× Cookies are disabled! This site requires cookies to be enabled to work properly
SHA256: 0a809215d4845bdc11b87b07a6c2a6acfc6ad837f6ce56abbde4cf7e03efc684
File name: 6.exe
Detection ratio: 7 / 55
Analysis date: 2016-02-19 13:11:37 UTC ( 1 year, 9 months ago ) View latest
Antivirus Result Update
Bkav HW32.Packed.A245 20160219
K7GW Hacktool ( 655367771 ) 20160219
McAfee Ransomware-Locky!CC22BB7BE7E5 20160219
McAfee-GW-Edition BehavesLike.Win32.PWSZbot.ch 20160219
Qihoo-360 QVM20.1.Malware.Gen 20160219
Rising PE:Malware.Generic(Thunder)!1.A1C4 [F] 20160219
VBA32 Malware-Cryptor.Grygoryi.3 20160219
Ad-Aware 20160219
AegisLab 20160219
Yandex 20160217
AhnLab-V3 20160219
Alibaba 20160219
ALYac 20160219
Antiy-AVL 20160219
Arcabit 20160219
Avast 20160219
AVG 20160219
Avira (no cloud) 20160219
AVware 20160219
Baidu-International 20160219
BitDefender 20160219
ByteHero 20160219
CAT-QuickHeal 20160219
ClamAV 20160219
CMC 20160219
Comodo 20160219
Cyren 20160219
DrWeb 20160219
Emsisoft 20160219
ESET-NOD32 20160219
F-Prot 20160219
F-Secure 20160219
Fortinet 20160218
GData 20160219
Ikarus 20160219
Jiangmin 20160219
K7AntiVirus 20160219
Kaspersky 20160219
Malwarebytes 20160219
Microsoft 20160219
eScan 20160219
NANO-Antivirus 20160219
nProtect 20160219
Panda 20160218
Sophos AV 20160219
SUPERAntiSpyware 20160219
Symantec 20160218
Tencent 20160219
TheHacker 20160217
TrendMicro 20160219
TrendMicro-HouseCall 20160219
VIPRE 20160219
ViRobot 20160219
Zillya 20160218
Zoner 20160219
The file being studied is a Portable Executable file! More specifically, it is a Win32 EXE file for the Windows GUI subsystem.
FileVersionInfo properties
Copyright
Copyright © Info-ZIP 1997 - 2008

Product Zip
Original name m1c2.dll
Internal name !2z
File version 5.2
Description Info-7Ij 2ij for 1inme 2qnjole
PE header basic information
Target machine Intel 386 or later processors and compatible processors
Compilation timestamp 2016-02-19 11:24:50
Entry Point 0x000062DA
Number of sections 5
PE sections
PE imports
RegCreateKeyExW
CryptDestroyKey
RegOpenCurrentUser
RegCloseKey
RegDeleteKeyW
RegEnumValueA
RegQueryValueExA
CryptEncrypt
RegEnumKeyW
RegCreateKeyExA
CryptHashData
RegQueryValueExW
CryptCreateHash
CryptDeriveKey
IsTextUnicode
LsaClose
RegOpenKeyExW
RegOpenKeyW
RegOpenKeyExA
RegDeleteValueA
LsaOpenPolicy
CryptReleaseContext
CryptAcquireContextA
RegDeleteValueW
CryptDecrypt
CryptDestroyHash
LsaFreeMemory
RegSetValueExW
FreeSid
RegEnumValueW
RegSetValueExA
EqualSid
InitCommonControlsEx
_TrackMouseEvent
CreatePolygonRgn
TextOutA
CreateFontIndirectA
AnimatePalette
LPtoDP
CombineRgn
GetObjectA
SetPixel
PtInRegion
BitBlt
RectVisible
CreatePalette
AddFontMemResourceEx
AbortPath
PtVisible
AngleArc
CreateRectRgn
GetTextColor
Polyline
DPtoLP
AbortDoc
SetRectRgn
AreFileApisANSI
GetLastError
lstrlenA
GetFileAttributesA
GlobalFree
FreeLibrary
VirtualProtect
GetModuleFileNameA
LoadLibraryA
GetStartupInfoA
ActivateActCtx
lstrlenW
MultiByteToWideChar
GetProcAddress
CreateMutexA
WideCharToMultiByte
GetModuleHandleA
lstrcpyA
GetCurrentProcess
CloseHandle
lstrcpynA
GetACP
GetFullPathNameA
GetOEMCP
LocalFree
CreateProcessA
GlobalAlloc
InterlockedDecrement
OutputDebugStringA
SetLastError
GetModuleBaseNameA
SHGetPathFromIDListA
SHGetMalloc
ShellExecuteA
SHGetDesktopFolder
GetParent
UpdateWindow
OffsetRect
DefWindowProcA
GetDoubleClickTime
GetSystemMetrics
IsWindow
GetWindowRect
EnableWindow
SetCapture
ReleaseCapture
EnumChildWindows
GrayStringA
IsWindowEnabled
DrawTextA
GetDlgCtrlID
SetWindowTextA
IsWindowVisible
IsZoomed
SendMessageA
SetForegroundWindow
SetRect
TabbedTextOutA
GetKeyboardLayout
FillRect
GetDesktopWindow
GetSystemMenu
GetWindowTextA
PtInRect
GetFileVersionInfoSizeA
GetFileVersionInfoA
VerQueryValueA
__p__fmode
_acmdln
??1type_info@@UAE@XZ
__dllonexit
_except_handler3
?terminate@@YAXXZ
_mbscmp
_onexit
_strdup
_XcptFilter
exit
__setusermatherr
_adjust_fdiv
__CxxFrameHandler
_mbsicmp
_CxxThrowException
_exit
__p__commode
_splitpath
free
_CIcos
__getmainargs
calloc
_controlfp
_setmbcp
_vsnprintf
_initterm
__set_app_type
CLSIDFromProgID
CoInitialize
CoCreateInstance
StringFromCLSID
CoUninitialize
CoTaskMemFree
OleUIBusyW
Number of PE resources by type
RT_ICON 7
RT_BITMAP 2
RT_GROUP_ICON 2
RT_VERSION 1
Number of PE resources by language
ENGLISH US 12
PE resources
Debug information
ExifTool file metadata
SubsystemVersion
5.1

