× Cookies are disabled! This site requires cookies to be enabled to work properly
SHA256: 068f20c4529f8955e7054f7d527afef980c84ff0b81c771567946d7a68aa0aea
File name: isheriff_143151bb96306a27152c24f14e4a758c.bin
Detection ratio: 41 / 50
Analysis date: 2016-06-14 02:11:12 UTC ( 2 years, 8 months ago )
Antivirus Result Update
Ad-Aware Trojan.GenericKD.2805322 20160614
AegisLab Uds.Dangerousobject.Multi!c 20160613
AhnLab-V3 Trojan/Win32.Upbot 20160613
ALYac Trojan.GenericKD.2805322 20160613
Antiy-AVL Worm/Win32.Ngrbot 20160614
Arcabit Trojan.Generic.D2ACE4A 20160613
Avast Win32:Androp [Drp] 20160613
AVG Crypt_r.AEQ 20160613
Avira (no cloud) TR/Crypt.ZPACK.189611 20160613
AVware Trojan.Win32.Generic!BT 20160613
Baidu Win32.Trojan.Kryptik.lu 20160612
Baidu-International Worm.Win32.Dorkbot.B 20160606
BitDefender Trojan.GenericKD.2805322 20160613
Bkav W32.TaskmanDynamerH.Trojan 20160613
Comodo Worm.Win32.Gamarue.AP 20160613
Cyren W32/Dorkbot.QXMK-6199 20160613
DrWeb Trojan.Inject1.56622 20160613
Emsisoft Trojan.GenericKD.2805322 (B) 20160613
ESET-NOD32 Win32/Dorkbot.B 20160613
F-Prot W32/Dorkbot.MJ 20160613
F-Secure Trojan.GenericKD.2805322 20160613
Fortinet W32/Kryptik.EASA!tr 20160613
GData Trojan.GenericKD.2805322 20160613
Ikarus Trojan.Win32.Crypt 20160613
K7AntiVirus Trojan ( 004d42ee1 ) 20160613
K7GW Trojan ( 004d42ee1 ) 20160613
Kaspersky HEUR:Trojan.Win32.Generic 20160613
McAfee RDN/Generic.bfr 20160613
McAfee-GW-Edition BehavesLike.Win32.Necurs.fh 20160613
Microsoft VirTool:Win32/CeeInject.LJ 20160613
eScan Trojan.GenericKD.2805322 20160613
NANO-Antivirus Trojan.Win32.Ngrbot.dyaapg 20160613
nProtect Trojan.GenericKD.2805322 20160613
Panda Trj/Genetic.gen 20160613
Qihoo-360 Win32/Trojan.4f1 20160614
Sophos AV Troj/Androm-FC 20160613
Tencent Win32.Worm.Ngrbot.Alpa 20160614
TrendMicro TROJ_FORUCON.BMC 20160613
VBA32 Trojan.Bublik 20160611
ViRobot Trojan.Win32.Z.Ngrbot.325120.B[h] 20160614
Yandex Worm.Ngrbot!dodvEmScxQo 20160612
Alibaba 20160613
CAT-QuickHeal 20160613
ClamAV 20160613
CMC 20160613
Jiangmin 20160613
Kingsoft 20160614
SUPERAntiSpyware 20160613
TheHacker 20160612
TotalDefense 20160613
The file being studied is a Portable Executable file! More specifically, it is a Win32 EXE file for the Windows GUI subsystem.
FileVersionInfo properties
Copyright
Helena Berkova web-site

