× Cookies are disabled! This site requires cookies to be enabled to work properly
SHA256: ffd513a4b8a25755215f9c4e1387b9225797edb74f10a6e387862efe11cef4df
File name: 9f45f2c62d6ca23f49c60a2670772ceb233aa6cc
Detection ratio: 37 / 68
Analysis date: 2017-11-01 13:10:07 UTC ( 1 year, 5 months ago ) View latest
Antivirus Result Update
Ad-Aware Trojan.GenericKD.12526132 20171101
AegisLab Uds.Dangerousobject.Multi!c 20171101
AhnLab-V3 Trojan/Win32.Matrix.R211708 20171101
Antiy-AVL Trojan/Win32.TSGeneric 20171101
Arcabit Trojan.Generic.DBF2234 20171101
Avast Win32:Malware-gen 20171101
AVG Win32:Malware-gen 20171101
AVware Trojan.Win32.Generic!BT 20171101
Baidu Win32.Trojan.WisdomEyes.16070401.9500.9999 20171101
BitDefender Trojan.GenericKD.12526132 20171101
CrowdStrike Falcon (ML) malicious_confidence_100% (W) 20171016
Cylance Unsafe 20171101
Cyren W32/Trojan.FZXG-4007 20171101
DrWeb Win32.HLLM.Reset.493 20171101
Emsisoft Trojan.GenericKD.12526132 (B) 20171101
Endgame malicious (high confidence) 20171024
ESET-NOD32 Win32/Spy.Zbot.ACZ 20171101
F-Secure Trojan.GenericKD.12526132 20171101
Fortinet W32/Kryptik.FYIX!tr 20171101
GData Trojan.GenericKD.12526132 20171101
Ikarus Trojan-Spy.Agent 20171101
K7GW Spyware ( 00515db01 ) 20171101
Kaspersky Trojan.Win32.Inject.ahgvk 20171101
Malwarebytes Trojan.MalPack 20171101
MAX malware (ai score=99) 20171101
McAfee Artemis!60501E5797F8 20171031
McAfee-GW-Edition BehavesLike.Win32.Gupboot.cc 20171101
eScan Trojan.GenericKD.12526132 20171101
Palo Alto Networks (Known Signatures) generic.ml 20171101
Panda Trj/GdSda.A 20171101
Rising Malware.Obscure/Heur!1.9E03 (CLASSIC) 20171101
Sophos AV Mal/Generic-S 20171101
Symantec Trojan.Gen 20171101
TrendMicro-HouseCall TROJ_GEN.R00EH0DJV17 20171101
VIPRE Trojan.Win32.Generic!BT 20171101
Webroot W32.Trojan.Emotet 20171101
ZoneAlarm by Check Point Trojan.Win32.Inject.ahgvk 20171101
Alibaba 20170911
ALYac 20171101
Avast-Mobile 20171101
Avira (no cloud) 20171101
Bkav 20171101
CAT-QuickHeal 20171101
ClamAV 20171031
CMC 20171101
Comodo 20171101
Cybereason 20170628
eGambit 20171101
F-Prot 20171101
Sophos ML 20170914
Jiangmin 20171101
K7AntiVirus 20171101
Kingsoft 20171101
Microsoft 20171101
NANO-Antivirus 20171101
nProtect 20171101
Qihoo-360 20171101
SentinelOne (Static ML) 20171019
SUPERAntiSpyware 20171101
Symantec Mobile Insight 20171101
Tencent 20171101
TheHacker 20171031
TotalDefense 20171101
TrendMicro 20171101
Trustlook 20171101
VBA32 20171101
ViRobot 20171101
WhiteArmor 20171024
Yandex 20171031
Zillya 20171101
Zoner 20171101
The file being studied is a Portable Executable file! More specifically, it is a Win32 EXE file for the Windows GUI subsystem.
FileVersionInfo properties
Copyright
Copyright (C) 2017, fghdfghsfdghdfgh

