× Cookies are disabled! This site requires cookies to be enabled to work properly
SHA256: 06f73653bd64a9dfefc92da626a6c872c79a7d974b39fb128e2498fd8b96a1a0
File name: entity7.bin
Detection ratio: 29 / 52
Analysis date: 2014-07-03 13:04:59 UTC ( 4 years, 8 months ago ) View latest
Antivirus Result Update
Ad-Aware Trojan.GenericKD.1733423 20140703
AntiVir TR/Crypt.ZPACK.89110 20140703
Antiy-AVL Trojan[Ransom]/Win32.Foreign 20140703
Avast Win32:Kryptik-NYY [Trj] 20140703
AVG Crypt3.ABIL 20140703
BitDefender Trojan.GenericKD.1733423 20140703
Bkav HW32.CDB.0e2c 20140702
Comodo UnclassifiedMalware 20140703
Emsisoft Trojan.GenericKD.1733423 (B) 20140703
ESET-NOD32 a variant of Win32/Kryptik.CFJR 20140703
F-Secure Trojan.GenericKD.1733423 20140703
Fortinet W32/Kryptik.CFHP!tr 20140703
GData Trojan.GenericKD.1733423 20140703
Ikarus Trojan.Win32.Kryptik 20140703
Kaspersky Trojan-Ransom.Win32.Foreign.kylw 20140703
Kingsoft Win32.Troj.Undef.(kcloud) 20140703
McAfee RDN/Generic PWS.y!b2f 20140703
McAfee-GW-Edition RDN/Generic PWS.y!b2f 20140702
Microsoft PWS:Win32/Zbot 20140703
eScan Trojan.GenericKD.1733423 20140703
NANO-Antivirus Trojan.Win32.Foreign.dbtjhk 20140703
Norman Troj_Generic.UUNZU 20140703
Panda Trj/CI.A 20140703
Qihoo-360 HEUR/Malware.QVM20.Gen 20140703
Rising PE:Malware.XPACK-HIE/Heur!1.9C48 20140703
Sophos AV Mal/Generic-L 20140703
Symantec Trojan.Zbot 20140703
TrendMicro-HouseCall Suspicious_GEN.F47V0627 20140703
VIPRE Trojan.Win32.Generic!BT 20140703
AegisLab 20140703
Yandex 20140703
AhnLab-V3 20140703
CAT-QuickHeal 20140703
ClamAV 20140703
CMC 20140702
Commtouch 20140703
DrWeb 20140703
F-Prot 20140703
Jiangmin 20140703
K7AntiVirus 20140702
K7GW 20140702
Malwarebytes 20140703
nProtect 20140703
SUPERAntiSpyware 20140703
Tencent 20140703
TheHacker 20140703
TotalDefense 20140703
TrendMicro 20140703
VBA32 20140702
ViRobot 20140703
Zillya 20140701
Zoner 20140701
The file being studied is a Portable Executable file! More specifically, it is a Win32 EXE file for the Windows GUI subsystem.
PE header basic information
Target machine Intel 386 or later processors and compatible processors
Compilation timestamp 2014-06-26 08:45:14
Entry Point 0x000015E0
Number of sections 4
PE sections
PE imports
RegDeleteKeyA
LookupPrivilegeValueA
RegCloseKey
OpenServiceA
RegQueryValueExA
RegCreateKeyW
AdjustTokenPrivileges
ControlService
DeleteService
RegCreateKeyA
RegQueryValueExW
CloseServiceHandle
RegOpenKeyA
OpenProcessToken
CreateServiceA
QueryServiceStatus
RegOpenKeyExA
IsTextUnicode
RegSetValueExW
InitializeSecurityDescriptor
RegSetValueExA
StartServiceA
RegDeleteValueA
OpenSCManagerA
PrintDlgA
PrintDlgExW
FindTextA
GetFileTitleW
GetOpenFileNameW
ChooseFontW
GetOpenFileNameA
ChooseColorA
ReplaceTextW
CommDlgExtendedError
GetSaveFileNameA
ChooseFontA
SetDIBits
StartDocW
GetTextMetricsW
SetMapMode
TextOutW
CreateFontIndirectW
EnumFontsW
TextOutA
CreateFontIndirectA
LPtoDP
GetObjectA
GetDeviceCaps
DeleteDC
SetBkMode
CreateBitmap
EndDoc
StartPage
GetObjectW
CreateDCW
SetTextColor
StartDocA
SetAbortProc
GetTextFaceW
CreateFontA
CreateCompatibleDC
StretchBlt
EndPage
SelectObject
GetTextExtentPoint32A
AbortDoc
SetWindowExtEx
CreateSolidBrush
SetViewportExtEx
GetTextExtentPointA
SetBkColor
GetTextExtentPoint32W
CreateCompatibleBitmap
LocalSize
GetConsoleOutputCP
FileTimeToSystemTime
GetComputerNameA
GetOverlappedResult
WaitForSingleObject
HeapDestroy
GetFileAttributesW
GetLocalTime
FreeEnvironmentStringsA
DeleteCriticalSection
GetCurrentProcess
GetConsoleMode
GetLocaleInfoA
LocalAlloc
lstrcatA
FreeEnvironmentStringsW
lstrcatW
SetStdHandle
WideCharToMultiByte
GetStringTypeA
FormatMessageW
GetSystemTimeAsFileTime
GetStringTypeW
GetFullPathNameA
SetEvent
LocalFree
GetProfileIntW
ResumeThread
GetTimeZoneInformation
LoadResource
GlobalCompact
TlsGetValue
FormatMessageA
SetLastError
GetUserDefaultUILanguage
GetSystemTime
DeviceIoControl
InitializeCriticalSection
LocalLock
IsDebuggerPresent
ExitProcess
QueueUserAPC
RaiseException
EnumSystemLocalesA
SetConsoleCtrlHandler
GetUserDefaultLCID
UnhandledExceptionFilter
