× Cookies are disabled! This site requires cookies to be enabled to work properly
SHA256: 047c5dcbc1db4a6ab154d83020070210f5b9482971268ac6683aefcd57e130a5
File name: d8e61a4b91874956780252c4061dd513.virus
Detection ratio: 39 / 56
Analysis date: 2016-10-19 04:30:34 UTC ( 2 years, 6 months ago ) View latest
Antivirus Result Update
Ad-Aware Trojan.GenericKD.3602471 20161019
AhnLab-V3 Dropper/Win32.Injector.N2129191431 20161018
ALYac Trojan.GenericKD.3602471 20161019
Antiy-AVL Trojan/Win32.TSGeneric 20161019
Arcabit Trojan.Generic.D36F827 20161019
Avast Win32:Malware-gen 20161019
AVG Inject3.BGOF 20161018
Avira (no cloud) TR/Crypt.ZPACK.qxgqc 20161018
AVware Trojan-Downloader.Win32.Upatre.tfl (v) 20161019
Baidu Win32.Trojan.WisdomEyes.16070401.9500.9671 20161018
BitDefender Trojan.GenericKD.3602471 20161019
CrowdStrike Falcon (ML) malicious_confidence_100% (W) 20160725
Cyren W32/Trojan.FTQW-3588 20161019
DrWeb Trojan.DownLoader22.63634 20161019
Emsisoft Trojan.GenericKD.3602471 (B) 20161019
ESET-NOD32 a variant of Win32/Injector.DGDX 20161019
F-Secure Trojan.GenericKD.3602471 20161019
Fortinet W32/Injector.DGDX!tr 20161019
GData Trojan.GenericKD.3602471 20161019
Ikarus Trojan.Win32.Injector 20161018
Sophos ML trojandownloader.win32.wintrim.bx 20161018
K7AntiVirus Trojan ( 004faac71 ) 20161018
K7GW Trojan ( 004faac71 ) 20161019
Kaspersky Trojan-Dropper.Win32.Injector.prac 20161018
Malwarebytes Spyware.TrickBot 20161019
McAfee Generic.anm 20161019
McAfee-GW-Edition BehavesLike.Win32.PWSZbot.gh 20161018
Microsoft Trojan:Win32/Dynamer!ac 20161019
eScan Trojan.GenericKD.3602471 20161019
NANO-Antivirus Trojan.Win32.Injector.ehfxol 20161019
Qihoo-360 HEUR/QVM07.1.0000.Malware.Gen 20161019
Sophos AV Mal/Generic-S 20161019
Symantec Trojan.Gen 20161019
Tencent Win32.Trojan-dropper.Injector.Wuqw 20161019
TrendMicro TROJ_GEN.R028C0DJF16 20161019
TrendMicro-HouseCall TROJ_GEN.R028C0DJF16 20161019
VIPRE Trojan-Downloader.Win32.Upatre.tfl (v) 20161019
ViRobot Trojan.Win32.Z.Injector.419840.AN[h] 20161019
Yandex Trojan.DR.Injector!zGHWDtYHyWE 20161018
AegisLab 20161019
Alibaba 20161019
Bkav 20161019
CAT-QuickHeal 20161018
ClamAV 20161019
CMC 20161019
Comodo 20161019
F-Prot 20161019
Jiangmin 20161019
Kingsoft 20161019
nProtect 20161019
Panda 20161018
Rising 20161019
SUPERAntiSpyware 20161019
TheHacker 20161018
VBA32 20161018
Zillya 20161018
Zoner 20161019
The file being studied is a Portable Executable file! More specifically, it is a Win32 EXE file for the Windows GUI subsystem.
Packers identified
PEiD InstallShield 2000
PE header basic information
Target machine Intel 386 or later processors and compatible processors
Compilation timestamp 2014-06-24 05:21:21
Entry Point 0x00003150
Number of sections 4
PE sections
PE imports
GetLastError
HeapFree
GetStdHandle
EnterCriticalSection
CreateFileMappingW
SetHandleCount
lstrlenA
GetOEMCP
HeapDestroy
HeapAlloc
TlsAlloc
GetEnvironmentStringsW
FlushFileBuffers
LoadLibraryA
RtlUnwind
GetModuleFileNameA
FreeEnvironmentStringsA
DeleteCriticalSection
GetCurrentProcess
GetEnvironmentStrings
GetFileSize
GetModuleHandleW
WideCharToMultiByte
UnhandledExceptionFilter
FreeEnvironmentStringsW
GetCommandLineA
GetProcAddress
SetStdHandle
SetFilePointer
GetCPInfo
GetModuleHandleA
lstrcmpA
WriteFile
GetStartupInfoA
CloseHandle
GetACP
GetCurrentThreadId
TerminateProcess
InitializeCriticalSection
HeapCreate
CreateFileW
VirtualFree
TlsGetValue
GetFileType
GetTickCount
TlsSetValue
ExitProcess
GetVersion
VirtualAlloc
SleepEx
SetLastError
LeaveCriticalSection
ExtractIconW
RedrawWindow
TranslateAcceleratorA
UpdateWindow
SetPropA
EndDialog
LoadBitmapW
DefWindowProcW
SetMenuItemInfoA
GetDlgCtrlID
GetMessageW
PostQuitMessage
ShowWindow
GetClipboardData
SetScrollRange
GetWindowRect
EndPaint
SetMenu
PostMessageA
MoveWindow
DialogBoxParamW
GetDlgItemTextA
WindowFromPoint
GetClassNameA
DrawIcon
TranslateMessage
GetDlgItemInt
DispatchMessageW
BeginPaint
SendMessageW
LoadStringA
SetParent
PtInRect
IsWindowVisible
LoadStringW
IsWindow
GetScrollPos
FrameRect
GetScrollRange
GetDCEx
GetActiveWindow
LoadMenuA
GetDesktopWindow
LoadCursorW
LoadIconW
GetFocus
CreateWindowExW
RegisterClassExW
TranslateAcceleratorW
IsDialogMessageA
DestroyWindow
Number of PE resources by type
RT_BITMAP 3
RT_GROUP_CURSOR 2
RT_CURSOR 2
RT_MENU 1
RT_MANIFEST 1
Number of PE resources by language
ENGLISH US 9
PE resources
ExifTool file metadata
MIMEType
application/octet-stream

