× Cookies are disabled! This site requires cookies to be enabled to work properly
SHA256: fd630b999bda6ccd94747d8c33869c3bfb20a0ab546464821a67509d2a79d38a
File name: liter.exe
Detection ratio: 31 / 70
Analysis date: 2019-01-12 04:50:17 UTC ( 3 months ago ) View latest
Antivirus Result Update
Ad-Aware Trojan.GenericKD.40936758 20190112
AegisLab Trojan.Multi.Generic.4!c 20190111
Arcabit Trojan.Generic.D270A536 20190112
Avast Win32:Malware-gen 20190112
AVG Win32:Malware-gen 20190112
BitDefender Trojan.GenericKD.40936758 20190112
CrowdStrike Falcon (ML) malicious_confidence_60% (W) 20181023
Cylance Unsafe 20190112
Emsisoft Trojan.GenericKD.40936758 (B) 20190112
Endgame malicious (high confidence) 20181108
ESET-NOD32 a variant of Win32/Kryptik.GONH 20190112
Fortinet W32/Kryptik.GONH!tr 20190112
GData Win32.Trojan-Downloader.SmokeLoader.0YZVMD 20190112
Sophos ML heuristic 20181128
K7AntiVirus Riskware ( 0040eff71 ) 20190111
K7GW Riskware ( 0040eff71 ) 20190112
Kaspersky Trojan.Win32.Agentb.jixv 20190112
Malwarebytes Trojan.MalPack.GS 20190112
McAfee RDN/Generic.hbg 20190112
McAfee-GW-Edition BehavesLike.Win32.Trojan.dh 20190112
Microsoft Trojan:Win32/Fuerboos.C!cl 20190112
eScan Trojan.GenericKD.40936758 20190112
Palo Alto Networks (Known Signatures) generic.ml 20190112
Qihoo-360 Win32/Trojan.6ba 20190112
Rising Malware.Obscure/Heur!1.9E03 (CLOUD) 20190112
Sophos AV Mal/Generic-S 20190112
Symantec ML.Attribute.HighConfidence 20190112
Trapmine malicious.moderate.ml.score 20190103
VBA32 BScope.Trojan.Chapak 20190111
Webroot W32.Adware.Installcore 20190112
ZoneAlarm by Check Point Trojan.Win32.Agentb.jixv 20190111
Acronis 20190111
AhnLab-V3 20190111
Alibaba 20180921
ALYac 20190112
Antiy-AVL 20190111
Avast-Mobile 20190111
Avira (no cloud) 20190112
Babable 20180918
Baidu 20190111
Bkav 20190108
CAT-QuickHeal 20190111
ClamAV 20190112
CMC 20190111
Comodo 20190112
Cybereason 20190109
Cyren 20190112
DrWeb 20190112
eGambit 20190112
F-Prot 20190112
F-Secure 20190111
Ikarus 20190112
Jiangmin 20190112
Kingsoft 20190112
MAX 20190112
NANO-Antivirus 20190112
Panda 20190111
SentinelOne (Static ML) 20181223
SUPERAntiSpyware 20190109
TACHYON 20190112
Tencent 20190112
TheHacker 20190106
TrendMicro 20190112
TrendMicro-HouseCall 20190111
Trustlook 20190112
VIPRE 20190111
ViRobot 20190111
Yandex 20190111
Zillya 20190111
Zoner 20190112
The file being studied is a Portable Executable file! More specifically, it is a Win32 EXE file for the Windows GUI subsystem.
FileVersionInfo properties
PE header basic information
Target machine Intel 386 or later processors and compatible processors
Compilation timestamp 2017-07-19 22:31:13
Entry Point 0x0000612E
Number of sections 6
PE sections
PE imports
GetSecurityDescriptorControl
GetSecurityDescriptorDacl
GetUserNameA
InitiateSystemShutdownW
LookupPrivilegeNameA
GetSecurityDescriptorLength
BeginPath
StretchBlt
FillPath
GetStdHandle
GetDriveTypeW
GetConsoleOutputCP
DeleteCriticalSection
GetCurrentProcess
GetConsoleMode
GetLocaleInfoA
LocalAlloc
GetFileInformationByHandle
GetLocaleInfoW
SetStdHandle
GetCPInfo
GetStringTypeA
WriteFile
GetSystemTimeAsFileTime
HeapReAlloc
GetStringTypeW
InitializeCriticalSection
FindFirstVolumeMountPointW
TlsGetValue
SetLastError
GetModuleFileNameW
IsDebuggerPresent
HeapAlloc
GetModuleFileNameA
SetProcessWorkingSetSize
EnumSystemLocalesA
UnhandledExceptionFilter
InterlockedDecrement
MultiByteToWideChar
SetUnhandledExceptionFilter
GetSystemTimes
TerminateProcess
WriteConsoleA
GlobalAlloc
LocalFileTimeToFileTime
GetCurrentThreadId
InterlockedIncrement
WriteConsoleW
InitializeCriticalSectionAndSpinCount
HeapFree
EnterCriticalSection
SetHandleCount
TerminateThread
GetOEMCP
QueryPerformanceCounter
GetTickCount
SetConsoleTextAttribute
TlsAlloc
FlushFileBuffers
LoadLibraryA
RtlUnwind
GetStartupInfoA
GetCommProperties
SetCommMask
GetStartupInfoW
GetUserDefaultLCID
FreeEnvironmentStringsW
lstrcpyA
IsValidLocale
DuplicateHandle
GetProcAddress
GetProcessAffinityMask
GetFileType
TlsSetValue
CreateFileA
ExitProcess
LeaveCriticalSection
GetLastError
LCMapStringW
GetConsoleCP
LCMapStringA
GetProcessTimes
GetEnvironmentStringsW
GetCurrentProcessId
GetCommandLineW
WideCharToMultiByte
HeapSize
RaiseException
TlsFree
SetFilePointer
ReadFile
CloseHandle
GetACP
GetModuleHandleW
GetSystemTimeAdjustment
IsValidCodePage
HeapCreate
VirtualFree
Sleep
SetComputerNameExW
VirtualAlloc
ShowScrollBar
SetScrollRange
DestroyIcon
GetPropW
EnableScrollBar
PostMessageW
Number of PE resources by type
RT_ICON 7
RT_STRING 4
RT_ACCELERATOR 1
RT_BITMAP 1
RT_VERSION 1
RT_GROUP_ICON 1
Number of PE resources by language
DANISH DEFAULT 15
PE resources
ExifTool file metadata
UninitializedDataSize
0

