× Cookies are disabled! This site requires cookies to be enabled to work properly
SHA256: 4181d8a4c2eda01094ca28d333a14b144641a5d529821b0083f61624422b25ed
File name: kronos_2014.exe
Detection ratio: 31 / 64
Analysis date: 2017-08-09 19:33:25 UTC ( 3 months, 2 weeks ago ) View latest
Antivirus Result Update
Ad-Aware Gen:Variant.Graftor.174893 20170809
AhnLab-V3 Malware/Win32.Generic.C599816 20170809
ALYac Gen:Variant.Graftor.174893 20170809
Antiy-AVL Trojan[Backdoor]/Win32.Zegost 20170809
Arcabit Trojan.Graftor.D2AB2D 20170809
Avira (no cloud) BDS/Backdoor.Gen 20170809
Baidu Win32.Trojan.WisdomEyes.16070401.9500.9999 20170809
BitDefender Gen:Variant.Graftor.174893 20170809
CrowdStrike Falcon (ML) malicious_confidence_100% (D) 20170804
Cylance Unsafe 20170809
DrWeb Trojan.PWS.Kronos.1 20170809
Emsisoft Gen:Variant.Graftor.174893 (B) 20170809
Endgame malicious (high confidence) 20170721
ESET-NOD32 a variant of Win32/Agent.QMH 20170809
F-Secure Gen:Variant.Graftor.174893 20170809
GData Gen:Variant.Graftor.174893 20170809
Sophos ML heuristic 20170607
Jiangmin Backdoor/Konus.a 20170809
Kaspersky HEUR:Trojan.Win32.Generic 20170809
MAX malware (ai score=80) 20170809
McAfee-GW-Edition BehavesLike.Win32.PWSZbot.dh 20170809
Microsoft Backdoor:Win32/Konus.A 20170809
eScan Gen:Variant.Graftor.174893 20170809
NANO-Antivirus Trojan.Win32.Agent.ddqguo 20170809
Panda Trj/Genetic.gen 20170809
Qihoo-360 HEUR/QVM20.1.0D88.Malware.Gen 20170809
Rising Malware.Generic.2!tfe (thunder:nmO69y5zP7O) 20170809
SentinelOne (Static ML) static engine - malicious 20170806
Symantec ML.Attribute.HighConfidence 20170809
Zillya Backdoor.Zegost.Win32.3515 20170809
ZoneAlarm by Check Point HEUR:Trojan.Win32.Generic 20170809
AegisLab 20170809
Alibaba 20170809
Avast 20170809
AVG 20170809
AVware 20170809
Bkav 20170809
CAT-QuickHeal 20170809
ClamAV 20170809
CMC 20170809
Comodo 20170809
Cyren 20170809
F-Prot 20170809
Fortinet 20170809
Ikarus 20170809
K7AntiVirus 20170809
K7GW 20170809
Kingsoft 20170809
Malwarebytes 20170809
McAfee 20170809
nProtect 20170809
Palo Alto Networks (Known Signatures) 20170809
Sophos AV 20170809
SUPERAntiSpyware 20170809
Symantec Mobile Insight 20170809
Tencent 20170809
TheHacker 20170807
TrendMicro 20170809
TrendMicro-HouseCall 20170809
Trustlook 20170809
VBA32 20170809
VIPRE 20170809
ViRobot 20170809
Webroot 20170809
WhiteArmor 20170731
Yandex 20170807
Zoner 20170809
The file being studied is a Portable Executable file! More specifically, it is a Win32 EXE file for the Windows GUI subsystem.
PE header basic information
Target machine Intel 386 or later processors and compatible processors
Compilation timestamp 2014-07-22 17:01:14
Entry Point 0x00010965
Number of sections 5
PE sections
PE imports
SetSecurityDescriptorDacl
GetTokenInformation
GetSidSubAuthority
OpenProcessToken
ConvertSidToStringSidA
GetSidLengthRequired
AllocateAndInitializeSid
InitializeSecurityDescriptor
AdjustTokenPrivileges
LookupPrivilegeValueW
RegNotifyChangeKeyValue
FreeSid
InitializeSid
SetSecurityDescriptorGroup
CheckTokenMembership
CreateToolhelp32Snapshot
LocalAlloc
GetLastError
HeapFree
CopyFileW
EnterCriticalSection
GetNativeSystemInfo
ReleaseMutex
VirtualAllocEx
RemoveDirectoryW
DeviceIoControl
WaitForSingleObject
GetVersionExW
SetEvent
QueryPerformanceCounter
HeapAlloc
ExitProcess
GetVersionExA
LoadLibraryA
GlobalFindAtomW
DuplicateHandle
QueryPerformanceFrequency
Process32NextW
VirtualFree
DeleteCriticalSection
GetCurrentProcess
UnregisterWait
VirtualFreeEx
GetFileSize
WriteProcessMemory
OpenProcess
SetFilePointer
WideCharToMultiByte
MultiByteToWideChar
RegisterWaitForSingleObject
ReadProcessMemory
DeleteFileW
GetProcAddress
VirtualProtectEx
Process32FirstW
GetCurrentThread
CreateRemoteThread
CreateMutexA
ExpandEnvironmentStringsW
SetFileAttributesW
CreateThread
LoadLibraryW
GetModuleHandleA
ReadFile
WriteFile
InterlockedIncrement
CreateMutexW
ResetEvent
OpenMutexW
GetProcessHandleCount
ExitThread
HeapReAlloc
GetModuleHandleW
GetProcessHeap
LocalFree
OpenEventA
TerminateProcess
ResumeThread
CreateProcessA
CreateEventW
InitializeCriticalSection
CreateFileW
VirtualQuery
CreateProcessW
CreateEventA
InterlockedDecrement
Sleep
SetEndOfFile
CreateFileA
GetTickCount
GetProcessTimes
LeaveCriticalSection
VirtualAlloc
GetCurrentProcessId
SetLastError
CloseHandle
SHFileOperationW
PathCombineA
CharNextA
__WSAFDIsSet
socket
recv
inet_addr
send
ioctlsocket
WSAStartup
WSAGetLastError
accept
connect
shutdown
bind
htons
closesocket
select
listen
strchr
strncmp
_alldiv
_vsnprintf
_chkstk
tolower
memmove
memset
_wcsicmp
_stricmp
wcslen
wcsstr
isprint
atoi
strtoul
memcmp
_strnicmp
memcpy
strlen
isspace
strcmp
CoCreateGuid
StringFromGUID2
ExifTool file metadata
MIMEType
application/octet-stream

