× Cookies zijn uitgeschakeld! Voor een goede werking van deze website moeten cookies zijn ingeschakeld
SHA256: 5481f1e3eeaff8ef203ed6e7321636e2bf5e76e2ccc0e89771d500ae1ba05132
Bestandsnaam: output.114603919.txt
Detectieverhouding: 50 / 71
Datum van analyse: 2018-12-24 02:14:42 UTC (5 maanden geleden) Laatste weergeven
Virusscanner Resultaat Versie
Acronis malware 20181222
Ad-Aware Gen:Variant.Ransom.AVCrypt.15 20181224
AegisLab Trojan.MSIL.Agent.4!c 20181224
AhnLab-V3 Trojan/Win32.Agent.C2870288 20181223
ALYac Gen:Variant.Ransom.AVCrypt.15 20181223
Antiy-AVL Trojan[Dropper]/MSIL.Agent 20181223
Avast Win32:Malware-gen 20181223
AVG Win32:Malware-gen 20181223
Avira (no cloud) TR/AD.MalwareCrypter.wtjrf 20181223
BitDefender Gen:Variant.Ransom.AVCrypt.15 20181223
CAT-QuickHeal Trojan.Azden 20181223
Comodo Malware@#3vpuoyuwk938m 20181223
CrowdStrike Falcon (ML) malicious_confidence_100% (W) 20181022
Cybereason malicious.1c2a5b 20180225
Cylance Unsafe 20181224
Cyren W32/Trojan.BOVQ-5890 20181224
eGambit Unsafe.AI_Score_70% 20181224
Emsisoft Gen:Variant.Ransom.AVCrypt.15 (B) 20181224
Endgame malicious (high confidence) 20181108
ESET-NOD32 a variant of MSIL/Kryptik.QIU 20181224
F-Secure Gen:Variant.Ransom.AVCrypt.15 20181224
Fortinet PossibleThreat 20181224
GData Gen:Variant.Ransom.AVCrypt.15 20181224
Ikarus Trojan.MSIL.Krypt 20181224
Sophos ML heuristic 20181128
Jiangmin TrojanDropper.MSIL.apdg 20181223
K7AntiVirus Riskware ( 0040eff71 ) 20181223
K7GW Riskware ( 0040eff71 ) 20181223
Kaspersky HEUR:Trojan-Dropper.MSIL.Agent.gen 20181224
Malwarebytes Trojan.MalPack.GS 20181224
MAX malware (ai score=100) 20181224
McAfee RDN/Generic.grp 20181224
McAfee-GW-Edition BehavesLike.Win32.Gupboot.fc 20181223
Microsoft Trojan:Win32/Occamy.C 20181224
eScan Gen:Variant.Ransom.AVCrypt.15 20181224
Palo Alto Networks (Known Signatures) generic.ml 20181224
Panda Trj/GdSda.A 20181223
Qihoo-360 Win32/Trojan.70e 20181224
SentinelOne (Static ML) static engine - malicious 20181223
Sophos AV Mal/Generic-S 20181224
Symantec Trojan.Gen.2 20181224
Tencent Msil.Trojan-dropper.Agent.Dvzq 20181224
Trapmine malicious.high.ml.score 20181205
TrendMicro TROJ_GEN.F0C2C00KT18 20181224
TrendMicro-HouseCall TROJ_GEN.F0C2C00KT18 20181224
VBA32 Trojan.Azden 20181222
VIPRE Trojan.Win32.Generic!BT 20181223
Webroot W32.Malware.Gen 20181224
Zillya Dropper.Agent.Win32.384788 20181222
ZoneAlarm by Check Point HEUR:Trojan-Dropper.MSIL.Agent.gen 20181224
Alibaba 20180921
Arcabit 20181223
Avast-Mobile 20181223
Babable 20180918
Baidu 20181207
Bkav 20181221
ClamAV 20181223
CMC 20181223
DrWeb 20181224
F-Prot 20181224
Kingsoft 20181224
NANO-Antivirus 20181224
Rising 20181224
SUPERAntiSpyware 20181220
Symantec Mobile Insight 20181215
TACHYON 20181224
TheHacker 20181220
TotalDefense 20181223
Trustlook 20181224
ViRobot 20181223
Yandex 20181223
Zoner 20181224
The file being studied is a Portable Executable file! More specifically, it is a Win32 EXE file for the Windows GUI subsystem.
FileVersionInfo properties
PE header basic information
Target machine Intel 386 or later processors and compatible processors
Compilation timestamp 2017-09-05 03:51:37
Entry Point 0x00007030
Number of sections 3
.NET details
Module Version ID 7e5362a9-492f-4631-b409-46cffe77bd67
PE sections
PE imports
SetWinMetaFileBits
FillPath
GetNativeSystemInfo
GetSystemTimeAsFileTime
GetSystemTime
ReleaseMutex
FileTimeToSystemTime
LoadLibraryW
SetEvent
QueryPerformanceCounter
IsDebuggerPresent
GetTickCount
VirtualProtect
GetProcessId
GetCurrentProcess
GetCurrentProcessId
UnhandledExceptionFilter
GetFileSizeEx
SetFilePointer
SetUnhandledExceptionFilter
WriteFile
ResetEvent
IsProcessorFeaturePresent
GetSystemTimes
GetModuleHandleW
TerminateProcess
GlobalAlloc
LocalFileTimeToFileTime
Sleep
CreateFileA
GetCurrentThreadId
_cexit
asin
__FrameUnwindFilter
_crt_debugger_hook
_except_handler4_common
_amsg_exit
_encode_pointer
_mbsstr
_encoded_null
_decode_pointer
GetWindowTextLengthA
CreateWindowExA
PeekMessageA
UpdateWindow
DispatchMessageA
GetClientRect
LoadCursorW
LoadIconW
IsIconic
GetCursor
WinHttpOpen
WinHttpConnect
_CorExeMain
Number of PE resources by type
RT_ICON 5
RT_GROUP_ICON 2
RT_MANIFEST 1
RT_MENU 1
RT_ACCELERATOR 1
RT_VERSION 1
Number of PE resources by language
NEUTRAL 9
MACEDONIAN DEFAULT 1
ENGLISH US 1
PE resources
ExifTool file metadata
UninitializedDataSize
0

