× Cookies are disabled! This site requires cookies to be enabled to work properly
SHA256: 21424228213a62a75f6fe5c564e5505f5f7c15f4154d3410475367c1c254079e
File name: 15853760.EXE
Detection ratio: 54 / 66
Analysis date: 2017-10-07 16:43:04 UTC ( 1 week, 6 days ago )
Antivirus Result Update
Ad-Aware Trojan.GenericKD.12104779 20171007
AegisLab Ml.Attribute.Gen!c 20171007
AhnLab-V3 Spyware/Win32.Em.C2076541 20171007
ALYac Trojan.Agent.Emotet 20171007
Antiy-AVL Trojan/Win32.TSGeneric 20171007
Arcabit Trojan.Generic.DB8B44B 20171007
Avast Win32:A1Lock-A [Trj] 20171007
AVG Win32:A1Lock-A [Trj] 20171007
Avira (no cloud) TR/Crypt.Xpack.qhigr 20171007
AVware Trojan.Win32.Generic!BT 20171007
Baidu Win32.Trojan.WisdomEyes.16070401.9500.9987 20170930
BitDefender Trojan.GenericKD.12104779 20171007
CAT-QuickHeal Trojan.IGENERIC 20171007
ClamAV Win.Ransomware.Globeimposter-6336188-0 20171007
Comodo TrojWare.Win32.TrojanSpy.Noon.GG 20171007
CrowdStrike Falcon (ML) malicious_confidence_70% (W) 20170804
Cylance Unsafe 20171007
Cyren W32/Trojan.XQZP-5608 20171007
DrWeb Trojan.Encoder.10507 20171007
Emsisoft Trojan.GenericKD.12104779 (B) 20171007
Endgame malicious (high confidence) 20170821
ESET-NOD32 a variant of Win32/Kryptik.FVFM 20171007
F-Secure Trojan.GenericKD.12104779 20171007
Fortinet W32/Kryptik.FVIH!tr 20171007
GData Win32.Trojan.Kryptik.HR 20171007
Ikarus Trojan.Win32.Crypt 20171007
Sophos ML heuristic 20170914
Jiangmin Backdoor.Androm.rod 20171007
K7AntiVirus Trojan ( 00513c651 ) 20171007
K7GW Trojan ( 00513c651 ) 20171007
Kaspersky Trojan.Win32.Dovs.d 20171007
Malwarebytes Trojan.MalPack 20171007
MAX malware (ai score=100) 20171007
McAfee RDN/Generic.grp 20171007
McAfee-GW-Edition RDN/Generic.grp 20171007
Microsoft Trojan:Win32/Dynamer!rfn 20171007
eScan Trojan.GenericKD.12104779 20171007
NANO-Antivirus Trojan.Win32.Inject.erpsti 20171007
Palo Alto Networks (Known Signatures) generic.ml 20171007
Panda Trj/GdSda.A 20171007
Rising Malware.Heuristic!ET#99% (RDM+:cmRtazprGx/nHfdfyYoYfMFgV43A) 20171007
SentinelOne (Static ML) static engine - malicious 20171001
Sophos AV Mal/EncPk-ANT 20171007
SUPERAntiSpyware Trojan.Agent/Gen-Kryptik 20171007
Symantec Ransom.Kovter 20171006
Tencent Win32.Trojan.Inject.Auto 20171007
TrendMicro TSPY_EMOTET.AUSJKP 20171007
TrendMicro-HouseCall TSPY_EMOTET.AUSJKP 20171007
VIPRE Trojan.Win32.Generic!BT 20171007
Webroot W32.Trojan.Emotet 20171007
WhiteArmor Malware.HighConfidence 20170927
Yandex Trojan.Dovs! 20171006
Zillya Trojan.Dovs.Win32.1 20171006
ZoneAlarm by Check Point Trojan.Win32.Dovs.d 20171007
Alibaba 20170911
Avast-Mobile 20171007
Bkav 20171007
CMC 20171007
F-Prot 20171007
Kingsoft 20171007
nProtect 20171007
Qihoo-360 20171007
Symantec Mobile Insight 20171006
TheHacker 20171007
TotalDefense 20171007
Trustlook 20171007
VBA32 20171006
ViRobot 20171007
Zoner 20171007
The file being studied is a Portable Executable file! More specifically, it is a Win32 EXE file for the Windows GUI subsystem.
PE header basic information
Target machine Intel 386 or later processors and compatible processors
Compilation timestamp 2017-08-04 09:42:52
Entry Point 0x00001D6D
Number of sections 4
PE sections
PE imports
GetLastError
InitializeCriticalSectionAndSpinCount
HeapFree
GetStdHandle
EnterCriticalSection
LCMapStringW
SetHandleCount
LoadLibraryA
LoadLibraryW
GetOEMCP
QueryPerformanceCounter
IsDebuggerPresent
HeapAlloc
TlsAlloc
GetEnvironmentStringsW
GetFileAttributesW
RtlUnwind
GetModuleFileNameA
FreeEnvironmentStringsA
DeleteCriticalSection
GetStartupInfoA
GetEnvironmentStrings
GetLocaleInfoA
GetFileSize
AddAtomA
GetCPInfo
UnhandledExceptionFilter
InterlockedDecrement
MultiByteToWideChar
HeapSize
FreeEnvironmentStringsW
GetCommandLineA
GetProcAddress
GetStringTypeA
ExitProcess
RaiseException
WideCharToMultiByte
TlsFree
GetModuleHandleA
GetCurrentProcessId
SetUnhandledExceptionFilter
WriteFile
GetCurrentProcess
CloseHandle
GetSystemTimeAsFileTime
GetACP
HeapReAlloc
GetStringTypeW
GetModuleHandleW
TerminateProcess
LCMapStringA
IsValidCodePage
HeapCreate
CreateFileW
VirtualFree
TlsGetValue
Sleep
GetFileType
TlsSetValue
GetTickCount
GetCurrentThreadId
LeaveCriticalSection
VirtualAlloc
LocalAlloc
SetLastError
InterlockedIncrement
PaintDesktop
GetForegroundWindow
SetActiveWindow
DrawTextW
Number of PE resources by type
RT_ICON 16
RT_GROUP_ICON 3
RT_BITMAP 2
Number of PE resources by language
DANISH DEFAULT 21
PE resources
ExifTool file metadata
MIMEType
application/octet-stream

