× Cookies are disabled! This site requires cookies to be enabled to work properly
SHA256: 04cfacffd72aff2ad23d7aefc4338b9bc616b2d5b99de14bae7f4a204dafdfe8
File name: s927271.exe
Detection ratio: 37 / 56
Analysis date: 2017-02-03 10:01:59 UTC ( 2 years, 2 months ago ) View latest
Antivirus Result Update
Ad-Aware Gen:Variant.Zusy.219469 20170203
AegisLab Backdoor.W32.Androm!c 20170203
Arcabit Trojan.Zusy.D3594D 20170203
AVG Generic_r.RCA 20170202
Avira (no cloud) TR/Crypt.Xpack.dbmqy 20170203
AVware Trojan.Win32.Generic!BT 20170203
Baidu Win32.Trojan.WisdomEyes.16070401.9500.9958 20170125
BitDefender Gen:Variant.Zusy.219469 20170203
Bkav [Microsoft Visual C++ 8] 20170203
CrowdStrike Falcon (ML) malicious_confidence_100% (W) 20170130
Cyren W32/S-e2e07e9d!Eldorado 20170202
DrWeb Trojan.DownLoader9.11298 20170203
Emsisoft Gen:Variant.Zusy.219469 (B) 20170203
ESET-NOD32 Win32/TrojanDownloader.Zurgop.CO 20170203
F-Prot W32/S-e2e07e9d!Eldorado 20170203
F-Secure Gen:Variant.Zusy.219469 20170203
Fortinet W32/Kryptik.FNRH!tr 20170203
GData Gen:Variant.Zusy.219469 20170203
Ikarus Trojan-Downloader.Win32.Zurgop 20170203
Sophos ML worm.win32.dorkbot.i 20170111
K7AntiVirus Trojan-Downloader ( 004f875e1 ) 20170203
K7GW Trojan-Downloader ( 004f875e1 ) 20170203
Kaspersky Backdoor.Win32.Androm.mmew 20170203
Malwarebytes Backdoor.Bot 20170203
McAfee Artemis!990D2683364E 20170203
McAfee-GW-Edition BehavesLike.Win32.Trojan.ch 20170203
Microsoft Trojan:Win32/Dynamer!ac 20170203
eScan Gen:Variant.Zusy.219469 20170203
Panda Trj/GdSda.A 20170202
Qihoo-360 HEUR/QVM09.0.E0FB.Malware.Gen 20170203
Rising Malware.Obscure/Heur!1.A121 (classic) 20170203
Sophos AV Mal/Generic-S 20170203
Symantec Trojan.Gen.2 20170202
Tencent Win32.Trojan.Inject.Auto 20170203
TrendMicro TROJ_GEN.R01BC0GB317 20170203
TrendMicro-HouseCall TROJ_GEN.R01BC0GB317 20170203
VIPRE Trojan.Win32.Generic!BT 20170203
AhnLab-V3 20170202
Alibaba 20170122
Antiy-AVL 20170203
Avast 20170203
CAT-QuickHeal 20170203
ClamAV 20170203
CMC 20170203
Comodo 20170203
Jiangmin 20170203
Kingsoft 20170203
NANO-Antivirus 20170203
nProtect 20170203
SUPERAntiSpyware 20170203
TheHacker 20170202
TotalDefense 20170203
Trustlook 20170203
VBA32 20170202
ViRobot 20170203
WhiteArmor 20170202
Yandex 20170203
Zillya 20170201
Zoner 20170203
The file being studied is a Portable Executable file! More specifically, it is a Win32 EXE file for the Windows GUI subsystem.
PE header basic information
Target machine Intel 386 or later processors and compatible processors
Compilation timestamp 2017-01-31 18:51:57
Entry Point 0x00004D43
Number of sections 4
PE sections
PE imports
SetMapMode
SaveDC
TextOutA
CreateFontIndirectA
CombineRgn
GetClipBox
GetObjectA
OffsetViewportOrgEx
DeleteDC
RestoreDC
SetBkMode
SelectObject
BitBlt
SetTextColor
GetDeviceCaps
CreateBitmap
RectVisible
GetStockObject
SetViewportOrgEx
ScaleWindowExtEx
ExtTextOutA
PtVisible
GetDIBits
CreateCompatibleDC
StretchBlt
GetBkColor
ScaleViewportExtEx
CreateRectRgn
SetViewportExtEx
SetWindowExtEx
Escape
SetBkColor
DeleteObject
CreateCompatibleBitmap
GetStdHandle
GetConsoleOutputCP
GetFileAttributesA
WaitForSingleObject
HeapDestroy
GetExitCodeProcess
FreeEnvironmentStringsA
DeleteCriticalSection
GetCurrentProcess
GetConsoleMode
GetLocaleInfoA
lstrcatA
FreeEnvironmentStringsW
SetStdHandle
GetTempPathA
GetCPInfo
GetStringTypeA
WriteFile
_lopen
GetSystemTimeAsFileTime
HeapReAlloc
GetStringTypeW
SetFileAttributesA
GetOEMCP
LocalFree
ResumeThread
InitializeCriticalSection
LoadResource
FindClose
TlsGetValue
FormatMessageA
OutputDebugStringA
SetLastError
GetModuleFileNameW
GlobalFindAtomA
HeapAlloc
GetVersionExA
GetModuleFileNameA
GetPriorityClass
UnhandledExceptionFilter
InterlockedDecrement
MultiByteToWideChar
SetFilePointer
GlobalAddAtomA
SetUnhandledExceptionFilter
MulDiv
GetSystemDirectoryA
SetEnvironmentVariableA
TerminateProcess
WriteConsoleA
GlobalAlloc
GetVersion
LeaveCriticalSection
SetCurrentDirectoryA
WriteConsoleW
HeapFree
EnterCriticalSection
SetHandleCount
lstrcmpiA
FreeLibrary
QueryPerformanceCounter
GetTickCount
TlsAlloc
FlushFileBuffers
LoadLibraryA
RtlUnwind
GetStartupInfoA
GetDateFormatA
GlobalDeleteAtom
CreateDirectoryA
ReadProcessMemory
GlobalLock
_lread
VirtualProtectEx
GetProcessHeap
CompareStringW
_lcreat
FindFirstFileA
lstrcpyA
GetTimeFormatA
GetTempFileNameA
FindNextFileA
lstrcmpW
GetProcAddress
GetTimeZoneInformation
IsDebuggerPresent
GetFileType
TlsSetValue
CreateFileA
ExitProcess
InterlockedIncrement
GetLastError
LCMapStringW
lstrlenA
GlobalFree
GetConsoleCP
LCMapStringA
GlobalGetAtomNameA
GetEnvironmentStringsW
GlobalUnlock
WinExec
GetEnvironmentStrings
GetCurrentProcessId
LockResource
GetCurrentDirectoryA
HeapSize
GetCommandLineA
RaiseException
TlsFree
GetModuleHandleA
ReadFile
CloseHandle
lstrcpynA
GetACP
CopyFileA
GetCurrentThreadId
FreeResource
SizeofResource
CreateProcessA
WideCharToMultiByte
HeapCreate
VirtualFree
Sleep
FindResourceA
VirtualAlloc
CompareStringA
MapWindowPoints
GetMessageA
GetMessagePos
UpdateWindow
SetPropA
GetWindowTextA
SetMenuItemBitmaps
RegisterWindowMessageA
SetFocus
CreateDialogIndirectParamA
PostQuitMessage
ShowWindow
GetPropA
GetWindowThreadProcessId
GetMenuState
EnableMenuItem
IsWindow
DispatchMessageA
MoveWindow
WindowFromPoint
PeekMessageA
TranslateMessage
GetMessageTime
EndDialog
GetKeyState
GetCursorPos
RemovePropA
SetWindowTextA
CheckMenuItem
SendDlgItemMessageA
GetLastActivePopup
IsWindowVisible
GetForegroundWindow
IsWindowEnabled
GetDlgItem
GetMenuCheckMarkDimensions
WinHelpA
GetNextDlgTabItem
GetClassLongA
CallNextHookEx
GetCapture
GetWindowTextLengthA
SetWindowsHookExA
DestroyWindow
GetActiveWindow
SetActiveWindow
ValidateRect
GetFocus
SetForegroundWindow
ModifyMenuA
IsDialogMessageA
SetCursor
GetFileVersionInfoSizeA
GetFileVersionInfoA
VerQueryValueA
OpenPrinterA
DocumentPropertiesA
ClosePrinter
Number of PE resources by type
RT_ACCELERATOR 1
RT_MANIFEST 1
RT_DIALOG 1
Number of PE resources by language
NEUTRAL 2
ARABIC UAE 1
PE resources
ExifTool file metadata
MIMEType
application/octet-stream

