× Les cookies sont désactivés ! Ce site exige que les cookies soient activés pour fonctionner correctement
SHA256: f39397b95460f3c04810955b8ab5fb40fcc1c1d96431f1b0d70dde4207f746bc
Nom du fichier : wincfg32svc.exe
Ratio de détection : 50 / 70
Date d'analyse : 2019-01-18 04:10:17 UTC (il y a 4 jours, 17 heures)
Antivirus Résultat Mise à jour
Ad-Aware Trojan.GenericKD.40923313 20190118
AhnLab-V3 Trojan/Win32.Gandcrab.R251233 20190118
Antiy-AVL Trojan/Win32.Diple 20190118
Arcabit Trojan.Generic.D27070B1 20190118
Avast Win32:Trojan-gen 20190118
AVG Win32:Trojan-gen 20190118
Avira (no cloud) HEUR/AGEN.1038142 20190117
BitDefender Trojan.GenericKD.40923313 20190118
CAT-QuickHeal Trojan.Multi 20190117
Comodo Malware@#70hxub1kz6zb 20190118
CrowdStrike Falcon (ML) malicious_confidence_70% (W) 20181023
Cybereason malicious.e2cb82 20190109
Cylance Unsafe 20190118
Cyren W32/Trojan.WHOD-9093 20190118
DrWeb Trojan.Packed2.41404 20190118
Emsisoft Trojan.Crypt (A) 20190118
Endgame malicious (high confidence) 20181108
ESET-NOD32 a variant of Win32/Kryptik.GOJT 20190118
F-Secure Trojan.GenericKD.40923313 20190118
Fortinet W32/Kryptik.GOJT!tr 20190118
GData Trojan.GenericKD.40923313 20190118
Ikarus Trojan.Win32.Crypt 20190117
Sophos ML heuristic 20181128
Jiangmin Worm.LovGate.fm 20190118
K7AntiVirus Riskware ( 0040eff71 ) 20190117
K7GW Riskware ( 0040eff71 ) 20190117
Kaspersky Email-Worm.Win32.LovGate.ito 20190118
Malwarebytes Trojan.MalPack.GS 20190118
MAX malware (ai score=100) 20190118
McAfee RDN/Generic.hbg 20190118
McAfee-GW-Edition RDN/Generic.hbg 20190118
Microsoft Trojan:Win32/Occamy.C 20190118
eScan Trojan.GenericKD.40923313 20190118
NANO-Antivirus Trojan.Win32.Packed2.flxcch 20190118
Palo Alto Networks (Known Signatures) generic.ml 20190118
Panda Trj/GdSda.A 20190117
Qihoo-360 Win32/Trojan.PSW.50e 20190118
Rising Malware.Obscure/Heur!1.9E03 (CLOUD) 20190118
Sophos AV Mal/Kryptik-DG 20190117
Symantec Trojan.Gen.2 20190117
Tencent Win32.Worm-email.Lovgate.Akom 20190118
Trapmine malicious.moderate.ml.score 20190103
TrendMicro TROJ_GEN.R049C0WA919 20190118
TrendMicro-HouseCall TrojanSpy.Win32.FAREIT.SMKC.hp 20190118
VBA32 BScope.Trojan.Chapak 20190117
VIPRE Trojan.Win32.Generic!BT 20190118
ViRobot Trojan.Win32.Agent.152576.Z 20190117
Webroot W32.Adware.Installcore 20190118
Yandex I-Worm.LovGate!NPdsjdu6E7k 20190117
ZoneAlarm by Check Point Email-Worm.Win32.LovGate.ito 20190118
Acronis 20190117
AegisLab 20190118
Alibaba 20180921
Avast-Mobile 20190117
Babable 20180918
Baidu 20190117
Bkav 20190117
ClamAV 20190118
CMC 20190117
eGambit 20190118
F-Prot 20190118
Kingsoft 20190118
SentinelOne (Static ML) 20181223
SUPERAntiSpyware 20190116
TACHYON 20190118
TheHacker 20190115
TotalDefense 20190117
Trustlook 20190118
Zillya 20190117
Zoner 20190118
The file being studied is a Portable Executable file! More specifically, it is a Win32 EXE file for the Windows GUI subsystem.
FileVersionInfo properties
PE header basic information
Target machine Intel 386 or later processors and compatible processors
Compilation timestamp 2017-09-14 21:06:29
Entry Point 0x0000612B
Number of sections 5
PE sections
PE imports
InitiateSystemShutdownA
SetSecurityDescriptorControl
GetSecurityDescriptorControl
GetSecurityDescriptorDacl
GetUserNameA
LookupPrivilegeNameA
EndPath
FillPath
GetStdHandle
GetConsoleOutputCP
GetDriveTypeA
FreeEnvironmentStringsA
DeleteCriticalSection
GetCurrentProcess
GetConsoleMode
GetLocaleInfoA
GetFileInformationByHandle
GetLocaleInfoW
SetStdHandle
GetCPInfo
GetStringTypeA
WriteFile
GetSystemTimeAsFileTime
GetThreadTimes
HeapReAlloc
GetStringTypeW
InitializeCriticalSection
TlsGetValue
SetLastError
IsDebuggerPresent
ExitProcess
GetModuleFileNameA
SetProcessWorkingSetSize
EnumSystemLocalesA
UnhandledExceptionFilter
InterlockedDecrement
MultiByteToWideChar
SetUnhandledExceptionFilter
TerminateProcess
WriteConsoleA
GlobalAlloc
LocalFileTimeToFileTime
GetCurrentThreadId
InterlockedIncrement
WriteConsoleW
CreateToolhelp32Snapshot
InitializeCriticalSectionAndSpinCount
HeapFree
EnterCriticalSection
SetHandleCount
TerminateThread
LoadLibraryW
GetOEMCP
QueryPerformanceCounter
GetTickCount
SetConsoleTextAttribute
TlsAlloc
VirtualProtect
FlushFileBuffers
LoadLibraryA
RtlUnwind
GetStartupInfoA
GetCommProperties
SetCommMask
CreateDirectoryW
GetProcAddress
FreeEnvironmentStringsW
lstrcpyA
GetProcessWorkingSetSize
IsValidLocale
DuplicateHandle
GetUserDefaultLCID
EscapeCommFunction
GetProcessAffinityMask
GetFileType
TlsSetValue
CreateFileA
HeapAlloc
LeaveCriticalSection
GetLastError
LCMapStringW
GetConsoleCP
LCMapStringA
SetProcessShutdownParameters
GetEnvironmentStringsW
GetEnvironmentStrings
GetCurrentProcessId
WideCharToMultiByte
HeapSize
GetCommandLineA
RaiseException
TlsFree
SetFilePointer
ReadFile
CloseHandle
GetACP
GetModuleHandleW
IsValidCodePage
HeapCreate
VirtualFree
Sleep
SetComputerNameExW
VirtualAlloc
TransparentBlt
GetScrollRange
GetFocus
PostMessageW
GetPropA
SetScrollRange
WinHttpWriteData
Number of PE resources by type
RT_ICON 8
RT_ACCELERATOR 1
RT_VERSION 1
RT_GROUP_ICON 1
Number of PE resources by language
SWEDISH 11
PE resources
ExifTool file metadata
UninitializedDataSize
0

