× Cookies are disabled! This site requires cookies to be enabled to work properly
SHA256: 026e44cb2b4e166e2f8cca0e3acfcbbc175800d3c18d077d2b20ab14835ee733
File name: miniloader
Detection ratio: 40 / 57
Analysis date: 2016-09-07 11:29:08 UTC ( 1 year, 9 months ago )
Antivirus Result Update
Ad-Aware Generic.TeslaCryptC.038F8A42 20160907
AegisLab Troj.W32.Generic!c 20160907
AhnLab-V3 Trojan/Win32.Zdowbot.N2048457797 20160907
ALYac Generic.TeslaCryptC.038F8A42 20160907
Antiy-AVL Trojan[:HEUR]/Win32.AGeneric 20160907
Arcabit Generic.TeslaCryptC.038F8A42 20160907
Avast Win32:Downloader-WFV [Trj] 20160907
AVG Agent5.APZE 20160907
Avira (no cloud) TR/Crypt.XPACK.Gen3 20160907
AVware Trojan.Win32.Generic!BT 20160907
Baidu Win32.Trojan.WisdomEyes.151026.9950.9999 20160907
BitDefender Generic.TeslaCryptC.038F8A42 20160907
CAT-QuickHeal TrojanDownloader.Zdowbot 20160907
Cyren W32/Trojan.BMSF-0386 20160907
DrWeb BackDoor.Siggen2.654 20160907
Emsisoft Generic.TeslaCryptC.038F8A42 (B) 20160907
ESET-NOD32 a variant of Win32/Agent.RWB 20160907
F-Secure Generic.TeslaCryptC.038F8A42 20160907
Fortinet W32/Agent.RWB!tr 20160907
GData Generic.TeslaCryptC.038F8A42 20160907
Ikarus Trojan.Win32.Agent 20160907
Sophos ML generic.a 20160830
Jiangmin Trojan.Generic.acxat 20160907
K7AntiVirus Trojan ( 00467f191 ) 20160907
K7GW Trojan ( 00467f191 ) 20160907
Kaspersky HEUR:Trojan.Win32.Generic 20160907
McAfee RDN/Generic Downloader.x 20160907
McAfee-GW-Edition RDN/Generic Downloader.x 20160907
Microsoft TrojanDownloader:Win32/Zdowbot.A 20160907
eScan Generic.TeslaCryptC.038F8A42 20160907
NANO-Antivirus Trojan.Win32.Siggen2.eejsyg 20160907
Panda Trj/GdSda.A 20160906
Qihoo-360 Win32/Trojan.160 20160907
Rising Downloader.Zdowbot!8.84BE-ti1OZVASQdI (cloud) 20160907
Sophos AV Mal/Emogen-Y 20160907
Symantec Infostealer.Limitail 20160907
Tencent Win32.Trojan.Generic.Wnbt 20160907
TrendMicro Mal_DLDER 20160907
VIPRE Trojan.Win32.Generic!BT 20160907
Yandex Trojan.Agent!6S4I1CUPvM0 20160906
Alibaba 20160907
Bkav 20160907
ClamAV 20160907
CMC 20160907
Comodo 20160907
F-Prot 20160907
Kingsoft 20160907
Malwarebytes 20160907
nProtect 20160907
SUPERAntiSpyware 20160907
TheHacker 20160905
TotalDefense 20160907
TrendMicro-HouseCall 20160907
VBA32 20160905
ViRobot 20160907
Zillya 20160907
Zoner 20160907
The file being studied is a Portable Executable file! More specifically, it is a Win32 EXE file for the Windows GUI subsystem.
PE header basic information
Target machine Intel 386 or later processors and compatible processors
Compilation timestamp 2016-06-07 17:02:58
Entry Point 0x000024D0
Number of sections 6
PE sections
PE imports
GetTokenInformation
LookupAccountSidA
OpenProcessToken
GetAdaptersAddresses
GetLastError
HeapFree
IsProcessorFeaturePresent
WriteProcessMemory
OpenProcess
GetSystemInfo
lstrlenA
lstrcmpiA
IsDebuggerPresent
ExitProcess
GetModuleFileNameA
LoadLibraryA
GetProcessId
GetCurrentProcess
GetVolumeInformationA
VirtualFreeEx
lstrcatA
GetWindowsDirectoryA
UnhandledExceptionFilter
VirtualAllocEx
GetProcAddress
GetThreadContext
GetProcessHeap
GetTempPathA
CreateThread
GetModuleHandleA
SetUnhandledExceptionFilter
lstrcpyA
CloseHandle
GetTempFileNameA
GetComputerNameA
SetThreadContext
TerminateProcess
ResumeThread
CreateProcessA
GetEnvironmentVariableA
WriteFile
VirtualFree
Sleep
CreateFileA
HeapAlloc
GetVersion
VirtualAlloc
GetProcessImageFileNameA
EnumProcesses
wsprintfA
HttpSendRequestA
InternetSetOptionA
HttpOpenRequestA
InternetReadFile
InternetCloseHandle
InternetOpenA
InternetConnectA
InternetQueryOptionA
HttpQueryInfoA
InternetCrackUrlA
Number of PE resources by type
RT_MANIFEST 1
Number of PE resources by language
ENGLISH US 1
PE resources
Debug information
ExifTool file metadata
MIMEType
application/octet-stream

