× Les cookies sont désactivés ! Ce site exige que les cookies soient activés pour fonctionner correctement
SHA256: 8c653c65605b7f0ef94fd33d1aeb085a886052238be7b72e75019450cdbbcd3a
Nom du fichier : 05d4352e46eefb25f5ebbebba12c30f9
Ratio de détection : 54 / 69
Date d'analyse : 2019-02-03 07:23:56 UTC (il y a 1 mois, 2 semaines)
Antivirus Résultat Mise à jour
Acronis suspicious 20190130
Ad-Aware Trojan.GenericKD.40662643 20190203
AhnLab-V3 Trojan/Win32.Gandcrab.C2796435 20190203
ALYac Trojan.Ransom.GandCrab 20190203
Antiy-AVL Trojan/Win32.Vigorf 20190203
Arcabit Trojan.Generic.D26C7673 20190203
Avast Win32:Malware-gen 20190203
AVG Win32:Malware-gen 20190203
Avira (no cloud) TR/AD.Phorpiex.wtwnt 20190203
BitDefender Trojan.GenericKD.40662643 20190203
CAT-QuickHeal Trojan.IGENERIC 20190203
Comodo Malware@#3lnr851t2yl9g 20190203
CrowdStrike Falcon (ML) malicious_confidence_80% (W) 20181023
Cybereason malicious.e46eef 20190109
Cylance Unsafe 20190203
Cyren W32/Trojan.WYPC-6381 20190203
DrWeb Trojan.Packed2.41312 20190203
Emsisoft Trojan.GenericKD.40662643 (B) 20190203
Endgame malicious (high confidence) 20181108
ESET-NOD32 a variant of Win32/Kryptik.GMED 20190203
F-Prot W32/GandCrab.AB.gen!Eldorado 20190203
Fortinet W32/Kryptik.GMEW!tr 20190201
GData Trojan.GenericKD.40662643 20190203
Ikarus Trojan.Win32.Krypt 20190203
Sophos ML heuristic 20181128
Jiangmin Trojan.Bayrob.asww 20190203
K7AntiVirus Trojan ( 005403711 ) 20190203
K7GW Trojan ( 005403711 ) 20190203
Kaspersky HEUR:Trojan.Win32.Generic 20190203
Malwarebytes Trojan.MalPack.GS 20190203
MAX malware (ai score=100) 20190203
McAfee Trojan-FPZV!05D4352E46EE 20190203
McAfee-GW-Edition BehavesLike.Win32.BrowseFox.ch 20190202
Microsoft Trojan:Win32/Gandcrab.AF 20190203
eScan Trojan.GenericKD.40662643 20190203
NANO-Antivirus Trojan.Win32.Packed2.fjuvft 20190203
Palo Alto Networks (Known Signatures) generic.ml 20190203
Panda Trj/RnkBend.A 20190203
Qihoo-360 Win32/Trojan.a30 20190203
Rising Trojan.Kryptik!1.B4EE (CLOUD) 20190203
SentinelOne (Static ML) static engine - malicious 20190124
Sophos AV Mal/Kryptik-DD 20190203
SUPERAntiSpyware Trojan.Agent/Gen-Kryptik 20190130
Symantec Packed.Generic.525 20190203
Tencent Win32.Trojan.Raas.Auto 20190203
Trapmine malicious.high.ml.score 20190123
TrendMicro TROJ_GEN.R004C0DK118 20190203
TrendMicro-HouseCall TROJ_GEN.R004C0DK118 20190203
VBA32 Malware-Cryptor.Limpopo 20190201
ViRobot Trojan.Win32.Agent.152576.Y 20190201
Webroot W32.Adware.Installcore 20190203
Yandex Trojan.Zenpak! 20190201
Zillya Adware.Zenpak.Win32.10 20190201
ZoneAlarm by Check Point HEUR:Trojan.Win32.Generic 20190203
AegisLab 20190203
Alibaba 20180921
Avast-Mobile 20190203
Babable 20180918
Baidu 20190202
Bkav 20190201
ClamAV 20190202
CMC 20190203
eGambit 20190203
Kingsoft 20190203
TACHYON 20190203
TheHacker 20190131
TotalDefense 20190203
Trustlook 20190203
Zoner 20190202
The file being studied is a Portable Executable file! More specifically, it is a Win32 EXE file for the Windows GUI subsystem.
FileVersionInfo properties
PE header basic information
Target machine Intel 386 or later processors and compatible processors
Compilation timestamp 2017-09-04 22:28:03
Entry Point 0x000056A0
Number of sections 5
PE sections
PE imports
ReportEventW
GetLastError
InitializeCriticalSectionAndSpinCount
HeapFree
GetStdHandle
EnterCriticalSection
LCMapStringW
OutputDebugStringW
GetModuleFileNameW
GetConsoleCP
GetOEMCP
QueryPerformanceCounter
IsDebuggerPresent
GetProcessTimes
TlsAlloc
GetEnvironmentStringsW
FlushFileBuffers
GetModuleFileNameA
RtlUnwind
DuplicateHandle
GetLocalTime
GetProcessId
HeapAlloc
SetProcessWorkingSetSize
GetStartupInfoW
GetFileType
GetConsoleMode
SetConsoleCtrlHandler
GetCurrentProcessId
AddAtomA
lstrcatA
UnhandledExceptionFilter
GetCPInfo
ExitProcess
LoadLibraryExW
MultiByteToWideChar
HeapSize
SetFilePointerEx
GetFileInformationByHandle
GetCommandLineA
GetProcAddress
EncodePointer
GetProcessHeap
SetStdHandle
lstrcpyW
RaiseException
WideCharToMultiByte
TlsFree
FreeEnvironmentStringsW
GetSystemTimeAsFileTime
DeleteCriticalSection
SetUnhandledExceptionFilter
WriteFile
GetCurrentProcess
DecodePointer
CloseHandle
IsProcessorFeaturePresent
TransmitCommChar
ExitThread
HeapReAlloc
GetStringTypeW
GetModuleHandleW
GetACP
TerminateProcess
GetProcessShutdownParameters
GetModuleHandleExW
IsValidCodePage
SetComputerNameExA
CreateFileW
TlsGetValue
Sleep
SetLastError
TlsSetValue
GetTickCount
GetCurrentThreadId
VirtualAlloc
WriteConsoleW
LeaveCriticalSection
AlphaBlend
DestroyIcon
GetScrollRange
BeginPaint
SendMessageA
PeekMessageA
GetCaretPos
CopyImage
Number of PE resources by type
RT_ICON 2
RT_BITMAP 2
COSEGOGILIBOBIXAYOGACIKUYI 1
TOVIBIBO 1
XAGEVIREHUHUSEZOYIFUWU 1
YEYOJELEFUWAHOKENONOHUWUMIPUTE 1
GIDIPOKAFUSUCOJAXI 1
RT_ACCELERATOR 1
RT_VERSION 1
RT_GROUP_ICON 1
Number of PE resources by language
ENGLISH US 11
DUTCH 1
PE resources
ExifTool file metadata
UninitializedDataSize
0