LinkerVersion
9.0

ImageVersion
0.0

FileVersionNumber
1.0.0.1

LanguageCode
English (British)

FileFlagsMask
0x003f

ImageFileCharacteristics
No relocs, Executable, 32-bit

CharacterSet
Unicode

InitializedDataSize
333824

EntryPoint
0x7030

MIMEType
application/octet-stream

Subsystem
Windows GUI

FileVersion
1.0.0.1

TimeStamp
2017:09:05 05:51:37+02:00

FileType
Win32 EXE

PEType
PE32

ProductVersion
1.0.0.1

SubsystemVersion
5.0

OSVersion
5.0

FileOS
Windows NT 32-bit

LegalCopyright
Copyright (C) 2017, hivadevp

MachineType
Intel 386 or later, and compatibles

CodeSize
27136

FileSubtype
0

ProductVersionNumber
1.0.0.1

FileTypeExtension
exe

ObjectFileType
Executable application

File identification
MD5 11760101c2a5bda76688e8cfc93697d8
SHA1 23555e126c164e874b6fea7dade52d5df97a5fe1
SHA256 5481f1e3eeaff8ef203ed6e7321636e2bf5e76e2ccc0e89771d500ae1ba05132
ssdeep
6144:6hmNRR0nQXp7btP0Z6RBPILz3ZIdJLD5RR5uwq7u+78pw32A7ufafDr:/0sXqA1ILz3SJLDCw0u+Ik2uf

authentihash aca8c6846f7b8b47b3551fcf21fc1bb84d0e05c6a830efb996835fe071b86143
imphash 62b515100e7b3d07daa66f1d971cb81e
Bestandsgrootte 353.5 KB ( 361984 bytes )
Bestandstype Win32 EXE
Magic literal
PE32 executable for MS Windows (GUI) Intel 80386 32-bit Mono/.Net assembly

TrID Win32 Executable MS Visual C++ (generic) (33.7%)
Win64 Executable (generic) (29.8%)
Microsoft Visual C++ compiled executable (generic) (17.8%)
Win32 Dynamic Link Library (generic) (7.1%)
Win32 Executable (generic) (4.8%)
Tags
peexe assembly

VirusTotal metadata
First submission 2018-11-29 16:52:16 UTC (5 maanden, 3 weken geleden)
Last submission 2019-01-08 14:45:15 UTC (4 maanden, 2 weken geleden)
Bestandsnamen _build_2018-11-29_15-53.exe.mal
build_2018-11-29_15-53.exe
output.114603919.txt
Geen reactie. Er heeft nog geen VirusTotal-communitylid gereageerd op dit item. Wees de eerste!

Laat een reactie achter...

?
Reactie plaatsen

U bent niet ingelogd. Alleen geregistreerde gebruikers kunnen reacties plaatsen. Log in en discussieer mee!

Geen stemmen. Er heeft nog niemand gestemd op dit item. U kunt de eerste zijn!
Condensed report! The following is a condensed report of the behaviour of the file when executed in a controlled environment. The actions and events described were either performed by the file itself or by any other process launched by the executed file or subjected to code injection by the executed file.
HTTP requests
DNS requests
TCP connections