× Cookies are disabled! This site requires cookies to be enabled to work properly
SHA256: fe741c7dbf97bd8b59b8540fee2705e2052c7b268021cfb6e864851d177b0d14
File name: fe741c7dbf97bd8b59b8540fee2705e2052c7b268021cfb6e864851d177b0d14
Detection ratio: 14 / 68
Analysis date: 2018-09-23 16:35:44 UTC ( 5 months, 3 weeks ago ) View latest
Antivirus Result Update
Avast FileRepMalware 20180923
AVG FileRepMalware 20180923
Bkav W32.eHeur.Malware08 20180921
CrowdStrike Falcon (ML) malicious_confidence_100% (D) 20180723
Cylance Unsafe 20180923
Endgame malicious (high confidence) 20180730
Sophos ML heuristic 20180717
Kaspersky HEUR:Trojan-Banker.Win32.NeutrinoPOS.gen 20180923
McAfee-GW-Edition BehavesLike.Win32.Generic.ch 20180923
Microsoft Trojan:Win32/Fuerboos.C!cl 20180923
Qihoo-360 HEUR/QVM10.1.0FC1.Malware.Gen 20180923
Rising Trojan.Vigorf!8.EAEA (TFE:dGZlOgETQ2tBBu0u1g) 20180923
Symantec ML.Attribute.HighConfidence 20180922
ZoneAlarm by Check Point HEUR:Trojan-Banker.Win32.NeutrinoPOS.gen 20180923
Ad-Aware 20180923
AegisLab 20180923
AhnLab-V3 20180923
Alibaba 20180921
ALYac 20180923
Antiy-AVL 20180923
Arcabit 20180923
Avast-Mobile 20180923
Avira (no cloud) 20180923
AVware 20180923
Babable 20180918
Baidu 20180914
BitDefender 20180923
CAT-QuickHeal 20180923
ClamAV 20180923
CMC 20180923
Comodo 20180923
Cybereason 20180225
Cyren 20180923
DrWeb 20180923
eGambit 20180923
Emsisoft 20180923
ESET-NOD32 20180923
F-Prot 20180923
F-Secure 20180923
Fortinet 20180923
GData 20180923
Ikarus 20180923
Jiangmin 20180923
K7AntiVirus 20180923
K7GW 20180923
Kingsoft 20180923
MAX 20180923
McAfee 20180923
eScan 20180923
NANO-Antivirus 20180923
Palo Alto Networks (Known Signatures) 20180923
Panda 20180923
SentinelOne (Static ML) 20180830
Sophos AV 20180923
SUPERAntiSpyware 20180907
Symantec Mobile Insight 20180918
TACHYON 20180922
Tencent 20180923
TheHacker 20180920
TotalDefense 20180923
TrendMicro 20180923
TrendMicro-HouseCall 20180923
Trustlook 20180923
VBA32 20180921
VIPRE 20180923
ViRobot 20180923
Webroot 20180923
Yandex 20180922
Zillya 20180922
Zoner 20180922
The file being studied is a Portable Executable file! More specifically, it is a Win32 EXE file for the Windows GUI subsystem.
PE header basic information
Target machine Intel 386 or later processors and compatible processors
Compilation timestamp 2017-12-27 08:07:32
Entry Point 0x0000160A
Number of sections 6
PE sections
PE imports
GetLastError
InitializeCriticalSectionAndSpinCount
HeapFree
GetStdHandle
EnterCriticalSection
LCMapStringW
SetHandleCount
GetModuleFileNameW
WaitForSingleObject
GetConsoleAliasW
LCMapStringA
CreateJobSet
ExitProcess
TlsAlloc
GetEnvironmentStringsW
GetModuleFileNameA
RtlUnwind
LoadLibraryA
HeapAlloc
DeleteCriticalSection
GetCurrentProcess
GetLocaleInfoA
HeapSize
LocalAlloc
GetCommandLineW
IsValidCodePage
IsDebuggerPresent
UnhandledExceptionFilter
InterlockedDecrement
MultiByteToWideChar
IsProcessInJob
FreeEnvironmentStringsW
GetCPInfo
GetProcAddress
TlsFree
GetStartupInfoW
RaiseException
WideCharToMultiByte
GetStringTypeA
GetModuleHandleA
LocalFree
SetUnhandledExceptionFilter
WriteFile
GetStartupInfoA
ResetEvent
GetSystemTimeAsFileTime
GetThreadTimes
GetACP
HeapReAlloc
GetStringTypeW
GetModuleHandleW
GetOEMCP
WriteProfileSectionA
TerminateProcess
QueryPerformanceCounter
InitializeCriticalSection
HeapCreate
SetLastError
GlobalAlloc
VirtualFree
FindAtomA
TlsGetValue
Sleep
GetFileType
TlsSetValue
GetTickCount
GetCurrentThreadId
LeaveCriticalSection
VirtualAlloc
GetCurrentProcessId
DnsHostnameToComputerNameA
InterlockedIncrement
AlphaBlend
GetWindowTextLengthA
WaitMessage
AttachThreadInput
GetWindow
SetMenuInfo
PostMessageW
CreateCursor
DrawCaption
Number of PE resources by type
AFX_DIALOG_LAYOUT 1
RT_STRING 1
RT_VERSION 1
DUFEROJUDEWOCEKODIKICISUPI 1
Number of PE resources by language
SPANISH 4
PE resources
ExifTool file metadata
UninitializedDataSize
0

