× Kolačići su onemogućeni. Ovo web-mesto zahtijeva kolačiće kako bi normalno funkcioniralo
SHA256: 7a63ab0e4e9750c01d6695d1c554c90d91a25ed382ccbd9e3e1160611f4bf0bc
Ime datoteke: Unzip__918768pa51mcib9f.exe
Omjer otkrivanja: 26 / 71
Datum analize: 2019-03-06 03:06:46 UTC (prije 2 mjeseci, 2 tjedna)
Antivirus Rezultat Ažuriranje
Acronis suspicious 20190222
AhnLab-V3 Malware/Win32.Generic.C2950469 20190305
Avast Win32:Evo-gen [Susp] 20190306
AVG Win32:Evo-gen [Susp] 20190306
Avira (no cloud) HEUR/AGEN.1010414 20190306
CrowdStrike Falcon (ML) win/malicious_confidence_100% (D) 20190212
Cybereason malicious.8f7f06 20190109
Cylance Unsafe 20190306
Endgame malicious (high confidence) 20190215
ESET-NOD32 a variant of Win32/Adware.OxyPumper.BP 20190306
F-Secure Heuristic.HEUR/AGEN.1010414 20190306
Ikarus Trojan-Downloader.Win32.Adload 20190305
Sophos ML heuristic 20181128
Jiangmin RiskTool.BitCoinMiner.jrn 20190306
Kaspersky HEUR:Trojan-Downloader.Win32.Generic 20190306
Malwarebytes Adware.AdLoad 20190306
McAfee-GW-Edition BehavesLike.Win32.Generic.fh 20190305
Microsoft TrojanDownloader:Win32/Krldon 20190306
Palo Alto Networks (Known Signatures) generic.ml 20190306
Panda Trj/Genetic.gen 20190303
Rising Downloader.Krldon!8.10814 (CLOUD) 20190306
SentinelOne (Static ML) static engine - malicious 20190203
Symantec ML.Attribute.HighConfidence 20190305
TrendMicro-HouseCall TROJ_GEN.R020H01C519 20190306
VBA32 BScope.Trojan.CoinMiner 20190305
ZoneAlarm by Check Point HEUR:Trojan-Downloader.Win32.Generic 20190306
Ad-Aware 20190306
AegisLab 20190306
Alibaba 20180921
ALYac 20190306
Antiy-AVL 20190306
Arcabit 20190306
Avast-Mobile 20190305
Babable 20180918
Baidu 20190215
BitDefender 20190306
Bkav 20190304
CAT-QuickHeal 20190304
ClamAV 20190305
CMC 20190305
Comodo 20190306
Cyren 20190306
DrWeb 20190306
eGambit 20190306
Emsisoft 20190306
F-Prot 20190306
Fortinet 20190306
GData 20190306
K7AntiVirus 20190304
K7GW 20190306
Kingsoft 20190306
MAX 20190306
McAfee 20190306
eScan 20190306
NANO-Antivirus 20190306
Qihoo-360 20190306
Sophos AV 20190306
SUPERAntiSpyware 20190227
Symantec Mobile Insight 20190220
TACHYON 20190306
Tencent 20190306
TheHacker 20190304
TotalDefense 20190305
Trapmine 20190301
TrendMicro 20190305
Trustlook 20190306
VIPRE 20190305
ViRobot 20190305
Webroot 20190306
Yandex 20190305
Zillya 20190304
Zoner 20190306
The file being studied is a Portable Executable file! More specifically, it is a Win32 EXE file for the Windows GUI subsystem.
FileVersionInfo properties
PE header basic information
Target machine Intel 386 or later processors and compatible processors
Compilation timestamp 2019-03-05 22:45:04
Entry Point 0x0001FDD7
Number of sections 5
PE sections
PE imports
RegCreateKeyExW
RegDeleteValueW
RegCloseKey
RegSetValueExW
RegQueryInfoKeyW
GetUserNameW
RegEnumValueW
RegOpenKeyExW
RegCreateKeyW
RegOpenKeyW
RegQueryValueExW
GetStdHandle
FileTimeToSystemTime
WaitForSingleObject
EncodePointer
GetLocalTime
DeleteCriticalSection
GetCurrentProcess
GetConsoleMode
EnumSystemLocalesW
ExitProcess
LoadLibraryExW
FreeEnvironmentStringsW
InitializeSListHead
GetLocaleInfoW
SetStdHandle
GetFileTime
GetCPInfo
GetTempPathW
GetSystemTimeAsFileTime
HeapReAlloc
GetStringTypeW
GetOEMCP
LocalFree
FormatMessageW
OutputDebugStringW
FindClose
TlsGetValue
SetLastError
GetSystemTime
CopyFileW
GetModuleFileNameW
IsDebuggerPresent
HeapAlloc
UnhandledExceptionFilter
InterlockedDecrement
MultiByteToWideChar
SystemTimeToTzSpecificLocalTime
SetFilePointerEx
SetUnhandledExceptionFilter
IsProcessorFeaturePresent
DecodePointer
TerminateProcess
GetModuleHandleExW
GetVersion
WriteConsoleW
CreateToolhelp32Snapshot
InitializeCriticalSectionAndSpinCount
HeapFree
EnterCriticalSection
GetVersionExW
GetExitCodeProcess
QueryPerformanceCounter
TlsAlloc
FlushFileBuffers
RtlUnwind
FreeLibrary
OpenProcess
GetStartupInfoW
GetUserDefaultLCID
GetProcessHeap
GetTempFileNameW
CompareStringW
FindNextFileW
IsValidLocale
FindFirstFileExW
GetProcAddress
CreateFileW
GetFileType
TlsSetValue
GetCurrentThreadId
LeaveCriticalSection
GetLastError
LCMapStringW
GetConsoleCP
GetEnvironmentStringsW
lstrlenW
Process32NextW
SwitchToThread
GetCurrentProcessId
GetCommandLineW
WideCharToMultiByte
HeapSize
GetCommandLineA
Process32FirstW
RaiseException
TlsFree
CloseHandle
GetACP
GetModuleHandleW
GetFileAttributesExW
IsValidCodePage
WriteFile
CreateProcessW
Sleep
SysAllocStringLen
VariantClear
SysAllocString
GetErrorInfo
SysFreeString
VariantInit
UuidCreate
UuidToStringW
SHGetFolderPathW
ShellExecuteW
wvsprintfW
InternetConnectW
InternetReadFile
InternetCloseHandle
HttpSendRequestW
InternetOpenW
HttpOpenRequestW
CoCreateInstance
CoUninitialize
CoInitialize
CoSetProxyBlanket
URLDownloadToFileW
Number of PE resources by type
RT_MANIFEST 1
Number of PE resources by language
ENGLISH US 1
PE resources
Debug information
ExifTool file metadata
MIMEType
application/octet-stream

