× Cookies are disabled! This site requires cookies to be enabled to work properly
SHA256: f63e5ca44a32340c975bf5613b1cfd2202762e4a42f1f21deb71de18894b9304
File name: 2017-04-15-EITest-Rig-EK-payload-3v62anzt.exe
Detection ratio: 51 / 65
Analysis date: 2017-09-15 15:07:20 UTC ( 1 month, 1 week ago )
Antivirus Result Update
Ad-Aware Trojan.GenericKD.4865225 20170915
AegisLab Troj.W32.Reconyc!c 20170915
AhnLab-V3 Trojan/Win32.Reconyc.C1919130 20170915
ALYac Trojan.Agent.Reconyc.A 20170915
Antiy-AVL Trojan/Win32.Reconyc 20170915
Arcabit Trojan.Generic.D4A3CC9 20170915
Avast Win32:Malware-gen 20170915
AVG Win32:Malware-gen 20170915
Avira (no cloud) TR/AD.LockyLoader.zgxnn 20170915
AVware Trojan.Win32.Generic!BT 20170915
BitDefender Trojan.GenericKD.4865225 20170915
CAT-QuickHeal Trojan.Reconyc 20170915
Comodo TrojWare.Win32.Kryptik.~FRLB 20170915
CrowdStrike Falcon (ML) malicious_confidence_80% (W) 20170804
Cylance Unsafe 20170915
Cyren W32/Trojan.KCXD-7798 20170915
DrWeb Trojan.MulDrop7.25924 20170915
Emsisoft Trojan.GenericKD.4865225 (B) 20170915
Endgame malicious (high confidence) 20170821
ESET-NOD32 a variant of Win32/Kryptik.FRLB 20170915
F-Prot W32/Trojan2.PTZM 20170915
F-Secure Trojan.GenericKD.4865225 20170915
Fortinet Malicious_Behavior.SB 20170915
GData Trojan.GenericKD.4865225 20170915
Ikarus Trojan.Inject 20170915
Sophos ML heuristic 20170914
K7AntiVirus Trojan ( 0050b99c1 ) 20170915
K7GW Trojan ( 0050b99c1 ) 20170915
Kaspersky Trojan.Win32.Reconyc.hwzy 20170915
MAX malware (ai score=84) 20170915
McAfee RDN/Generic.tfr 20170915
McAfee-GW-Edition BehavesLike.Win32.TrojanGoznym.dh 20170915
Microsoft Trojan:Win32/Medfos 20170915
eScan Trojan.GenericKD.4865225 20170915
NANO-Antivirus Trojan.Win32.Reconyc.enroqb 20170915
Palo Alto Networks (Known Signatures) generic.ml 20170915
Panda Trj/CI.A 20170915
Qihoo-360 Trojan.Generic 20170915
Rising Trojan.Reconyc!8.153 (ktse) 20170915
SentinelOne (Static ML) static engine - malicious 20170806
Sophos AV Mal/Generic-S 20170915
Symantec Trojan.Gen.2 20170915
Tencent Win32.Trojan.Reconyc.Tays 20170915
TrendMicro WORM_FAKER.AI 20170915
TrendMicro-HouseCall WORM_FAKER.AI 20170915
VBA32 Trojan.Reconyc 20170915
VIPRE Trojan.Win32.Generic!BT 20170915
Webroot W32.Malware.Gen 20170915
Yandex Trojan.Reconyc! 20170908
Zillya Trojan.Reconyc.Win32.20355 20170915
ZoneAlarm by Check Point Trojan.Win32.Reconyc.hwzy 20170915
Alibaba 20170911
Avast-Mobile 20170829
Baidu 20170915
ClamAV 20170915
CMC 20170915
Jiangmin 20170915
Kingsoft 20170915
Malwarebytes 20170915
nProtect 20170915
SUPERAntiSpyware 20170915
Symantec Mobile Insight 20170915
TheHacker 20170911
TotalDefense 20170915
Trustlook 20170915
ViRobot 20170915
WhiteArmor 20170829
Zoner 20170915
The file being studied is a Portable Executable file! More specifically, it is a Win32 EXE file for the Windows GUI subsystem.
FileVersionInfo properties
Copyright
2006-2014 (c)