Subsystem
Windows GUI

MachineType
Intel 386 or later, and compatibles

FileTypeExtension
exe

TimeStamp
2017:01:31 18:51:57+00:00

FileType
Win32 EXE

PEType
PE32

CodeSize
79360

LinkerVersion
9.0

EntryPoint
0x4d43

InitializedDataSize
91136

SubsystemVersion
5.0

ImageVersion
0.0

OSVersion
5.0

UninitializedDataSize
0

File identification
MD5 990d2683364ef53a1195b964234310dd
SHA1 b60220745296ef198315e05e2d0ef475c0af8c98
SHA256 04cfacffd72aff2ad23d7aefc4338b9bc616b2d5b99de14bae7f4a204dafdfe8
ssdeep
1536:W3tc7PZZK6VcPhhLG/oohSjyfRpCuPe8isy/gd/HmEw09fFtqUC1uengsx+Oo3rU:W3O05a9bdV9fHpLCgpxbr44iEhHS+e

authentihash 0c664c8cc7063689fe91b76d0d3b7c8a30363d2dfd07ce3236355327c202cdd5
imphash b95fd4a18a0d404aedd4a9c87ec02a44
File size 148.5 KB ( 152064 bytes )
File type Win32 EXE
Magic literal
PE32 executable for MS Windows (GUI) Intel 80386 32-bit

TrID Win32 Executable MS Visual C++ (generic) (41.0%)
Win64 Executable (generic) (36.3%)
Win32 Dynamic Link Library (generic) (8.6%)
Win32 Executable (generic) (5.9%)
OS/2 Executable (generic) (2.6%)
Tags
peexe

VirusTotal metadata
First submission 2017-02-01 06:07:07 UTC ( 2 years, 2 months ago )
Last submission 2017-02-01 06:07:07 UTC ( 2 years, 2 months ago )
File names s927271.exe
Advanced heuristic and reputation engines
No comments. No VirusTotal Community member has commented on this item yet, be the first one to do so!

Leave your comment...

?
Post comment

You have not signed in. Only registered users can leave comments, sign in and have a voice!

No votes. No one has voted on this item yet, be the first one to do so!
Condensed report! The following is a condensed report of the behaviour of the file when executed in a controlled environment. The actions and events described were either performed by the file itself or by any other process launched by the executed file or subjected to code injection by the executed file.
Opened files
Read files
Created processes
Opened mutexes
Runtime DLLs
UDP communications