MultiByteToWideChar
FatalAppExitA
FoldStringW
WriteProfileStringW
CreateMutexA
GetModuleHandleA
EraseTape
CreateThread
SetUnhandledExceptionFilter
MulDiv
ExitThread
SetEnvironmentVariableA
GlobalMemoryStatus
GetVersion
GlobalAlloc
SearchPathA
FindAtomA
SetEndOfFile
GetCurrentThreadId
GetProcAddress
SleepEx
WriteConsoleW
InitializeCriticalSectionAndSpinCount
HeapFree
SetHandleCount
TerminateThread
DefineDosDeviceW
FreeLibrary
QueryPerformanceCounter
GetTickCount
FlushFileBuffers
lstrcmpiW
GlobalSize
GetStartupInfoA
GetDateFormatA
DosDateTimeToFileTime
GetFileSize
GlobalDeleteAtom
DeleteFileA
GetDateFormatW
GetEnvironmentVariableA
DeleteFileW
GlobalLock
GetProcessHeap
CreateFileMappingW
GetProfileStringW
GetTimeFormatW
GlobalReAlloc
GetFileInformationByHandle
FindFirstFileA
lstrcpyA
CompareStringA
CreateFileMappingA
FindFirstFileW
IsValidLocale
WaitForMultipleObjects
ExpandEnvironmentStringsA
CreateEventW
CreateFileW
CreateEventA
GetFileType
CreateFileA
HeapAlloc
LocalUnlock
GetLastError
LocalReAlloc
SystemTimeToFileTime
LCMapStringW
HeapCreate
LoadLibraryA
GlobalFree
GetEnvironmentStringsW
GlobalUnlock
lstrlenW
FileTimeToLocalFileTime
GetEnvironmentStrings
GetCurrentProcessId
LockResource
GetCommandLineW
GetCurrentDirectoryA
HeapSize
GetCommandLineA
GetCurrentThread
OpenMutexA
lstrcpynW
DecodeSystemPointer
QueryPerformanceFrequency
MapViewOfFile
TlsFree
SetFilePointer
ReadFile
WriteFileEx
CloseHandle
lstrcpynA
GetACP
GetCommConfig
GetModuleHandleW
SizeofResource
IsValidCodePage
UnmapViewOfFile
GetDefaultCommConfigW
VirtualFree
RtlMoveMemory
TerminateProcess
FindResourceA
VirtualAlloc
GetOEMCP
ResetEvent
DragQueryFileW
ShellExecuteExA
DragFinish
DragAcceptFiles
ShellAboutW
Shell_NotifyIconA
SetFocus
GetForegroundWindow
SetMenuItemBitmaps
DestroyMenu
PostQuitMessage
LoadBitmapA
SetWindowPos
IsWindow
DispatchMessageA
ClientToScreen
SetDlgItemInt
SetActiveWindow
GetDC
GetCursorPos
ReleaseDC
GetDlgCtrlID
SendMessageW
SendMessageA
GetClientRect
DrawTextW
SetScrollPos
LoadAcceleratorsA
IsClipboardFormatAvailable
LoadImageW
GetWindowTextW
MsgWaitForMultipleObjects
GetWindowTextA
InvalidateRgn
DestroyWindow
GetParent
UpdateWindow
IsDlgButtonChecked
CheckRadioButton
SetProcessDefaultLayout
ShowWindow
GetDesktopWindow
PeekMessageW
EnableWindow
SetWindowPlacement
GetDlgItemTextA
PeekMessageA
ChildWindowFromPoint
TranslateMessage
GetDlgItemTextW
InsertMenuItemA
LoadStringA
SetClipboardData
IsZoomed
GetWindowPlacement
LoadStringW
IsIconic
RegisterClassA
TrackPopupMenuEx
DrawFocusRect
CreateWindowExA
UnhookWinEvent
GetKeyboardLayout
CharNextA
GetSysColorBrush
GetDialogBaseUnits
CreateWindowExW
EndPaint
CharNextW
IsChild
IsDialogMessageA
MapWindowPoints
RegisterWindowMessageW
BeginPaint
OffsetRect
KillTimer
RegisterWindowMessageA
DefWindowProcA
CheckMenuRadioItem
GetClipboardData
SendDlgItemMessageA
GetSystemMetrics
SetWindowLongW
GetWindowRect
InflateRect
PostMessageA
ReleaseCapture
CharLowerW
SetWindowLongA
SendDlgItemMessageW
PostMessageW
CheckDlgButton
CreateDialogParamW
SetWindowTextA
CheckMenuItem
SetWindowTextW
SetTimer
GetDlgItem
GetMenuCheckMarkDimensions
CreateDialogParamA
ScreenToClient
LoadCursorA
LoadIconA
TrackPopupMenu
GetMenuItemCount
AttachThreadInput
GetMenuState
IsDialogMessageW
LoadCursorW
GetSystemMenu
DispatchMessageW
SetForegroundWindow
DialogBoxIndirectParamA
OpenClipboard
EmptyClipboard
DrawTextA
DrawTextExW
HideCaret
SetWinEventHook
FindWindowA
MessageBeep
GetWindowThreadProcessId
MessageBoxW
AppendMenuA
RegisterClassExW
SetMenu
SetDlgItemTextA
MoveWindow
DialogBoxParamW
MessageBoxA
DialogBoxParamA
GetSysColor
SetDlgItemTextW
RegisterClassExA
GetWindowLongW
WinHelpW
SystemParametersInfoW
LoadIconW
DeleteMenu
InvalidateRect
CallWindowProcW
TranslateAcceleratorA
GetFocus
wsprintfW
CloseClipboard
SetCursor
GetMenu
TranslateAcceleratorW
ClosePrinter
OpenPrinterW
Number of PE resources by type
RT_STRING 18
RT_ACCELERATOR 2
RT_RCDATA 1
RT_MENU 1
Number of PE resources by language
ENGLISH US 22
PE resources
Debug information
ExifTool file metadata
MIMEType
application/octet-stream

