× Cookies are disabled! This site requires cookies to be enabled to work properly
SHA256: 09eb8d4639917a320765a202c3cd97ab2bc4e6733a305d0cef705c0a15b5d03d
File name: e2e1be94fbfa7586db3dd9bfa15dc877
Detection ratio: 40 / 57
Analysis date: 2016-12-28 09:48:37 UTC ( 2 years, 3 months ago )
Antivirus Result Update
Ad-Aware Trojan.GenericKD.3494535 20161228
AhnLab-V3 Trojan/Win32.Inject.C1538390 20161228
ALYac Trojan.GenericKD.3494535 20161228
Antiy-AVL Trojan/Win32.TSGeneric 20161228
Arcabit Trojan.Generic.D355287 20161228
Avast Win32:Malware-gen 20161228
AVG Atros4.ETO 20161228
Avira (no cloud) TR/Kryptik.mmra 20161228
AVware Trojan.Win32.Generic!BT 20161228
BitDefender Trojan.GenericKD.3494535 20161228
CAT-QuickHeal Trojan.Miuref 20161228
CrowdStrike Falcon (ML) malicious_confidence_100% (D) 20161024
Cyren W32/Trojan.EQHH-1666 20161228
DrWeb BackDoor.Bifrost.20608 20161228
Emsisoft Trojan.GenericKD.3494535 (B) 20161228
ESET-NOD32 a variant of Win32/Kryptik.FFOU 20161228
F-Secure Trojan.GenericKD.3494535 20161228
Fortinet W32/Generic.AP.FBF46E!tr 20161228
GData Trojan.GenericKD.3494535 20161228
Sophos ML backdoor.msil.bladabindi.aj 20161216
Jiangmin Trojan.Inject.pho 20161226
K7AntiVirus Trojan ( 004f70061 ) 20161228
K7GW Trojan ( 004f70061 ) 20161228
Kaspersky Trojan.Win32.Inject.aawel 20161228
McAfee RDN/Generic.tfr 20161228
McAfee-GW-Edition RDN/Generic.tfr 20161228
Microsoft Trojan:Win32/Miuref.R 20161228
eScan Trojan.GenericKD.3494535 20161228
NANO-Antivirus Trojan.Win32.Inject.egqqpi 20161228
Panda Trj/CI.A 20161227
Qihoo-360 Win32/Trojan.4c9 20161228
Rising Trojan.Miuref!8.B7E-zdpLuyCdyIU (cloud) 20161228
Symantec Heur.AdvML.C 20161228
Tencent Win32.Trojan.Inject.Alif 20161228
TrendMicro TROJ_GEN.R011C0DHT16 20161228
TrendMicro-HouseCall TROJ_GEN.R011C0DHT16 20161228
VBA32 Trojan.Inject 20161227
VIPRE Trojan.Win32.Generic!BT 20161228
Yandex Trojan.Inject!2pQvb2IG9dc 20161227
Zillya Trojan.Inject.Win32.198718 20161227
AegisLab 20161228
Alibaba 20161223
Baidu 20161207
Bkav 20161227
ClamAV 20161228
CMC 20161228
Comodo 20161228
F-Prot 20161228
Ikarus 20161227
Kingsoft 20161228
Malwarebytes 20161228
nProtect 20161228
Sophos AV 20161228
SUPERAntiSpyware 20161228
TheHacker 20161226
TotalDefense 20161228
Trustlook 20161228
ViRobot 20161228
WhiteArmor 20161221
Zoner 20161228
The file being studied is a Portable Executable file! More specifically, it is a Win32 EXE file for the Windows GUI subsystem.
PE header basic information
Target machine Intel 386 or later processors and compatible processors
Compilation timestamp 2016-08-25 07:08:28
Entry Point 0x0001DA53
Number of sections 4
PE sections
PE imports
RegDeleteKeyA
RegOpenKeyA
RegCloseKey
RegQueryValueA
RegQueryValueExA
RegSetValueExA
RegCreateKeyExA
RegOpenKeyExA
RegEnumKeyA
InitCommonControlsEx
SetMapMode
SaveDC
TextOutA
CreateFontIndirectA
GetClipBox
GetPixel
GetDeviceCaps
OffsetViewportOrgEx
DeleteDC
RestoreDC
SetBkMode
BitBlt
SetTextColor
CreatePatternBrush
GetObjectA
CreateBitmap
RectVisible
GetStockObject
SetViewportOrgEx
ScaleWindowExtEx
ExtTextOutA
PtVisible
CreateCompatibleDC
ScaleViewportExtEx
SelectObject
GetTextExtentPoint32A
SetWindowExtEx
CreateSolidBrush
SetViewportExtEx
Escape
SetBkColor
DeleteObject
CreateCompatibleBitmap
GetStdHandle
GetConsoleOutputCP
HeapDestroy
FreeEnvironmentStringsA
DeleteCriticalSection
GetCurrentProcess
GetConsoleMode
GetLocaleInfoA
LocalAlloc
SetErrorMode
FreeEnvironmentStringsW
GetLocaleInfoW
SetStdHandle
GetCPInfo
GetProcAddress
GetStringTypeA
InterlockedExchange
WriteFile
GetSystemTimeAsFileTime
EnumResourceLanguagesA
HeapReAlloc
GetStringTypeW
FreeLibrary
LocalFree
