× Cookies are disabled! This site requires cookies to be enabled to work properly
SHA256: 05a6060812e2c622d1df84412a714ef3dcd14a5fcd8873c07c02475151206b84
File name: output.28101998.txt
Detection ratio: 29 / 66
Analysis date: 2018-06-16 22:32:14 UTC ( 1 week ago )
Antivirus Result Update
AegisLab PSWTool.W32.Dialupass.cm!c 20180615
AhnLab-V3 Trojan/Win32.Xema.C81205 20180615
Antiy-AVL Trojan[PSWTool]/Win32.Dialupass 20180615
Avast Win32:Trojan-gen 20180615
AVG Win32:Trojan-gen 20180615
AVware Trojan.Win32.Generic!BT 20180615
Baidu Win32.Trojan.WisdomEyes.16070401.9500.9856 20180615
ClamAV Win.Trojan.Dialupass-12 20180615
CMC PSWTool.Win32.Dialupass!O 20180614
Comodo ApplicUnsaf.Win32.PSWTool.Dialupass.cm 20180615
CrowdStrike Falcon (ML) malicious_confidence_60% (D) 20180530
Cylance Unsafe 20180617
DrWeb Tool.DialupPass.263 20180615
Endgame malicious (moderate confidence) 20180612
Fortinet Riskware/Win32_Dialupass 20180615
Ikarus not-a-virus:PSWTool.Win32.Dialupass 20180614
Jiangmin PSWTool.Dialupass.r 20180615
K7AntiVirus Riskware ( 0040eff71 ) 20180615
K7GW Riskware ( 0040eff71 ) 20180615
Kingsoft Win32.Troj.Generic.(kcloud) 20180617
MAX malware (ai score=98) 20180617
NANO-Antivirus Riskware.Win32.Dialupass.gnwhi 20180615
Qihoo-360 Win32/Virus.PSW.869 20180617
Symantec ML.Attribute.HighConfidence 20180615
TACHYON Trojan/W32.Agent.64520 20180614
TheHacker Trojan/Dialupass.cm 20180613
VIPRE Trojan.Win32.Generic!BT 20180615
Webroot W32.Malware.Heur 20180617
Yandex Riskware.PSWTool! 20180614
Ad-Aware 20180615
Alibaba 20180615
ALYac 20180615
Arcabit 20180615
Avast-Mobile 20180615
Avira (no cloud) 20180615
Babable 20180406
BitDefender 20180616
Bkav 20180614
CAT-QuickHeal 20180615
Cybereason 20180225
Cyren 20180615
eGambit 20180617
Emsisoft 20180616
ESET-NOD32 20180615
F-Prot 20180615
GData 20180616
Sophos ML 20180601
Kaspersky 20180615
Malwarebytes 20180615
McAfee 20180615
McAfee-GW-Edition 20180615
Microsoft 20180615
eScan 20180615
Palo Alto Networks (Known Signatures) 20180617
Panda 20180614
Rising 20180615
SentinelOne (Static ML) 20180225
Sophos AV 20180615
SUPERAntiSpyware 20180614
Symantec Mobile Insight 20180614
Tencent 20180617
TotalDefense 20180615
TrendMicro 20180615
TrendMicro-HouseCall 20180615
Trustlook 20180617
VBA32 20180614
ViRobot 20180614
ZoneAlarm by Check Point 20180615
Zoner 20180615
The file being studied is a Portable Executable file! More specifically, it is a Win32 EXE file for the Windows GUI subsystem.
Packers identified
F-PROT Shrinker
PEiD Shrinker v3.4
PE header basic information
Target machine Intel 386 or later processors and compatible processors
Compilation timestamp 2001-12-26 22:02:12
Entry Point 0x0004254F
Number of sections 8
PE sections
Overlays
MD5 62a457f6d98eb035e468c3777ca0d39a
File type data
Offset 62464
Size 2056
Entropy 1.38
PE imports
RegCloseKey
CreateSolidBrush
Ord(3)
DeviceIoControl
GetEnvironmentVariableA
Ord(39)
EnterCriticalSection
WriteProcessMemory
ReleaseMutex
GetLastError
FindResourceW
ExitProcess
Ord(7)
VirtualProtect
LoadLibraryA
GlobalAlloc
RtlUnwind
GetModuleFileNameA
GetLocalTime
Ord(55)
DebugActiveProcess
DeleteCriticalSection
GetCurrentProcess
Ord(37)
GetWindowsDirectoryA
LocalAlloc
CreateSemaphoreA
Ord(46)
ContinueDebugEvent
DeleteFileA
OpenFileMappingA
VirtualLock
GetProcAddress
Ord(40)
Ord(54)
Ord(6)
CreateMutexA
SetFilePointer
GlobalWire
RaiseException
CreateFileA
ReleaseSemaphore
GlobalReAlloc
MapViewOfFile
WaitForDebugEvent
GetModuleHandleA
VirtualUnlock
Ord(41)
ReadFile
GlobalFree
Ord(1)
SetUnhandledExceptionFilter
WriteFile
CloseHandle
GetTempFileNameA
CreateFileMappingA
Ord(4)
GlobalFix
GlobalLock
Ord(2)
LocalFree
GlobalUnWire
ConnectNamedPipe
Ord(5)
Ord(45)
Ord(8)
InitializeCriticalSection
Ord(38)
OpenSemaphoreA
VirtualQuery
VirtualFree
ReadProcessMemory
FormatMessageA
Ord(53)
EndUpdateResourceA
GetVersion
FindResourceA
VirtualAlloc
BeginUpdateResourceA
SetLastError
LeaveCriticalSection
SHGetPathFromIDListA
GetClientRect
mciSendStringA
gethostname
Number of PE resources by type
RT_BITMAP 46
RT_DIALOG 4
RT_ICON 1
RT_GROUP_ICON 1
Number of PE resources by language
ENGLISH US 52
PE resources
ExifTool file metadata
MIMEType
application/octet-stream

