× Cookies are disabled! This site requires cookies to be enabled to work properly
SHA256: 0c1eaec4d963b61205ca237a18ea26ee3c944ed2d887bb85043898e60211ff51
File name: 038e58df5f22402c8e0b80377eaeebd7.virus
Detection ratio: 36 / 57
Analysis date: 2016-09-06 00:52:37 UTC ( 2 years, 5 months ago )
Antivirus Result Update
Ad-Aware Trojan.GenericKD.3500909 20160906
AegisLab Troj.W32.Gen.lTMU 20160905
AhnLab-V3 Trojan/Win32.Upbot.N2096828443 20160905
ALYac Trojan.GenericKD.3500909 20160906
Antiy-AVL Trojan[:HEUR]/Win32.AGeneric 20160906
Arcabit Trojan.Generic.D356B6D 20160906
Avast Win32:Malware-gen 20160906
AVG Generic_r.MWN 20160906
Avira (no cloud) TR/Crypt.ZPACK.ltz 20160905
AVware LooksLike.Win32.Crowti.b (v) 20160906
Baidu Win32.Trojan.Kryptik.akc 20160905
BitDefender Trojan.GenericKD.3500909 20160906
Bkav W32.FamVT.RazyNHmA.Trojan 20160905
CrowdStrike Falcon (ML) malicious_confidence_100% (D) 20160725
Cyren W32/S-e2e07e9d!Eldorado 20160906
Emsisoft Trojan.GenericKD.3500909 (B) 20160906
ESET-NOD32 a variant of Win32/Kryptik.FFIP 20160906
F-Prot W32/S-e2e07e9d!Eldorado 20160905
F-Secure Trojan.GenericKD.3500909 20160905
GData Trojan.GenericKD.3500909 20160905
Sophos ML trojan.win32.c2lop.n 20160830
Jiangmin TrojanDropper.Injector.bjur 20160905
Kaspersky HEUR:Trojan.Win32.Generic 20160905
Malwarebytes Backdoor.BetaBot 20160905
McAfee GenericRXAG-ST!038E58DF5F22 20160906
McAfee-GW-Edition BehavesLike.Win32.PWSZbot.dh 20160906
Microsoft Trojan:Win32/Lethic.I 20160906
eScan Trojan.GenericKD.3500909 20160906
Panda Trj/GdSda.A 20160905
Qihoo-360 HEUR/QVM09.0.7A23.Malware.Gen 20160906
Rising Malware.Generic!74uV2Wnwm1@5 (thunder) 20160906
Sophos AV Mal/Generic-S 20160906
Symantec Trojan.Gen 20160906
Tencent Win32.Trojan.Kryptik.Eew 20160906
VIPRE LooksLike.Win32.Crowti.b (v) 20160831
Yandex Trojan.Agent!iybRjxqHpiU 20160905
Alibaba 20160905
CAT-QuickHeal 20160904
ClamAV 20160906
CMC 20160905
Comodo 20160905
Fortinet 20160905
Ikarus 20160905
K7AntiVirus 20160905
K7GW 20160905
Kingsoft 20160906
NANO-Antivirus 20160906
nProtect 20160906
SUPERAntiSpyware 20160905
TheHacker 20160905
TotalDefense 20160906
TrendMicro 20160906
TrendMicro-HouseCall 20160906
VBA32 20160905
ViRobot 20160906
Zillya 20160905
Zoner 20160905
The file being studied is a Portable Executable file! More specifically, it is a Win32 EXE file for the Windows GUI subsystem.
PE header basic information
Target machine Intel 386 or later processors and compatible processors
Compilation timestamp 2016-08-29 22:05:39
Entry Point 0x0000546D
Number of sections 4
PE sections
PE imports
GetLastError
HeapFree
GetStdHandle
EnterCriticalSection
GetConsoleOutputCP
ReadFile
SetHandleCount
GetConsoleCP
GetDriveTypeA
QueryPerformanceCounter
TlsSetValue
IsDebuggerPresent
HeapAlloc
TlsAlloc
GetVersionExA
GetEnvironmentStringsW
FlushFileBuffers
GetModuleFileNameA
RtlUnwind
LoadLibraryA
FreeEnvironmentStringsA
DeleteCriticalSection
GetCurrentProcess
EnumSystemLocalesA
GetEnvironmentStrings
GetFileType
GetConsoleMode
GetLocaleInfoA
GetCurrentProcessId
LCMapStringW
SetFilePointer
LCMapStringA
GetCPInfo
UnhandledExceptionFilter
TlsGetValue
MultiByteToWideChar
HeapSize
FreeEnvironmentStringsW
GetCommandLineA
GetUserDefaultLCID
GetStringTypeA
GetLocaleInfoW
SetStdHandle
CompareStringW
GetSystemDEPPolicy
RaiseException
CreateFileA
WideCharToMultiByte
TlsFree
GetModuleHandleA
LeaveCriticalSection
SetUnhandledExceptionFilter
WriteFile
GetStartupInfoA
CompareStringA
GetSystemTimeAsFileTime
IsValidLocale
GetACP
HeapReAlloc
GetStringTypeW
GetProcAddress
ExitProcess
SetEnvironmentVariableA
GetOEMCP
TerminateProcess
GetTimeZoneInformation
WriteConsoleA
InitializeCriticalSection
HeapCreate
VirtualFree
InterlockedDecrement
Sleep
WriteConsoleW
SetEndOfFile
HeapDestroy
CloseHandle
GetTickCount
GetCurrentThreadId
GetProcessHeap
VirtualAlloc
SetLastError
InterlockedIncrement
GetLayeredWindowAttributes
Number of PE resources by type
RT_DIALOG 4
RT_MANIFEST 1
Number of PE resources by language
ENGLISH US 4
NEUTRAL 1
PE resources
ExifTool file metadata
MIMEType
application/octet-stream

