× Cookies are disabled! This site requires cookies to be enabled to work properly
SHA256: 00e42db1943305c031964cab83002640ee0a8fb47f5e0d159471cb63bf28a2ce
File name: 9f0405c57a14ea5e81b3099e8e61d64b.virus
Detection ratio: 35 / 57
Analysis date: 2016-11-13 18:20:34 UTC ( 2 years, 3 months ago ) View latest
Antivirus Result Update
Ad-Aware Trojan.Generic.19472723 20161113
AhnLab-V3 Trojan/Win32.Yakes.N2141330559 20161113
ALYac Trojan.Generic.19472723 20161113
Antiy-AVL Trojan/Win32.Yakes 20161113
Arcabit Trojan.Generic.D1292153 20161113
Avast Win32:Malware-gen 20161113
AVG Generic_r.OSR 20161113
Avira (no cloud) TR/Crypt.Xpack.buwjs 20161113
AVware Trojan.Win32.Generic!BT 20161113
Baidu Win32.Trojan.WisdomEyes.16070401.9500.9977 20161111
BitDefender Trojan.Generic.19472723 20161113
DrWeb Trojan.Siggen6.58358 20161113
Emsisoft Trojan.Generic.19472723 (B) 20161113
ESET-NOD32 Win32/TrojanDownloader.Agent.CFH 20161113
F-Secure Trojan.Generic.19472723 20161113
Fortinet W32/Yakes.RJZN!tr 20161113
GData Trojan.Generic.19472723 20161113
Ikarus Trojan-Downloader.Win32.Agent 20161113
Sophos ML trojan.win32.diofopi.e 20161018
K7AntiVirus Trojan-Downloader ( 004e141d1 ) 20161113
K7GW Trojan-Downloader ( 004e141d1 ) 20161113
Kaspersky Trojan.Win32.Yakes.rjzn 20161113
McAfee Artemis!9F0405C57A14 20161113
McAfee-GW-Edition BehavesLike.Win32.Backdoor.fz 20161113
Microsoft TrojanDownloader:Win32/Talalpek.A 20161113
eScan Trojan.Generic.19472723 20161113
NANO-Antivirus Trojan.Win32.Xpack.ehxjes 20161113
Qihoo-360 HEUR/QVM10.1.0000.Malware.Gen 20161113
Rising Malware.Heuristic!ET#87% (rdm+) 20161113
Sophos AV Mal/Generic-S 20161113
Symantec Trojan.Gen 20161113
Tencent Win32.Trojan.Yakes.Hufk 20161113
TrendMicro TROJ_GEN.R00JC0DJT16 20161113
TrendMicro-HouseCall TROJ_GEN.R00JC0DJT16 20161113
VIPRE Trojan.Win32.Generic!BT 20161113
AegisLab 20161113
Alibaba 20161110
Bkav 20161112
CAT-QuickHeal 20161112
ClamAV 20161113
CMC 20161113
Comodo 20161113
CrowdStrike Falcon (ML) 20161024
Cyren 20161113
F-Prot 20161113
Jiangmin 20161113
Kingsoft 20161113
Malwarebytes 20161113
nProtect 20161113
Panda 20161113
SUPERAntiSpyware 20161112
TheHacker 20161111
TotalDefense 20161113
VBA32 20161111
ViRobot 20161113
Yandex 20161113
Zillya 20161111
Zoner 20161113
The file being studied is a Portable Executable file! More specifically, it is a Win32 EXE file for the Windows GUI subsystem.
PE header basic information
Target machine Intel 386 or later processors and compatible processors
Compilation timestamp 2016-10-01 06:28:15
Entry Point 0x0001E8CF
Number of sections 4
PE sections
PE imports
GetStdHandle
WaitForSingleObject
EnumUILanguagesW
GetLocalTime
FreeEnvironmentStringsA
DeleteCriticalSection
GetCurrentProcess
GetLocaleInfoA
LocalAlloc
FreeEnvironmentStringsW
GetLocaleInfoW
EnumResourceLanguagesW
WideCharToMultiByte
lstrcmpiA
GetStringTypeA
WriteFile
GetSystemTimeAsFileTime
GlobalMemoryStatusEx
HeapReAlloc
GetStringTypeW
FreeLibrary
LocalFree
FormatMessageW
IsWow64Process
ResumeThread
GetExitCodeProcess
InitializeCriticalSection
LoadResource
GlobalHandle
FindClose
InterlockedDecrement
MoveFileW
SetFileAttributesW
GetEnvironmentVariableW
SetLastError
GetUserDefaultUILanguage
TlsGetValue
CopyFileW
GetUserDefaultLangID
OutputDebugStringW
GetModuleFileNameW
IsDebuggerPresent
HeapAlloc
GetModuleFileNameA
UnhandledExceptionFilter
LoadLibraryExW
MultiByteToWideChar
GetPrivateProfileStringW
SetFilePointer
CreateThread
SetEnvironmentVariableW
MoveFileExW
GetExitCodeThread
SetUnhandledExceptionFilter
CreateMutexW
MulDiv
TerminateProcess
GetCurrentThreadId
InterlockedIncrement
InitializeCriticalSectionAndSpinCount
HeapFree
EnterCriticalSection
SetHandleCount
LoadLibraryW
GetVersionExW
GetOEMCP
QueryPerformanceCounter
GetTickCount
TlsAlloc
FlushFileBuffers
LoadLibraryA
RtlUnwind
GetStartupInfoA
GetWindowsDirectoryW
OpenProcess
SetEvent
DeleteFileW
WaitForMultipleObjects
GetPrivateProfileIntW
GetTempFileNameW
CreateFileMappingW
EnumResourceNamesW
RemoveDirectoryW
ExpandEnvironmentStringsW
FindNextFileW
CreateDirectoryW
FindFirstFileW
GetProcAddress
GetLocaleInfoEx
CreateEventW
CreateFileW
GetFileType
TlsSetValue
ExitProcess
LeaveCriticalSection
GetLastError
LCMapStringW
GetSystemInfo
FindResourceW
LCMapStringA
SetProcessShutdownParameters
GetEnvironmentStringsW
LCIDToLocaleName
CreateProcessW
SizeofResource
GetCurrentDirectoryW
GetCurrentProcessId
LockResource
GetCommandLineW
GetCPInfo
HeapSize
GetCommandLineA
GetTickCount64
GetSystemDefaultLangID
RaiseException
MapViewOfFile
TlsFree
GetModuleHandleA
CloseHandle
GetACP
GetModuleHandleW
FindResourceExW
GetEnvironmentStrings
IsValidCodePage
HeapCreate
GetTempPathW
VirtualFree
Sleep
VirtualAlloc
UpdateWindow
EndDialog
GetMessageW
OffsetRect
FindWindowW
KillTimer
PostQuitMessage
ShowWindow
SetWindowPos
GetWindowThreadProcessId
GetSysColorBrush
GetWindowRect
TranslateMessage
PostMessageW
SetDlgItemTextW
GetDC
CreateDialogParamW
ReleaseDC
GetDlgCtrlID
SendMessageW
SendDlgItemMessageW
LoadStringW
GetDlgItem
SystemParametersInfoW
BringWindowToTop
SetTimer
LoadImageW
IsDialogMessageW
CopyRect
GetDesktopWindow
LoadIconW
DispatchMessageW
SetForegroundWindow
CharNextW
ExitWindowsEx
DestroyWindow
Number of PE resources by type
RT_MANIFEST 1
Number of PE resources by language
NEUTRAL 1
PE resources
ExifTool file metadata
MIMEType
application/octet-stream

