× Cookies are disabled! This site requires cookies to be enabled to work properly
SHA256: cd5c2bb8d7d3ba9dc522dae112133956096ffae465a7b21c8f3d3124d070f675
File name: VJF_1.exe
Detection ratio: 32 / 64
Analysis date: 2017-08-07 15:18:10 UTC ( 1 month, 2 weeks ago ) View latest
Antivirus Result Update
Ad-Aware Gen:Trojan.Heur.FU.suW@amZIFSn 20170807
AhnLab-V3 Trojan/Win32.Generic.C1551291 20170807
Antiy-AVL Trojan/Win32.AGeneric 20170807
Arcabit Trojan.Heur.FU.E271C3 20170807
Avast Win32:Malware-gen 20170807
AVG Win32:Malware-gen 20170807
Avira (no cloud) BDS/Backdoor.Gen 20170807
Baidu Win32.Trojan.WisdomEyes.16070401.9500.9999 20170807
BitDefender Gen:Trojan.Heur.FU.suW@amZIFSn 20170807
CrowdStrike Falcon (ML) malicious_confidence_100% (D) 20170710
Cylance Unsafe 20170807
Cyren W32/Heuristic-KPP!Eldorado 20170807
DrWeb BACKDOOR.Trojan 20170807
Emsisoft Gen:Trojan.Heur.FU.suW@amZIFSn (B) 20170807
Endgame malicious (high confidence) 20170721
ESET-NOD32 a variant of Win32/Agent.QMH 20170807
F-Prot W32/Heuristic-KPP!Eldorado 20170807
F-Secure Gen:Trojan.Heur.FU.suW@amZIFSn 20170807
Fortinet W32/Generic.AP.1926F2!tr 20170807
GData Gen:Trojan.Heur.FU.suW@amZIFSn 20170807
Sophos ML heuristic 20170607
Kaspersky HEUR:Trojan.Win32.Generic 20170807
MAX malware (ai score=83) 20170807
McAfee-GW-Edition BehavesLike.Win32.PWSZbot.dc 20170807
Microsoft Backdoor:Win32/Konus.A 20170807
eScan Gen:Trojan.Heur.FU.suW@amZIFSn 20170807
Panda Trj/GdSda.A 20170807
Qihoo-360 HEUR/QVM20.1.01E4.Malware.Gen 20170807
Rising Malware.Generic.2!tfe (thunder:tNiOLtZATLI) 20170807
SentinelOne (Static ML) static engine - malicious 20170806
Symantec ML.Attribute.HighConfidence 20170807
ZoneAlarm by Check Point HEUR:Trojan.Win32.Generic 20170807
AegisLab 20170807
Alibaba 20170807
ALYac 20170807
AVware 20170807
Bkav 20170807
CAT-QuickHeal 20170807
ClamAV 20170807
CMC 20170805
Comodo 20170807
Ikarus 20170807
Jiangmin 20170807
K7AntiVirus 20170807
K7GW 20170807
Kingsoft 20170807
Malwarebytes 20170807
McAfee 20170807
NANO-Antivirus 20170807
nProtect 20170807
Palo Alto Networks (Known Signatures) 20170807
Sophos AV 20170807
SUPERAntiSpyware 20170807
Symantec Mobile Insight 20170807
Tencent 20170807
TheHacker 20170807
TrendMicro 20170807
TrendMicro-HouseCall 20170807
Trustlook 20170807
VBA32 20170807
VIPRE 20170807
ViRobot 20170807
Webroot 20170807
WhiteArmor 20170731
Yandex 20170807
Zillya 20170806
Zoner 20170807
The file being studied is a Portable Executable file! More specifically, it is a Win32 EXE file for the Windows GUI subsystem.
PE header basic information
Target machine Intel 386 or later processors and compatible processors
Compilation timestamp 2017-06-29 01:42:41
Entry Point 0x00015582
Number of sections 5
PE sections
PE imports
GetTokenInformation
GetSidSubAuthorityCount
GetSidSubAuthority
OpenProcessToken
FreeSid
SetSecurityDescriptorDacl
AllocateAndInitializeSid
CheckTokenMembership
AdjustTokenPrivileges
LookupPrivilegeValueW
RegNotifyChangeKeyValue
GetSidLengthRequired
InitializeSecurityDescriptor
ConvertSidToStringSidA
SetSecurityDescriptorGroup
InitializeSid
ReleaseMutex
WaitForSingleObject
DuplicateHandle
DeleteCriticalSection
GetCurrentProcess
LocalAlloc
lstrcatW
WideCharToMultiByte
WriteFile
HeapReAlloc
LocalFree
IsWow64Process
ResumeThread
InitializeCriticalSection
FindClose
InterlockedDecrement
SetFileAttributesW
SetLastError
DeviceIoControl
GlobalFindAtomW
WriteProcessMemory
RemoveDirectoryW
HeapAlloc
LoadLibraryA
GetPrivateProfileStringW
CreateMutexA
RegisterWaitForSingleObject
CreateThread
CreateMutexW
ExitThread
TerminateProcess
VirtualQuery
SetEndOfFile
InterlockedIncrement
GetModuleHandleA
CreateToolhelp32Snapshot
HeapFree
EnterCriticalSection
Process32First
TerminateThread
LoadLibraryW
GetVersionExW
SetEvent
QueryPerformanceCounter
GetTickCount
GetVersionExA
lstrcmpiW
Process32Next
CopyFileW
CreateRemoteThread
GetFileSize
OpenProcess
ReadProcessMemory
DeleteFileW
GetProcAddress
GetPrivateProfileIntW
VirtualProtectEx
GetProcessHeap
GetModuleFileNameW
ExpandEnvironmentStringsW
lstrcmpA
FindNextFileW
ResetEvent
FindFirstFileW
lstrcmpW
CreateEventW
CreateFileW
CreateEventA
CreateFileA
ExitProcess
LeaveCriticalSection
GetNativeSystemInfo
GetLastError
VirtualAllocEx
lstrlenA
GetProcessTimes
lstrlenW
Process32NextW
VirtualFree
UnregisterWait
VirtualFreeEx
GetCurrentProcessId
Process32FirstW
GetCurrentThread
lstrcpynW
QueryPerformanceFrequency
SetFilePointer
ReadFile
CloseHandle
OpenMutexW
lstrcpynA
GetModuleHandleW
CreateProcessA
GetProcessHandleCount
CreateProcessW
Sleep
OpenEventA
VirtualAlloc
SHGetFolderPathAndSubDirW
SHGetFolderPathW
ShellExecuteExW
SHFileOperationW
StrChrA
PathCombineA
IsWindow
CreateDesktopA
VkKeyScanA
CharNextA
SendInput
CloseDesktop
SetCursorPos
SetProcessWindowStation
CreateWindowStationW
SetThreadDesktop
OpenDesktopA
CloseWindowStation
getaddrinfo
getsockname
accept
ioctlsocket
WSAStartup
freeaddrinfo
connect
shutdown
htons
getpeername
WSAGetLastError
closesocket
inet_addr
send
select
listen
__WSAFDIsSet
WSACleanup
WSASetLastError
recv
WSAIoctl
WSAStringToAddressW
setsockopt
socket
bind
recvfrom
sendto
strncmp
memset
_wcsnicmp
_stricmp
isprint
strtoul
strlen
strchr
_alldiv
wcslen
wcscmp
wcsncat
memcmp
isspace
_wcsicmp
tolower
_strnicmp
atoi
memcpy
_vsnprintf
_chkstk
memmove
wcsstr
strcmp
CoCreateGuid
CoCreateInstance
CoUninitialize
CoInitialize
StringFromGUID2
ExifTool file metadata
MIMEType
application/octet-stream