Subsystem
Windows GUI

MachineType
Intel 386 or later, and compatibles

TimeStamp
2016:08:29 23:05:39+01:00

FileType
Win32 EXE

PEType
PE32

CodeSize
80384

LinkerVersion
9.0

FileTypeExtension
exe

InitializedDataSize
127488

SubsystemVersion
5.0

EntryPoint
0x546d

OSVersion
5.0

ImageVersion
0.0

UninitializedDataSize
0

File identification
MD5 038e58df5f22402c8e0b80377eaeebd7
SHA1 6a53298d13a1fbd58c7bae4afccfe9f06b030d7f
SHA256 0c1eaec4d963b61205ca237a18ea26ee3c944ed2d887bb85043898e60211ff51
ssdeep
3072:Jbz54ciCo+oweL3C+aLlBNYTrZQ+IcbyVn1XH3e9om1KRdKlcYQLv4TDsp3Op:Jbz55N6K3iEcQn1XH3e9VKRdoInS

authentihash 9cf8cac600aef50a8754aaf56fec60f885bd752ee43bab60766300c5e9bddd17
imphash 40041fc890bbfde597a0961324ff3fe8
File size 204.0 KB ( 208896 bytes )
File type Win32 EXE
Magic literal
PE32 executable for MS Windows (GUI) Intel 80386 32-bit

TrID Win32 Executable MS Visual C++ (generic) (42.2%)
Win64 Executable (generic) (37.3%)
Win32 Dynamic Link Library (generic) (8.8%)
Win32 Executable (generic) (6.0%)
Generic Win/DOS Executable (2.7%)
Tags
peexe

VirusTotal metadata
First submission 2016-09-06 00:52:37 UTC ( 2 years, 5 months ago )
Last submission 2016-09-06 00:52:37 UTC ( 2 years, 5 months ago )
File names 038e58df5f22402c8e0b80377eaeebd7.virus
No comments. No VirusTotal Community member has commented on this item yet, be the first one to do so!

Leave your comment...

?
Post comment

You have not signed in. Only registered users can leave comments, sign in and have a voice!

No votes. No one has voted on this item yet, be the first one to do so!
Condensed report! The following is a condensed report of the behaviour of the file when executed in a controlled environment. The actions and events described were either performed by the file itself or by any other process launched by the executed file or subjected to code injection by the executed file.
Created processes
Opened mutexes
Runtime DLLs