× Cookies are disabled! This site requires cookies to be enabled to work properly
SHA256: 06395582fd4bde97f8db34a5b3da1f810478156f78b7a3b180469a01953a87ed
File name: 6b87d33b169986cb34f913c14a547f75.virus
Detection ratio: 36 / 57
Analysis date: 2016-09-19 08:37:53 UTC ( 2 years, 4 months ago ) View latest
Antivirus Result Update
Ad-Aware Trojan.GenericKD.3533048 20160919
AhnLab-V3 Malware/Win32.Generic.N2102621594 20160918
ALYac Trojan.GenericKD.3533048 20160919
Avast Win32:Malware-gen 20160919
AVG PSW.Generic13.NPZ 20160919
Avira (no cloud) TR/Crypt.Xpack.paet 20160919
AVware Trojan.Win32.Generic!BT 20160919
BitDefender Trojan.GenericKD.3533048 20160919
Bkav W32.eHeur.Malware08 20160917
CrowdStrike Falcon (ML) malicious_confidence_100% (D) 20160725
Cyren W32/Trojan.JYSA-2677 20160919
DrWeb Trojan.PWS.Papras.2166 20160919
Emsisoft Trojan.GenericKD.3533048 (B) 20160919
ESET-NOD32 Win32/PSW.Papras.EJ 20160919
F-Secure Trojan.GenericKD.3533048 20160919
Fortinet W32/Papras.EJ!tr.pws 20160919
GData Trojan.GenericKD.3533048 20160919
Ikarus Trojan.Win32.PSW 20160919
Sophos ML trojan.win32.lethic.k 20160917
Jiangmin Trojan.PSW.Tepfer.elm 20160919
K7AntiVirus Password-Stealer ( 004cfc431 ) 20160919
K7GW Password-Stealer ( 004cfc431 ) 20160919
Kaspersky Trojan-PSW.Win32.Tepfer.psxopt 20160919
McAfee Artemis!6B87D33B1699 20160919
McAfee-GW-Edition BehavesLike.Win32.PWSZbot.dh 20160918
Microsoft Backdoor:Win32/Vawtrak.E 20160919
eScan Trojan.GenericKD.3533048 20160919
Panda Trj/GdSda.A 20160918
Qihoo-360 HEUR/QVM09.0.0000.Malware.Gen 20160919
Rising Backdoor.Vawtrak!8.11D-WIB2ZKrrbrV (cloud) 20160919
Sophos AV Mal/Generic-S 20160919
Symantec Ransom.TeslaCrypt!g6 20160919
Tencent Win32.Trojan-qqpass.Qqrob.Wqxb 20160919
TrendMicro TROJ_GEN.R072C0DID16 20160919
TrendMicro-HouseCall TROJ_GEN.R072C0DID16 20160919
VIPRE Trojan.Win32.Generic!BT 20160919
AegisLab 20160919
Alibaba 20160919
Antiy-AVL 20160919
Arcabit 20160917
Baidu 20160914
CAT-QuickHeal 20160919
ClamAV 20160916
CMC 20160916
Comodo 20160916
F-Prot 20160919
Kingsoft 20160919
Malwarebytes 20160919
NANO-Antivirus 20160919
nProtect 20160919
SUPERAntiSpyware 20160919
TheHacker 20160918
VBA32 20160917
ViRobot 20160919
Yandex 20160918
Zillya 20160915
Zoner 20160919
The file being studied is a Portable Executable file! More specifically, it is a unknown file for the Windows GUI subsystem.
PE header basic information
Target machine Intel 386 or later processors and compatible processors
Compilation timestamp 2016-08-06 08:10:50
Entry Point 0x00004028
Number of sections 4
PE sections
PE imports
RegCloseKey
GetUserNameW
GetSidIdentifierAuthority
RegQueryValueExA
GetUserNameA
GetSecurityDescriptorOwner
RegOpenKeyExA
InitCommonControlsEx
GetOpenFileNameW
GetSaveFileNameW
GetOpenFileNameA
ChooseColorA
CommDlgExtendedError
GetSaveFileNameA
SetPolyFillMode
Polygon
TextOutW
CreateFontIndirectW
SetBkMode
PatBlt
CreatePen
GetBkMode
Pie
ResizePalette
CreateFontIndirectA
GetPaletteEntries
CreateRectRgnIndirect
GetTextCharset
CombineRgn
CreateBitmap
UpdateColors
GetPixel
Rectangle
SetMapMode
GetDeviceCaps
CreateDCA
TranslateCharsetInfo
DeleteDC
GetMapMode
EnumFontFamiliesW
GetCharWidthW
RectInRegion
SelectObject
OffsetClipRgn
SetPaletteEntries
GetTextFaceW
GetCharWidthA
CreateDIBSection
StretchDIBits
EnumFontFamiliesA
RealizePalette
SetTextColor
CreatePatternBrush
GetObjectA
GetNearestColor
BitBlt
CreatePalette
GetStockObject
CreateDIBitmap
GetRgnBox
SelectPalette
SetBkColor
ExtTextOutA
GetDIBits
SetTextAlign
SetROP2
SelectClipRgn
CreateCompatibleDC
GetTextFaceA
Arc
TextOutA
Chord
SetBrushOrgEx
CreateRectRgn
GetTextExtentPoint32W
GetTextExtentPoint32A
GetNearestPaletteIndex
GetTextMetricsA
CreateCompatibleBitmap
CreateSolidBrush
Polyline
DPtoLP
ExtCreatePen
GetTextExtentPointA
GetFontData
DeleteObject
SetRectRgn
GetStdHandle
GetComputerNameA
GetOverlappedResult
WaitForSingleObject
PurgeComm
FindNextFileA
HeapDestroy
GetFileAttributesW
FreeEnvironmentStringsA
DeleteCriticalSection
GetCurrentProcess