Subsystem
Windows GUI

MachineType
Intel 386 or later, and compatibles

FileTypeExtension
exe

TimeStamp
2016:06:07 18:02:58+01:00

FileType
Win32 EXE

PEType
PE32

CodeSize
13824

LinkerVersion
12.0

EntryPoint
0x24d0

InitializedDataSize
8704

SubsystemVersion
5.1

ImageVersion
0.0

OSVersion
5.1

UninitializedDataSize
0

File identification
MD5 d021431c0fc68cee2b68cd63b774a4bb
SHA1 dbc0a49cf243376e5c6857f68e8bc23b4bc31646
SHA256 026e44cb2b4e166e2f8cca0e3acfcbbc175800d3c18d077d2b20ab14835ee733
ssdeep
384:wL8pnvV2ogvrCvVWWNU7OXAxJdwpzhIRofp03beT14goptTkF16lyzZzkxqDsidC:wLCvV2ogv+vVWWW78t/KNy8lyzZzkT

authentihash 2c6ada3619db39a28c62c69f3bfbc46db372c6957dfce2321fafdba2d56f0ca1
imphash eb7b0405e8924d1b2043d01c734b30a6
File size 22.0 KB ( 22528 bytes )
File type Win32 EXE
Magic literal
PE32 executable for MS Windows (GUI) Intel 80386 32-bit

TrID Win32 Executable MS Visual C++ (generic) (42.2%)
Win64 Executable (generic) (37.3%)
Win32 Dynamic Link Library (generic) (8.8%)
Win32 Executable (generic) (6.0%)
Generic Win/DOS Executable (2.7%)
Tags
peexe

VirusTotal metadata
First submission 2016-07-13 15:35:05 UTC ( 1 year, 11 months ago )
Last submission 2016-07-13 15:35:05 UTC ( 1 year, 11 months ago )
File names miniloader
No comments. No VirusTotal Community member has commented on this item yet, be the first one to do so!

Leave your comment...

?
Post comment

You have not signed in. Only registered users can leave comments, sign in and have a voice!

No votes. No one has voted on this item yet, be the first one to do so!
Condensed report! The following is a condensed report of the behaviour of the file when executed in a controlled environment. The actions and events described were either performed by the file itself or by any other process launched by the executed file or subjected to code injection by the executed file.
Opened files
Read files
Written files
Created processes
Created mutexes
Opened mutexes
Opened service managers
Opened services
Runtime DLLs
HTTP requests
DNS requests
TCP connections
UDP communications