× Cookies are disabled! This site requires cookies to be enabled to work properly
SHA256: 07be4db7d99bc021f82b540a93f7480f1a890a226b728801a15b1774018ee2e1
File name: a6c2211426fc1ec8d8d20dd8ea9089bc
Detection ratio: 49 / 68
Analysis date: 2018-06-23 16:57:38 UTC ( 3 months ago )
Antivirus Result Update
Ad-Aware Trojan.GenericKD.30938733 20180623
AegisLab Troj.W32.Buzus.lx0C 20180622
ALYac Trojan.GenericKD.30938733 20180623
Antiy-AVL Trojan/Win32.Refinka 20180623
Arcabit Trojan.Generic.D1D8166D 20180623
Avast Win32:Malware-gen 20180623
AVG Win32:Malware-gen 20180623
Avira (no cloud) TR/Skeeyah.eltiw 20180623
AVware Trojan.Win32.Generic!BT 20180623
Baidu Win32.Trojan.WisdomEyes.16070401.9500.9981 20180622
BitDefender Trojan.GenericKD.30938733 20180623
Bkav W32.eHeur.Malware03 20180623
CAT-QuickHeal Trojan.Puwaders 20180622
Comodo TrojWare.Win32.Agent.OSCF 20180623
CrowdStrike Falcon (ML) malicious_confidence_100% (D) 20180530
Cybereason malicious.426fc1 20180225
Cylance Unsafe 20180623
Cyren W32/Agent.EW.gen!Eldorado 20180623
DrWeb Trojan.DiskFill.41072 20180623
Emsisoft Trojan.GenericKD.30938733 (B) 20180623
Endgame malicious (high confidence) 20180612
ESET-NOD32 a variant of Win32/FlyStudio.HackTool.A potentially unwanted 20180623
F-Prot W32/Agent.EW.gen!Eldorado 20180623
F-Secure Trojan.GenericKD.30938733 20180622
Fortinet W32/Agent.AZAJ!tr 20180623
GData Win32.Trojan.FlyStudio.F 20180623
Ikarus Trojan.Win32.Skeeyah 20180623
Sophos ML heuristic 20180601
K7AntiVirus Trojan ( 005246d51 ) 20180623
K7GW Trojan ( 005246d51 ) 20180623
Kaspersky HEUR:Trojan.Win32.Generic 20180623
Malwarebytes Trojan.Agent 20180623
MAX malware (ai score=81) 20180623
McAfee Trojan-FPRJ!A6C2211426FC 20180623
McAfee-GW-Edition BehavesLike.Win32.Generic.fh 20180623
Microsoft Trojan:Win32/Tescrypt!rfn 20180623
eScan Trojan.GenericKD.30938733 20180623
NANO-Antivirus Trojan.Win32.FlyStudio.fcuxgn 20180623
Panda Trj/Genetic.gen 20180623
Qihoo-360 HEUR/QVM07.1.0A43.Malware.Gen 20180623
Rising PUF.Hacktool!1.B2A6 (RDM+:cmRtazpeNhVz4/8hODUFIlh37X4J) 20180623
SentinelOne (Static ML) static engine - malicious 20180618
Sophos AV Troj/Agent-AZAJ 20180623
Symantec ML.Attribute.HighConfidence 20180622
VBA32 BScope.Trojan.Tiggre 20180622
VIPRE Trojan.Win32.Generic!BT 20180623
Yandex Trojan.Agent!xzWj7OcDFmU 20180622
Zillya Trojan.GenericKD.Win32.119968 20180622
ZoneAlarm by Check Point HEUR:Trojan.Win32.Generic 20180623
AhnLab-V3 20180623
Alibaba 20180622
Avast-Mobile 20180623
Babable 20180406
ClamAV 20180623
CMC 20180623
eGambit 20180623
Jiangmin 20180623
Kingsoft 20180623
Palo Alto Networks (Known Signatures) 20180623
SUPERAntiSpyware 20180623
Symantec Mobile Insight 20180619
TACHYON 20180623
Tencent 20180623
TheHacker 20180622
TotalDefense 20180623
TrendMicro 20180623
TrendMicro-HouseCall 20180623
Trustlook 20180623
ViRobot 20180623
Webroot 20180623
Zoner 20180622
The file being studied is a Portable Executable file! More specifically, it is a Win32 EXE file for the Windows GUI subsystem.
PE header basic information
Target machine Intel 386 or later processors and compatible processors
Compilation timestamp 2018-04-10 17:36:48
Entry Point 0x0009ADD5
Number of sections 4
PE sections
Overlays
MD5 ae45e070bffae0d5b9bb1baf06f17040
File type ASCII text
Offset 1040384