Subsystem
Windows GUI

MachineType
Intel 386 or later, and compatibles

TimeStamp
2014:06:24 06:21:21+01:00

FileType
Win32 EXE

PEType
PE32

CodeSize
222208

LinkerVersion
6.0

FileTypeExtension
exe

InitializedDataSize
202752

SubsystemVersion
4.0

EntryPoint
0x3150

OSVersion
4.0

ImageVersion
0.0

UninitializedDataSize
0

File identification
MD5 d8e61a4b91874956780252c4061dd513
SHA1 0307471b79391598dc22175de0a6c4f3ddc4891a
SHA256 047c5dcbc1db4a6ab154d83020070210f5b9482971268ac6683aefcd57e130a5
ssdeep
3072:0hSEZsesvn6R7FSOUfRM5+F3O/wm6Y74WPKNfQ05Wp6mfBTjVshHqkhsz95QTaio:Bu5W7f2F4WPZZoo/m05QGpVNJY9Zv8

authentihash c58c1dac70e95c00637eeec44f30b89ea40966f014ceb3a27aaefa439707cd61
imphash a7630045f0781883a0ab34f8820b384f
File size 410.0 KB ( 419840 bytes )
File type Win32 EXE
Magic literal
PE32 executable for MS Windows (GUI) Intel 80386 32-bit

TrID Win32 Executable MS Visual C++ (generic) (41.0%)
Win64 Executable (generic) (36.3%)
Win32 Dynamic Link Library (generic) (8.6%)
Win32 Executable (generic) (5.9%)
OS/2 Executable (generic) (2.6%)
Tags
peexe installshield

VirusTotal metadata
First submission 2016-10-14 17:10:56 UTC ( 2 years, 6 months ago )
Last submission 2017-05-02 12:38:03 UTC ( 1 year, 11 months ago )
File names d8e61a4b91874956780252c4061dd513.virus
Advanced heuristic and reputation engines
No comments. No VirusTotal Community member has commented on this item yet, be the first one to do so!

Leave your comment...

?
Post comment

You have not signed in. Only registered users can leave comments, sign in and have a voice!

No votes. No one has voted on this item yet, be the first one to do so!
Condensed report! The following is a condensed report of the behaviour of the file when executed in a controlled environment. The actions and events described were either performed by the file itself or by any other process launched by the executed file or subjected to code injection by the executed file.
Opened files
Read files
Written files
Copied files
Deleted files
Created processes
Terminated processes
Created mutexes
Opened mutexes
Opened service managers
Opened services
Runtime DLLs
HTTP requests
DNS requests
TCP connections
UDP communications