LinkerVersion
9.0

ImageVersion
0.0

FileVersionNumber
1.0.0.0

LanguageCode
Unknown (457A)

FileFlagsMask
0x004f

ImageFileCharacteristics
Executable, Large address aware, 32-bit

CharacterSet
Unknown (A56B)

InitializedDataSize
135168

EntryPoint
0x612e

MIMEType
application/octet-stream

TimeStamp
2017:07:20 00:31:13+02:00

FileType
Win32 EXE

PEType
PE32

InternalName
zumazen.exe

SubsystemVersion
5.1

OSVersion
5.1

FileOS
Unknown (0x40534)

Subsystem
Windows GUI

MachineType
Intel 386 or later, and compatibles

CodeSize
81408

FileSubtype
0

ProductVersionNumber
1.0.0.0

FileTypeExtension
exe

ObjectFileType
Executable application

Execution parents
File identification
MD5 dbba4d0f4aa3fd7ab63fd2cb3889ae57
SHA1 cc2ef1244def882303dcd16096eb4883bda1e581
SHA256 fd630b999bda6ccd94747d8c33869c3bfb20a0ab546464821a67509d2a79d38a
ssdeep
6144:julDGqweLXrN/0Mzm9L8YLx4OQLVCDlWXpp:jul/1DrN/SZDqL

authentihash e5f8d229f356cc92f6b414f4ffac2879bad4c26ca2cabf3237f18e0c92d559cc
imphash 99e49fed4f52130a5b0165ebac29bf2d
File size 205.0 KB ( 209920 bytes )
File type Win32 EXE
Magic literal
PE32 executable for MS Windows (GUI) Intel 80386 32-bit

TrID Win32 Executable MS Visual C++ (generic) (40.0%)
Win64 Executable (generic) (35.4%)
Win32 Dynamic Link Library (generic) (8.4%)
Win32 Executable (generic) (5.7%)
OS/2 Executable (generic) (2.6%)
Tags
peexe

VirusTotal metadata
First submission 2019-01-11 07:31:13 UTC ( 3 months, 1 week ago )
Last submission 2019-03-14 16:16:09 UTC ( 1 month ago )
File names liter(1).exe_
rwwfwrdu.exe
liter.exe
liter.exe
liter.exe
output.114934094.txt
Advanced heuristic and reputation engines
No comments. No VirusTotal Community member has commented on this item yet, be the first one to do so!

Leave your comment...

?
Post comment

You have not signed in. Only registered users can leave comments, sign in and have a voice!

No votes. No one has voted on this item yet, be the first one to do so!
Condensed report! The following is a condensed report of the behaviour of the file when executed in a controlled environment. The actions and events described were either performed by the file itself or by any other process launched by the executed file or subjected to code injection by the executed file.
Runtime DLLs