Subsystem
Windows GUI

MachineType
Intel 386 or later, and compatibles

FileTypeExtension
exe

TimeStamp
2016:10:01 07:28:15+01:00

FileType
Win32 EXE

PEType
PE32

CodeSize
0

LinkerVersion
9.0

EntryPoint
0x1e8cf

InitializedDataSize
496640

SubsystemVersion
5.0

ImageVersion
0.0

OSVersion
5.0

UninitializedDataSize
0

File identification
MD5 9f0405c57a14ea5e81b3099e8e61d64b
SHA1 cc4a0a802c05397887672add72a95536e2365b7a
SHA256 00e42db1943305c031964cab83002640ee0a8fb47f5e0d159471cb63bf28a2ce
ssdeep
6144:juarM26VZgBee4zffR4p37VWQnDmrDmA79:if26TE44LVWmvC

authentihash e1095d58657dff57155d8b9bf734ba6ccbc9f1b9466cbf267efda00119868f6d
imphash 5be1953fa251e66a9f53fddbd019f157
File size 395.0 KB ( 404480 bytes )
File type Win32 EXE
Magic literal
PE32 executable for MS Windows (GUI) Intel 80386 32-bit

TrID Win32 Executable MS Visual C++ (generic) (42.2%)
Win64 Executable (generic) (37.3%)
Win32 Dynamic Link Library (generic) (8.8%)
Win32 Executable (generic) (6.0%)
Generic Win/DOS Executable (2.7%)
Tags
peexe

VirusTotal metadata
First submission 2016-11-13 18:20:34 UTC ( 2 years, 3 months ago )
Last submission 2016-11-13 18:20:34 UTC ( 2 years, 3 months ago )
File names 9f0405c57a14ea5e81b3099e8e61d64b.virus
No comments. No VirusTotal Community member has commented on this item yet, be the first one to do so!

Leave your comment...

?
Post comment

You have not signed in. Only registered users can leave comments, sign in and have a voice!

No votes. No one has voted on this item yet, be the first one to do so!