Subsystem
Windows GUI

MachineType
Intel 386 or later, and compatibles

FileTypeExtension
exe

TimeStamp
2017:06:29 02:42:41+01:00

FileType
Win32 EXE

PEType
PE32

CodeSize
108032

LinkerVersion
9.0

EntryPoint
0x15582

InitializedDataSize
201216

SubsystemVersion
5.0

ImageVersion
0.0

OSVersion
5.0

UninitializedDataSize
0

File identification
MD5 b8986fe9e40f613804aee29b34896707
SHA1 7f37d78eed3a1b4faa7b6729b8d8c07ed8a6923b
SHA256 cd5c2bb8d7d3ba9dc522dae112133956096ffae465a7b21c8f3d3124d070f675
ssdeep
6144:2mLElK7r4hK4BclTBqDMt26SMZ8FJD95qqDLuf/E1Qk:Z97r34ulTsDMt2TM8FJD90qnu3Ea

authentihash 01d974cb6cc6b9f01c0054e4233e20a0414eaf0fcee5608cc5cc39c944d47e13
imphash 1c7f95ec57b3917a7f584accbb6dedb4
File size 291.0 KB ( 297984 bytes )
File type Win32 EXE
Magic literal
PE32 executable for MS Windows (GUI) Intel 80386 32-bit

TrID Win32 Executable MS Visual C++ (generic) (42.2%)
Win64 Executable (generic) (37.3%)
Win32 Dynamic Link Library (generic) (8.8%)
Win32 Executable (generic) (6.0%)
Generic Win/DOS Executable (2.7%)
Tags
peexe

VirusTotal metadata
First submission 2017-08-07 15:18:10 UTC ( 1 month, 2 weeks ago )
Last submission 2017-08-21 13:28:10 UTC ( 1 month ago )
File names VJF_1.exe
No comments. No VirusTotal Community member has commented on this item yet, be the first one to do so!

Leave your comment...

?
Post comment

You have not signed in. Only registered users can leave comments, sign in and have a voice!

No votes. No one has voted on this item yet, be the first one to do so!
Condensed report! The following is a condensed report of the behaviour of the file when executed in a controlled environment. The actions and events described were either performed by the file itself or by any other process launched by the executed file or subjected to code injection by the executed file.
Opened files
Deleted files
Created processes
Opened mutexes
Runtime DLLs
UDP communications