× Cookies are disabled! This site requires cookies to be enabled to work properly
SHA256: 33f310fa91d0fcf03b09c2bd97e0cabd6b8aa79ad43cc22ce61fb652fad888f8
File name: 75231-44118410-836.exe
Detection ratio: 45 / 60
Analysis date: 2017-05-12 08:23:22 UTC ( 1 week, 3 days ago )
Antivirus Result Update
Ad-Aware Trojan.GenericKD.4976764 20170512
AegisLab Ml.Attribute.Gen!c 20170512
AhnLab-V3 Backdoor/Win32.Androm.R199740 20170512
ALYac Trojan.GenericKD.4976764 20170512
Arcabit Trojan.Generic.D4BF07C 20170512
Avast Win32:Rootkit-gen [Rtk] 20170512
AVG Atros5.AZUL 20170512
Avira (no cloud) TR/Crypt.Xpack.wujxm 20170512
Baidu Win32.Trojan.WisdomEyes.16070401.9500.9947 20170503
BitDefender Trojan.GenericKD.4976764 20170512
Comodo UnclassifiedMalware 20170512
CrowdStrike Falcon (ML) malicious_confidence_66% (W) 20170130
Cyren W32/Trojan.VWKM-0700 20170512
DrWeb Trojan.DownLoader24.53646 20170512
Emsisoft Trojan.GenericKD.4976764 (B) 20170512
Endgame malicious (high confidence) 20170503
ESET-NOD32 a variant of Win32/Kryptik.FRYF 20170512
F-Prot W32/Emotet.M.gen!Eldorado 20170512
F-Secure Trojan.GenericKD.4976764 20170512
Fortinet W32/GenKryptik.AEHH!tr 20170512
GData Trojan.GenericKD.4976764 20170512
Ikarus Trojan.Win32.Krypt 20170512
Invincea ransom.win32.tescrypt.a 20170413
Jiangmin Backdoor.Htbot.n 20170512
K7AntiVirus Trojan ( 0050cc1b1 ) 20170512
K7GW Trojan ( 0050cc1b1 ) 20170512
Kaspersky HEUR:Trojan.Win32.Generic 20170512
Malwarebytes Ransom.CryptoMix 20170512
McAfee RDN/Generic.grp 20170512
McAfee-GW-Edition BehavesLike.Win32.Backdoor.dc 20170511
Microsoft Trojan:Win32/Emotet.K 20170512
eScan Trojan.GenericKD.4976764 20170512
NANO-Antivirus Trojan.Win32.GenKryptik.eofxwd 20170512
Palo Alto Networks (Known Signatures) generic.ml 20170512
Panda Trj/GdSda.A 20170511
Rising Malware.Obscure!1.9C59 (cloud:IB2UzY2gt0N) 20170512
Sophos Troj/Inject-CNA 20170512
Symantec Ransom.Kovter 20170511
Tencent Win32.Trojan.Kryptik.Pcix 20170512
TrendMicro TROJ_FRS.0NA003E317 20170512
VIPRE Trojan.Win32.Generic!BT 20170512
ViRobot Trojan.Win32.U.Agent.215552.B[h] 20170512
Webroot W32.Trojan.Gen 20170512
Yandex Trojan.Kryptik!5s8c9QZt/O8 20170510
ZoneAlarm by Check Point HEUR:Trojan.Win32.Generic 20170512
Alibaba 20170512
Antiy-AVL 20170512
Bkav 20170511
CAT-QuickHeal 20170512
ClamAV 20170512
CMC 20170511
Kingsoft 20170512
nProtect 20170512
Qihoo-360 20170512
SentinelOne (Static ML) 20170330
SUPERAntiSpyware 20170512
Symantec Mobile Insight 20170512
TheHacker 20170508
TotalDefense 20170512
VBA32 20170511
WhiteArmor 20170502
Zillya 20170511
Zoner 20170512
The file being studied is a Portable Executable file! More specifically, it is a Win32 EXE file for the Windows GUI subsystem.
PE header basic information
Target machine Intel 386 or later processors and compatible processors
Compilation timestamp 2017-05-02 00:19:50
Entry Point 0x00001902
Number of sections 4
PE sections
PE imports
GetEnhMetaFileHeader
GetGraphicsMode
GetSystemTime
GetLastError
InitializeCriticalSectionAndSpinCount
HeapFree
GetStdHandle
EnterCriticalSection
GetConsoleOutputCP
SetHandleCount
lstrlenA
LoadLibraryW
GetConsoleCP
GetOEMCP
QueryPerformanceCounter
IsDebuggerPresent
ExitProcess
TlsAlloc
GetEnvironmentStringsW
FlushFileBuffers
GetModuleFileNameA
RtlUnwind
LoadLibraryA
FreeEnvironmentStringsA
DeleteCriticalSection
GetStartupInfoA
GetEnvironmentStrings
GetConsoleMode
GetLocaleInfoA
GetCurrentProcessId
LCMapStringW
WriteConsoleW
GetCPInfo
UnhandledExceptionFilter
InterlockedDecrement
MultiByteToWideChar
HeapSize
FreeEnvironmentStringsW
GetCommandLineA
GetProcAddress
AddAtomW
SetStdHandle
WideCharToMultiByte
TlsFree
SetFilePointer
SetUnhandledExceptionFilter
WriteFile
GetCurrentProcess
GetStringTypeA
CloseHandle
GetSystemTimeAsFileTime
GetACP
HeapReAlloc
GetStringTypeW
GetModuleHandleW
HeapAlloc
TerminateProcess
AddVectoredExceptionHandler
LCMapStringA
WriteConsoleA
IsValidCodePage
HeapCreate
VirtualFree
TlsGetValue
Sleep
GetFileType
TlsSetValue
CreateFileA
GetTickCount
GetCurrentThreadId
InterlockedIncrement
VirtualAlloc
SetLastError
LeaveCriticalSection
Number of PE resources by type
RT_ICON 8
RT_BITMAP 5
RT_STRING 2
RT_GROUP_ICON 1
Number of PE resources by language
NEUTRAL 16
PE resources
ExifTool file metadata
MIMEType
application/octet-stream

