× Cookies are disabled! This site requires cookies to be enabled to work properly
SHA256: f63e5ca44a32340c975bf5613b1cfd2202762e4a42f1f21deb71de18894b9304
File name: 2017-04-15-EITest-Rig-EK-payload-3v62anzt.exe
Detection ratio: 51 / 63
Analysis date: 2017-07-07 17:31:10 UTC ( 1 month, 2 weeks ago )
Antivirus Result Update
Ad-Aware Trojan.GenericKD.4865225 20170707
AegisLab Troj.W32.Reconyc!c 20170707
AhnLab-V3 Trojan/Win32.Reconyc.C1919130 20170707
ALYac Trojan.Agent.Reconyc.A 20170707
Antiy-AVL Trojan/Win32.Reconyc 20170707
Arcabit Trojan.Generic.D4A3CC9 20170707
Avast Win32:Malware-gen 20170707
AVG Win32:Malware-gen 20170707
Avira (no cloud) TR/AD.LockyLoader.zgxnn 20170707
AVware Trojan.Win32.Generic!BT 20170707
BitDefender Trojan.GenericKD.4865225 20170707
CAT-QuickHeal Trojan.Reconyc 20170707
Comodo TrojWare.Win32.Kryptik.~FRLB 20170707
Cylance Unsafe 20170707
Cyren W32/Trojan.KCXD-7798 20170707
DrWeb Trojan.MulDrop7.25924 20170707
Emsisoft Trojan.GenericKD.4865225 (B) 20170707
Endgame malicious (high confidence) 20170706
ESET-NOD32 a variant of Win32/Kryptik.FRLB 20170707
F-Prot W32/Trojan2.PTZM 20170707
F-Secure Trojan.GenericKD.4865225 20170707
Fortinet Malicious_Behavior.SB 20170629
GData Trojan.GenericKD.4865225 20170707
Ikarus Trojan.Inject 20170707
Sophos ML heuristic 20170607
K7AntiVirus Trojan ( 0050b99c1 ) 20170707
K7GW Trojan ( 0050b99c1 ) 20170707
Kaspersky Trojan.Win32.Reconyc.hwzy 20170707
MAX malware (ai score=84) 20170707
McAfee RDN/Generic.tfr 20170707
McAfee-GW-Edition BehavesLike.Win32.Generic.dh 20170707
Microsoft Trojan:Win32/Medfos 20170707
eScan Trojan.GenericKD.4865225 20170707
NANO-Antivirus Trojan.Win32.Reconyc.enroqb 20170707
Palo Alto Networks (Known Signatures) generic.ml 20170707
Panda Trj/CI.A 20170707
Qihoo-360 Trojan.Generic 20170707
Rising Trojan.Reconyc!8.153 (ktse) 20170707
SentinelOne (Static ML) static engine - malicious 20170516
Sophos AV Mal/Generic-S 20170707
Symantec Trojan.Gen.2 20170707
Tencent Win32.Trojan.Reconyc.Tays 20170707
TrendMicro WORM_FAKER.AI 20170707
TrendMicro-HouseCall WORM_FAKER.AI 20170707
VBA32 Trojan.Reconyc 20170707
VIPRE Trojan.Win32.Generic!BT 20170707
ViRobot Trojan.Win32.Z.Razy.208896.BY 20170707
Webroot W32.Malware.Gen 20170707
Yandex Trojan.Reconyc! 20170707
Zillya Trojan.Reconyc.Win32.20355 20170707
ZoneAlarm by Check Point Trojan.Win32.Reconyc.hwzy 20170707
Alibaba 20170707
Baidu 20170707
Bkav 20170706
ClamAV 20170707
CMC 20170707
CrowdStrike Falcon (ML) 20170420
Jiangmin 20170707
Kingsoft 20170707
Malwarebytes 20170707
nProtect 20170707
SUPERAntiSpyware 20170707
Symantec Mobile Insight 20170707
TheHacker 20170707
TotalDefense 20170707
Trustlook 20170707
WhiteArmor 20170706
Zoner 20170707
The file being studied is a Portable Executable file! More specifically, it is a Win32 EXE file for the Windows GUI subsystem.
FileVersionInfo properties
Copyright
2006-2014 (c)

