× ¡Las cookies están desactivadas! Esta página requiere que las cookies estén activadas para funcionar correctamente
SHA256: c24d86592c3fb9fa26c9c55448dd71083fd59f89e44697a23947d446a1fe04e7
Nombre: 9d68b5db.gxe
Detecciones: 45 / 71
Fecha de análisis: 2019-01-21 11:53:28 UTC ( hace 2 meses, 4 semanas ) Ver el más reciente
Antivirus Resultado Actualización
Acronis suspicious 20190119
Ad-Aware Trojan.GenericKD.31536293 20190121
AegisLab Trojan.Win32.Generic.4!c 20190121
AhnLab-V3 Win-Trojan/Gandcrab10.Exp 20190121
ALYac Trojan.Ransom.GandCrab 20190121
Arcabit Trojan.Generic.D1E134A5 20190121
Avast Win32:Trojan-gen 20190121
AVG Win32:Trojan-gen 20190121
Avira (no cloud) TR/AD.GandCrab.ydcjz 20190121
BitDefender Trojan.GenericKD.31536293 20190121
Comodo Malware@#32tok2sqtbi55 20190121
CrowdStrike Falcon (ML) malicious_confidence_90% (W) 20181023
Cyren W32/Trojan.XBVD-1543 20190121
DrWeb Trojan.Encoder.27048 20190121
Emsisoft Trojan.Crypt (A) 20190121
Endgame malicious (high confidence) 20181108
ESET-NOD32 a variant of Win32/Kryptik.GOSE 20190121
F-Secure Trojan.GenericKD.31536293 20190121
Fortinet W32/Kryptik.GOLP!tr 20190121
GData Trojan.GenericKD.31536293 20190121
Ikarus Trojan.Win32.Crypt 20190121
K7AntiVirus Trojan ( 00545cb91 ) 20190121
K7GW Trojan ( 00545cb91 ) 20190121
Kaspersky Trojan-Ransom.Win32.GandCrypt.heq 20190121
Malwarebytes Trojan.MalPack.GS 20190121
MAX malware (ai score=100) 20190121
McAfee RDN/Generic.grp 20190121
McAfee-GW-Edition BehavesLike.Win32.Generic.dh 20190121
Microsoft Trojan:Win32/Occamy.C 20190121
eScan Trojan.GenericKD.31536293 20190121
NANO-Antivirus Trojan.Win32.Dwn.fmcupx 20190121
Palo Alto Networks (Known Signatures) generic.ml 20190121
Panda Trj/GdSda.A 20190120
Qihoo-360 Win32/Trojan.Ransom.b3c 20190121
Rising Malware.Heuristic.MLite(100%) (AI-LITE:DgEZXLohkLMoxG0PJZUKeg) 20190121
Sophos AV Troj/Agent-BAKP 20190121
Symantec Downloader 20190121
Tencent Win32.Trojan.Gandcrypt.Hvsy 20190121
Trapmine malicious.moderate.ml.score 20190103
TrendMicro Ransom.Win32.GANDCRAB.AFJK 20190121
TrendMicro-HouseCall Ransom.Win32.GANDCRAB.AFJK 20190121
VBA32 BScope.Trojan.Fuery 20190121
VIPRE Trojan.Win32.Generic!BT 20190121
Webroot W32.Adware.Installcore 20190121
ZoneAlarm by Check Point Trojan-Ransom.Win32.GandCrypt.heq 20190121
Alibaba 20180921
Antiy-AVL 20190121
Avast-Mobile 20190121
AVware 20180925
Babable 20180918
Baidu 20190121
Bkav 20190121
CAT-QuickHeal 20190121
ClamAV 20190121
CMC 20190121
Cybereason 20190109
eGambit 20190121
F-Prot 20190121
Sophos ML 20181128
Jiangmin 20190121
Kingsoft 20190121
SentinelOne (Static ML) 20190118
SUPERAntiSpyware 20190116
TACHYON 20190121
TheHacker 20190118
TotalDefense 20190121
Trustlook 20190121
ViRobot 20190121
Yandex 20190120
Zillya 20190118
Zoner 20190121
The file being studied is a Portable Executable file! More specifically, it is a Win32 EXE file for the Windows GUI subsystem.
FileVersionInfo properties
PE header basic information
Target machine Intel 386 or later processors and compatible processors
Compilation timestamp 2017-10-24 01:01:27
Entry Point 0x00005072
Number of sections 5
PE sections
PE imports
LocalCompact
GetLastError
IsValidCodePage
HeapFree
TlsAlloc
EnterCriticalSection
LCMapStringW
SetHandleCount
GetModuleFileNameW
GlobalGetAtomNameW
GetOEMCP
LCMapStringA
IsDebuggerPresent
GetSystemWindowsDirectoryW
SetProcessShutdownParameters
SetFileApisToANSI
GetEnvironmentStringsW
GetLocaleInfoW
LoadLibraryA
RtlUnwind
GetModuleFileNameA
GetStdHandle
VirtualFree
DeleteCriticalSection
GetCurrentProcess
EnumSystemLocalesA
GetCPInfoExW
GetLocaleInfoA
SetConsoleCtrlHandler
LocalAlloc
GetUserDefaultLCID
GetCommandLineW
WideCharToMultiByte
UnhandledExceptionFilter
TlsGetValue
MultiByteToWideChar
GetStartupInfoW
FreeEnvironmentStringsW
GetCPInfo
GetProcAddress
AddAtomW
HeapSize
EnumResourceLanguagesW
CompareStringW
RaiseException
GlobalReAlloc
TlsFree
GetCurrentProcessId
SetUnhandledExceptionFilter
WriteFile
GetConsoleDisplayMode
GetStringTypeA
CloseHandle
GetSystemTimeAsFileTime
IsValidLocale
GetACP
HeapReAlloc
GetStringTypeW
GetModuleHandleW
ExitProcess
LocalFree
TerminateProcess
QueryPerformanceCounter
InitializeCriticalSectionAndSpinCount
InitializeCriticalSection
HeapCreate
GlobalAlloc
CreateProcessW
InterlockedDecrement
Sleep
GetFileType
GetTickCount
TlsSetValue
HeapAlloc
GetCurrentThreadId
LeaveCriticalSection
VirtualAlloc
GetStartupInfoA
SetLastError
InterlockedIncrement
Number of PE resources by type
RT_STRING 15
RT_ICON 10
RT_GROUP_ICON 2
Struct(241) 1
RT_ACCELERATOR 1
RT_VERSION 1
Number of PE resources by language
ENGLISH US 30
PE resources
ExifTool file metadata
UninitializedDataSize
0