Product Helena Berkova web-site
File version 2.0.0.8
Description master class of Helena Berkova
Comments watch on berkova.ru
PE header basic information
Target machine Intel 386 or later processors and compatible processors
Compilation timestamp 2015-10-17 19:46:04
Entry Point 0x00002ECE
Number of sections 4
PE sections
PE imports
RegDeleteKeyA
LookupPrivilegeValueA
RegOpenKeyA
RegCloseKey
OpenProcessToken
AdjustTokenPrivileges
RegQueryValueA
RegQueryValueExA
RegSetValueExA
RegEnumKeyA
RegDeleteValueA
RegCreateKeyExA
RegOpenKeyExA
_TrackMouseEvent
SetMapMode
SaveDC
TextOutA
CreateFontIndirectA
CombineRgn
GetClipBox
GetObjectA
OffsetViewportOrgEx
DeleteDC
RestoreDC
SetBkMode
DeleteObject
BitBlt
SetTextColor
GetDeviceCaps
CreateBitmap
RectVisible
GetStockObject
SetViewportOrgEx
ScaleWindowExtEx
ExtTextOutA
PtVisible
GetDIBits
CreateCompatibleDC
StretchBlt
ScaleViewportExtEx
CreateRectRgn
SelectObject
SetWindowExtEx
SetViewportExtEx
Escape
SetBkColor
GetBkColor
CreateCompatibleBitmap
GetStdHandle
GetConsoleOutputCP
GetOverlappedResult
WaitForSingleObject
PurgeComm
HeapDestroy
ContinueDebugEvent
GetFileAttributesW
GetExitCodeProcess
LocalHandle
FreeEnvironmentStringsA
DeleteCriticalSection
GetCurrentProcess
GetConsoleMode
GetLocaleInfoA
LocalAlloc
GetVolumeInformationW
SetErrorMode
FreeEnvironmentStringsW
SetStdHandle
GetTempPathA
GetCPInfo
GetFileAttributesA
GetStringTypeA
WriteFile
GetSystemTimeAsFileTime
EnumResourceLanguagesA
HeapReAlloc
GetStringTypeW
SetFileAttributesA
GetOEMCP
LocalFree
MoveFileA
GetLogicalDriveStringsA
InitializeCriticalSection
LoadResource
GlobalHandle
TlsGetValue
MoveFileW
SetFileAttributesW
OutputDebugStringA
GetEnvironmentVariableW
SetLastError
GetProcAddress
PeekNamedPipe
GetEnvironmentVariableA
RemoveDirectoryW
IsDebuggerPresent
HeapAlloc
GetVersionExA
RemoveDirectoryA
QueryPerformanceFrequency
GetVolumeInformationA
LoadLibraryExA
GetPrivateProfileStringA
SetThreadPriority
WriteProfileStringA
UnhandledExceptionFilter
LoadLibraryExW
MultiByteToWideChar
FormatMessageA
GetModuleHandleA
GetFullPathNameW
VirtualLock
GetExitCodeThread
GlobalAddAtomA
SetUnhandledExceptionFilter
ConvertDefaultLocale
MulDiv
GetSystemDirectoryA
SetHandleInformation
ReadConsoleA
TerminateProcess
SearchPathW
InterlockedDecrement
GetVersion
SetCurrentDirectoryW
VirtualQuery
SearchPathA
SetEndOfFile
GetCurrentThreadId
InterlockedIncrement
SetCurrentDirectoryA
WriteConsoleW
InitializeCriticalSectionAndSpinCount
HeapFree
EnterCriticalSection
SetHandleCount
TerminateThread
lstrcmpiA
SetConsoleMode
SetEvent
QueryPerformanceCounter
GetTickCount
TlsAlloc
VirtualProtect
FlushFileBuffers
LoadLibraryA
RtlUnwind
FreeLibrary
GetStartupInfoA
MapUserPhysicalPagesScatter
GetWindowsDirectoryW
GlobalDeleteAtom
GetWindowsDirectoryA
GetFullPathNameA
WaitForMultipleObjects
GetProcessHeap
GetTempFileNameW
GetComputerNameW
lstrcpyW
GlobalReAlloc
GetModuleFileNameW
GetFileInformationByHandle
lstrcmpA
lstrcpyA
ResetEvent
GetTempFileNameA
lstrcmpW
GlobalLock
SetCommTimeouts
ReadConsoleW
GetModuleFileNameA
GetTimeZoneInformation
SetCommState
WriteConsoleA
GlobalFindAtomA
GetFileType
TlsSetValue
CreateFileA
ExitProcess
LeaveCriticalSection
GetLastError
LocalReAlloc
LCMapStringW
GetShortPathNameW
HeapCreate
GetSystemInfo
lstrlenA
GlobalFree
GetConsoleCP
LCMapStringA
GlobalGetAtomNameA
GetThreadLocale
