash 36f0120718455cd8abe0912815bf0270ad773383605ddafa33ab5dde848efd79
imphash ecf0f952a13accbe8ad19452450083fd
File size 224.0 KB ( 229376 bytes )
File type Win32 EXE
Magic literal
PE32 executable for MS Windows (GUI) Intel 80386 32-bit

TrID Win32 Executable MS Visual C++ (generic) (42.2%)
Win64 Executable (generic) (37.3%)
Win32 Dynamic Link Library (generic) (8.8%)
Win32 Executable (generic) (6.0%)
Generic Win/DOS Executable (2.7%)
Tags
peexe

VirusTotal metadata
First submission 2017-09-21 18:35:28 UTC ( 1 year, 4 months ago )
Last submission 2017-09-21 18:35:28 UTC ( 1 year, 4 months ago )
File names 142131.exe
142131.exe
No comments. No VirusTotal Community member has commented on this item yet, be the first one to do so!

Leave your comment...

?
Post comment

You have not signed in. Only registered users can leave comments, sign in and have a voice!

No votes. No one has voted on this item yet, be the first one to do so!