× Cookies are disabled! This site requires cookies to be enabled to work properly
SHA256: 051bac2aa961d83214b2d5d600afe5efd6790def8d3db5e25a9d1adee9bbaa7e
File name: 051bac2aa961d83214b2d5d600afe5efd6790def8d3db5e25a9d1adee9bbaa7e
Detection ratio: 41 / 57
Analysis date: 2016-09-25 00:18:12 UTC ( 2 years, 4 months ago )
Antivirus Result Update
Ad-Aware Trojan.GenericKD.3409727 20160924
AhnLab-V3 Malware/Win32.Generic.N2047756323 20160924
ALYac Trojan.GenericKD.3409727 20160924
Antiy-AVL Trojan/Win32.Yakes 20160924
Arcabit Trojan.Generic.D34073F 20160924
Avast Win32:Trojan-gen 20160924
AVG Downloader.Generic14.BBNR 20160924
Avira (no cloud) TR/Dropper.naki 20160924
AVware Trojan.Win32.Generic!BT 20160924
BitDefender Trojan.GenericKD.3409727 20160924
Bkav W32.eHeur.Malware07 20160924
CAT-QuickHeal TrojanDownloader.Talalpek 20160924
Comodo TrojWare.Win32.Genome.vtmf 20160924
CrowdStrike Falcon (ML) malicious_confidence_87% (D) 20160725
Cyren W32/Trojan.PNOF-7245 20160924
DrWeb Trojan.Siggen6.58358 20160924
Emsisoft Trojan.GenericKD.3409727 (B) 20160924
ESET-NOD32 Win32/TrojanDownloader.Agent.CFH 20160924
F-Secure Trojan.GenericKD.3409727 20160924
Fortinet W32/Agent.CFH!tr.dldr 20160924
GData Trojan.GenericKD.3409727 20160924
Ikarus Trojan-Downloader.Win32.Agent 20160924
Sophos ML virus.win32.sality.at 20160917
K7AntiVirus Trojan-Downloader ( 004e141d1 ) 20160924
K7GW Trojan-Downloader ( 004e141d1 ) 20160925
Kaspersky Trojan.Win32.Yakes.qdrh 20160924
McAfee RDN/Generic Downloader.x 20160923
McAfee-GW-Edition RDN/Generic Downloader.x 20160925
Microsoft TrojanDownloader:Win32/Talalpek.A 20160924
eScan Trojan.GenericKD.3409727 20160925
NANO-Antivirus Trojan.Win32.PNOF7245.eemqbj 20160924
Panda Trj/GdSda.A 20160924
Qihoo-360 HEUR/QVM09.0.0000.Malware.Gen 20160925
Rising Downloader.Talalpek!8.848F-RA7bue0CmaB (cloud) 20160925
Sophos AV Mal/Generic-S 20160925
Symantec Trojan.Gen.2 20160925
Tencent Win32.Trojan.Yakes.Hpf 20160925
TrendMicro TROJ_GEN.R011C0DGH16 20160925
TrendMicro-HouseCall TROJ_GEN.R011C0DGH16 20160925
VIPRE Trojan.Win32.Generic!BT 20160925
Yandex Trojan.Yakes!HGruPhfa4ac 20160924
AegisLab 20160924
Alibaba 20160923
Baidu 20160924
ClamAV 20160924
CMC 20160921
F-Prot 20160924
Jiangmin 20160925
Kingsoft 20160925
Malwarebytes 20160925
nProtect 20160924
SUPERAntiSpyware 20160924
TheHacker 20160922
VBA32 20160923
ViRobot 20160924
Zillya 20160924
Zoner 20160924
The file being studied is a Portable Executable file! More specifically, it is a Win32 EXE file for the Windows GUI subsystem.
FileVersionInfo properties
Copyright
Copy right(c) 2006. All rights reserved.