InitializeCriticalSection
LoadResource
GlobalHandle
InterlockedDecrement
FormatMessageA
SetLastError
GetModuleFileNameW
IsDebuggerPresent
HeapAlloc
GetVersionExA
GetModuleFileNameA
EnumSystemLocalesA
UnhandledExceptionFilter
TlsGetValue
MultiByteToWideChar
GetModuleHandleA
GlobalAddAtomA
SetUnhandledExceptionFilter
ConvertDefaultLocale
MulDiv
TerminateProcess
WriteConsoleA
GlobalAlloc
GetCurrentThreadId
InterlockedIncrement
WriteConsoleW
HeapFree
EnterCriticalSection
SetHandleCount
GetOEMCP
QueryPerformanceCounter
GetTickCount
TlsAlloc
FlushFileBuffers
LoadLibraryA
RtlUnwind
GetStartupInfoA
GlobalDeleteAtom
GetUserDefaultLCID
GetProcessHeap
GlobalReAlloc
lstrcmpA
CompareStringA
IsValidLocale
lstrcmpW
GlobalLock
GlobalFindAtomA
GetFileType
TlsSetValue
CreateFileA
ExitProcess
LeaveCriticalSection
GetLastError
LocalReAlloc
LCMapStringW
lstrlenA
GlobalFree
GetConsoleCP
LCMapStringA
GlobalGetAtomNameA
GetThreadLocale
GetEnvironmentStringsW
GlobalUnlock
GetEnvironmentStrings
WritePrivateProfileStringA
GetCurrentProcessId
LockResource
WideCharToMultiByte
HeapSize
GetCommandLineA
GetCurrentThread
RaiseException
TlsFree
SetFilePointer
ReadFile
GlobalFlags
CloseHandle
GetACP
GetVersion
FreeResource
SizeofResource
IsValidCodePage
HeapCreate
VirtualFree
Sleep
FindResourceA
VirtualAlloc
VariantChangeType
VariantInit
VariantClear
DragFinish
DragQueryFileA
PathFindFileNameA
PathFindExtensionA
MapWindowPoints
GetForegroundWindow
SetMenuItemBitmaps
DestroyMenu
PostQuitMessage
GetMessagePos
LoadBitmapA
SetWindowPos
IsWindow
DispatchMessageA
EndPaint
GrayStringA
GetMessageTime
SetActiveWindow
GetMenuItemID
GetCursorPos
ReleaseDC
GetDlgCtrlID
GetClassInfoA
GetMenu
UnregisterClassA
SendMessageA
GetClientRect
GetNextDlgTabItem
CallNextHookEx
LoadAcceleratorsA
ClientToScreen
GetTopWindow
GetMenuItemInfoA
GetWindowTextA
PtInRect
GetMessageA
GetParent
UpdateWindow
SetPropA
EqualRect
GetClassInfoExA
ShowWindow
GetPropA
GetDesktopWindow
EnableWindow
PeekMessageA
TranslateMessage
IsWindowEnabled
GetWindow
InsertMenuItemA
GetWindowPlacement
IsIconic
RegisterClassA
TabbedTextOutA
GetWindowLongA
CreateWindowExA
GetActiveWindow
ShowOwnedPopups
FillRect
CopyRect
GetSysColorBrush
DestroyWindow
IsDialogMessageA
SetFocus
BeginPaint
OffsetRect
RegisterWindowMessageA
DefWindowProcA
SendDlgItemMessageA
GetSystemMetrics
EnableMenuItem
GetWindowRect
InflateRect
PostMessageA
ReleaseCapture
SetWindowLongA
RemovePropA
CreatePopupMenu
CheckMenuItem
GetSubMenu
GetLastActivePopup
GetDlgItem
GetMenuCheckMarkDimensions
BringWindowToTop
ScreenToClient
GetClassLongA
CreateDialogIndirectParamA
LoadCursorA
LoadIconA
TrackPopupMenu
SetWindowsHookExA
GetMenuItemCount
GetMenuState
ReuseDDElParam
GetDC
SetForegroundWindow
PostThreadMessageA
DrawTextA
IntersectRect
EndDialog
LoadMenuA
GetCapture
SetWindowTextA
DrawTextExA
GetWindowThreadProcessId
DeferWindowPos
BeginDeferWindowPos
SetMenu
RegisterClipboardFormatA
SetRectEmpty
MessageBoxA
GetWindowDC
AdjustWindowRectEx
GetSysColor
GetKeyState
EndDeferWindowPos
SystemParametersInfoA
IsWindowVisible
UnpackDDElParam
WinHelpA
InvalidateRect
TranslateAcceleratorA
ValidateRect
CallWindowProcA
GetClassNameA
GetFocus
ModifyMenuA
UnhookWindowsHookEx
SetCursor
OpenPrinterA
DocumentPropertiesA
ClosePrinter
OleUninitialize
OleInitialize
CoRevokeClassObject
OleFlushClipboard
CoFreeUnusedLibraries
CoRegisterMessageFilter
OleIsCurrentClipboard
Number of PE resources by type
RT_CURSOR 16
RT_GROUP_CURSOR 15
RT_STRING 13
RT_DIALOG 3
DB 1
RT_MENU 1
Number of PE resources by language
CHINESE SIMPLIFIED 48
NEUTRAL 1
PE resources
ExifTool file metadata
MIMEType
application/octet-stream

