× Cookies are disabled! This site requires cookies to be enabled to work properly
SHA256: 015586f5648c9d747b3877821b852647637289a90c5aece12dbf50a2abdf6173
File name: 4d8a34863a3d4ce7cb9d7c08e6e62c90.virus
Detection ratio: 32 / 58
Analysis date: 2016-09-13 09:22:02 UTC ( 2 years, 5 months ago ) View latest
Antivirus Result Update
Ad-Aware Gen:Variant.Razy.93463 20160913
AhnLab-V3 Downloader/Win32.Gootkit.N2103261068 20160913
ALYac Gen:Variant.Razy.93463 20160913
Arcabit Trojan.Razy.D16D17 20160913
Avast Win32:Malware-gen 20160913
AVG Crypt6.LY 20160913
Avira (no cloud) TR/AD.Gootkit.mzkd 20160913
AVware Trojan.Win32.Generic!BT 20160913
Baidu Win32.Trojan.WisdomEyes.151026.9950.9999 20160913
BitDefender Gen:Variant.Razy.93463 20160913
Bkav HW32.Packed.7974 20160912
CrowdStrike Falcon (ML) malicious_confidence_100% (D) 20160725
Cyren W32/Trojan.WKON-4163 20160913
DrWeb Trojan.Siggen6.58358 20160913
Emsisoft Gen:Variant.Razy.93463 (B) 20160913
ESET-NOD32 a variant of Win32/Kryptik.FGBO 20160913
F-Secure Gen:Variant.Razy.93463 20160913
Fortinet W32/Kryptik.FFVP!tr 20160913
GData Gen:Variant.Razy.93463 20160913
Sophos ML generic.a 20160912
K7AntiVirus Trojan ( 004f84ab1 ) 20160913
K7GW Trojan ( 004f84ab1 ) 20160913
Kaspersky Trojan-Downloader.Win32.Gootkit.uo 20160913
McAfee Artemis!4D8A34863A3D 20160913
McAfee-GW-Edition BehavesLike.Win32.AAEH.cc 20160912
eScan Gen:Variant.Razy.93463 20160913
Qihoo-360 HEUR/QVM20.1.0000.Malware.Gen 20160913
Rising Malware.Generic!2za3JfybtEK@2 (thunder) 20160913
Sophos AV Mal/Generic-S 20160913
Tencent Win32.Trojan-downloader.Gootkit.Pftq 20160913
TrendMicro-HouseCall TROJ_GEN.R00JH0CIC16 20160913
VIPRE Trojan.Win32.Generic!BT 20160913
AegisLab 20160913
Alibaba 20160913
Antiy-AVL 20160913
CAT-QuickHeal 20160913
ClamAV 20160913
CMC 20160912
Comodo 20160912
F-Prot 20160913
Ikarus 20160913
Jiangmin 20160913
Kingsoft 20160913
Malwarebytes 20160913
Microsoft 20160913
NANO-Antivirus 20160913
nProtect 20160913
Panda 20160912
SUPERAntiSpyware 20160913
Symantec 20160913
TheHacker 20160911
TotalDefense 20160907
TrendMicro 20160913
VBA32 20160912
ViRobot 20160913
Yandex 20160911
Zillya 20160912
Zoner 20160913
The file being studied is a Portable Executable file! More specifically, it is a Win32 EXE file for the Windows GUI subsystem.
Packers identified
PEiD Ste@lth PE 1.01 -> BGCorp
PE header basic information
Target machine Intel 386 or later processors and compatible processors
Compilation timestamp 2012-07-14 10:54:05
Entry Point 0x000034A9
Number of sections 3
PE sections
PE imports
AuthzInitializeContextFromSid
AuthzAddSidsToContext
AuthzFreeAuditEvent
AuthzFreeContext
GetStdHandle
WaitForSingleObject
GetOEMCP
lstrlen
GetTickCount
RemoveDirectoryA
LoadLibraryA
GetCurrentProcess
FileTimeToLocalFileTime
lstrcat
CreateThread
GetCPInfo
DeleteFileW
GetProcAddress
CancelIo
GetCurrentThread
CreateWaitableTimerW
GetBinaryTypeW
GetDiskFreeSpaceW
ReadFile
GetStartupInfoA
GetComputerNameExW
lstrcpynA
FindNextFileA
GetStringTypeW
GetGeoInfoW
GetExpandedNameW
IsValidCodePage
CreateEventA
InterlockedDecrement
GetNumberFormatW
InsertMenuA
wsprintfA
LoadCursorA
FlashWindow
LoadIconW
PeekMessageA
GetMonitorInfoA
GetClassLongA
DrawStateW
IsIconic
GetPropA
LoadBitmapA
DispatchMessageW
Number of PE resources by type
RT_VERSION 1
Number of PE resources by language
NEUTRAL 1
PE resources
Debug information
ExifTool file metadata
MIMEType
application/octet-stream

Subsystem
Windows GUI

MachineType
Intel 386 or later, and compatibles

FileTypeExtension
exe

TimeStamp
2012:07:14 11:54:05+01:00

FileType
Win32 EXE

PEType
PE32

CodeSize
100864

LinkerVersion
7.0

Warning
Possibly corrupt Version resource

EntryPoint
0x34a9

InitializedDataSize
5632

SubsystemVersion
4.0

ImageVersion
5.1

OSVersion
5.1

UninitializedDataSize
0

File identification
MD5 4d8a34863a3d4ce7cb9d7c08e6e62c90
SHA1 71b116c701448f10b45eebc5063398247c10c7b7
SHA256 015586f5648c9d747b3877821b852647637289a90c5aece12dbf50a2abdf6173
ssdeep
1536:kuRD32dYIPHyz2hXLUQnU0IbK+5PI8PTwGlsArabMksq4YPq:7Dsaz2GiUpH5VE+sArab1sr+q

authentihash 99eeba9a4b7c5044db6902a824af4e766f495c3ceb15aa239c26342c22d26113
imphash 340d91f0a6f1517a6bb1de8f95aa9533
File size 105.0 KB ( 107520 bytes )
File type Win32 EXE
Magic literal
PE32 executable for MS Windows (GUI) Intel 80386 32-bit

TrID Win32 Dynamic Link Library (generic) (43.5%)
Win32 Executable (generic) (29.8%)
Generic Win/DOS Executable (13.2%)
DOS Executable Generic (13.2%)
Tags
stealth peexe

VirusTotal metadata
First submission 2016-09-13 09:22:02 UTC ( 2 years, 5 months ago )
Last submission 2016-09-19 11:15:00 UTC ( 2 years, 5 months ago )
File names 4d8a34863a3d4ce7cb9d7c08e6e62c90.virus
virussign.com_4d8a34863a3d4ce7cb9d7c08e6e62c90.vir
No comments. No VirusTotal Community member has commented on this item yet, be the first one to do so!

Leave your comment...

?
Post comment

You have not signed in. Only registered users can leave comments, sign in and have a voice!

No votes. No one has voted on this item yet, be the first one to do so!
Condensed report! The following is a condensed report of the behaviour of the file when executed in a controlled environment. The actions and events described were either performed by the file itself or by any other process launched by the executed file or subjected to code injection by the executed file.
Opened files
Read files
Written files
Deleted files
Created processes
Code injections in the following processes
Created mutexes
Opened mutexes
Opened service managers
Opened services
Runtime DLLs
HTTP requests
DNS requests
TCP connections
UDP communications