GetConsoleMode
GetLocaleInfoA
GetVolumeInformationW
SetErrorMode
FreeEnvironmentStringsW
SetCommTimeouts
GetFullPathNameA
GetCommModemStatus
GetTempPathA
GetCPInfo
GetProcAddress
GetStringTypeA
WriteFile
GetSystemTimeAsFileTime
HeapReAlloc
GetStringTypeW
SetFileAttributesA
FreeLibrary
LocalFree
MoveFileA
GetLogicalDriveStringsA
GetEnvironmentVariableA
LoadResource
FindClose
InterlockedDecrement
FormatMessageA
SetFileAttributesW
OutputDebugStringA
GetEnvironmentVariableW
SetLastError
PeekNamedPipe
DeviceIoControl
InitializeCriticalSection
CopyFileW
RemoveDirectoryW
CopyFileA
ExitProcess
GetVersionExA
RemoveDirectoryA
GetExitCodeThread
QueryPerformanceFrequency
GetVolumeInformationA
LoadLibraryExA
GetPrivateProfileStringA
SetThreadPriority
UnhandledExceptionFilter
TlsGetValue
MultiByteToWideChar
MoveFileW
GetModuleHandleA
GetFullPathNameW
CreateSemaphoreA
CreateThread
CreatePipe
GetFileAttributesA
SetUnhandledExceptionFilter
MulDiv
ClearCommError
SetHandleInformation
SetEnvironmentVariableA
ReadConsoleA
TerminateProcess
SearchPathW
WriteConsoleA
SetCurrentDirectoryW
GetCommState
SearchPathA
SetEndOfFile
GetCurrentThreadId
LeaveCriticalSection
SetCurrentDirectoryA
WriteConsoleW
CloseHandle
HeapFree
EnterCriticalSection
SetHandleCount
TerminateThread
lstrcmpiA
SetConsoleMode
GetExitCodeProcess
QueryPerformanceCounter
GetTickCount
TlsAlloc
VirtualProtect
FlushFileBuffers
LoadLibraryA
RtlUnwind
GetStartupInfoA
GetWindowsDirectoryW
CreateDirectoryA
DeleteFileA
GetWindowsDirectoryA
CreateDirectoryW
DeleteFileW
WaitForMultipleObjects
GetProcessHeap
GetTempFileNameW
GetComputerNameW
CompareStringW
lstrcpyW
GetModuleFileNameW
GetFileInformationByHandle
FindNextFileW
lstrcpyA
CompareStringA
GetTempFileNameA
CreateFileMappingA
FindFirstFileW
DuplicateHandle
GlobalLock
EscapeCommFunction
SetEvent
GetModuleFileNameA
GetTimeZoneInformation
SetCommState
CreateFileW
CreateEventA
IsDebuggerPresent
GetFileType
TlsSetValue
CreateFileA
HeapAlloc
InterlockedIncrement
BuildCommDCBA
GetLastError
LoadLibraryExW
LCMapStringW
GetShortPathNameW
UnmapViewOfFile
GetSystemInfo
lstrlenA
GetConsoleCP
LCMapStringA
GlobalAlloc
BuildCommDCBW
GetEnvironmentStringsW
GlobalUnlock
IsDBCSLeadByte
WaitForSingleObjectEx
lstrlenW
GetShortPathNameA
CreateProcessW
SetupComm
GetEnvironmentStrings
GetCurrentDirectoryW
GetCurrentProcessId
LockResource
SetFileTime
GetCurrentDirectoryA
HeapSize
GetCommandLineA
GetCurrentThread
ReadConsoleW
ReleaseSemaphore
MapViewOfFile
TlsFree
SetFilePointer
ReadFile
GlobalFlags
FindFirstFileA
lstrcpynA
PeekConsoleInputA
GetACP
GetVersion
CreateProcessA
WideCharToMultiByte
HeapCreate
GetTempPathW
VirtualQuery
VirtualFree
Sleep
FindResourceA
VirtualAlloc
GetOEMCP
ResetEvent
SHBrowseForFolderW
SHGetPathFromIDListW
SHBrowseForFolderA
SHGetDesktopFolder
SHGetPathFromIDListA
SHGetMalloc
SetFocus
GetMessageA
MapVirtualKeyA
GetMessagePos
GetParent
SystemParametersInfoA
SetCapture
SetCaretPos
ReleaseCapture
VkKeyScanA
KillTimer
WaitForInputIdle
PostQuitMessage
SetWindowTextA
MessageBeep
LoadBitmapA
SetWindowPos
RemoveMenu
GetSystemMetrics
SetWindowLongW
IsWindow
GetWindowRect
ScreenToClient
ScrollWindowEx
UpdateWindow
PostMessageA
MoveWindow
LoadCursorFromFileA
WindowFromPoint
MessageBoxA
PeekMessageA
wsprintfA
SetWindowLongA
SetClassLongA
TranslateMessage
GetWindow
GetSysColor
SetActiveWindow
SetScrollInfo
RegisterClassExA
ReleaseDC
SendInput
SendMessageW
UnregisterClassA
SetClipboardData
SetParent
RegisterClassW
IsWindowVisible
IsZoomed
GetWindowPlacement
SendMessageA
SetForegroundWindow
SetWindowTextW
SetTimer
SetCursorPos
GetMenuCheckMarkDimensions
MessageBoxW
IsIconic
RegisterClassA
InvalidateRect
InsertMenuA
GetWindowLongA
IsClipboardFormatAvailable
MsgWaitForMultipleObjectsEx
LoadCursorA
LoadIconA
TrackPopupMenu
SetWindowsHookExA
GetMenuItemCount
ShowWindow
GetWindowTextW
GetSysColorBrush
GetSystemMenu
ToAscii
UnhookWindowsHookEx
InsertMenuW
GetWindowTextA
SetCursor
SetMenu
OpenClipboard
ExifTool file metadata
MIMEType
application/octet-stream