Subsystem
Windows GUI

MachineType
Intel 386 or later, and compatibles

TimeStamp
2016:08:25 08:08:28+01:00

FileType
Win32 EXE

PEType
PE32

CodeSize
221184

LinkerVersion
8.0

FileTypeExtension
exe

InitializedDataSize
98304

SubsystemVersion
4.0

EntryPoint
0x1da53

OSVersion
4.0

ImageVersion
0.0

UninitializedDataSize
0

File identification
MD5 e2e1be94fbfa7586db3dd9bfa15dc877
SHA1 e194f80842a6d3ea4cce195def9f6d857f4866a8
SHA256 09eb8d4639917a320765a202c3cd97ab2bc4e6733a305d0cef705c0a15b5d03d
ssdeep
6144:O7W5Yctau6zd/kgPIURx259saSLdLhLEquiBSBBjWiIqGDibTB5zCxT:g7z1XR0PSbLEquiBSBBjWiIqGDibTPzs

authentihash e45a04c28d7e8f78c66da9a7842e2b9f0989e7d65529882d2be7a3ce527e8f0f
imphash 19d55846ee246168b13f76162f073826
File size 316.0 KB ( 323584 bytes )
File type Win32 EXE
Magic literal
PE32 executable for MS Windows (GUI) Intel 80386 32-bit

TrID Win32 Executable MS Visual C++ (generic) (35.8%)
Win64 Executable (generic) (31.7%)
Windows screen saver (15.0%)
Win32 Dynamic Link Library (generic) (7.5%)
Win32 Executable (generic) (5.1%)
Tags
peexe

VirusTotal metadata
First submission 2016-12-28 09:48:37 UTC ( 2 years, 3 months ago )
Last submission 2016-12-28 09:48:37 UTC ( 2 years, 3 months ago )
No comments. No VirusTotal Community member has commented on this item yet, be the first one to do so!

Leave your comment...

?
Post comment

You have not signed in. Only registered users can leave comments, sign in and have a voice!

No votes. No one has voted on this item yet, be the first one to do so!
Condensed report! The following is a condensed report of the behaviour of the file when executed in a controlled environment. The actions and events described were either performed by the file itself or by any other process launched by the executed file or subjected to code injection by the executed file.
Created processes
Opened mutexes
Hooking activity
Runtime DLLs
Additional details
The file installs an application-defined hook procedure into a hook chain. You would install a hook procedure to monitor the system for certain types of events. These events are associated either with a specific thread or with all threads in the same desktop as the calling thread. This is done making use of the SetWindowsHook Windows API function.
UDP communications