InitializedDataSize
172544

ImageVersion
0.0

FileVersionNumber
1.45.8.4

LanguageCode
English (British)

FileFlagsMask
0x003f

ImageFileCharacteristics
Executable, Large address aware, 32-bit

CharacterSet
Unicode

LinkerVersion
9.0

FileTypeExtension
exe

MIMEType
application/octet-stream

FileVersion
3.5.10.32

TimeStamp
2017:10:24 03:01:27+02:00

FileType
Win32 EXE

PEType
PE32

ProductVersion
3.5.10.32

SubsystemVersion
5.0

OSVersion
5.0

FileOS
Windows NT 32-bit

Subsystem
Windows GUI

MachineType
Intel 386 or later, and compatibles

CodeSize
65536

FileSubtype
0

ProductVersionNumber
7.32.568.0

EntryPoint
0x5072

ObjectFileType
Executable application

File identification
MD5 9d68b5dbc07fc4fa6b4049f19f9a42d6
SHA1 f7ab50a0ac332b34a17a475b13cdffd745b71338
SHA256 c24d86592c3fb9fa26c9c55448dd71083fd59f89e44697a23947d446a1fe04e7
ssdeep
3072:ISWuKNLYhTMJC5GPq7bjK5yrt5BWZiRGVrCMWkCvt:I8kLYhQPSvKoRnWCjQC

authentihash b10f74ee709ab38fa927cde2f7a888277cd6d6ebde1f2d0a020f46d3f77ea721
imphash c3734a706771f1028f89ce7ae9a7a981
Tamaño del fichero 230.0 KB ( 235520 bytes )
Tipo Win32 EXE
Magic literal
PE32 executable for MS Windows (GUI) Intel 80386 32-bit

TrID Win32 Executable MS Visual C++ (generic) (41.0%)
Win64 Executable (generic) (36.3%)
Win32 Dynamic Link Library (generic) (8.6%)
Win32 Executable (generic) (5.9%)
OS/2 Executable (generic) (2.6%)
Tags
peexe

VirusTotal metadata
First submission 2019-01-17 09:51:43 UTC ( hace 3 meses )
Last submission 2019-01-21 11:53:28 UTC ( hace 2 meses, 4 semanas )
Nombres kuhl.exe
4.exe
9d68b5db.gxe
No hay comentarios. Ningún usuario ha comentado aún. ¡Sea el primero en hacerlo!

Deje su comentario...

?
Enviar comentario

No ha iniciado sesión. Solo los usuarios registrados pueden escribir comentarios.

No hay votos. Nadie ha votado aún. ¡Sea el primero!
Condensed report! The following is a condensed report of the behaviour of the file when executed in a controlled environment. The actions and events described were either performed by the file itself or by any other process launched by the executed file or subjected to code injection by the executed file.
Runtime DLLs