Size 4340
Entropy 5.01
PE imports
RegOpenKeyExA
RegSetValueExA
RegQueryValueA
RegCloseKey
RegCreateKeyExA
ImageList_Read
ImageList_GetImageCount
ImageList_Duplicate
ImageList_Destroy
ImageList_SetBkColor
Ord(17)
CreatePolygonRgn
SetROP2
PathToRegion
GetWindowOrgEx
PatBlt
SetViewportExtEx
CreatePen
GetBkMode
SaveDC
TextOutA
CreateFontIndirectA
GetTextMetricsA
CreateRectRgnIndirect
EndPath
CombineRgn
GetClipBox
GetROP2
GetWindowExtEx
GetClipRgn
GetViewportOrgEx
SelectObject
Rectangle
SetMapMode
GetObjectA
ExcludeClipRect
CreateCompatibleDC
DeleteDC
RestoreDC
SetBkMode
GetSystemPaletteEntries
OffsetViewportOrgEx
GetTextExtentPoint32A
EndDoc
SetWindowOrgEx
StartPage
DeleteObject
BitBlt
GetStretchBltMode
RealizePalette
SetTextColor
GetDeviceCaps
GetCurrentObject
FillRgn
CreateEllipticRgn
CreateDCA
CreateBitmap
RectVisible
CreatePalette
GetStockObject
CreateDIBitmap
GetPolyFillMode
ScaleWindowExtEx
SetBkColor
ExtTextOutA
PtVisible
GetDIBits
ExtSelectClipRgn
CreateRoundRectRgn
SelectClipRgn
RoundRect
StretchBlt
SetStretchBltMode
SelectPalette
ScaleViewportExtEx
EndPage
CreateRectRgn
LineTo
StartDocA
SetPolyFillMode
CreateCompatibleBitmap
SetWindowExtEx
GetTextColor
CreateSolidBrush
DPtoLP
SetViewportOrgEx
Escape
GetViewportExtEx
BeginPath
GetBkColor
Ellipse
MoveToEx
LPtoDP
GetStdHandle
FileTimeToSystemTime
GetFileAttributesA
SetEvent
HeapDestroy
IsBadCodePtr
GetLocalTime
FreeEnvironmentStringsA
DeleteCriticalSection
GetCurrentProcess
LocalAlloc
lstrcatA
SetErrorMode
FreeEnvironmentStringsW
SetStdHandle
GetFileTime
GetTempPathA
GetCPInfo
GetProcAddress
GetStringTypeA
InterlockedExchange
WriteFile
WaitForSingleObject
HeapReAlloc
GetStringTypeW
GetFullPathNameA
FreeLibrary
LocalFree
ResumeThread
InitializeCriticalSection
LoadResource
GlobalHandle
FindClose
InterlockedDecrement
SetLastError
GetSystemTime
GetEnvironmentVariableA
GlobalFindAtomA
HeapAlloc
GetVersionExA
GetModuleFileNameA
GetVolumeInformationA
GetPrivateProfileStringA
UnhandledExceptionFilter
TlsGetValue
MultiByteToWideChar
GetModuleHandleA
CreateSemaphoreA
CreateThread
GlobalAddAtomA
SetUnhandledExceptionFilter
MulDiv
GetSystemDirectoryA
SetEnvironmentVariableA
TerminateProcess
GlobalAlloc
SetEndOfFile
GetCurrentThreadId
InterlockedIncrement
SetCurrentDirectoryA
HeapFree
EnterCriticalSection
SetHandleCount
lstrcmpiA
GetOEMCP
GetTickCount
IsBadWritePtr
TlsAlloc
FlushFileBuffers
LoadLibraryA
RtlUnwind
GlobalSize
GetStartupInfoA
UnlockFile
GetFileSize
LCMapStringW
DeleteFileA
GetWindowsDirectoryA
WaitForMultipleObjects
GetProcessHeap
CompareStringW
GlobalReAlloc
lstrcmpA
FindFirstFileA
lstrcpyA
GetProfileStringA
CompareStringA
FindNextFileA
DuplicateHandle
GetUserDefaultLCID
GetTimeZoneInformation
CreateEventA
CopyFileA
GetFileType
TlsSetValue
CreateFileA
ExitProcess
LeaveCriticalSection
GetLastError
LocalReAlloc
GlobalDeleteAtom
lstrlenA
GlobalFree
LCMapStringA
GlobalGetAtomNameA
GetEnvironmentStringsW
GlobalUnlock
LockFile
lstrlenW
WinExec
FileTimeToLocalFileTime
GetEnvironmentStrings
WritePrivateProfileStringA
LockResource
WideCharToMultiByte
HeapSize
GetCommandLineA
GetCurrentThread
RaiseException
ReleaseSemaphore
TlsFree
SetFilePointer
ReadFile
GlobalFlags
CloseHandle
lstrcpynA
GetACP
GlobalLock
GetVersion
HeapCreate
VirtualFree
Sleep
IsBadReadPtr
