× Les cookies sont désactivés ! Ce site exige que les cookies soient activés pour fonctionner correctement
SHA256: 4a1ac0ef56181d66b17a7832699348708b2a4efbb70f50be762d2a239bda3a75
Nom du fichier : toofirtyless.exe
Ratio de détection : 47 / 67
Date d'analyse : 2019-03-22 05:09:15 UTC (il y a 2 mois)
Antivirus Résultat Mise à jour
Acronis suspicious 20190322
Ad-Aware Trojan.GenericKD.30623872 20190322
AegisLab Trojan.Win32.Generic.4!c 20190322
AhnLab-V3 Trojan/Win32.RansomCrypt.C2470002 20190322
Alibaba Ransom:Win32/GandCrab.c2c3421e 20190306
ALYac Backdoor.IRCBot.gen 20190322
Antiy-AVL Trojan/Win32.TSGeneric 20190322
Avira (no cloud) HEUR/AGEN.1035110 20190322
BitDefender Trojan.GenericKD.30623872 20190322
Bkav W32.WinmngrA.Trojan 20190320
CAT-QuickHeal Trojan.Mauvaise.SL1 20190320
CMC Trojan.Win32.GenM!O 20190321
Comodo TrojWare.Win32.Ransom.GandCrab.BS@7m1cww 20190322
CrowdStrike Falcon (ML) win/malicious_confidence_90% (W) 20190212
Cybereason malicious.a1b320 20190109
Cyren W32/Trojan.IMXT-7431 20190322
DrWeb Trojan.PWS.Panda.13229 20190322
Emsisoft Trojan.Generic (A) 20190322
ESET-NOD32 Win32/Phorpiex.H 20190322
F-Secure Heuristic.HEUR/AGEN.1035110 20190321
Fortinet W32/Kryptik.GFSG!tr 20190322
GData Trojan.GenericKD.30623872 20190322
Sophos ML heuristic 20190313
Jiangmin Trojan.Chapak.fl 20190322
K7AntiVirus Trojan ( 005339381 ) 20190321
K7GW Trojan ( 005339381 ) 20190322
Malwarebytes Trojan.MalPack 20190322
MAX malware (ai score=96) 20190322
McAfee Packed-FCX!5B8E159A1B32 20190322
McAfee-GW-Edition BehavesLike.Win32.Generic.mh 20190321
Microsoft Ransom:Win32/GandCrab.AC 20190322
eScan Trojan.GenericKD.30623872 20190322
NANO-Antivirus Trojan.Win32.Chapak.fajnsd 20190322
Palo Alto Networks (Known Signatures) generic.ml 20190322
Panda Trj/Genetic.gen 20190321
Qihoo-360 HEUR/QVM10.1.9161.Malware.Gen 20190322
Rising Worm.Phorpiex!8.48D (C64:YzY0OlVlhc/aiUW3) 20190322
SentinelOne (Static ML) DFI - Suspicious PE 20190317
Sophos AV Mal/Generic-S 20190322
SUPERAntiSpyware Trojan.Agent/Gen-Kryptik 20190320
Symantec Packed.Generic.525 20190322
Tencent Win32.Worm.Phorpiex.Sxys 20190322
Trapmine malicious.moderate.ml.score 20190301
VBA32 BScope.Trojan.Chapak 20190321
ViRobot Trojan.Win32.GandCrab.168448 20190322
Webroot W32.Adware.Gen 20190322
ZoneAlarm by Check Point HEUR:Trojan.Win32.Generic 20190322
Arcabit 20190321
Avast 20190323
Avast-Mobile 20190321
AVG 20190323
Babable 20180918
Baidu 20190318
ClamAV 20190323
eGambit 20190322
Endgame 20190322
F-Prot 20190323
Kingsoft 20190322
Symantec Mobile Insight 20190220
TACHYON 20190322
TheHacker 20190320
TotalDefense 20190318
TrendMicro 20190323
TrendMicro-HouseCall 20190323
Trustlook 20190322
Yandex 20190321
Zillya 20190322
Zoner 20190321
The file being studied is a Portable Executable file! More specifically, it is a Win32 EXE file for the Windows GUI subsystem.
FileVersionInfo properties
Copyright
Copyright (C) 2017, gompetzeeb

