× Cookies are disabled! This site requires cookies to be enabled to work properly
SHA256: 07037950ac31452b2f11bc78646bc2dbabf7f9780c30864749dc52781f3c6e59
File name: 07037950ac31452b2f11bc78646bc2dbabf7f9780c30864749dc52781f3c6e59
Detection ratio: 30 / 57
Analysis date: 2016-04-13 23:12:38 UTC ( 2 years, 10 months ago ) View latest
Antivirus Result Update
Ad-Aware Gen:Variant.Razy.39619 20160413
AhnLab-V3 Backdoor/Win32.Agent 20160413
Antiy-AVL Trojan/Win32.Bublik 20160413
Arcabit Trojan.Razy.D9AC3 20160413
Avast Win32:Trojan-gen 20160413
AVG Win32/Heim 20160413
Avira (no cloud) TR/Crypt.ZPACK.euuy 20160413
AVware Backdoor.Win32.Vawtrak.ab (v) 20160413
Baidu Win32.Trojan.WisdomEyes.151026.9950.9999 20160413
BitDefender Gen:Variant.Razy.39619 20160413
Bkav HW32.Packed.C2D8 20160413
Emsisoft Gen:Variant.Razy.39619 (B) 20160413
ESET-NOD32 Win32/Qbot.BK 20160413
F-Secure Gen:Variant.Razy.39619 20160414
Fortinet W32/Qbot.BK!tr 20160413
GData Gen:Variant.Razy.39619 20160414
Jiangmin Trojan.Bublik.baf 20160413
Kaspersky Trojan.Win32.Bublik.ehfb 20160413
Malwarebytes Trojan.KeyLogger 20160413
McAfee W32/PinkSbot-BU!43C337DD2C50 20160413
McAfee-GW-Edition BehavesLike.Win32.Backdoor.dc 20160413
Microsoft Backdoor:Win32/Qakbot!rfn 20160413
eScan Gen:Variant.Razy.39619 20160413
Panda Trj/GdSda.A 20160413
Qihoo-360 HEUR/QVM20.1.0000.Malware.Gen 20160414
Rising PE:Malware.XPACK-LNR/Heur!1.5594 [F] 20160413
Sophos AV Mal/Qbot-N 20160413
Symantec Suspicious.Cloud.5 20160413
Tencent Win32.Trojan.Crypt.Pdmh 20160414
VIPRE Backdoor.Win32.Vawtrak.ab (v) 20160413
AegisLab 20160413
Alibaba 20160413
ALYac 20160413
Baidu-International 20160413
CAT-QuickHeal 20160413
ClamAV 20160412
CMC 20160412
Comodo 20160413
Cyren 20160413
DrWeb 20160413
F-Prot 20160414
Ikarus 20160413
K7AntiVirus 20160413
K7GW 20160404
Kingsoft 20160414
NANO-Antivirus 20160413
nProtect 20160412
SUPERAntiSpyware 20160413
TheHacker 20160412
TotalDefense 20160413
TrendMicro 20160413
TrendMicro-HouseCall 20160413
VBA32 20160413
ViRobot 20160413
Yandex 20160412
Zillya 20160413
Zoner 20160413
The file being studied is a Portable Executable file! More specifically, it is a Win32 EXE file for the Windows command line subsystem.
PE header basic information
Target machine Intel 386 or later processors and compatible processors
Compilation timestamp 2016-04-11 13:10:34
Entry Point 0x00001D90
Number of sections 6
PE sections
PE imports
RegRestoreKeyA
CopySid
CryptSetProviderW
RegSetKeySecurity
RegRestoreKeyW
RegCreateKeyA
LookupAccountNameA
RegFlushKey
CreateWellKnownSid
ObjectDeleteAuditAlarmA
GetSecurityDescriptorGroup
QueryServiceStatus
ConvertToAutoInheritPrivateObjectSecurity
RegOpenKeyExW
ObjectDeleteAuditAlarmW
LookupAccountNameW
GetSecurityDescriptorOwner
DecryptFileA
ReadEncryptedFileRaw
GetKernelObjectSecurity
ImpersonateSelf
GetSecurityDescriptorDacl
EqualDomainSid
CryptGetUserKey
GetServiceDisplayNameW
RegisterServiceCtrlHandlerExA
RegQueryValueW
SetKernelObjectSecurity
GetEventLogInformation
SetSecurityDescriptorOwner
AdjustTokenGroups
CryptSetProvParam
RegQueryValueExA
RegOverridePredefKey
OpenServiceW
RegCreateKeyExA
GetAclInformation
RegQueryValueExW
CloseServiceHandle
AccessCheckByTypeResultListAndAuditAlarmByHandleW
RegQueryMultipleValuesW
CryptEnumProviderTypesW
AddAccessAllowedAce
AccessCheckByTypeResultListAndAuditAlarmByHandleA
SetServiceObjectSecurity
GetOldestEventLogRecord
GetFileSecurityA
ClearEventLogA
CryptGenKey
RegQueryMultipleValuesA
CryptEnumProviderTypesA
AddAccessAllowedObjectAce
NotifyBootConfigStatus
AccessCheckAndAuditAlarmW
ObjectPrivilegeAuditAlarmW
CryptVerifySignatureA
IsTextUnicode
AddAuditAccessObjectAce
ReadEventLogA
CryptExportKey
QueryServiceStatusEx
AddAuditAccessAceEx
LogonUserA
EqualSid
SetThreadToken
SetPrivateObjectSecurityEx
AddAce
GetSecurityDescriptorRMControl
RegCreateKeyExW
RegCloseKey
LookupAccountSidW
SetPrivateObjectSecurity
AccessCheck
AddAccessDeniedAceEx
GetServiceKeyNameA
DeleteService
DecryptFileW