Subsystem
Windows GUI

MachineType
Intel 386 or later, and compatibles

FileTypeExtension
exe

TimeStamp
2014:06:26 09:45:14+01:00

FileType
Win32 EXE

PEType
PE32

CodeSize
140800

LinkerVersion
10.0

EntryPoint
0x15e0

InitializedDataSize
354304

SubsystemVersion
5.1

ImageVersion
0.0

OSVersion
5.1

UninitializedDataSize
0

File identification
MD5 33e71d420b41ef2245b37da817db6c05
SHA1 3f7e52e3a5aac991370c4757933d91dae3594388
SHA256 06f73653bd64a9dfefc92da626a6c872c79a7d974b39fb128e2498fd8b96a1a0
ssdeep
3072:hvmMtKjn0NphA+uMNzGqExUxDLnY7+0okSK+rHAmNYJm:hvmMc0eqNqqEeVLnY7+0xSK+NYJm

authentihash 540a985bad59fc39dd7b048ae06052598d887bc320ac5a1154f62bebab2e9cc2
imphash b622c05af670d5e37573f0168467e513
File size 166.5 KB ( 170496 bytes )
File type Win32 EXE
Magic literal
PE32 executable for MS Windows (GUI) Intel 80386 32-bit

TrID Win32 Executable MS Visual C++ (generic) (52.5%)
Windows screen saver (22.0%)
Win32 Dynamic Link Library (generic) (11.0%)
Win32 Executable (generic) (7.5%)
Generic Win/DOS Executable (3.3%)
Tags
peexe

VirusTotal metadata
First submission 2014-06-27 08:21:59 UTC ( 4 years, 9 months ago )
Last submission 2015-12-20 00:36:56 UTC ( 3 years, 3 months ago )
File names 06f73653bd64a9dfefc92da626a6c872c79a7d974b39fb128e2498fd8b96a1a0.vir
entity7.bin
Advanced heuristic and reputation engines
Symantec reputation Suspicious.Insight
No comments. No VirusTotal Community member has commented on this item yet, be the first one to do so!

Leave your comment...

?
Post comment

You have not signed in. Only registered users can leave comments, sign in and have a voice!

No votes. No one has voted on this item yet, be the first one to do so!
Condensed report! The following is a condensed report of the behaviour of the file when executed in a controlled environment. The actions and events described were either performed by the file itself or by any other process launched by the executed file or subjected to code injection by the executed file.
DNS requests