Internal name toofirtyless.exe
File version 5.0.0.0
PE header basic information
Target machine Intel 386 or later processors and compatible processors
Compilation timestamp 2018-04-17 18:29:33
Entry Point 0x00001D16
Number of sections 5
PE sections
PE imports
GetTextMetricsW
GetPolyFillMode
MaskBlt
CreateRoundRectRgn
GetDeviceGammaRamp
GetTextExtentPointW
GetLastError
InitializeCriticalSectionAndSpinCount
HeapFree
LocalLock
EnterCriticalSection
LCMapStringW
SetHandleCount
lstrlenA
LoadLibraryW
SetTapeParameters
GetOEMCP
QueryPerformanceCounter
IsDebuggerPresent
GetTickCount
TlsAlloc
GetEnvironmentStringsW
GetModuleFileNameA
RtlUnwind
GetStdHandle
IsProcessorFeaturePresent
HeapSetInformation
GetCurrentProcess
GetDriveTypeW
SetHandleInformation
GetCurrentProcessId
lstrcatA
WideCharToMultiByte
UnhandledExceptionFilter
InterlockedDecrement
MultiByteToWideChar
HeapSize
LoadModule
GetFileInformationByHandle
FindVolumeMountPointClose
GetProcAddress
EncodePointer
GetStartupInfoW
ExitProcess
GetCPInfo
GetModuleFileNameW
TlsFree
FreeEnvironmentStringsW
DeleteCriticalSection
SetUnhandledExceptionFilter
lstrcpyA
TlsSetValue
DecodePointer
GetSystemTimeAsFileTime
GetCommandLineA
PeekConsoleInputA
GetACP
HeapReAlloc
GetStringTypeW
GetModuleHandleW
SetEvent
WriteProfileSectionA
TerminateProcess
InitAtomTable
IsValidCodePage
HeapCreate
WriteFile
CreateFileW
GlobalAlloc
TlsGetValue
Sleep
GetFileType
WritePrivateProfileStringA
HeapAlloc
GetCurrentThreadId
InterlockedIncrement
SetLastError
LeaveCriticalSection
TransparentBlt
GetWindowTextA
GetDCEx
LoadCursorA
AppendMenuA
UpdateWindow
InsertMenuItemW
SetWindowsHookW
GrayStringA
CreateMDIWindowA
DrawAnimatedRects
GetWindowTextLengthW
DefWindowProcA
SetClassLongA
ClientToScreen
SetPropW
OleMetafilePictFromIconAndLabel
OleDestroyMenuDescriptor
Number of PE resources by type
RT_STRING 12
RT_BITMAP 2
RT_GROUP_CURSOR 1
RT_ICON 1
LIJ 1
YAJE 1
POREJE 1
WEZOPIZUSUMOKOTUCAWOZIBI 1
RT_CURSOR 1
RT_VERSION 1
RT_GROUP_ICON 1
Number of PE resources by language
NEUTRAL 23
PE resources
ExifTool file metadata
UninitializedDataSize
0

LinkerVersion
10.0

ImageVersion
0.0

FileVersionNumber
1.3.0.6

LanguageCode
English (British)

FileFlagsMask
0x001f

ImageFileCharacteristics
Executable, 32-bit

CharacterSet
Unicode

InitializedDataSize
76288

EntryPoint
0x1d16

MIMEType
application/octet-stream

LegalCopyright
Copyright (C) 2017, gompetzeeb

FileVersion
5.0.0.0

TimeStamp
2018:04:17 18:29:33+00:00

FileType
Win32 EXE

PEType
PE32

InternalName
toofirtyless.exe

ProductVersion
12.0.0.0

SubsystemVersion
5.1

OSVersion
5.1

FileOS
Windows NT 32-bit

Subsystem
Windows GUI

MachineType
Intel 386 or later, and compatibles

CodeSize
19456

FileSubtype
0

ProductVersionNumber
1.3.0.6

FileTypeExtension
exe

ObjectFileType
Executable application

Execution parents
File identification
MD5 5b8e159a1b320ca912199595721035f2
SHA1 9e0ebad1ae0b4ad5dc77dcf7c336af2e98ca6e80
SHA256 4a1ac0ef56181d66b17a7832699348708b2a4efbb70f50be762d2a239bda3a75
ssdeep
1536:tb4Re0AhuUaGwVuax+Zdiq/lzxa3yIdGJfWKM7FAbCRwfP:QNdlGwVtxydiq/jaCBNWLbw

authentihash 4e615784f5eed690f4ac8c4ecce361226c71a0abd77b1c970bea79f5e35b387d
imphash 6e74aa3fc7e83ad24745704ee763b3ff
File size 88.0 KB ( 90112 bytes )
File type Win32 EXE
Magic literal
PE32 executable for MS Windows (GUI) Intel 80386 32-bit

TrID Win32 Executable MS Visual C++ (generic) (64.5%)
Win32 Dynamic Link Library (generic) (13.6%)
Win32 Executable (generic) (9.3%)
OS/2 Executable (generic) (4.1%)
Generic Win/DOS Executable (4.1%)
Tags
peexe

VirusTotal metadata
First submission 2018-04-17 22:02:29 UTC (il y a 1 an, 1 mois)
Last submission 2018-08-29 12:05:48 UTC (il y a 8 mois, 4 semaines)
Noms du fichier DeviceConfigManager.exe
winmgr.exe
winmgr.exe
4a1ac0ef56181d66b17a7832699348708b2a4efbb70f50be762d2a239bda3a75
output.113133743.txt
flareFile
toofirtyless.exe
ttttt.exe
Aucun commentaire. Aucun membre de la communauté VirusTotal n'a encore commenté cet élément, soyez le premier à le faire !

Laissez votre commentaire...

?
Poster un commentaire

Vous n'êtes pas connecté. Seuls les utilisateurs enregistrés peuvent laisser des commentaires, connectez-vous pour commenter !

Aucun vote. Personne n'a encore voté pour cet élément, soyez le premier à le faire !
Condensed report! The following is a condensed report of the behaviour of the file when executed in a controlled environment. The actions and events described were either performed by the file itself or by any other process launched by the executed file or subjected to code injection by the executed file.
HTTP requests
TCP connections