LinkerVersion
9.0

ImageVersion
0.0

FileSubtype
0

FileVersionNumber
5.0.5.0

UninitializedDataSize
0

LanguageCode
English (U.S.)

FileFlagsMask
0x0000

CharacterSet
Windows, Latin1

InitializedDataSize
111104

EntryPoint
0x62da

OriginalFileName
m1c2.dll

MIMEType
application/octet-stream

LegalCopyright
Copyright Info-ZIP 1997 - 2008

FileVersion
5.2

TimeStamp
2016:02:19 12:24:50+01:00

FileType
Win32 EXE

PEType
PE32

InternalName
!2z

ProductVersion
5.5

FileDescription
Info-7Ij 2ij for 1inme 2qnjole

OSVersion
5.1

FileOS
Win32

Subsystem
Windows GUI

MachineType
Intel 386 or later, and compatibles

CompanyName
Info-ZIP

CodeSize
58368

ProductName
Zip

ProductVersionNumber
5.0.6.0

FileTypeExtension
exe

ObjectFileType
Executable application

Compressed bundles
File identification
MD5 cc22bb7be7e5da56f8f4a8c20416be8a
SHA1 4e8f570505ea9b55fa38f7745ce74b38c0e83f64
SHA256 0a809215d4845bdc11b87b07a6c2a6acfc6ad837f6ce56abbde4cf7e03efc684
ssdeep
3072:Iy52zueS3MuLj9TyyBlHAp0+WIio9p2/23zeBzd3An1YgCQSPH96PHNrD5o85PPs:UuPTLxTlBO1F9p2O3zeBzJAn3ClH96Pr

authentihash bdeb832df842ef807756fb12aaabc1380fd92a6b325575aac9c96c1686a29a86
imphash 86922188e2ac93d49ba76dcc94ee4f67
File size 162.0 KB ( 165888 bytes )
File type Win32 EXE
Magic literal
PE32 executable for MS Windows (GUI) Intel 80386 32-bit

TrID Win32 Executable MS Visual C++ (generic) (67.4%)
Win32 Dynamic Link Library (generic) (14.2%)
Win32 Executable (generic) (9.7%)
Generic Win/DOS Executable (4.3%)
DOS Executable Generic (4.3%)
Tags
peexe

VirusTotal metadata
First submission 2016-02-19 13:11:37 UTC ( 1 year, 9 months ago )
Last submission 2017-11-15 15:23:50 UTC ( 1 week, 1 day ago )
File names 6.exe
!2z
m1c2.dll
fail.exe
locky_cc22bb7be7e5da56f8f4a8c20416be8a
Advanced heuristic and reputation engines
No comments. No VirusTotal Community member has commented on this item yet, be the first one to do so!

Leave your comment...

?
Post comment

You have not signed in. Only registered users can leave comments, sign in and have a voice!

No votes. No one has voted on this item yet, be the first one to do so!
Condensed report! The following is a condensed report of the behaviour of the file when executed in a controlled environment. The actions and events described were either performed by the file itself or by any other process launched by the executed file or subjected to code injection by the executed file.
Opened files
Read files
Written files
Copied files
Moved files
Deleted files
Created processes
Shell commands
Created mutexes
Opened mutexes
Opened service managers
Opened services
Runtime DLLs
HTTP requests
TCP connections
UDP communications