× Cookies are disabled! This site requires cookies to be enabled to work properly
SHA256: 0e5064c343574a3807ef67ebf72098352919aacb714de003974e03b0e557c2c1
File name: 3c2262cf02130e85e42a59885b3c3c1c295a9d7c
Detection ratio: 10 / 57
Analysis date: 2015-10-11 04:13:45 UTC ( 3 years, 4 months ago )
Antivirus Result Update
Antiy-AVL Trojan/Win32.Inject 20151011
Avira (no cloud) TR/Crypt.ZPACK.186759 20151010
AVware Trojan.Win32.Generic!BT 20151011
ESET-NOD32 Win32/Sopinar.C 20151011
Fortinet W32/Inject.C!tr 20151010
GData Win32.Trojan.Agent.OBDOZY 20151011
Kaspersky Trojan.Win32.Inject.vjgu 20151011
Panda Generic Suspicious 20151010
Sophos AV Mal/Generic-S 20151011
VIPRE Trojan.Win32.Generic!BT 20151011
Ad-Aware 20151011
AegisLab 20151010
Yandex 20151009
AhnLab-V3 20151010
Alibaba 20151010
ALYac 20151010
Arcabit 20151011
Avast 20151011
AVG 20151011
Baidu-International 20151010
BitDefender 20151011
Bkav 20151010
ByteHero 20151011
CAT-QuickHeal 20151010
ClamAV 20151009
CMC 20151009
Comodo 20151011
Cyren 20151011
DrWeb 20151011
Emsisoft 20151011
F-Prot 20151011
F-Secure 20151010
Ikarus 20151010
Jiangmin 20151010
K7AntiVirus 20151011
K7GW 20151010
Kingsoft 20151011
Malwarebytes 20151011
McAfee 20151011
McAfee-GW-Edition 20151011
Microsoft 20151011
eScan 20151011
NANO-Antivirus 20151011
nProtect 20151008
Qihoo-360 20151011
Rising 20151010
SUPERAntiSpyware 20151011
Symantec 20151011
Tencent 20151011
TheHacker 20151010
TotalDefense 20151011
TrendMicro 20151011
TrendMicro-HouseCall 20151011
VBA32 20151009
ViRobot 20151010
Zillya 20151011
Zoner 20151011
The file being studied is a Portable Executable file! More specifically, it is a Win32 EXE file for the Windows GUI subsystem.
PE header basic information
Target machine Intel 386 or later processors and compatible processors
Compilation timestamp 2015-10-08 10:33:02
Entry Point 0x00010655
Number of sections 5
PE sections
PE imports
RegDeleteKeyA
RegCloseKey
RegSetValueExW
RegEnumValueA
RegCreateKeyExA
RegOpenKeyExA
RegQueryValueExW
CryptDestroyHash
GetLastError
InitializeCriticalSection
HeapFree
GetStdHandle
EnterCriticalSection
LCMapStringW
SetHandleCount
GetLocaleInfoW
WaitForSingleObject
GetOEMCP
LCMapStringA
HeapDestroy
ExitProcess
IsBadWritePtr
TlsAlloc
GetEnvironmentStringsW
GetVersionExA
GetModuleFileNameA
RtlUnwind
LoadLibraryA
FreeEnvironmentStringsA
DeleteCriticalSection
GetCurrentProcess
EnumSystemLocalesA
GetEnvironmentStrings
GetLocaleInfoA
GetUserDefaultLCID
IsValidCodePage
GetCPInfo
UnhandledExceptionFilter
InterlockedDecrement
MultiByteToWideChar
FatalAppExitA
FreeEnvironmentStringsW
GetCommandLineA
GetProcAddress
GetStringTypeA
GetCurrentThread
CompareStringW
WideCharToMultiByte
TlsFree
GetModuleHandleA
WriteFile
GetStartupInfoA
CompareStringA
IsValidLocale
GetACP
HeapReAlloc
GetStringTypeW
GetCurrentThreadId
SetEnvironmentVariableA
TerminateProcess
GetTimeZoneInformation
GetEnvironmentVariableA
HeapCreate
VirtualFree
TlsGetValue
Sleep
GetFileType
TlsSetValue
HeapAlloc
GetVersion
InterlockedIncrement
VirtualAlloc
SetLastError
LeaveCriticalSection
SHQueryValueExA
Number of PE resources by type
RT_MANIFEST 1
RT_STRING 1
Number of PE resources by language
ENGLISH US 2
PE resources
ExifTool file metadata
MIMEType
application/octet-stream

Subsystem
Windows GUI

MachineType
Intel 386 or later, and compatibles

TimeStamp
2015:10:08 11:33:02+01:00

FileType
Win32 EXE

PEType
PE32

CodeSize
102400

LinkerVersion
7.1

FileTypeExtension
exe

InitializedDataSize
36864

SubsystemVersion
4.0

EntryPoint
0x10655

OSVersion
4.0

ImageVersion
0.0

UninitializedDataSize
0

File identification
MD5 45e43b00e3eb4294650647292e8b28c3
SHA1 3c2262cf02130e85e42a59885b3c3c1c295a9d7c
SHA256 0e5064c343574a3807ef67ebf72098352919aacb714de003974e03b0e557c2c1
ssdeep
3072:2XYOux2PfRVXiCDw7I1iu7Kchw6yM1OGeabPcmEgZVOH+CNA:cTffg0Uuuchly3abPcmKp+

authentihash 1a76accff6ffcde072dbb0019ef2f885fbbc68e0b7146c5b93619f689c2534ee
imphash 34f398723da4e201ea8e839b3d2a1048
File size 136.0 KB ( 139264 bytes )
File type Win32 EXE
Magic literal
PE32 executable for MS Windows (GUI) Intel 80386 32-bit

TrID Win32 Executable MS Visual C++ (generic) (67.3%)
Win32 Dynamic Link Library (generic) (14.2%)
Win32 Executable (generic) (9.7%)
Generic Win/DOS Executable (4.3%)
DOS Executable Generic (4.3%)
Tags
peexe

VirusTotal metadata
First submission 2015-10-11 04:13:45 UTC ( 3 years, 4 months ago )
Last submission 2015-10-11 04:13:45 UTC ( 3 years, 4 months ago )
No comments. No VirusTotal Community member has commented on this item yet, be the first one to do so!

Leave your comment...

?
Post comment

You have not signed in. Only registered users can leave comments, sign in and have a voice!

No votes. No one has voted on this item yet, be the first one to do so!
Condensed report! The following is a condensed report of the behaviour of the file when executed in a controlled environment. The actions and events described were either performed by the file itself or by any other process launched by the executed file or subjected to code injection by the executed file.
Created mutexes
Runtime DLLs