LinkerVersion
9.0

ImageVersion
0.0

FileVersionNumber
7.0.0.0

LanguageCode
Unknown (457A)

FileFlagsMask
0x004f

ImageFileCharacteristics
Executable, 32-bit

CharacterSet
Unknown (A56B)

InitializedDataSize
118272

EntryPoint
0x160a

MIMEType
application/octet-stream

Subsystem
Windows GUI

FileVersion
1.0.5

TimeStamp
2017:12:27 09:07:32+01:00

FileType
Win32 EXE

PEType
PE32

SubsystemVersion
5.0

OSVersion
5.0

FileOS
Unknown (0x40534)

LegalCopyright
Copyright (C) 2017, dwjcnalw

MachineType
Intel 386 or later, and compatibles

CodeSize
43008

FileSubtype
0

ProductVersionNumber
3.0.0.0

FileTypeExtension
exe

ObjectFileType
Executable application

File identification
MD5 0b7540ae209c3b271ff4cd5dda31d2e1
SHA1 4c4f4373b8a122d51cb8a34fccdd5f60c26f0dbf
SHA256 fe741c7dbf97bd8b59b8540fee2705e2052c7b268021cfb6e864851d177b0d14
ssdeep
3072:eL9ZMJ+SRrnR8UTBVvmFKxF0c4+f0qDa:eL9uJBRV9VWcZh

authentihash 6817be62c594619a51c54719174465bda17eebd7575c9a9f1c60c57917015104
imphash 278adcf7b72cdda5fb51fab5355866d4
File size 155.5 KB ( 159232 bytes )
File type Win32 EXE
Magic literal
PE32 executable for MS Windows (GUI) Intel 80386 32-bit

TrID Win32 Executable MS Visual C++ (generic) (40.0%)
Win64 Executable (generic) (35.4%)
Win32 Dynamic Link Library (generic) (8.4%)
Win32 Executable (generic) (5.7%)
OS/2 Executable (generic) (2.6%)
Tags
peexe

VirusTotal metadata
First submission 2018-09-23 16:35:44 UTC ( 5 months, 3 weeks ago )
Last submission 2018-11-14 18:51:09 UTC ( 4 months ago )
File names 0b7540ae209c3b271ff4cd5dda31d2e1
No comments. No VirusTotal Community member has commented on this item yet, be the first one to do so!

Leave your comment...

?
Post comment

You have not signed in. Only registered users can leave comments, sign in and have a voice!

No votes. No one has voted on this item yet, be the first one to do so!
Condensed report! The following is a condensed report of the behaviour of the file when executed in a controlled environment. The actions and events described were either performed by the file itself or by any other process launched by the executed file or subjected to code injection by the executed file.
Opened files
Read files
Written files
Copied files
Deleted files
Created processes
Shell commands
Created mutexes
Opened mutexes
Opened service managers
Opened services
Runtime DLLs
HTTP requests
DNS requests
TCP connections