× Cookies are disabled! This site requires cookies to be enabled to work properly
SHA256: 0aacf26a50512535c8c985fa0adb5bfc4dbce41810c725763d356e9364f849a5
File name: da930409f8546d2736b49250d9cb7256
Detection ratio: 4 / 57
Analysis date: 2016-06-09 17:34:59 UTC ( 2 years, 8 months ago ) View latest
Antivirus Result Update
Avast Win32:Malware-gen 20160609
Avira (no cloud) TR/Crypt.Xpack.cbyd 20160609
Baidu Win32.Trojan.WisdomEyes.151026.9950.9996 20160608
Qihoo-360 QVM09.0.Malware.Gen 20160609
Ad-Aware 20160609
AegisLab 20160609
AhnLab-V3 20160609
Alibaba 20160608
ALYac 20160609
Antiy-AVL 20160609
Arcabit 20160609
AVG 20160609
AVware 20160609
Baidu-International 20160606
BitDefender 20160609
Bkav 20160609
CAT-QuickHeal 20160609
ClamAV 20160609
CMC 20160607
Comodo 20160609
Cyren 20160609
DrWeb 20160609
Emsisoft 20160609
ESET-NOD32 20160609
F-Prot 20160609
F-Secure 20160609
Fortinet 20160609
GData 20160609
Ikarus 20160609
Jiangmin 20160609
K7AntiVirus 20160609
K7GW 20160609
Kaspersky 20160609
Kingsoft 20160609
Malwarebytes 20160609
McAfee 20160609
McAfee-GW-Edition 20160609
Microsoft 20160609
eScan 20160609
NANO-Antivirus 20160609
nProtect 20160609
Panda 20160609
Rising 20160609
Sophos AV 20160609
SUPERAntiSpyware 20160609
Symantec 20160609
Tencent 20160609
TheHacker 20160607
TotalDefense 20160609
TrendMicro 20160609
TrendMicro-HouseCall 20160609
VBA32 20160609
VIPRE 20160609
ViRobot 20160609
Yandex 20160608
Zillya 20160609
Zoner 20160609
The file being studied is a Portable Executable file! More specifically, it is a Win32 EXE file for the Windows GUI subsystem.
PE header basic information
Target machine Intel 386 or later processors and compatible processors
Compilation timestamp 2016-06-08 09:37:34
Entry Point 0x0000284F
Number of sections 4
PE sections
PE imports
GetLastError
HeapFree
GetStdHandle
EnterCriticalSection
LCMapStringW
SetHandleCount
GetConsoleCP
GetOEMCP
LCMapStringA
HeapDestroy
IsDebuggerPresent
TlsAlloc
FlushFileBuffers
GetEnvironmentStringsW
GetVersionExA
GetModuleFileNameA
RtlUnwind
LoadLibraryA
FreeEnvironmentStringsA
DeleteCriticalSection
GetStartupInfoA
GetEnvironmentStrings
GetFileType
GetConsoleMode
GetLocaleInfoA
GetCurrentProcessId
GetConsoleOutputCP
GetCPInfo
UnhandledExceptionFilter
TlsGetValue
MultiByteToWideChar
HeapSize
FreeEnvironmentStringsW
GetCommandLineA
GetProcAddress
GetStringTypeA
GetProcessHeap
SetStdHandle
SetFilePointer
WideCharToMultiByte
TlsFree
GetModuleHandleA
SetUnhandledExceptionFilter
WriteFile
GetCurrentProcess
CloseHandle
GetSystemTimeAsFileTime
GetACP
HeapReAlloc
GetStringTypeW
FreeResource
TerminateProcess
QueryPerformanceCounter
WriteConsoleA
VirtualAlloc
InitializeCriticalSection
HeapCreate
VirtualFree
InterlockedDecrement
Sleep
WriteConsoleW
GetTickCount
TlsSetValue
CreateFileA
HeapAlloc
GetCurrentThreadId
LeaveCriticalSection
ExitProcess
SetLastError
InterlockedIncrement
EndDeferWindowPos
GetLastActivePopup
GetKeyboardType
GetMenuItemID
SetProcessDefaultLayout
Number of PE resources by type
GIF 1
RT_MANIFEST 1
Number of PE resources by language
RUSSIAN 1
ENGLISH CARIBBEAN 1
PE resources
ExifTool file metadata
MIMEType
application/octet-stream

Subsystem
Windows GUI

MachineType
Intel 386 or later, and compatibles

FileTypeExtension
exe

TimeStamp
2016:06:08 10:37:34+01:00

FileType
Win32 EXE

PEType
PE32

CodeSize
39936

LinkerVersion
9.0

EntryPoint
0x284f

InitializedDataSize
136192

SubsystemVersion
5.0

ImageVersion
0.0

OSVersion
5.0

UninitializedDataSize
0

File identification
MD5 da930409f8546d2736b49250d9cb7256
SHA1 46fa4f15a18adcfc32e73157cfb85c5647974036
SHA256 0aacf26a50512535c8c985fa0adb5bfc4dbce41810c725763d356e9364f849a5
ssdeep
3072:KePINGTnY9/k+spMZgMxAjumv912MsIUhVqmdP8/H/sdqMniCNV8fJBGMHS88Skb:K+Y9SMCsAjumv9gMsIWyEq8CJH3hkhMu

authentihash cc7f2660f7ef85248aaba9f4a3e1ce088e53a789feed3e3d1b5c7cc352bbd317
imphash 6ba08dc23d9df5d386b6c8faecff60b1
File size 173.0 KB ( 177152 bytes )
File type Win32 EXE
Magic literal
PE32 executable for MS Windows (GUI) Intel 80386 32-bit

TrID Win32 Executable MS Visual C++ (generic) (67.4%)
Win32 Dynamic Link Library (generic) (14.2%)
Win32 Executable (generic) (9.7%)
Generic Win/DOS Executable (4.3%)
DOS Executable Generic (4.3%)
Tags
peexe

VirusTotal metadata
First submission 2016-06-09 17:34:59 UTC ( 2 years, 8 months ago )
Last submission 2016-06-09 17:34:59 UTC ( 2 years, 8 months ago )
No comments. No VirusTotal Community member has commented on this item yet, be the first one to do so!

Leave your comment...

?
Post comment

You have not signed in. Only registered users can leave comments, sign in and have a voice!

No votes. No one has voted on this item yet, be the first one to do so!
Condensed report! The following is a condensed report of the behaviour of the file when executed in a controlled environment. The actions and events described were either performed by the file itself or by any other process launched by the executed file or subjected to code injection by the executed file.
Opened files
Read files
Written files
Deleted files
Created processes
Code injections in the following processes
Created mutexes
Opened mutexes
Opened service managers
Opened services
Runtime DLLs
HTTP requests
DNS requests
TCP connections
UDP communications