Subsystem
Windows GUI

MachineType
Intel 386 or later, and compatibles

TimeStamp
2016:08:06 09:10:50+01:00

FileType
Win32 EXE

PEType
PE32

CodeSize
56320

LinkerVersion
9.0

FileTypeExtension
exe

InitializedDataSize
272384

SubsystemVersion
5.0

EntryPoint
0x4028

OSVersion
5.0

ImageVersion
0.0

UninitializedDataSize
0

File identification
MD5 6b87d33b169986cb34f913c14a547f75
SHA1 1c0c8ef8650a4cbcf7b45fa58185fcdba90122cd
SHA256 06395582fd4bde97f8db34a5b3da1f810478156f78b7a3b180469a01953a87ed
ssdeep

authentihash 0169ebd04d5a5f8f658939b6161a6dc7918e7a44183ec5bff263b06369fca3d0
imphash 09106ad7155e2f3c6ad6fe1cf3e7d4c9
File size 247.0 KB ( 252928 bytes )
File type unknown
Magic literal
PE32 executable for MS Windows (GUI) Intel 80386 32-bit

TrID Win32 EXE PECompact compressed (generic) (35.9%)
Win32 Executable MS Visual C++ (generic) (27.0%)
Win64 Executable (generic) (23.9%)
Win32 Dynamic Link Library (generic) (5.6%)
Win32 Executable (generic) (3.9%)
VirusTotal metadata
First submission 2016-09-19 08:37:53 UTC ( 2 years, 4 months ago )
Last submission 2017-01-06 10:36:38 UTC ( 2 years, 1 month ago )
File names 6b87d33b169986cb34f913c14a547f75.virus
06395582fd4bde97f8db34a5b3da1f810478156f78b7a3b180469a01953a87ed
No comments. No VirusTotal Community member has commented on this item yet, be the first one to do so!

Leave your comment...

?
Post comment

You have not signed in. Only registered users can leave comments, sign in and have a voice!

No votes. No one has voted on this item yet, be the first one to do so!
Condensed report! The following is a condensed report of the behaviour of the file when executed in a controlled environment. The actions and events described were either performed by the file itself or by any other process launched by the executed file or subjected to code injection by the executed file.
Opened files
Read files
Written files
Code injections in the following processes
Created mutexes
Runtime DLLs
UDP communications