× Cookies are disabled! This site requires cookies to be enabled to work properly
SHA256: 0619443f15d568344c324e7edf5fd29191b216f74cabeb2e68b084c24ad4dfe4
File name: c82e5a9d65be3210392da658bf74b8cb8d33246c
Detection ratio: 5 / 56
Analysis date: 2015-07-11 23:43:31 UTC ( 3 years, 8 months ago ) View latest
Antivirus Result Update
Kaspersky Trojan-Spy.Win32.Zbot.vrwe 20150712
McAfee Artemis!0D65F33C6D50 20150711
McAfee-GW-Edition BehavesLike.Win32.BadFile.fz 20150711
Panda Trj/Genetic.gen 20150711
Qihoo-360 HEUR/QVM19.1.Malware.Gen 20150712
Ad-Aware 20150711
AegisLab 20150711
Yandex 20150711
AhnLab-V3 20150711
Alibaba 20150710
ALYac 20150711
Antiy-AVL 20150711
Arcabit 20150711
Avast 20150712
AVG 20150711
Avira (no cloud) 20150711
AVware 20150711
Baidu-International 20150711
BitDefender 20150711
Bkav 20150708
ByteHero 20150712
CAT-QuickHeal 20150711
ClamAV 20150711
Comodo 20150711
Cyren 20150711
DrWeb 20150711
Emsisoft 20150712
ESET-NOD32 20150711
F-Prot 20150711
F-Secure 20150711
Fortinet 20150711
GData 20150711
Ikarus 20150711
Jiangmin 20150710
K7AntiVirus 20150711
K7GW 20150711
Kingsoft 20150712
Malwarebytes 20150711
Microsoft 20150711
eScan 20150711
NANO-Antivirus 20150711
nProtect 20150710
Rising 20150709
Sophos AV 20150711
SUPERAntiSpyware 20150711
Symantec 20150711
Tencent 20150712
TheHacker 20150709
TotalDefense 20150711
TrendMicro 20150711
TrendMicro-HouseCall 20150711
VBA32 20150711
VIPRE 20150711
ViRobot 20150711
Zillya 20150711
Zoner 20150711
The file being studied is a Portable Executable file! More specifically, it is a Win32 EXE file for the Windows GUI subsystem.
PE header basic information
Target machine Intel 386 or later processors and compatible processors
Compilation timestamp 2005-07-08 03:11:22
Entry Point 0x00001000
Number of sections 12
PE sections
PE imports
RegCreateKeyExW
RegCloseKey
RegDeleteKeyW
RegQueryValueExA
AdjustTokenPrivileges
InitializeAcl
RegCreateKeyExA
RegQueryValueExW
SetSecurityDescriptorDacl
OpenProcessToken
AddAccessAllowedAce
RegOpenKeyW
RegOpenKeyExA
GetTokenInformation
RegQueryInfoKeyW
RegEnumValueW
RegEnumKeyExW
OpenThreadToken
GetLengthSid
RegDeleteValueW
RegSetValueExW
FreeSid
AllocateAndInitializeSid
InitializeSecurityDescriptor
RegSetValueExA
GetCursorPos
GetMessagePos
GetParent
SetMenuItemInfoA
SetMenuContextHelpId
FindWindowA
FreeDDElParam
TranslateMDISysAccel
PostMessageA
DrawIcon
LoadKeyboardLayoutW
RegisterDeviceNotificationW
GetMessageTime
GetWindow
GetSysColor
IMPSetIMEA
SetActiveWindow
GetKeyState
EndDeferWindowPos
GetDlgCtrlID
GetForegroundWindow
GetDesktopWindow
GetClientRect
RemovePropW
SetDlgItemTextW
UnionRect
IsIconic
GetAltTabInfoW
InsertMenuA
GetWindowTextLengthA
LoadCursorA
LoadIconA
GetKeyboardState
ShowOwnedPopups
GetActiveWindow
IsDlgButtonChecked
TileChildWindows
CheckDlgButton
GetSysColorBrush
GetFocus
GetMenuItemInfoW
GetKeyboardType
OpenClipboard
Number of PE resources by type
RT_GROUP_CURSOR 1
RT_CURSOR 1
RT_VERSION 1
Number of PE resources by language
JAPANESE DEFAULT 3
PE resources
ExifTool file metadata
MIMEType
application/octet-stream

Subsystem
Windows GUI

MachineType
Intel 386 or later, and compatibles

FileTypeExtension
exe

TimeStamp
2005:07:08 04:11:22+01:00

FileType
Win32 EXE

PEType
PE32

CodeSize
344576

LinkerVersion
0.0

EntryPoint
0x1000

InitializedDataSize
31744

SubsystemVersion
4.1

ImageVersion
0.0

OSVersion
4.0

UninitializedDataSize
0

File identification
MD5 0d65f33c6d50047cba5cb39af794bbad
SHA1 60aedfaf2033f7d54b84c198cc56e4cfe552ba9a
SHA256 0619443f15d568344c324e7edf5fd29191b216f74cabeb2e68b084c24ad4dfe4
ssdeep
3072:Q5E7uZ7xBg/wmLmy5sKH+445sjvxtm/IVbygfo6GD3ndID:SEqW/1iyOI91msbygfo6GD3ndID

authentihash 3c879c00a082ddd46e1620378cc35927db039685799c0055627b079df1312335
imphash 1ed4e3fd87138b16d63793f248cddde4
File size 388.0 KB ( 397312 bytes )
File type Win32 EXE
Magic literal
PE32 executable for MS Windows (GUI) Intel 80386 32-bit

TrID Win32 Executable (generic) (52.7%)
Generic Win/DOS Executable (23.4%)
DOS Executable Generic (23.4%)
VXD Driver (0.3%)
Tags
peexe

VirusTotal metadata
First submission 2015-07-11 17:46:54 UTC ( 3 years, 8 months ago )
Last submission 2016-06-13 10:08:27 UTC ( 2 years, 9 months ago )
File names c82e5a9d65be3210392da658bf74b8cb8d33246c
isheriff_0d65f33c6d50047cba5cb39af794bbad.bin
Advanced heuristic and reputation engines
TrendMicro-HouseCall
TrendMicro's heuristic engine has flagged this file as: TROJ_GEN.R02KC0DGG15.

Symantec reputation Suspicious.Insight
No comments. No VirusTotal Community member has commented on this item yet, be the first one to do so!

Leave your comment...

?
Post comment

You have not signed in. Only registered users can leave comments, sign in and have a voice!

No votes. No one has voted on this item yet, be the first one to do so!
Condensed report! The following is a condensed report of the behaviour of the file when executed in a controlled environment. The actions and events described were either performed by the file itself or by any other process launched by the executed file or subjected to code injection by the executed file.
Opened files
Read files
Written files
Copied files
Deleted files
Created processes
Code injections in the following processes
Created mutexes
Opened mutexes
Searched windows
Opened service managers
Opened services
Runtime DLLs