Subsystem
Windows GUI

MachineType
Intel 386 or later, and compatibles

FileTypeExtension
exe

TimeStamp
2001:12:26 23:02:12+01:00

FileType
Win32 EXE

PEType
PE32

CodeSize
12800

LinkerVersion
6.0

EntryPoint
0x4254f

InitializedDataSize
18432

SubsystemVersion
4.0

ImageVersion
0.0

OSVersion
4.0

UninitializedDataSize
241664

Execution parents
File identification
MD5 8c017465a9da3bde71cb6ba82ef07a24
SHA1 5a9e87a3ba1f7752117bdde2c9f796932c0b305f
SHA256 05a6060812e2c622d1df84412a714ef3dcd14a5fcd8873c07c02475151206b84
ssdeep
1536:Y7R7D2XK+U9qKzYY8gk+Pb02RjF6HvnoJi5:Y7Rn2zU58qQs2vL5

authentihash 80ca30d9d3981849744f0f2efffe83e4131d24943f4d300efec6bb9a4328ff9b
imphash b955f4850e0e8cf1b16ce04ff6e55219
File size 63.0 KB ( 64520 bytes )
File type Win32 EXE
Magic literal
PE32 executable for MS Windows (GUI) Intel 80386 32-bit

TrID Win64 Executable (generic) (61.7%)
Win32 Dynamic Link Library (generic) (14.7%)
Win32 Executable (generic) (10.0%)
OS/2 Executable (generic) (4.5%)
Generic Win/DOS Executable (4.4%)
Tags
peexe overlay

VirusTotal metadata
First submission 2007-10-13 05:44:21 UTC ( 10 years, 8 months ago )
Last submission 2018-06-16 22:32:14 UTC ( 1 week ago )
File names rlJISMv.reg
5a9e87a3ba1f7752117bdde2c9f796932c0b305f.bin
aa
1113779
8c017465a9da3bde71cb6ba82ef07a24.exe
9jJAkn.html
05A6060812E2C622D1DF84412A714EF3DCD14A5FCD8873C07C02475151206B84.dat
output.28101998.txt
strongholdc.exe
strongholdc.exe
Behaviour characterization
Zemana
dll-injection

No comments. No VirusTotal Community member has commented on this item yet, be the first one to do so!

Leave your comment...

?
Post comment

You have not signed in. Only registered users can leave comments, sign in and have a voice!

No votes. No one has voted on this item yet, be the first one to do so!