File version 1.0.0.1
PE header basic information
Target machine Intel 386 or later processors and compatible processors
Compilation timestamp 2017-10-30 19:10:18
Entry Point 0x000012B0
Number of sections 5
PE sections
PE imports
GetProcessId
GetCurrentProcess
GetProcessIoCounters
GetSystemTimes
GetProcessHandleCount
GlobalAlloc
GetExitCodeProcess
ExitProcess
TerminateProcess
GetTickCount
GetProcessWorkingSetSize
VirtualProtect
SetProcessAffinityMask
ExitThread
LoadLibraryA
SetProcessShutdownParameters
ShowScrollBar
GetScrollRange
GetPropW
EnableScrollBar
SetPropA
GetMessageExtraInfo
GetMonitorInfoA
GetCaretPos
WinHttpOpen
WinHttpConnect
WinHttpCreateUrl
Number of PE resources by type
RT_ICON 8
RT_BITMAP 5
RT_STRING 4
RT_VERSION 1
KUEGQNC 1
LUZUGAJIKEGA 1
RT_GROUP_ICON 1
Number of PE resources by language
NEUTRAL 15
ENGLISH UK 5
GAELIC SCOTTISH 1
PE resources
Debug information
ExifTool file metadata
UninitializedDataSize
0

InitializedDataSize
218624

ImageVersion
0.0

FileVersionNumber
1.0.0.1

LanguageCode
English (British)

FileFlagsMask
0x003f

ImageFileCharacteristics
Executable, 32-bit

CharacterSet
Unicode

LinkerVersion
14.0

FileTypeExtension
exe

MIMEType
application/octet-stream

Subsystem
Windows GUI

FileVersion
1.0.0.1

TimeStamp
2017:10:30 19:10:18+00:00

FileType
Win32 EXE

PEType
PE32

ProductVersion
1.0.0.1

SubsystemVersion
5.1

OSVersion
5.1

FileOS
Windows NT 32-bit

LegalCopyright
Copyright (C) 2017, fghdfghsfdghdfgh

MachineType
Intel 386 or later, and compatibles

CodeSize
1536

FileSubtype
0

ProductVersionNumber
1.0.0.1

EntryPoint
0x12b0

ObjectFileType
Executable application

File identification
MD5 60501e5797f882ad250fc35b04e8cef4
SHA1 9f45f2c62d6ca23f49c60a2670772ceb233aa6cc
SHA256 ffd513a4b8a25755215f9c4e1387b9225797edb74f10a6e387862efe11cef4df
ssdeep
3072:Tzgod3NQ0N/ZFpakaUDcF0LtsUSTJ1MfutEGknW/TGjDSsLu:4oTjAFb6jSzqSsL

authentihash 20ceba8f4bdfcbbf1439477e66d538c03e335a7dc651f0ad51bb5e419c958484
imphash 2771581b906a15e6ac0f36e8f762fd16
File size 186.0 KB ( 190464 bytes )
File type Win32 EXE
Magic literal
PE32 executable for MS Windows (GUI) Intel 80386 32-bit

TrID Win32 Dynamic Link Library (generic) (38.4%)
Win32 Executable (generic) (26.3%)
OS/2 Executable (generic) (11.8%)
Generic Win/DOS Executable (11.6%)
DOS Executable Generic (11.6%)
Tags
peexe

VirusTotal metadata
First submission 2017-10-31 04:52:10 UTC ( 1 year, 5 months ago )
Last submission 2017-11-02 09:20:10 UTC ( 1 year, 5 months ago )
File names 9f45f2c62d6ca23f49c60a2670772ceb233aa6cc
byIGZ08JFl.exe
VirusShare_60501e5797f882ad250fc35b04e8cef4
No comments. No VirusTotal Community member has commented on this item yet, be the first one to do so!

Leave your comment...

?
Post comment

You have not signed in. Only registered users can leave comments, sign in and have a voice!

No votes. No one has voted on this item yet, be the first one to do so!
Condensed report! The following is a condensed report of the behaviour of the file when executed in a controlled environment. The actions and events described were either performed by the file itself or by any other process launched by the executed file or subjected to code injection by the executed file.
Created processes
Opened mutexes
Runtime DLLs
UDP communications