Subsystem
Windows GUI

MachineType
Intel 386 or later, and compatibles

TimeStamp
2019:03:05 23:45:04+01:00

FileType
Win32 EXE

PEType
PE32

CodeSize
228352

LinkerVersion
14.16

ImageFileCharacteristics
Executable, 32-bit

FileTypeExtension
exe

InitializedDataSize
113664

SubsystemVersion
5.1

EntryPoint
0x1fdd7

OSVersion
5.1

ImageVersion
0.0

UninitializedDataSize
0

Compressed bundles
File identification
MD5 37b8ce48f7f0693abcef53798e430375
SHA1 416028c0be723eaca53a7faedf694cdf50a3dc8b
SHA256 7a63ab0e4e9750c01d6695d1c554c90d91a25ed382ccbd9e3e1160611f4bf0bc
ssdeep
6144:4uviA++Xchr8KlVc7eMUYf+MZddZQ+vfT2uCPTAOcy/VOcCki:4uavkchr8KlVc75RGOddZ9vLyWy/V8ki

authentihash 3a2409740600fa38956c7dc2f50d6243fe35d98c4da462c6144d70fa6d94a64b
imphash d587c642d2ec31adacf27febfe9ce94d
File size 331.5 KB ( 339456 bytes )
File type Win32 EXE
Magic literal
PE32 executable for MS Windows (GUI) Intel 80386 32-bit

TrID Win64 Executable (generic) (61.7%)
Win32 Dynamic Link Library (generic) (14.7%)
Win32 Executable (generic) (10.0%)
OS/2 Executable (generic) (4.5%)
Generic Win/DOS Executable (4.4%)
Tags
peexe

VirusTotal metadata
First submission 2019-03-06 03:06:46 UTC (prije 2 mjeseci, 2 tjedna)
Last submission 2019-03-06 03:06:46 UTC (prije 2 mjeseci, 2 tjedna)
Imena datoteka Unzip__918768pa51mcib9f.exe
Nema komentara.. Nijedan član zajednice VirusTotala još nije prokomentirao ovu stavku. Budite prvi koji će to napraviti!

Ostavite komentar…

?
Postavi komentar

Niste prijavljeni. Samo registrirani korisnici mogu ostavljati komentare. Otvorite račun i razglasite se!

Nema glasova.. Još nitko nije glasovao za ovu stavku. Budite prvi koji će to napraviti!
Condensed report! The following is a condensed report of the behaviour of the file when executed in a controlled environment. The actions and events described were either performed by the file itself or by any other process launched by the executed file or subjected to code injection by the executed file.
HTTP requests
DNS requests
TCP connections
UDP communications