× Cookies are disabled! This site requires cookies to be enabled to work properly
SHA256: c6111924ecf01821cb3ce8205858d0b87142baf9ab193a1c0bc50e4f3164cfb4
File name: t.exe
Detection ratio: 53 / 66
Analysis date: 2017-10-03 10:55:09 UTC ( 4 months, 2 weeks ago )
Antivirus Result Update
Ad-Aware Trojan.GenericKDZ.39327 20171003
AegisLab Troj.W32.Generic!c 20171003
AhnLab-V3 Trojan/Win32.MoleCrypto.R202214 20171002
ALYac Trojan.Agent.Emotet 20171003
Antiy-AVL Trojan[Spy]/Win32.SpyEyes 20171003
Arcabit Trojan.Generic.D999F 20171003
Avast Win32:Trojan-gen 20171003
AVG Win32:Trojan-gen 20171003
Avira (no cloud) TR/Crypt.Xpack.rbplg 20171003
AVware Trojan.Win32.Generic!BT 20171003
Baidu Win32.Trojan.WisdomEyes.16070401.9500.9939 20170930
BitDefender Trojan.GenericKDZ.39327 20171003
CAT-QuickHeal Trojan.Mauvaise.SL1 20170930
ClamAV Win.Packed.Lokibot-6331386-0 20171003
Comodo UnclassifiedMalware 20171003
CrowdStrike Falcon (ML) malicious_confidence_100% (W) 20170804
Cylance Unsafe 20171003
Cyren W32/Emotet.S.gen!Eldorado 20171003
DrWeb Win32.HLLM.Reset.493 20171003
Emsisoft Trojan.GenericKDZ.39327 (B) 20171003
Endgame malicious (high confidence) 20170821
ESET-NOD32 a variant of Win32/GenKryptik.AJUC 20171003
F-Prot W32/Emotet.S.gen!Eldorado 20171003
F-Secure Trojan.GenericKDZ.39327 20171003
Fortinet W32/Kryptik.FTEK!tr 20171003
GData Trojan.GenericKDZ.39327 20171003
Ikarus Trojan.Win32.Krypt 20171003
Sophos ML heuristic 20170914
K7AntiVirus Trojan ( 0050f8b21 ) 20171003
K7GW Hacktool ( 655367771 ) 20171003
Kaspersky HEUR:Trojan.Win32.Generic 20171003
Malwarebytes Ransom.Mole 20171003
MAX malware (ai score=83) 20171003
McAfee RDN/Generic.grp 20171003
McAfee-GW-Edition BehavesLike.Win32.Downloader.cc 20171003
Microsoft VirTool:Win32/CeeInject 20171003
eScan Trojan.GenericKDZ.39327 20171003
NANO-Antivirus Trojan.Win32.Reset.epunbs 20171003
Palo Alto Networks (Known Signatures) generic.ml 20171003
Panda Trj/Genetic.gen 20171002
Rising Malware.Generic.5!tfe (C64:YzY0OjiVV5cASIGL) 20171003
SentinelOne (Static ML) static engine - malicious 20171001
Sophos AV Mal/Generic-S 20171003
Symantec Trojan.Emotet 20171003
Tencent Win32.Trojan.Inject.Auto 20171003
TrendMicro TSPY_EMOTET.GQA 20171003
TrendMicro-HouseCall TSPY_EMOTET.GQA 20171003
VIPRE Trojan.Win32.Generic!BT 20171003
ViRobot Trojan.Win32.S.Agent.135168.CBB 20171003
Webroot W32.Trojan.Gen 20171003
Yandex Trojan.GenKryptik! 20170908
Zillya Trojan.GenKryptik.Win32.7621 20171002
ZoneAlarm by Check Point HEUR:Trojan.Win32.Generic 20171003
Alibaba 20170911
Avast-Mobile 20171003
Bkav 20170928
CMC 20171003
Jiangmin 20171003
Kingsoft 20171003
nProtect 20171003
Qihoo-360 20171003
SUPERAntiSpyware 20171003
Symantec Mobile Insight 20171003
TheHacker 20171002
TotalDefense 20171003
Trustlook 20171003
VBA32 20171002
WhiteArmor 20170927
Zoner 20171003
The file being studied is a Portable Executable file! More specifically, it is a Win32 EXE file for the Windows GUI subsystem.
FileVersionInfo properties
Copyright
sojngasdf asidjhf asdfuhasdf as9dhf asdofuhjasd