Subsystem
Windows GUI

MachineType
Intel 386 or later, and compatibles

FileTypeExtension
exe

TimeStamp
2017:08:04 10:42:52+01:00

FileType
Win32 EXE

PEType
PE32

CodeSize
50688

LinkerVersion
9.0

EntryPoint
0x1d6d

InitializedDataSize
189952

SubsystemVersion
5.0

ImageVersion
0.0

OSVersion
5.0

UninitializedDataSize
0

File identification
MD5 f84b53263806b65f541c619177d48448
SHA1 e203d38b8302658179b4272525460aea95fbdee7
SHA256 21424228213a62a75f6fe5c564e5505f5f7c15f4154d3410475367c1c254079e
ssdeep
6144:6dSjp1vgbpXljetbpVllH8kKrPV7sm4clo:6cdOlXljyp/3KzV7smBe

authentihash c9cdfa08f33f813ef178eaa6340ab656c24b5f5d029461fa0bc704c64864ba1d
imphash 26d6d89269d267af41a5923bc21097bc
File size 232.0 KB ( 237568 bytes )
File type Win32 EXE
Magic literal
PE32 executable for MS Windows (GUI) Intel 80386 32-bit

TrID Win32 Executable MS Visual C++ (generic) (42.2%)
Win64 Executable (generic) (37.3%)
Win32 Dynamic Link Library (generic) (8.8%)
Win32 Executable (generic) (6.0%)
Generic Win/DOS Executable (2.7%)
Tags
peexe

VirusTotal metadata
First submission 2017-08-04 14:34:12 UTC ( 2 months, 2 weeks ago )
Last submission 2017-10-07 16:43:04 UTC ( 1 week, 6 days ago )
File names 23980504.exe
15657136.exe
provlaunch.exe
22931928.exe
taskbits.exe
logonevent.exe
19851648.exe
dhcpreg.exe
15853760.EXE
No comments. No VirusTotal Community member has commented on this item yet, be the first one to do so!

Leave your comment...

?
Post comment

You have not signed in. Only registered users can leave comments, sign in and have a voice!

No votes. No one has voted on this item yet, be the first one to do so!
Condensed report! The following is a condensed report of the behaviour of the file when executed in a controlled environment. The actions and events described were either performed by the file itself or by any other process launched by the executed file or subjected to code injection by the executed file.
Opened files
Created processes
Opened mutexes
Runtime DLLs
UDP communications