ObjectCloseAuditAlarmA
GetSecurityDescriptorLength
CryptCreateHash
RegGetKeySecurity
ChangeServiceConfig2W
DeregisterEventSource
DuplicateToken
FileEncryptionStatusW
ChangeServiceConfig2A
InitiateSystemShutdownA
CryptAcquireContextA
IsValidSid
GetSidIdentifierAuthority
RegEnumKeyExW
LockServiceDatabase
AddAuditAccessAce
CryptGetProvParam
CryptDestroyHash
RegEnumValueW
CryptEnumProvidersW
FreeSid
ObjectOpenAuditAlarmA
CreateServiceA
RegSaveKeyW
EnumServicesStatusW
RegEnumValueA
ObjectOpenAuditAlarmW
IsValidSecurityDescriptor
RegDeleteKeyA
GetTokenInformation
RegOpenCurrentUser
DestroyPrivateObjectSecurity
GetAce
FindFirstFreeAce
AdjustTokenPrivileges
ControlService
CryptHashData
RegReplaceKeyA
RegOpenKeyA
CryptSetProviderExA
LookupPrivilegeDisplayNameW
RegSetValueExA
MakeAbsoluteSD
RegEnumKeyW
CloseEncryptedFileRaw
RegReplaceKeyW
RegEnumKeyA
AllocateLocallyUniqueId
EncryptFileA
RegDisablePredefinedCache
AreAllAccessesGranted
EnumServicesStatusExW
OpenEncryptedFileRawA
AbortSystemShutdownW
AddAccessAllowedAceEx
MakeAbsoluteSD2
EncryptFileW
LookupPrivilegeNameA
OpenEncryptedFileRawW
InitializeSid
RegQueryInfoKeyA
NotifyChangeEventLog
CryptSetKeyParam
GetCurrentHwProfileA
StartServiceCtrlDispatcherW
ImpersonateLoggedOnUser
IsWellKnownSid
ReportEventA
SetSecurityDescriptorGroup
EnumDependentServicesA
GetDeviceCaps
GetTextCharset
SetThreadLocale
CreateJobObjectA
FileTimeToDosDateTime
VerifyVersionInfoA
SetEvent
GetDriveTypeA
HeapDestroy
CreateTapePartition
QueueUserAPC
SetComputerNameA
OpenFileMappingW
GetLocaleInfoA
SetTimeZoneInformation
lstrcatA
GetConsoleCursorInfo
RequestWakeupLatency
GetLocaleInfoW
WaitCommEvent
EnumResourceLanguagesW
GetCommModemStatus
IsDBCSLeadByteEx
FindResourceExA
FindNextVolumeMountPointA
GetStringTypeA
GetDiskFreeSpaceW
EndUpdateResourceW
DeleteFiber
SwitchToFiber
WritePrivateProfileStructW
WriteConsoleOutputW
PurgeComm
LocalFree
HeapLock
GlobalCompact
MoveFileW
SetFileAttributesW
GetEnvironmentVariableW
EnumSystemCodePagesW
GetCurrencyFormatA
LocalLock
UpdateResourceW
CancelTimerQueueTimer
SetConsoleActiveScreenBuffer
VerLanguageNameW
FlushViewOfFile
lstrcmpiW
CancelDeviceWakeupRequest
EnumSystemLocalesW
TerminateJobObject
WritePrivateProfileSectionA
GetProfileSectionA
WriteProfileStringW
RegisterWaitForSingleObject
GetFullPathNameW
CreateDirectoryExW
CreateThread
EnumSystemLanguageGroupsA
GlobalAddAtomA
CreateSemaphoreW
MoveFileExA
SetPriorityClass
WaitForMultipleObjectsEx
GetDiskFreeSpaceExA
WriteConsoleA
GetProcessShutdownParameters
VirtualQuery
DebugActiveProcess
SearchPathA
ChangeTimerQueueTimer
ReadConsoleOutputAttribute
ReadConsoleW
GetCurrentThreadId
IsBadHugeReadPtr
GetNumberFormatW
WriteConsoleW
LocalCompact
lstrcmpiA
RequestDeviceWakeup
FindVolumeClose
GetOEMCP
VirtualProtect
FlushFileBuffers
WriteConsoleOutputAttribute
FreeLibrary
CopyFileW
GetDateFormatA
GetFileSize
LCMapStringW
GetNamedPipeHandleStateA
DeleteFileA
GetDateFormatW
GenerateConsoleCtrlEvent
VirtualProtectEx
SetSystemTimeAdjustment
GetComputerNameW
AssignProcessToJobObject
SetCriticalSectionSpinCount
GlobalReAlloc
FindFirstFileA
lstrcpyA
HeapValidate
CompareStringA
FreeConsole
CreateFileMappingA
FindNextFileA
FindFirstFileExW
IsValidLanguageGroup
GetBinaryTypeA
SetVolumeLabelW
GetProcessAffinityMask
CreateEventW
SetCommState
FindFirstVolumeW
BuildCommDCBA
GetLastError
GlobalDeleteAtom
CreateNamedPipeW
LCMapStringA
GetProcessTimes
CreateNamedPipeA
CreateFiber
GetEnvironmentStrings
BuildCommDCBAndTimeoutsA
FindAtomA
ContinueDebugEvent
GetCompressedFileSizeW
GetCompressedFileSizeA
EnumCalendarInfoExW
CancelIo
OpenMutexA
EnumResourceTypesA
GetSystemDefaultLangID
TlsFree
PeekConsoleInputW
lstrcpynA
UnlockFileEx
DeleteVolumeMountPointA
SetStdHandle
GetLongPathNameW
ResetWriteWatch
GetDefaultCommConfigW
TransactNamedPipe
IsBadReadPtr
SetComputerNameExW
GetDefaultCommConfigA
VirtualAlloc
ResetEvent
PathIsDirectoryEmptyW
UrlIsA
GetKeyboardType
ExifTool file metadata
MIMEType
application/octet-stream