GlobalAlloc
GetEnvironmentStringsW
GlobalUnlock
IsDBCSLeadByte
WaitForSingleObjectEx
lstrlenW
GetShortPathNameA
SetupComm
GetEnvironmentStrings
GetCurrentDirectoryW
WritePrivateProfileStringA
GetCurrentProcessId
LockResource
SetFileTime
GetCurrentDirectoryA
HeapSize
GetCommandLineA
GetCurrentThread
RaiseException
ReleaseSemaphore
MapViewOfFile
TlsFree
SetFilePointer
ReadFile
GlobalFlags
CloseHandle
lstrcpynA
PeekConsoleInputA
GetACP
GetModuleHandleW
FreeResource
SizeofResource
CreateProcessA
WideCharToMultiByte
IsValidCodePage
UnmapViewOfFile
GetTempPathW
VirtualFree
Sleep
FindResourceA
VirtualAlloc
CompareStringA
PathFindFileNameA
PathFindExtensionA
MapWindowPoints
GetForegroundWindow
SetWindowRgn
SetMenuItemBitmaps
DestroyMenu
PostQuitMessage
GetMessagePos
LoadBitmapA
SetWindowPos
IsWindow
DispatchMessageA
EndPaint
ScrollWindowEx
GetWindowLongA
VkKeyScanA
GrayStringA
WindowFromPoint
GetMessageTime
SetActiveWindow
GetMenuItemID
GetAsyncKeyState
ReleaseDC
GetDlgCtrlID
GetClassInfoA
SendMessageW
UnregisterClassA
GetWindowTextLengthA
SendMessageA
GetClientRect
ToAscii
SetCaretPos
GetNextDlgTabItem
CallNextHookEx
IsClipboardFormatAvailable
GetSysColor
GetActiveWindow
GetWindowTextW
LoadImageA
GetTopWindow
GetWindowTextA
GetKeyState
DestroyWindow
DrawEdge
GetParent
UpdateWindow
SetPropA
EnumWindows
CreateCaret
GetClassInfoExA
ShowWindow
SetClassLongA
DrawFrameControl
ValidateRect
EnableWindow
PeekMessageA
TranslateMessage
IsWindowEnabled
GetWindow
DestroyCaret
RegisterClassW
SetParent
SetClipboardData
GetSystemMetrics
IsZoomed
GetWindowPlacement
DrawMenuBar
EnableMenuItem
RegisterClassA
TabbedTextOutA
DrawFocusRect
SetTimer
GetKeyboardLayout
FillRect
CopyRect
WaitForInputIdle
GetSysColorBrush
CreateWindowExW
GetCursorPos
PtInRect
IsDialogMessageA
SetFocus
CreateWindowExA
MapVirtualKeyA
IsIconic
GetMessageA
PostMessageA
BeginPaint
OffsetRect
DefWindowProcW
DrawIcon
KillTimer
GetClipboardOwner
RegisterWindowMessageA
DefWindowProcA
GetClipboardData
SendDlgItemMessageA
CharLowerA
SetWindowLongW
GetWindowRect
SetCapture
ReleaseCapture
CharLowerW
SetWindowLongA
RemovePropA
SetWindowTextA
CheckMenuItem
GetSubMenu
GetLastActivePopup
SetWindowTextW
CreateMenu
GetDlgItem
GetMenuCheckMarkDimensions
SendInput
ClientToScreen
GetClassLongA
InsertMenuA
GetCapture
LoadCursorA
LoadIconA
TrackPopupMenu
SetWindowsHookExA
GetMenuItemCount
GetMenuState
CreateIconFromResource
GetSystemMenu
GetDC
InsertMenuW
SetForegroundWindow
ExitWindowsEx
OpenClipboard
EmptyClipboard
DrawTextA
EndDialog
CreateIconIndirect
CreateDialogIndirectParamA
ScreenToClient
CreatePopupMenu
MessageBeep
DrawTextExA
RemoveMenu
GetWindowThreadProcessId
MessageBoxW
GetMenu
GetPropA
SetMenu
MoveWindow
LoadCursorFromFileA
MessageBoxA
GetWindowDC
AdjustWindowRectEx
MsgWaitForMultipleObjectsEx
SetScrollInfo
RegisterClassExA
SystemParametersInfoA
DestroyIcon
IsWindowVisible
GetDesktopWindow
SetCursorPos
WinHelpA
InvalidateRect
wsprintfA
CallWindowProcW
CallWindowProcA
GetClassNameA
GetFocus
CloseClipboard
ModifyMenuA
UnhookWindowsHookEx
SetCursor
GetFileVersionInfoSizeA
GetFileVersionInfoA
VerQueryValueA
OpenPrinterA
DocumentPropertiesA
ClosePrinter
Number of PE resources by type
RT_MANIFEST 1
RT_VERSION 1
Number of PE resources by language
RUSSIAN 1
SPANISH COSTA RICA 1
PE resources
ExifTool file metadata
ProductVersionNumber
2.6.1.583