Subsystem
Windows GUI

MachineType
Intel 386 or later, and compatibles

FileTypeExtension
exe

TimeStamp
2017:05:02 01:19:50+01:00

FileType
Win32 EXE

PEType
PE32

CodeSize
36864

LinkerVersion
9.0

EntryPoint
0x1902

InitializedDataSize
185856

SubsystemVersion
5.0

ImageVersion
0.0

OSVersion
5.0

UninitializedDataSize
0

File identification
MD5 41b76a5acf63fd7d40498fc8c76b8438
SHA1 35f626114593bdd559fc63fb81ee98d347d01c3d
SHA256 33f310fa91d0fcf03b09c2bd97e0cabd6b8aa79ad43cc22ce61fb652fad888f8
ssdeep
3072:Ww05MRdSDLg90CtO1ralRMa5R3ta4c+uPuM4bbg2QPsXv:tRdSfOwwHMkR3t5iN

authentihash 7b7c1985067c34b671f20bb8dbd3bc70da96861e361aefc727f0b2909a051461
imphash 92da33a10e073f0e24001495856a437a
File size 209.5 KB ( 214528 bytes )
File type Win32 EXE
Magic literal
PE32 executable for MS Windows (GUI) Intel 80386 32-bit

TrID Win32 Executable MS Visual C++ (generic) (67.4%)
Win32 Dynamic Link Library (generic) (14.2%)
Win32 Executable (generic) (9.7%)
Generic Win/DOS Executable (4.3%)
DOS Executable Generic (4.3%)
Tags
peexe

VirusTotal metadata
First submission 2017-05-02 09:22:47 UTC ( 2 weeks, 6 days ago )
Last submission 2017-05-02 10:29:24 UTC ( 2 weeks, 6 days ago )
File names 13449-56354801-853.exe
75231-44118410-836.exe
41b76a5acf63fd7d40498fc8c76b8438.exe
83e0rn2gv.exe.3112.dr
mlgih3wgw.exe
14823-34447099-421.exe
No comments. No VirusTotal Community member has commented on this item yet, be the first one to do so!

Leave your comment...

?
Post comment

You have not signed in. Only registered users can leave comments, sign in and have a voice!

No votes. No one has voted on this item yet, be the first one to do so!
Condensed report! The following is a condensed report of the behaviour of the file when executed in a controlled environment. The actions and events described were either performed by the file itself or by any other process launched by the executed file or subjected to code injection by the executed file.
Created processes
Opened mutexes
Runtime DLLs
UDP communications