Product SemiconductorTable
Original name SemiconductorTable.exe
File version 2.7.8.7
Description Cnsumer Teenage
PE header basic information
Target machine Intel 386 or later processors and compatible processors
Compilation timestamp 2016-03-09 10:15:32
Entry Point 0x00006646
Number of sections 4
PE sections
PE imports
DuplicateTokenEx
LookupPrivilegeValueA
OpenProcessToken
GetUserNameW
CreateProcessAsUserA
InitializeSecurityDescriptor
GetUserNameA
LookupAccountNameW
AVIStreamRelease
ImageList_GetIconSize
GetDeviceCaps
CreateDCA
CreateRectRgn
SetAbortProc
SetBkMode
SelectObject
CreateRoundRectRgn
CreateDIBSection
CreateCompatibleDC
DeleteObject
SetTextColor
gluLookAt
GetLastError
HeapFree
GetStdHandle
EnterCriticalSection
LCMapStringW
SetHandleCount
lstrlenA
LoadLibraryW
GetConsoleCP
GetOEMCP
LCMapStringA
HeapDestroy
GetTickCount
TlsAlloc
GetVersionExA
GetEnvironmentStringsW
FlushFileBuffers
LoadLibraryA
RtlUnwind
GetModuleFileNameA
FreeEnvironmentStringsA
DeleteCriticalSection
GetCurrentProcess
GetDateFormatA
GetEnvironmentStrings
GetConsoleMode
GetLocaleInfoA
GetCurrentProcessId
GetConsoleOutputCP
GetCPInfo
UnhandledExceptionFilter
InterlockedDecrement
MultiByteToWideChar
HeapSize
FreeEnvironmentStringsW
GetCommandLineA
GetProcAddress
GetProcessHeap
TlsFree
EnumTimeFormatsA
GetStartupInfoA
SetStdHandle
GetModuleHandleA
RaiseException
WideCharToMultiByte
GetStringTypeA
SetFilePointer
GetCurrentThreadId
WTSGetActiveConsoleSessionId
SetUnhandledExceptionFilter
WriteFile
InterlockedIncrement
SetConsoleTitleA
CloseHandle
GetSystemTimeAsFileTime
GetACP
HeapReAlloc
GetStringTypeW
GetUserDefaultLCID
HeapAlloc
IsDebuggerPresent
TerminateProcess
QueryPerformanceCounter
WriteConsoleA
SetLastError
InitializeCriticalSection
LoadResource
FindResourceExW
GetConsoleWindow
GetCurrentConsoleFont
TlsGetValue
Sleep
GetFileType
VirtualFree
TlsSetValue
CreateFileA
ExitProcess
GetVersion
LeaveCriticalSection
VirtualAlloc
HeapCreate
WriteConsoleW
MulDiv
NetAuditClear
NetShareGetInfo
OleLoadPicturePath
glEnable
glViewport
glMatrixMode
glGetIntegerv
glOrtho
glLoadIdentity
glBlendFunc
SetActivePwrScheme
RpcStringFreeA
UuidToStringA
UuidCreate
SHBrowseForFolderA
SHQueryRecycleBinA
SHEmptyRecycleBinA
SetFocus
BeginPaint
SetCaretPos
SendInput
CreateCaret
FindWindowA
GetWindowThreadProcessId
SetDlgItemTextA
SetRectEmpty
WindowFromPoint
MessageBoxA
GetWindowDC
SetWindowLongA
IsWindowEnabled
SetActiveWindow
GetDC
EndDeferWindowPos
ReleaseDC
GetDlgCtrlID
GetWindowLongA
DrawIconEx
FindWindowExA
SendMessageA
GetClientRect
GetDlgItem
SetRect
wsprintfA
GetWindowTextLengthA
LoadCursorA
LoadIconA
ShowCursor
GetUpdateRgn
SubtractRect
GetFocus
SetForegroundWindow
SetCursor
WinHttpSendRequest
EnumPrintersA
htonl
getsockopt
getsockname
WTSQuerySessionInformationA
WTSQueryUserToken
SCardEstablishContext
SCardConnectA
SCardTransmit
SCardListReadersA
CommDlgExtendedError
Number of PE resources by type
RT_STRING 7
Struct(800) 5
RT_ICON 4
Struct(241) 3
RT_MANIFEST 1
RT_VERSION 1
RT_GROUP_ICON 1
Number of PE resources by language
ENGLISH US 22
PE resources
ExifTool file metadata
CodeSize
86016

UninitializedDataSize
0

InitializedDataSize
118784

ImageVersion
0.0

ProductName
SemiconductorTable

FileVersionNumber
2.7.8.7

LanguageCode
English (U.S.)