FileDescription
master class of Helena Berkova

Comments
watch on berkova.ru

InitializedDataSize
257536

ImageVersion
0.0

ProductName
Helena Berkova web-site

FileVersionNumber
2.6.1.583

UninitializedDataSize
0

LanguageCode
Russian

FileFlagsMask
0x0000

CharacterSet
Windows, Cyrillic

LinkerVersion
9.0

FileTypeExtension
exe

MIMEType
application/octet-stream

Subsystem
Windows GUI

FileVersion
2.0.0.8

TimeStamp
2015:10:17 20:46:04+01:00

FileType
Win32 EXE

PEType
PE32

SubsystemVersion
5.0

OSVersion
5.0

FileOS
Win32

LegalCopyright
Helena Berkova web-site

MachineType
Intel 386 or later, and compatibles

CompanyName
Helena Berkova web-site

CodeSize
66560

FileSubtype
0

BuildNumber
Helena Berkova

EntryPoint
0x2ece

ObjectFileType
Executable application

File identification
MD5 143151bb96306a27152c24f14e4a758c
SHA1 a751f4a91dd4348d4cfdc6b5e62dab3387f4bca0
SHA256 068f20c4529f8955e7054f7d527afef980c84ff0b81c771567946d7a68aa0aea
ssdeep
6144:7MTJW9lZluGcxfhrpHcZwysY3vGNOK8Ag2biTEfSo:ITJW9lHulVclhvAF7/biTEfSo

authentihash 102ac56fa0d53f5a550d04295147376e310b7e2f809df00a0facc727b8672f05
imphash fc5a25ab00f1f2b425905b50504e5136
File size 317.5 KB ( 325120 bytes )
File type Win32 EXE
Magic literal
PE32 executable for MS Windows (GUI) Intel 80386 32-bit

TrID Win32 Executable MS Visual C++ (generic) (67.4%)
Win32 Dynamic Link Library (generic) (14.2%)
Win32 Executable (generic) (9.7%)
Generic Win/DOS Executable (4.3%)
DOS Executable Generic (4.3%)
Tags
peexe

VirusTotal metadata
First submission 2015-10-17 22:00:41 UTC ( 3 years, 4 months ago )
Last submission 2016-06-14 02:11:12 UTC ( 2 years, 8 months ago )
File names ibgnv.exe
isheriff_143151bb96306a27152c24f14e4a758c.bin
No comments. No VirusTotal Community member has commented on this item yet, be the first one to do so!

Leave your comment...

?
Post comment

You have not signed in. Only registered users can leave comments, sign in and have a voice!

No votes. No one has voted on this item yet, be the first one to do so!
Condensed report! The following is a condensed report of the behaviour of the file when executed in a controlled environment. The actions and events described were either performed by the file itself or by any other process launched by the executed file or subjected to code injection by the executed file.
Opened files
Created processes
Code injections in the following processes
Created mutexes
Opened mutexes
Runtime DLLs