Product SemiconductorTable
Original name SemiconductorTable.exe
File version 2.7.8.7
Description Cnsumer Teenage
PE header basic information
Target machine Intel 386 or later processors and compatible processors
Compilation timestamp 2016-03-09 10:15:32
Entry Point 0x00006646
Number of sections 4
PE sections
PE imports
DuplicateTokenEx
LookupPrivilegeValueA
OpenProcessToken
GetUserNameW
CreateProcessAsUserA
InitializeSecurityDescriptor
GetUserNameA
LookupAccountNameW
AVIStreamRelease
ImageList_GetIconSize
GetDeviceCaps
CreateDCA
CreateRectRgn
SetAbortProc
SetBkMode
SelectObject
CreateRoundRectRgn
CreateDIBSection
CreateCompatibleDC
DeleteObject
SetTextColor
gluLookAt
GetLastError
HeapFree
GetStdHandle
EnterCriticalSection
LCMapStringW
SetHandleCount
lstrlenA
LoadLibraryW
GetConsoleCP
GetOEMCP
LCMapStringA
HeapDestroy
GetTickCount
TlsAlloc
GetVersionExA
GetEnvironmentStringsW
FlushFileBuffers
LoadLibraryA
RtlUnwind
GetModuleFileNameA
FreeEnvironmentStringsA
DeleteCriticalSection
GetCurrentProcess
GetDateFormatA
GetEnvironmentStrings
GetConsoleMode
GetLocaleInfoA
GetCurrentProcessId
GetConsoleOutputCP
GetCPInfo
UnhandledExceptionFilter
InterlockedDecrement
MultiByteToWideChar
HeapSize
FreeEnvironmentStringsW
GetCommandLineA
GetProcAddress
GetProcessHeap
TlsFree
EnumTimeFormatsA
GetStartupInfoA
SetStdHandle
GetModuleHandleA
RaiseException
WideCharToMultiByte
GetStringTypeA
SetFilePointer
GetCurrentThreadId
WTSGetActiveConsoleSessionId
SetUnhandledExceptionFilter
WriteFile
InterlockedIncrement
SetConsoleTitleA
CloseHandle
GetSystemTimeAsFileTime
GetACP
HeapReAlloc
GetStringTypeW
GetUserDefaultLCID
HeapAlloc
IsDebuggerPresent
TerminateProcess
QueryPerformanceCounter
WriteConsoleA
SetLastError
InitializeCriticalSection
LoadResource
FindResourceExW
GetConsoleWindow
GetCurrentConsoleFont
TlsGetValue
Sleep
GetFileType
VirtualFree
TlsSetValue
CreateFileA
ExitProcess
GetVersion
LeaveCriticalSection
VirtualAlloc
HeapCreate
WriteConsoleW
MulDiv
NetAuditClear
NetShareGetInfo
OleLoadPicturePath
glEnable
glViewport
glMatrixMode
glGetIntegerv
glOrtho
glLoadIdentity
glBlendFunc
SetActivePwrScheme
RpcStringFreeA
UuidToStringA
UuidCreate
SHBrowseForFolderA
SHQueryRecycleBinA
SHEmptyRecycleBinA
SetFocus
BeginPaint
SetCaretPos
SendInput
CreateCaret
FindWindowA
GetWindowThreadProcessId
SetDlgItemTextA
SetRectEmpty
WindowFromPoint
MessageBoxA
GetWindowDC
SetWindowLongA
IsWindowEnabled
SetActiveWindow
GetDC
EndDeferWindowPos
ReleaseDC
GetDlgCtrlID
GetWindowLongA
DrawIconEx
FindWindowExA
SendMessageA
GetClientRect
GetDlgItem
SetRect
wsprintfA
GetWindowTextLengthA
LoadCursorA
LoadIconA
ShowCursor
GetUpdateRgn
SubtractRect
GetFocus
SetForegroundWindow
SetCursor
WinHttpSendRequest
EnumPrintersA
htonl
getsockopt
getsockname
WTSQuerySessionInformationA
WTSQueryUserToken
SCardEstablishContext
SCardConnectA
SCardTransmit
SCardListReadersA
CommDlgExtendedError
Number of PE resources by type
RT_STRING 7
Struct(800) 5
RT_ICON 4
Struct(241) 3
RT_MANIFEST 1
RT_VERSION 1
RT_GROUP_ICON 1
Number of PE resources by language
ENGLISH US 22
PE resources
ExifTool file metadata
LegalTrademarks
2006-2014 (c)

SubsystemVersion
4.0

LinkerVersion
8.0

ImageVersion
0.0

FileSubtype
0

FileVersionNumber
2.7.8.7

LanguageCode
English (U.S.)