Product Dealabout Writtenwhite
Original name leastfish.exe
Internal name leastfish.exe
File version 1.0.0.1
PE header basic information
Target machine Intel 386 or later processors and compatible processors
Compilation timestamp 2003-12-13 01:44:12
Entry Point 0x00018F04
Number of sections 5
PE sections
PE imports
GetStdHandle
GetConsoleOutputCP
HeapDestroy
FreeEnvironmentStringsA
DeleteCriticalSection
GetCurrentProcess
GetConsoleMode
GetLocaleInfoA
FreeEnvironmentStringsW
GetLocaleInfoW
SetStdHandle
GetCPInfo
GetStringTypeA
InterlockedExchange
WriteFile
GetSystemTimeAsFileTime
HeapReAlloc
GetStringTypeW
GetOEMCP
LocalFree
SetWaitableTimer
InitializeCriticalSection
TlsGetValue
FormatMessageA
SetLastError
GetModuleFileNameW
IsDebuggerPresent
ExitProcess
GetVersionExA
GetModuleFileNameA
EnumSystemLocalesA
UnhandledExceptionFilter
InterlockedDecrement
MultiByteToWideChar
WriteProfileStringW
GetModuleHandleA
CreateSemaphoreW
WaitForMultipleObjectsEx
TerminateProcess
SetUnhandledExceptionFilter
WriteConsoleA
GetCurrentThreadId
InterlockedIncrement
WriteConsoleW
HeapFree
EnterCriticalSection
SetHandleCount
SetEvent
QueryPerformanceCounter
GetTickCount
TlsAlloc
FlushFileBuffers
LoadLibraryA
RtlUnwind
GetStartupInfoA
GetWindowsDirectoryW
GetStartupInfoW
GetUserDefaultLCID
GetProcessHeap
ResetEvent
CreateWaitableTimerA
IsValidLocale
GetProcAddress
CreateEventA
GetFileType
TlsSetValue
CreateFileA
HeapAlloc
LeaveCriticalSection
GetLastError
SystemTimeToFileTime
LCMapStringW
GetSystemInfo
GetConsoleCP
LCMapStringA
GetEnvironmentStringsW
WaitForSingleObjectEx
GetEnvironmentStrings
GetCurrentProcessId
GetCommandLineW
WideCharToMultiByte
HeapSize
GetCommandLineA
RaiseException
TlsFree
SetFilePointer
ReadFile
CloseHandle
GetACP
GetModuleHandleW
IsValidCodePage
HeapCreate
VirtualFree
Sleep
OpenEventA
VirtualAlloc
NetUserGetInfo
NetApiBufferFree
IsDestinationReachableW
Number of PE resources by type
RT_RCDATA 1
RT_VERSION 1
RT_MANIFEST 1
Number of PE resources by language
ENGLISH US 3
PE resources
Debug information
ExifTool file metadata
UninitializedDataSize
0

InitializedDataSize
225280

ImageVersion
0.0

ProductName
Dealabout Writtenwhite

FileVersionNumber
1.0.0.1

LanguageCode
English (U.S.)

FileFlagsMask
0x0000

CharacterSet
Windows, Latin1

LinkerVersion
8.0

FileTypeExtension
exe

OriginalFileName
leastfish.exe

MIMEType
application/octet-stream

Subsystem
Windows GUI

FileVersion
1.0.0.1

TimeStamp
2003:12:13 02:44:12+01:00

FileType
Win32 EXE

PEType
PE32

InternalName
leastfish.exe

ProductVersion
1.0.0.1

SubsystemVersion
4.0

OSVersion
4.0

FileOS
Win32

LegalCopyright
Copy right(c) 2006. All rights reserved.

MachineType
Intel 386 or later, and compatibles

CodeSize
192512

FileSubtype
0

ProductVersionNumber
1.0.0.1

EntryPoint
0x18f04

ObjectFileType
Executable application

File identification
MD5 0e67f3476b472e6c70f634aca7bb891c
SHA1 02749cf4b9401b611d12093b509eb5cde2be304c
SHA256 051bac2aa961d83214b2d5d600afe5efd6790def8d3db5e25a9d1adee9bbaa7e
ssdeep
3072:2LvMnmRiNA0PPAn93Fa/rb2yAguw/WUdYYi64wLZ3x9nRzQ2AksjkzM/Lsf2HO3c:6vMmkFPI914b2IuwddYEBQ2S4chEN1s

authentihash 3363f036c796797e7e4bdb2d970cf834b28bd930b13094ae5df09f54a510a5ab
imphash cfa723d88a4c6b09239da4ce1fdbbc14
File size 360.0 KB ( 368640 bytes )
File type Win32 EXE
Magic literal
PE32 executable for MS Windows (GUI) Intel 80386 32-bit

TrID Win32 Executable MS Visual C++ (generic) (42.2%)
Win64 Executable (generic) (37.3%)
Win32 Dynamic Link Library (generic) (8.8%)
Win32 Executable (generic) (6.0%)
Generic Win/DOS Executable (2.7%)
Tags
peexe

VirusTotal metadata
First submission 2016-09-25 00:18:12 UTC ( 2 years, 4 months ago )
Last submission 2016-09-25 00:18:12 UTC ( 2 years, 4 months ago )
File names leastfish.exe
No comments. No VirusTotal Community member has commented on this item yet, be the first one to do so!

Leave your comment...

?
Post comment

You have not signed in. Only registered users can leave comments, sign in and have a voice!

No votes. No one has voted on this item yet, be the first one to do so!
Condensed report! The following is a condensed report of the behaviour of the file when executed in a controlled environment. The actions and events described were either performed by the file itself or by any other process launched by the executed file or subjected to code injection by the executed file.
Created processes
Created mutexes
Opened mutexes
Runtime DLLs
DNS requests
UDP communications