Subsystem
Windows command line

MachineType
Intel 386 or later, and compatibles

FileTypeExtension
exe

TimeStamp
2016:04:11 14:10:34+01:00

FileType
Win32 EXE

PEType
PE32

CodeSize
16384

LinkerVersion
6.0

EntryPoint
0x1d90

InitializedDataSize
241664

SubsystemVersion
4.0

ImageVersion
0.0

OSVersion
4.0

UninitializedDataSize
0

File identification
MD5 43c337dd2c506d58a2f9d6d35dd9e63e
SHA1 353bb05acb39894e3bb99a92887bb15798b5a1d9
SHA256 07037950ac31452b2f11bc78646bc2dbabf7f9780c30864749dc52781f3c6e59
ssdeep
6144:Bt0bgozTNs13z+A5sjocWtQs0vNuPE0Rvr77YKU3HuKE:BGgkNscA5sjp+EsD7zU3HhE

authentihash 1eefaaf0ba1b64835091a1e02d782ab0dbb29f55073e42439281316307433111
imphash 89aa7fb8b928382699d9e1aaf8cb07f5
File size 256.0 KB ( 262144 bytes )
File type Win32 EXE
Magic literal
PE32 executable for MS Windows (console) Intel 80386 32-bit

TrID Win32 Dynamic Link Library (generic) (43.5%)
Win32 Executable (generic) (29.8%)
Generic Win/DOS Executable (13.2%)
DOS Executable Generic (13.2%)
Tags
peexe

VirusTotal metadata
First submission 2016-04-13 23:12:38 UTC ( 2 years, 10 months ago )
Last submission 2016-04-13 23:12:38 UTC ( 2 years, 10 months ago )
No comments. No VirusTotal Community member has commented on this item yet, be the first one to do so!

Leave your comment...

?
Post comment

You have not signed in. Only registered users can leave comments, sign in and have a voice!

No votes. No one has voted on this item yet, be the first one to do so!
Condensed report! The following is a condensed report of the behaviour of the file when executed in a controlled environment. The actions and events described were either performed by the file itself or by any other process launched by the executed file or subjected to code injection by the executed file.
Opened files
Read files
Written files
Copied files
Deleted files
Created processes
Shell commands
Created mutexes
Opened mutexes
Runtime DLLs
UDP communications