FileFlagsMask
0x003f

CharacterSet
Unicode

LinkerVersion
8.0

PrivateBuild
2.7.8.7

FileTypeExtension
exe

OriginalFileName
SemiconductorTable.exe

MIMEType
application/octet-stream

Subsystem
Windows GUI

FileVersion
2.7.8.7

TimeStamp
2016:03:09 11:15:32+01:00

FileType
Win32 EXE

PEType
PE32

SubsystemVersion
4.0

ProductVersion
2.7.8.7

FileDescription
Cnsumer Teenage

OSVersion
4.0

FileOS
Windows NT 32-bit

LegalCopyright
2006-2014 (c)

MachineType
Intel 386 or later, and compatibles

CompanyName
AVAST Software

LegalTrademarks
2006-2014 (c)

FileSubtype
0

ProductVersionNumber
2.7.8.7

EntryPoint
0x6646

ObjectFileType
Executable application

File identification
MD5 ce6ae92c13d355de8a82d3700e60ce8e
SHA1 4a623e403d20864019b1519f5bc6675e6d9c19ef
SHA256 f63e5ca44a32340c975bf5613b1cfd2202762e4a42f1f21deb71de18894b9304
ssdeep
3072:iii4CKC0XEyebKtrd/KZwdp1QiwIRtnRMgUxfM6yZAza/G5JN4BG:iBKC0X66Qup1QIIdqWagSg

authentihash 98116cb36b0ccd8196ca6b3b896fce05dfe517fd626e486571a4539e6765cfc4
imphash 1196f48ea7c30b8eeb7f9286368ffd93
File size 204.0 KB ( 208896 bytes )
File type Win32 EXE
Magic literal
PE32 executable for MS Windows (GUI) Intel 80386 32-bit

TrID Win32 Executable MS Visual C++ (generic) (67.4%)
Win32 Dynamic Link Library (generic) (14.2%)
Win32 Executable (generic) (9.7%)
Generic Win/DOS Executable (4.3%)
DOS Executable Generic (4.3%)
Tags
peexe

VirusTotal metadata
First submission 2017-04-15 13:46:20 UTC ( 4 months, 1 week ago )
Last submission 2017-07-07 17:31:10 UTC ( 1 month, 2 weeks ago )
File names 2017-04-15-EITest-Rig-EK-payload-3v62anzt.exe-
2017-04-15-EITest-Rig-EK-payload-3v62anzt.exe
EITest-Rig-EK-payload-3v62anzt.exe
SemiconductorTable.exe
ce6ae92c13d355de8a82d3700e60ce8e
2017-04-15-eitest-rig-ek-payload-3v62anzt.exe
3v62anzt.exe
B.exe
Win32.Trojan.Agent@f63e5ca44a32340c975bf5613b1cfd2202762e4a42f1f21deb71de18894b9304.bin
Behaviour characterization
Zemana
dll-injection

No comments. No VirusTotal Community member has commented on this item yet, be the first one to do so!

Leave your comment...

?
Post comment

You have not signed in. Only registered users can leave comments, sign in and have a voice!

No votes. No one has voted on this item yet, be the first one to do so!
Condensed report! The following is a condensed report of the behaviour of the file when executed in a controlled environment. The actions and events described were either performed by the file itself or by any other process launched by the executed file or subjected to code injection by the executed file.
Opened files
Read files
Written files
Deleted files
Created processes
Code injections in the following processes
Created mutexes
Opened mutexes
Searched windows
Opened service managers
Opened services
Runtime DLLs
HTTP requests
DNS requests
TCP connections
UDP communications