Subsystem
Windows GUI

MachineType
Intel 386 or later, and compatibles

FileTypeExtension
exe

TimeStamp
2014:07:22 18:01:14+01:00

FileType
Win32 EXE

PEType
PE32

CodeSize
80896

LinkerVersion
9.0

EntryPoint
0x10965

InitializedDataSize
144384

SubsystemVersion
5.0

ImageVersion
0.0

OSVersion
5.0

UninitializedDataSize
0

File identification
MD5 a81ba5f3c22e80c25763fe428c52c758
SHA1 a4bfa2be94ef1cd11f08844348712ced03f4682b
SHA256 4181d8a4c2eda01094ca28d333a14b144641a5d529821b0083f61624422b25ed
ssdeep
6144:TF86olLkZopqqWTBq31EdEhCzTLsAQX5lmpLrDLLrDad7FFNHdUez2QuqqDLupSQ:TMLHpqNTsFLYvQrqnub

authentihash e01b9136493e8276cd7d02bf755d05249a087bf993a66d55ff058fe6c16c3c80
imphash cff97955c04614c4ce641c10fce0fd0d
File size 209.0 KB ( 214016 bytes )
File type Win32 EXE
Magic literal
PE32 executable for MS Windows (GUI) Intel 80386 32-bit

TrID Win32 Executable MS Visual C++ (generic) (67.4%)
Win32 Dynamic Link Library (generic) (14.2%)
Win32 Executable (generic) (9.7%)
Generic Win/DOS Executable (4.3%)
DOS Executable Generic (4.3%)
Tags
peexe

VirusTotal metadata
First submission 2017-08-09 19:33:25 UTC ( 3 months, 2 weeks ago )
Last submission 2017-09-01 01:51:17 UTC ( 2 months, 3 weeks ago )
File names kronos_2014.exe
No comments. No VirusTotal Community member has commented on this item yet, be the first one to do so!

Leave your comment...

?
Post comment

You have not signed in. Only registered users can leave comments, sign in and have a voice!

No votes. No one has voted on this item yet, be the first one to do so!
Condensed report! The following is a condensed report of the behaviour of the file when executed in a controlled environment. The actions and events described were either performed by the file itself or by any other process launched by the executed file or subjected to code injection by the executed file.
Opened files
Created processes
Opened mutexes
Runtime DLLs
UDP communications