GetProcessVersion
FindResourceA
VirtualAlloc
VariantChangeType
UnRegisterTypeLib
RegisterTypeLib
VariantCopyInd
VariantClear
SysAllocString
LoadTypeLib
LHashValOfNameSys
VariantInit
ShellExecuteA
SHGetSpecialFolderPathA
Shell_NotifyIconA
RedrawWindow
GetMessagePos
SetWindowRgn
SetMenuItemBitmaps
DestroyWindow
MoveWindow
DestroyMenu
PostQuitMessage
GetForegroundWindow
LoadBitmapA
SetWindowPos
GetNextDlgTabItem
IsWindow
DispatchMessageA
ClientToScreen
ScrollWindowEx
GrayStringA
WindowFromPoint
GetMessageTime
CallNextHookEx
SetActiveWindow
GetDC
GetCursorPos
ReleaseDC
GetDlgCtrlID
GetClassInfoA
GetMenu
UnregisterClassA
SendMessageA
GetClientRect
SetScrollPos
LoadIconA
GetWindowTextLengthA
CopyAcceleratorTableA
GetTopWindow
LoadImageA
GetActiveWindow
GetWindowTextA
PtInRect
DrawEdge
GetParent
UpdateWindow
SetPropA
EqualRect
GetMenuState
ShowWindow
DrawFrameControl
CreateIconFromResourceEx
EnableWindow
MapWindowPoints
PeekMessageA
TranslateMessage
IsWindowEnabled
GetWindow
CharUpperA
LoadStringA
SetParent
SetClipboardData
IsZoomed
GetWindowPlacement
IsIconic
RegisterClassA
TabbedTextOutA
GetWindowLongA
SetTimer
FillRect
CopyRect
GetSysColorBrush
EndPaint
CreateAcceleratorTableA
IsChild
IsDialogMessageA
SetFocus
CreateWindowExA
GetMessageA
SetCapture
BeginPaint
OffsetRect
GetScrollPos
KillTimer
RegisterWindowMessageA
DefWindowProcA
DrawFocusRect
GetClipboardData
SendDlgItemMessageA
GetSystemMetrics
EnableMenuItem
SetScrollRange
GetWindowRect
InflateRect
PostMessageA
ReleaseCapture
IntersectRect
SetWindowLongA
RemovePropA
CreatePopupMenu
CheckMenuItem
GetSubMenu
GetLastActivePopup
DrawIconEx
CreateMenu
GetDlgItem
GetMenuCheckMarkDimensions
ScreenToClient
GetClassLongA
CreateDialogIndirectParamA
LoadCursorA
EnumDisplaySettingsA
SetWindowsHookExA
GetMenuItemCount
DestroyAcceleratorTable
ValidateRect
CreateIconFromResource
GetSystemMenu
GetMenuItemID
SetForegroundWindow
OpenClipboard
EmptyClipboard
ChildWindowFromPointEx
GetScrollRange
EndDialog
GetCapture
SetWindowTextA
AppendMenuA
GetPropA
SetMenu
RegisterClipboardFormatA
SetRectEmpty
CallWindowProcA
MessageBoxA
GetWindowDC
DestroyCursor
AdjustWindowRectEx
GetSysColor
GetKeyState
SystemParametersInfoA
DestroyIcon
IsWindowVisible
GetDesktopWindow
SetCursorPos
WinHelpA
SetRect
DeleteMenu
InvalidateRect
wsprintfA
DrawTextA
TranslateAcceleratorA
IsRectEmpty
GetClassNameA
GetFocus
CloseClipboard
ModifyMenuA
UnhookWindowsHookEx
SetCursor
waveOutReset
midiStreamProperty
waveOutOpen
waveOutClose
midiOutPrepareHeader
waveOutUnprepareHeader
waveOutPause
waveOutGetNumDevs
waveOutPrepareHeader
midiStreamOpen
midiStreamOut
midiStreamStop
waveOutWrite
midiStreamRestart
midiOutUnprepareHeader
midiOutReset
midiStreamClose
OpenPrinterA
DocumentPropertiesA
ClosePrinter
recv
accept
WSAAsyncSelect
recvfrom
ioctlsocket
getpeername
WSACleanup
closesocket
inet_ntoa
GetFileTitleA
ChooseColorA
GetSaveFileNameA
GetOpenFileNameA
OleUninitialize
CLSIDFromProgID
OleInitialize
CoCreateInstance
OleRun
CLSIDFromString
Number of PE resources by type
RT_BITMAP 15
RT_STRING 11
RT_DIALOG 10
RT_CURSOR 4
RT_GROUP_CURSOR 3
RT_ICON 3
TEXTINCLUDE 3
RT_GROUP_ICON 3
RT_MENU 2
RT_MANIFEST 1
Number of PE resources by language
CHINESE SIMPLIFIED 52
NEUTRAL 3
PE resources
ExifTool file metadata
MIMEType
application/octet-stream