Product Busdfgaosdyifpasioduf
File version 1, 0, 0, 0
Comments sdijfghsf gsiuhf gisud
PE header basic information
Target machine Intel 386 or later processors and compatible processors
Compilation timestamp 2017-06-07 09:52:23
Entry Point 0x000012C7
Number of sections 4
PE sections
PE imports
GetLastError
InitializeCriticalSectionAndSpinCount
HeapFree
GetStdHandle
EnterCriticalSection
LCMapStringW
SetHandleCount
GetModuleFileNameW
GetDriveTypeA
QueryPerformanceCounter
IsDebuggerPresent
GetTickCount
TlsAlloc
GetEnvironmentStringsW
GetModuleFileNameA
RtlUnwind
HeapAlloc
HeapSetInformation
GetCurrentProcess
GetProcessIoCounters
GetStringTypeW
LocalAlloc
GetCPInfo
UnhandledExceptionFilter
InterlockedDecrement
MultiByteToWideChar
GetStartupInfoW
FreeEnvironmentStringsW
GetCommandLineA
GetProcAddress
HeapSize
ExitProcess
RaiseException
WideCharToMultiByte
LoadLibraryW
TlsFree
GetModuleHandleA
GetSystemTimeAsFileTime
DeleteCriticalSection
SetUnhandledExceptionFilter
GetTempPathW
CloseHandle
IsProcessorFeaturePresent
GetACP
HeapReAlloc
DecodePointer
GetModuleHandleW
GetOEMCP
TerminateProcess
IsValidCodePage
HeapCreate
WriteFile
TlsGetValue
Sleep
GetFileType
TlsSetValue
EncodePointer
GetCurrentThreadId
LeaveCriticalSection
GetCurrentProcessId
SetLastError
InterlockedIncrement
PeekMessageA
Number of PE resources by type
RT_ICON 4
RT_BITMAP 3
RT_ACCELERATOR 1
RT_GROUP_ICON 1
RT_VERSION 1
Number of PE resources by language
NEUTRAL 10
PE resources
ExifTool file metadata
SpecialBuild
563

UninitializedDataSize
0

Comments
sdijfghsf gsiuhf gisud

InitializedDataSize
104448

ImageVersion
0.0

FileSubtype
0

FileVersionNumber
1.0.0.0

LanguageCode
Neutral

FileFlagsMask
0x0037

CharacterSet
Unicode

LinkerVersion
10.0

EntryPoint
0x12c7

MIMEType
application/octet-stream

LegalCopyright
sojngasdf asidjhf asdfuhasdf as9dhf asdofuhjasd

FileVersion
1, 0, 0, 0

TimeStamp
2017:06:07 10:52:23+01:00

FileType
Win32 EXE

PEType
PE32

ProductVersion
1, 0, 0, 0

SubsystemVersion
5.1

OSVersion
5.1

FileOS
Win32

Subsystem
Windows GUI

MachineType
Intel 386 or later, and compatibles

CodeSize
36352

ProductName
Busdfgaosdyifpasioduf

ProductVersionNumber
1.0.0.0

FileTypeExtension
exe

ObjectFileType
Unknown

File identification
MD5 2e199ad47df34214b51fddc64cf644f1
SHA1 26dc167b01d730a1ebc7f0012b6fc6c1df3e4cd6
SHA256 c6111924ecf01821cb3ce8205858d0b87142baf9ab193a1c0bc50e4f3164cfb4
ssdeep
1536:XHSuMcKH8z5nYVWP+OE92V/UqwHDfgHDYaR2DqykcQxqUUGyJ9MeM1aUcJ0:5KcsPOLKqwHw7R22JcQkweM1aU5

authentihash 3880409f3369923d49b573d3a3b2747a4e112e27cbff1aa6148b04fd475b274f
imphash 3997dccc8260610fd748728248f7679d
File size 132.0 KB ( 135168 bytes )
File type Win32 EXE
Magic literal
PE32 executable for MS Windows (GUI) Intel 80386 32-bit

TrID Win32 Executable MS Visual C++ (generic) (42.2%)
Win64 Executable (generic) (37.3%)
Win32 Dynamic Link Library (generic) (8.8%)
Win32 Executable (generic) (6.0%)
Generic Win/DOS Executable (2.7%)
Tags
peexe

VirusTotal metadata
First submission 2017-06-08 05:12:45 UTC ( 8 months, 2 weeks ago )
Last submission 2017-10-03 10:55:09 UTC ( 4 months, 2 weeks ago )
File names t.exe
No comments. No VirusTotal Community member has commented on this item yet, be the first one to do so!

Leave your comment...

?
Post comment

You have not signed in. Only registered users can leave comments, sign in and have a voice!

No votes. No one has voted on this item yet, be the first one to do so!
Condensed report! The following is a condensed report of the behaviour of the file when executed in a controlled environment. The actions and events described were either performed by the file itself or by any other process launched by the executed file or subjected to code injection by the executed file.
Created processes
Opened mutexes
Runtime DLLs
UDP communications