InitializedDataSize
96256

ImageVersion
0.0

FileVersionNumber
7.0.0.0

LanguageCode
Unknown (457A)

FileFlagsMask
0x004f

ImageFileCharacteristics
Executable, 32-bit

CharacterSet
Unknown (A56B)

LinkerVersion
12.0

FileTypeExtension
exe

MIMEType
application/octet-stream

Subsystem
Windows GUI

FileVersion
1.0.0.12

TimeStamp
2017:09:05 00:28:03+02:00

FileType
Win32 EXE

PEType
PE32

InternalName
zwchost3.exe

ProductVersion
1.0.0.12

SubsystemVersion
5.1

OSVersion
5.1

FileOS
Unknown (0x40534)

LegalCopyright
Copyright (C) 2018, xijdienyf

MachineType
Intel 386 or later, and compatibles

CodeSize
62976

FileSubtype
0

ProductVersionNumber
3.0.0.0

EntryPoint
0x56a0

ObjectFileType
Executable application

File identification
MD5 05d4352e46eefb25f5ebbebba12c30f9
SHA1 b68554ee76d7cd37d3228464717c767c9b2544a8
SHA256 8c653c65605b7f0ef94fd33d1aeb085a886052238be7b72e75019450cdbbcd3a
ssdeep
1536:6zgQUoBkkJ0Qo5fe6T+oI9iyqX2+jcVKNs8jcdaRsm68/ObedoePG3u0QZ1VU3vJ:6zgQUsXo52M+o2+oaRsxkoee39fRDD

authentihash 4879b0cfbccedd1c782711da2cbf0a068bf9658a733043fce8834d7bc71b5464
imphash f3d34daea330ccef822eb83ec390ccc8
File size 149.0 KB ( 152576 bytes )
File type Win32 EXE
Magic literal
PE32 executable for MS Windows (GUI) Intel 80386 32-bit

TrID Win32 Executable MS Visual C++ (generic) (40.0%)
Win64 Executable (generic) (35.4%)
Win32 Dynamic Link Library (generic) (8.4%)
Win32 Executable (generic) (5.7%)
OS/2 Executable (generic) (2.6%)
Tags
peexe

VirusTotal metadata
First submission 2018-10-30 08:03:22 UTC (il y a 4 mois, 2 semaines)
Last submission 2018-11-09 04:58:18 UTC (il y a 4 mois, 1 semaine)
Noms du fichier 05d4352e46eefb25f5ebbebba12c30f9
a.exe_
vnc.exe
Aucun commentaire. Aucun membre de la communauté VirusTotal n'a encore commenté cet élément, soyez le premier à le faire !

Laissez votre commentaire...

?
Poster un commentaire

Vous n'êtes pas connecté. Seuls les utilisateurs enregistrés peuvent laisser des commentaires, connectez-vous pour commenter !

Aucun vote. Personne n'a encore voté pour cet élément, soyez le premier à le faire !
Condensed report! The following is a condensed report of the behaviour of the file when executed in a controlled environment. The actions and events described were either performed by the file itself or by any other process launched by the executed file or subjected to code injection by the executed file.
Runtime DLLs