× Cookies are disabled! This site requires cookies to be enabled to work properly
SHA256: 09f37e2825529cb52a2142bf596a4fafc25e2cd424c934f109200178044d03e5
File name: CF6.tmp
Detection ratio: 5 / 57
Analysis date: 2015-03-02 09:26:46 UTC ( 4 years ago ) View latest
Antivirus Result Update
AVG Luhe.Fiha.A 20150302
Avira (no cloud) TR/Crypt.Xpack.156922 20150302
ESET-NOD32 Win32/Spy.Zbot.ACB 20150302
Kaspersky Trojan-Spy.Win32.Zbot.vcjs 20150302
Malwarebytes Trojan.Ransom.ED 20150302
Ad-Aware 20150302
AegisLab 20150302
Yandex 20150228
AhnLab-V3 20150301
Alibaba 20150302
ALYac 20150302
Antiy-AVL 20150302
Avast 20150302
AVware 20150228
Baidu-International 20150301
BitDefender 20150302
Bkav 20150228
ByteHero 20150302
CAT-QuickHeal 20150302
ClamAV 20150302
CMC 20150301
Comodo 20150302
Cyren 20150302
DrWeb 20150302
Emsisoft 20150302
F-Prot 20150302
F-Secure 20150301
Fortinet 20150302
GData 20150302
Ikarus 20150302
Jiangmin 20150301
K7AntiVirus 20150302
K7GW 20150302
Kingsoft 20150302
McAfee 20150302
McAfee-GW-Edition 20150302
Microsoft 20150302
eScan 20150302
NANO-Antivirus 20150302
Norman 20150302
nProtect 20150227
Panda 20150301
Qihoo-360 20150302
Rising 20150301
Sophos AV 20150302
SUPERAntiSpyware 20150301
Symantec 20150302
Tencent 20150302
TheHacker 20150302
TotalDefense 20150301
TrendMicro 20150302
TrendMicro-HouseCall 20150302
VBA32 20150302
VIPRE 20150302
ViRobot 20150302
Zillya 20150228
Zoner 20150302
The file being studied is a Portable Executable file! More specifically, it is a Win32 EXE file for the Windows GUI subsystem.
PE header basic information
Target machine Intel 386 or later processors and compatible processors
Compilation timestamp 2015-03-01 11:00:32
Entry Point 0x00001E27
Number of sections 5
PE sections
PE imports
LookupAccountNameW
GetPixel
GetLastError
InitializeCriticalSectionAndSpinCount
HeapFree
GetStdHandle
EnterCriticalSection
LCMapStringW
SetHandleCount
LoadLibraryW
GetOEMCP
QueryPerformanceCounter
IsDebuggerPresent
HeapAlloc
TlsAlloc
GetEnvironmentStringsW
GetModuleFileNameA
RtlUnwind
HeapSetInformation
GetCurrentProcess
WritePrivateProfileStringA
GetCurrentProcessId
WideCharToMultiByte
UnhandledExceptionFilter
InterlockedDecrement
MultiByteToWideChar
HeapSize
FreeEnvironmentStringsW
GetCommandLineA
GetProcAddress
GetStartupInfoW
ExitProcess
RaiseException
GetCPInfo
GetModuleFileNameW
TlsFree
GetSystemTimeAsFileTime
DeleteCriticalSection
SetUnhandledExceptionFilter
WriteFile
DecodePointer
IsProcessorFeaturePresent
GetACP
HeapReAlloc
GetStringTypeW
GetModuleHandleW
TerminateProcess
IsValidCodePage
HeapCreate
TlsGetValue
Sleep
GetFileType
GetTickCount
TlsSetValue
EncodePointer
GetCurrentThreadId
LeaveCriticalSection
SetLastError
InterlockedIncrement
SetupDiGetClassDevsA
EnumDisplayMonitors
GetWindowTextLengthA
SendMessageA
KillTimer
GetDlgItem
PostQuitMessage
LoadBitmapA
DestroyWindow
WTSEnumerateProcessesA
GdiplusStartup
StgCreateDocfile
CoTaskMemFree
WriteClassStg
CoTaskMemAlloc
CoCreateFreeThreadedMarshaler
Number of PE resources by type
RT_GROUP_CURSOR 14
RT_BITMAP 12
RT_STRING 8
RT_RCDATA 6
RT_ICON 4
RT_DIALOG 3
RT_MANIFEST 1
RT_GROUP_ICON 1
Number of PE resources by language
ENGLISH US 49
PE resources
ExifTool file metadata
MIMEType
application/octet-stream

Subsystem
Windows GUI

MachineType
Intel 386 or later, and compatibles

TimeStamp
2015:03:01 12:00:32+01:00

FileType
Win32 EXE

PEType
PE32

CodeSize
62464

LinkerVersion
10.0

EntryPoint
0x1e27

InitializedDataSize
246784

SubsystemVersion
5.1

ImageVersion
0.0

OSVersion
5.1

UninitializedDataSize
0

File identification
MD5 3aa9af54227fb12ba94ec44eb20ab329
SHA1 d6e39115eaa1603891ad47dcc2766168110eea21
SHA256 09f37e2825529cb52a2142bf596a4fafc25e2cd424c934f109200178044d03e5
ssdeep
6144:LYnv+hK8YkasEXdmyyBHeWD7vVhXkfPKy:LYv+hykZEt0Vfth

authentihash 80a87583cf81be644d1667540e211f294b5baef7a0fdf42ee107be431d1953c3
imphash 10739130bc0459effbaea6e2483c9529
File size 303.0 KB ( 310272 bytes )
File type Win32 EXE
Magic literal
PE32 executable for MS Windows (GUI) Intel 80386 32-bit

TrID Win32 Executable MS Visual C++ (generic) (67.3%)
Win32 Dynamic Link Library (generic) (14.2%)
Win32 Executable (generic) (9.7%)
Generic Win/DOS Executable (4.3%)
DOS Executable Generic (4.3%)
Tags
peexe

VirusTotal metadata
First submission 2015-03-02 09:26:46 UTC ( 4 years ago )
Last submission 2015-03-02 09:26:46 UTC ( 4 years ago )
File names CF6.tmp
Advanced heuristic and reputation engines
Symantec reputation Suspicious.Insight
No comments. No VirusTotal Community member has commented on this item yet, be the first one to do so!

Leave your comment...

?
Post comment

You have not signed in. Only registered users can leave comments, sign in and have a voice!

No votes. No one has voted on this item yet, be the first one to do so!
Condensed report! The following is a condensed report of the behaviour of the file when executed in a controlled environment. The actions and events described were either performed by the file itself or by any other process launched by the executed file or subjected to code injection by the executed file.
Opened files
Read files
Written files
Created processes
Created mutexes
Opened mutexes
Opened service managers
Opened services
Runtime DLLs
Additional details
The file sends control codes directly to certain device drivers making use of the DeviceIoControl Windows API function.