FileFlagsMask
0x003f

FileDescription
Cnsumer Teenage

CharacterSet
Unicode

InitializedDataSize
118784

PrivateBuild
2.7.8.7

EntryPoint
0x6646

OriginalFileName
SemiconductorTable.exe

MIMEType
application/octet-stream

LegalCopyright
2006-2014 (c)

FileVersion
2.7.8.7

TimeStamp
2016:03:09 11:15:32+01:00

FileType
Win32 EXE

PEType
PE32

ProductVersion
2.7.8.7

UninitializedDataSize
0

OSVersion
4.0

FileOS
Windows NT 32-bit

Subsystem
Windows GUI

MachineType
Intel 386 or later, and compatibles

CompanyName
AVAST Software

CodeSize
86016

ProductName
SemiconductorTable

ProductVersionNumber
2.7.8.7

FileTypeExtension
exe

ObjectFileType
Executable application

File identification
MD5 ce6ae92c13d355de8a82d3700e60ce8e
SHA1 4a623e403d20864019b1519f5bc6675e6d9c19ef
SHA256 f63e5ca44a32340c975bf5613b1cfd2202762e4a42f1f21deb71de18894b9304
ssdeep
3072:iii4CKC0XEyebKtrd/KZwdp1QiwIRtnRMgUxfM6yZAza/G5JN4BG:iBKC0X66Qup1QIIdqWagSg

authentihash 98116cb36b0ccd8196ca6b3b896fce05dfe517fd626e486571a4539e6765cfc4
imphash 1196f48ea7c30b8eeb7f9286368ffd93
File size 204.0 KB ( 208896 bytes )
File type Win32 EXE
Magic literal
PE32 executable for MS Windows (GUI) Intel 80386 32-bit

TrID Win32 Executable MS Visual C++ (generic) (67.4%)
Win32 Dynamic Link Library (generic) (14.2%)
Win32 Executable (generic) (9.7%)
Generic Win/DOS Executable (4.3%)
DOS Executable Generic (4.3%)
Tags
peexe

VirusTotal metadata
First submission 2017-04-15 13:46:20 UTC ( 6 months, 1 week ago )
Last submission 2017-09-15 15:07:20 UTC ( 1 month, 1 week ago )
File names 2017-04-15-EITest-Rig-EK-payload-3v62anzt.exe-
2017-04-15-EITest-Rig-EK-payload-3v62anzt.exe
EITest-Rig-EK-payload-3v62anzt.exe
SemiconductorTable.exe
ce6ae92c13d355de8a82d3700e60ce8e
2017-04-15-eitest-rig-ek-payload-3v62anzt.exe
3v62anzt.exe
B.exe
Win32.Trojan.Agent@f63e5ca44a32340c975bf5613b1cfd2202762e4a42f1f21deb71de18894b9304.bin
Behaviour characterization
Zemana
dll-injection

No comments. No VirusTotal Community member has commented on this item yet, be the first one to do so!

Leave your comment...

?
Post comment

You have not signed in. Only registered users can leave comments, sign in and have a voice!

No votes. No one has voted on this item yet, be the first one to do so!
Condensed report! The following is a condensed report of the behaviour of the file when executed in a controlled environment. The actions and events described were either performed by the file itself or by any other process launched by the executed file or subjected to code injection by the executed file.
Opened files
Read files
Written files
Deleted files
Created processes
Code injections in the following processes
Created mutexes
Opened mutexes
Searched windows
Opened service managers
Opened services
Runtime DLLs
HTTP requests
DNS requests
TCP connections
UDP communications