LinkerVersion
9.0

ImageVersion
0.0

FileVersionNumber
1.0.0.0

LanguageCode
Unknown (457A)

FileFlagsMask
0x004f

ImageFileCharacteristics
Executable, Large address aware, 32-bit

CharacterSet
Unknown (A56B)

InitializedDataSize
103936

EntryPoint
0x612b

MIMEType
application/octet-stream

TimeStamp
2017:09:14 22:06:29+01:00

FileType
Win32 EXE

PEType
PE32

InternalName
letehex.exe

ProductVersion
9.7.9.58

SubsystemVersion
5.1

OSVersion
5.1

FileOS
Unknown (0x40534)

Subsystem
Windows GUI

MachineType
Intel 386 or later, and compatibles

CodeSize
81408

FileSubtype
0

ProductVersionNumber
1.0.0.0

FileTypeExtension
exe

ObjectFileType
Executable application

Execution parents
File identification
MD5 eb30145e2cb82687f8dac728be1e4b91
SHA1 f909075462557ba9be6a849494e7b14ef11ea810
SHA256 f39397b95460f3c04810955b8ab5fb40fcc1c1d96431f1b0d70dde4207f746bc
ssdeep
3072:neumxOfRq25fjfcKgUKH9N4yu5h1rquNcm4OyUP9ZrLHh:neuA3iBg4ysrqFm7

authentihash beefadbbdc13ed5da0f0fc098b8904cd54d5c2108e4a44ed6b4ffce4f2d69cc8
imphash 6e40d2222ed85778d3442af6e6c759fb
File size 175.0 KB ( 179200 bytes )
File type Win32 EXE
Magic literal
PE32 executable for MS Windows (GUI) Intel 80386 32-bit

TrID Win32 EXE PECompact compressed (generic) (34.7%)
Win32 Executable MS Visual C++ (generic) (26.1%)
Win64 Executable (generic) (23.1%)
Win32 Dynamic Link Library (generic) (5.5%)
Win32 Executable (generic) (3.7%)
Tags
peexe

VirusTotal metadata
First submission 2019-01-08 08:18:17 UTC (il y a 2 semaines)
Last submission 2019-01-08 08:18:17 UTC (il y a 2 semaines)
Noms du fichier 4130822678.exe
4.exe
1000816492.exe
3086113627.exe
1863916757.exe
2614042443.exe
2874413889.exe
3056525727.exe
2733317431.exe
1669839923.exe
3672536014.exe
2805342167.exe
2[1].exe
2924539556.exe
2690520678.exe
4105117993.exe
2410219502.exe
2576910278.exe
3405831392.exe
2708718851.exe
3782020064.exe
1947728890.exe
3986313289.exe
2946831310.exe
2554015472.exe
Advanced heuristic and reputation engines
Aucun commentaire. Aucun membre de la communauté VirusTotal n'a encore commenté cet élément, soyez le premier à le faire !

Laissez votre commentaire...

?
Poster un commentaire

Vous n'êtes pas connecté. Seuls les utilisateurs enregistrés peuvent laisser des commentaires, connectez-vous pour commenter !

Aucun vote. Personne n'a encore voté pour cet élément, soyez le premier à le faire !
Condensed report! The following is a condensed report of the behaviour of the file when executed in a controlled environment. The actions and events described were either performed by the file itself or by any other process launched by the executed file or subjected to code injection by the executed file.
Opened files
Copied files
Deleted files
Created processes
Created mutexes
Opened mutexes
Runtime DLLs
DNS requests