× Cookies are disabled! This site requires cookies to be enabled to work properly
SHA256: 03cd93144abb72fe229ff5f010ed0817edf107facc94ffa6644bfae37d92bcc9
File name: 656a4cb61d27b2c085a86da72a716e2f.virus
Detection ratio: 27 / 57
Analysis date: 2016-05-30 09:07:10 UTC ( 2 years, 10 months ago ) View latest
Antivirus Result Update
Ad-Aware Gen:Variant.Graftor.287460 20160530
AegisLab Troj.W32.Gen.lt1a 20160530
ALYac Gen:Variant.Graftor.287460 20160530
Antiy-AVL Trojan/Win32.TSGeneric 20160530
Arcabit Trojan.Graftor.D462E4 20160530
Avast Win32:Trojan-gen 20160530
AVG Crypt5.BMWF 20160530
Avira (no cloud) TR/Crypt.ZPACK.jziu 20160530
AVware Trojan.Win32.Generic!BT 20160530
Baidu Win32.Trojan.WisdomEyes.151026.9950.9982 20160530
BitDefender Gen:Variant.Graftor.287460 20160530
Cyren W32/Trojan.VOEW-6047 20160530
Emsisoft Gen:Variant.Graftor.287460 (B) 20160530
ESET-NOD32 a variant of Win32/Kryptik.EVBG 20160530
F-Secure Gen:Variant.Graftor.287460 20160530
Fortinet W32/Kryptik.EVBG!tr 20160530
GData Gen:Variant.Graftor.287460 20160530
Ikarus Trojan.Win32.Crypt 20160530
K7AntiVirus Trojan ( 004e93561 ) 20160530
K7GW Trojan ( 004e93561 ) 20160530
Kaspersky UDS:DangerousObject.Multi.Generic 20160530
eScan Gen:Variant.Graftor.287460 20160530
Qihoo-360 QVM07.1.Malware.Gen 20160530
Sophos AV Mal/Generic-S 20160530
Tencent Win32.Trojan.Kryptik.Wnwk 20160530
TrendMicro TROJ_GEN.R00JC0VES16 20160530
VIPRE Trojan.Win32.Generic!BT 20160530
AhnLab-V3 20160530
Alibaba 20160530
Baidu-International 20160530
Bkav 20160528
CAT-QuickHeal 20160530
ClamAV 20160530
CMC 20160523
Comodo 20160530
DrWeb 20160530
F-Prot 20160530
Jiangmin 20160530
Kingsoft 20160530
Malwarebytes 20160530
McAfee 20160530
McAfee-GW-Edition 20160530
Microsoft 20160530
NANO-Antivirus 20160530
nProtect 20160527
Panda 20160530
Rising 20160530
SUPERAntiSpyware 20160530
Symantec 20160530
TheHacker 20160528
TotalDefense 20160530
TrendMicro-HouseCall 20160530
VBA32 20160527
ViRobot 20160530
Yandex 20160530
Zillya 20160528
Zoner 20160530
The file being studied is a Portable Executable file! More specifically, it is a Win32 EXE file for the Windows GUI subsystem.
FileVersionInfo properties
Product Fair play
File version 1.1
Description Fair play
PE header basic information
Target machine Intel 386 or later processors and compatible processors
Compilation timestamp 2016-05-23 10:24:36
Entry Point 0x0003E608
Number of sections 3
PE sections
PE imports
GetLastError
HeapFree
GetStdHandle
EnterCriticalSection
SetHandleCount
GetModuleFileNameW
WaitForSingleObject
FreeLibrary
QueryPerformanceCounter
HeapDestroy
HeapAlloc
IsBadWritePtr
TlsAlloc
GetEnvironmentStringsW
GetVersionExA
LoadLibraryA
WaitForSingleObjectEx
RtlUnwind
GetModuleFileNameA
FreeEnvironmentStringsA
DeleteCriticalSection
GetCurrentProcess
GetStartupInfoW
GetEnvironmentStrings
GetCommandLineW
UnhandledExceptionFilter
MultiByteToWideChar
FatalAppExitA
SetFilePointerEx
FreeEnvironmentStringsW
GetCommandLineA
GetProcAddress
GetCurrentThread
SetFilePointer
WideCharToMultiByte
TlsFree
GetModuleHandleA
InterlockedExchange
WriteFile
GetStartupInfoA
HeapReAlloc
GetModuleHandleW
TerminateProcess
GetVersion
InitializeCriticalSection
HeapCreate
VirtualFree
TlsGetValue
GetFileType
TlsSetValue
ExitProcess
GetCurrentThreadId
VirtualAlloc
SetLastError
LeaveCriticalSection
ReleaseDC
CreateWindowExA
TrackPopupMenu
GetSubMenu
GetActiveWindow
RegisterClassW
ReleaseCapture
ShowWindowAsync
SetMenuItemInfoA
SetWindowTextW
GetClipboardData
GetMenuItemCount
PostMessageW
DrawFocusRect
ClientToScreen
SetWindowPos
GetKeyState
Number of PE resources by type
RT_STRING 1
RT_VERSION 1
Number of PE resources by language
ENGLISH US 2
PE resources
ExifTool file metadata
SubsystemVersion
4.0