Subsystem
Windows GUI

MachineType
Intel 386 or later, and compatibles

FileTypeExtension
exe

TimeStamp
2018:04:10 18:36:48+01:00

FileType
Win32 EXE

PEType
PE32

CodeSize
761856

LinkerVersion
6.0

EntryPoint
0x9add5

InitializedDataSize
479232

SubsystemVersion
4.0

ImageVersion
0.0

OSVersion
4.0

UninitializedDataSize
0

File identification
MD5 a6c2211426fc1ec8d8d20dd8ea9089bc
SHA1 e6a9c52ef1cd0bd95851a40ed5e0499114435f27
SHA256 07be4db7d99bc021f82b540a93f7480f1a890a226b728801a15b1774018ee2e1
ssdeep
24576:uqLMFH5BhM6RwyeQvt6ot0h9HyrOOfGOAY:1LMFHa6ReIt0jSrOs

authentihash b20b4883bca7587761fbf05e1ec727c71ac58300d91f3e9533f09296a63d90f2
imphash 28178deeb23ca335978bbb93418aba95
File size 1020.2 KB ( 1044724 bytes )
File type Win32 EXE
Magic literal
PE32 executable for MS Windows (GUI) Intel 80386 32-bit

TrID Win32 Executable MS Visual C++ (generic) (35.0%)
Win64 Executable (generic) (31.0%)
Windows screen saver (14.7%)
Win32 Dynamic Link Library (generic) (7.3%)
Win32 Executable (generic) (5.0%)
Tags
peexe overlay

VirusTotal metadata
First submission 2018-06-23 16:57:38 UTC ( 3 months ago )
Last submission 2018-06-23 16:57:38 UTC ( 3 months ago )
No comments. No VirusTotal Community member has commented on this item yet, be the first one to do so!

Leave your comment...

?
Post comment

You have not signed in. Only registered users can leave comments, sign in and have a voice!

No votes. No one has voted on this item yet, be the first one to do so!