× Cookies are disabled! This site requires cookies to be enabled to work properly
SHA256: 0b5a7d28532e1f3eb5d37d073de66a69842042349ede9341e2d9acbdefe8a8d0
File name: 663d3a858b2301db178ecb0aa16f08ca3047e5c3
Detection ratio: 20 / 57
Analysis date: 2016-05-30 07:28:49 UTC ( 2 years, 10 months ago ) View latest
Antivirus Result Update
Ad-Aware Trojan.GenericKD.3273038 20160530
AegisLab Troj.Downloader.W32.Agent.l3NC 20160530
Arcabit Trojan.Generic.D31F14E 20160530
Avira (no cloud) TR/Crypt.ZPACK.owwr 20160529
Baidu Win32.Trojan.WisdomEyes.151026.9950.9974 20160530
BitDefender Trojan.GenericKD.3273038 20160530
Bkav HW32.Packed.32C2 20160528
Emsisoft Trojan.GenericKD.3273038 (B) 20160530
ESET-NOD32 a variant of Generik.BTXOLUH 20160530
F-Secure Trojan.GenericKD.3273038 20160530
GData Trojan.GenericKD.3273038 20160530
Kaspersky UDS:DangerousObject.Multi.Generic 20160530
Malwarebytes Trojan.Downloader 20160530
McAfee Artemis!568E59394830 20160530
McAfee-GW-Edition BehavesLike.Win32.Backdoor.cc 20160530
eScan Trojan.GenericKD.3273038 20160530
Qihoo-360 Win32/Trojan.ef2 20160530
Rising Malware.XPACK-HIE/Heur!1.9C48 20160530
Sophos AV Mal/Generic-S 20160530
Symantec Trojan Horse 20160530
AhnLab-V3 20160530
Alibaba 20160530
ALYac 20160531
Antiy-AVL 20160530
Avast 20160530
AVG 20160530
AVware 20160530
Baidu-International 20160529
CAT-QuickHeal 20160530
ClamAV 20160530
CMC 20160523
Comodo 20160530
Cyren 20160530
DrWeb 20160530
F-Prot 20160530
Fortinet 20160530
Ikarus 20160530
Jiangmin 20160530
K7AntiVirus 20160530
K7GW 20160530
Kingsoft 20160530
Microsoft 20160530
NANO-Antivirus 20160530
nProtect 20160527
Panda 20160529
SUPERAntiSpyware 20160529
Tencent 20160530
TheHacker 20160528
TotalDefense 20160530
TrendMicro 20160530
TrendMicro-HouseCall 20160530
VBA32 20160527
VIPRE 20160530
ViRobot 20160530
Yandex 20160530
Zillya 20160528
Zoner 20160530
The file being studied is a Portable Executable file! More specifically, it is a Win32 EXE file for the Windows GUI subsystem.
PE header basic information
Target machine Intel 386 or later processors and compatible processors
Compilation timestamp 2012-07-14 08:37:33
Entry Point 0x00019CD0
Number of sections 4
PE sections
PE imports
EapHostPeerConfigXml2Blob
EapHostPeerFreeMemory
EapHostPeerConfigBlob2Xml
EapHostPeerGetMethods
EapHostPeerFreeErrorMemory
ReplaceFileA
GetNumberFormatA
TlsGetValue
GetStartupInfoA
FileTimeToSystemTime
GetModuleHandleA
lstrcatA
OpenEventW
ReadFile
WaitForSingleObjectEx
SetEnvironmentVariableA
OpenJobObjectA
DefineDosDeviceA
GetVolumeNameForVolumeMountPointA
IsBadCodePtr
GetProcAddress
GetDiskFreeSpaceA
MoveFileExA
GetVersion
GetProcessHeap
TraceSQLFetch
TraceSQLCancel
TraceSQLConnect
TraceSQLError
TraceSQLBindCol
GetThemeFont
GetThemeEnumValue
DrawThemeEdge
GetThemeColor
GetThemeBool
IsThemeActive
CloseThemeData
DrawThemeBackground
SetWindowTheme
GetThemeTextMetrics
WTSEnumerateSessionsA
WTSSetUserConfigA
WTSVirtualChannelPurgeInput
WTSUnRegisterSessionNotification
WTSQuerySessionInformationA
WTSQueryUserToken
WTSVirtualChannelWrite
WTSVirtualChannelRead
WTSFreeMemory
WTSEnumerateProcessesA
WTSRegisterSessionNotification
WTSSendMessageA
WTSCloseServer
WTSWaitSystemEvent
WTSEnumerateServersA
Number of PE resources by type
RT_RCDATA 4
Number of PE resources by language
ENGLISH US 4
PE resources
Debug information
ExifTool file metadata
MIMEType
application/octet-stream

Subsystem
Windows GUI

MachineType
Intel 386 or later, and compatibles

FileTypeExtension
exe

TimeStamp
2012:07:14 09:37:33+01:00

FileType
Win32 EXE

PEType
PE32

CodeSize
102400

LinkerVersion
6.0

EntryPoint
0x19cd0

InitializedDataSize
7680

SubsystemVersion
4.0

ImageVersion
0.0

OSVersion
4.0

UninitializedDataSize
0

File identification
MD5 568e593948306637a2633d558f7438cf
SHA1 0f6692a942f80fb315fbc6da869d6f96eb4adea4
SHA256 0b5a7d28532e1f3eb5d37d073de66a69842042349ede9341e2d9acbdefe8a8d0
ssdeep
3072:vIpw0pMuMTV4xUAAR1D5eMbcSlYlA6KIyIyIp5K:5EMRTV44B5c0YN

authentihash a898cba7f76d9e1457d3b696fccfa73b250952fdbdbe96dfbfaf053b3cc0d3be
imphash b62f82a6962880b690ea51c9304f5784
File size 108.5 KB ( 111104 bytes )
File type Win32 EXE
Magic literal
PE32 executable for MS Windows (GUI) Intel 80386 32-bit

TrID Win32 Dynamic Link Library (generic) (43.5%)
Win32 Executable (generic) (29.8%)
Generic Win/DOS Executable (13.2%)
DOS Executable Generic (13.2%)
Tags
peexe

VirusTotal metadata
First submission 2016-05-29 01:08:44 UTC ( 2 years, 10 months ago )
Last submission 2016-05-30 07:28:49 UTC ( 2 years, 10 months ago )
File names 1234.exe
663d3a858b2301db178ecb0aa16f08ca3047e5c3
No comments. No VirusTotal Community member has commented on this item yet, be the first one to do so!

Leave your comment...

?
Post comment

You have not signed in. Only registered users can leave comments, sign in and have a voice!

No votes. No one has voted on this item yet, be the first one to do so!
Condensed report! The following is a condensed report of the behaviour of the file when executed in a controlled environment. The actions and events described were either performed by the file itself or by any other process launched by the executed file or subjected to code injection by the executed file.
Opened files
Read files
Written files
Deleted files
Created processes
Code injections in the following processes
Created mutexes
Opened mutexes
Opened service managers
Opened services
Runtime DLLs
HTTP requests
DNS requests
TCP connections
UDP communications