LinkerVersion
7.1

ImageVersion
0.0

FileSubtype
0

FileVersionNumber
1.0.0.0

UninitializedDataSize
0

LanguageCode
English (U.S.)

FileFlagsMask
0x0017

CharacterSet
Windows, Latin1

InitializedDataSize
12288

EntryPoint
0x3e608

MIMEType
application/octet-stream

FileVersion
1.1

TimeStamp
2016:05:23 11:24:36+01:00

FileType
Win32 EXE

PEType
PE32

ProductVersion
2, 1

FileDescription
Fair play

OSVersion
4.0

FileOS
Win32

Subsystem
Windows GUI

MachineType
Intel 386 or later, and compatibles

CompanyName
Fair play

CodeSize
262144

ProductName
Fair play

ProductVersionNumber
1.9.0.0

FileTypeExtension
exe

ObjectFileType
Executable application

File identification
MD5 656a4cb61d27b2c085a86da72a716e2f
SHA1 457b619de6cdff665b900a718ee5ed80629fad6d
SHA256 03cd93144abb72fe229ff5f010ed0817edf107facc94ffa6644bfae37d92bcc9
ssdeep
6144:UfTtK/cYXl3B5A38+XBbSjDVmwIWaw+K2xnMNuREn4qSybbbbbbbbbbmZ:0TAXt+X9GI4aw+tFIuOn49ybbbbbbbbv

authentihash af205393eb9c10938dad5c046f8f9a306857d0df1c046759e14d5fcd4099ca1c
imphash 741d8c4230564b6d8a28a2b09c3864ef
File size 272.0 KB ( 278528 bytes )
File type Win32 EXE
Magic literal
PE32 executable for MS Windows (GUI) Intel 80386 32-bit

TrID Win32 Executable MS Visual C++ (generic) (42.2%)
Win64 Executable (generic) (37.3%)
Win32 Dynamic Link Library (generic) (8.8%)
Win32 Executable (generic) (6.0%)
Generic Win/DOS Executable (2.7%)
Tags
peexe

VirusTotal metadata
First submission 2016-05-30 09:07:10 UTC ( 2 years, 10 months ago )
Last submission 2018-01-10 03:29:49 UTC ( 1 year, 3 months ago )
File names LEONARDO.SCR
656a4cb61d27b2c085a86da72a716e2f.virus
No comments. No VirusTotal Community member has commented on this item yet, be the first one to do so!

Leave your comment...

?
Post comment

You have not signed in. Only registered users can leave comments, sign in and have a voice!

No votes. No one has voted on this item yet, be the first one to do so!
Condensed report! The following is a condensed report of the behaviour of the file when executed in a controlled environment. The actions and events described were either performed by the file itself or by any other process launched by the executed file or subjected to code injection by the executed file.
Opened files
Read files
Written files
Deleted files
Created processes
Code injections in the following processes
Created mutexes
Opened mutexes
Opened service managers
Opened services
Runtime DLLs
HTTP requests
DNS requests
TCP connections
UDP communications