× Cookies are disabled! This site requires cookies to be enabled to work properly
SHA256: 07c14519b1afdb232138dbad53b1845a949b2064ef0f15480a497eba13daa998
File name: 07c14519b1afdb232138dbad53b1845a949b2064ef0f15480a497eba13daa998....
Detection ratio: 19 / 71
Analysis date: 2019-01-05 11:54:22 UTC ( 1 month, 2 weeks ago ) View latest
Antivirus Result Update
AVG FileRepMalware 20190105
Bkav HW32.Packed. 20190104
CrowdStrike Falcon (ML) malicious_confidence_100% (D) 20181022
Cybereason malicious.7ed908 20180225
Cylance Unsafe 20190105
eGambit Unsafe.AI_Score_99% 20190105
Endgame malicious (high confidence) 20181108
ESET-NOD32 a variant of Win32/GenKryptik.CVSR 20190105
Sophos ML heuristic 20181128
Kaspersky UDS:DangerousObject.Multi.Generic 20190105
McAfee-GW-Edition BehavesLike.Win32.Generic.cc 20190105
Microsoft Trojan:Win32/Fuerboos.A!cl 20190105
Qihoo-360 HEUR/QVM19.1.5799.Malware.Gen 20190105
Rising Backdoor.Tofsee!8.1E9 (TFE:dGZlOgPgan9v1mVxug) 20190105
SentinelOne (Static ML) static engine - malicious 20181223
Symantec ML.Attribute.HighConfidence 20190104
Trapmine malicious.high.ml.score 20190103
VBA32 BScope.Backdoor.Tofsee 20190104
ZoneAlarm by Check Point UDS:DangerousObject.Multi.Generic 20190105
Acronis 20181227
Ad-Aware 20190105
AegisLab 20190105
AhnLab-V3 20190105
Alibaba 20180921
ALYac 20190105
Antiy-AVL 20190105
Arcabit 20190105
Avast 20190105
Avast-Mobile 20190104
Avira (no cloud) 20190104
AVware 20180925
Babable 20180918
Baidu 20190104
BitDefender 20190105
CAT-QuickHeal 20190104
ClamAV 20190105
CMC 20190104
Comodo 20190105
Cyren 20190105
DrWeb 20190105
Emsisoft 20190105
F-Prot 20190105
F-Secure 20190105
Fortinet 20190105
GData 20190105
Ikarus 20190104
Jiangmin 20190105
K7AntiVirus 20190105
K7GW 20190105
Kingsoft 20190105
Malwarebytes 20190105
MAX 20190105
McAfee 20190105
eScan 20190105
NANO-Antivirus 20190105
Palo Alto Networks (Known Signatures) 20190105
Panda 20190105
Sophos AV 20190105
SUPERAntiSpyware 20190102
TACHYON 20190105
Tencent 20190105
TheHacker 20190104
TotalDefense 20190105
TrendMicro 20190105
TrendMicro-HouseCall 20190105
Trustlook 20190105
VIPRE 20190105
ViRobot 20190105
Webroot 20190105
Zillya 20190105
Zoner 20190105
The file being studied is a Portable Executable file! More specifically, it is a Win32 EXE file for the Windows GUI subsystem.
PE header basic information
Target machine Intel 386 or later processors and compatible processors
Compilation timestamp 2012-08-06 07:30:11
Entry Point 0x00001600
Number of sections 4
PE sections
PE imports
CDLocateRng
CDBuildVect
MD5Final
MD5Update
ErrMsgParam
FindSheet
ErrMsg
JetCloseDatabase
JetCloseTable
JetCloseFile
OpenMutexA
GetLastError
VirtualAllocEx
CreateNamedPipeW
CreateFileMappingA
GetFileAttributesA
WaitForSingleObject
GetExitCodeProcess
LoadLibraryA
GetACP
GetShortPathNameA
GetStartupInfoA
GetDateFormatA
OpenWaitableTimerA
GetCommandLineW
LoadLibraryExW
DeleteFileW
VirtualProtectEx
SetLocalTime
GetTempPathA
CreateSemaphoreA
FindNextFileW
CreateWaitableTimerA
GetSystemDirectoryA
MoveFileExA
GetOEMCP
UnmapViewOfFile
FindClose
OpenSemaphoreW
WriteConsoleW
wsprintfA
FlashWindow
CreateDesktopW
PeekMessageA
GetClassLongA
DialogBoxParamA
LoadBitmapA
GetPropA
LoadMenuW
DispatchMessageW
Number of PE resources by type
RT_DIALOG 1
DFR 1
Number of PE resources by language
ENGLISH US 2
PE resources
ExifTool file metadata
MIMEType
application/octet-stream

Subsystem
Windows GUI

MachineType
Intel 386 or later, and compatibles

FileTypeExtension
exe

TimeStamp
2012:08:06 08:30:11+01:00

FileType
Win32 EXE

PEType
PE32

CodeSize
140288

LinkerVersion
13.0

ImageFileCharacteristics
No relocs, Executable, 32-bit

EntryPoint
0x1600

InitializedDataSize
10240

SubsystemVersion
5.1

ImageVersion
0.0

OSVersion
5.1

UninitializedDataSize
0

File identification
MD5 3213f897ed90811fe6e2262d2baf0f60
SHA1 3c28b3328c20eb17a0302508ccb2b366392ba935
SHA256 07c14519b1afdb232138dbad53b1845a949b2064ef0f15480a497eba13daa998
ssdeep
3072:DR+qcTXKvuBMAGeojUZrRDZ0/BpO9LKhB9PdKSSxJGErL:F+ldMrFAdRDC/uepdKSSxJ

authentihash f011208513b6493fed488ea7c7ca834762bfd3f261ebb532c9c5824145783104
imphash 72e25a86482a029693a46d832ac5ec56
File size 148.0 KB ( 151552 bytes )
File type Win32 EXE
Magic literal
PE32 executable for MS Windows (GUI) Intel 80386 32-bit

TrID Win64 Executable (generic) (59.0%)
Win32 Dynamic Link Library (generic) (14.0%)
Win32 Executable (generic) (9.6%)
Win16/32 Executable Delphi generic (4.4%)
OS/2 Executable (generic) (4.3%)
Tags
peexe

VirusTotal metadata
First submission 2019-01-05 11:54:17 UTC ( 1 month, 2 weeks ago )
Last submission 2019-01-13 08:05:34 UTC ( 1 month, 1 week ago )
File names azor.exe
azor.exe
3213f897ed90811fe6e2262d2baf0f60.virobj
07c14519b1afdb232138dbad53b1845a949b2064ef0f15480a497eba13daa998.sample
No comments. No VirusTotal Community member has commented on this item yet, be the first one to do so!

Leave your comment...

?
Post comment

You have not signed in. Only registered users can leave comments, sign in and have a voice!

No votes. No one has voted on this item yet, be the first one to do so!
Condensed report! The following is a condensed report of the behaviour of the file when executed in a controlled environment. The actions and events described were either performed by the file itself or by any other process launched by the executed file or subjected to code injection by the executed file.
Opened files
Read files
Written files
Copied files
Deleted files
Created processes
Shell commands
Created mutexes
Opened mutexes
Opened service managers
Opened services
Runtime DLLs
HTTP requests
DNS requests
TCP connections
UDP communications