× Cookies are disabled! This site requires cookies to be enabled to work properly
SHA256: 0e8f5d3b942a829c7c44deb4358099b7eb0dde2e90f337efedc088c31ae2a9b9
File name: 024a68b8b3d3f8cc7f42da1ddbec443868007644
Detection ratio: 37 / 56
Analysis date: 2016-06-19 03:24:28 UTC ( 2 years, 10 months ago ) View latest
Antivirus Result Update
Ad-Aware Trojan.GenericKD.3316435 20160619
AegisLab Backdoor.W32.Androm!c 20160619
AhnLab-V3 Trojan/Win32.Kryptik 20160618
ALYac Trojan.GenericKD.3316435 20160619
Antiy-AVL Trojan/Generic.ASMalwS.194F774 20160619
Arcabit Trojan.Generic.D329AD3 20160619
Avast Win32:Trojan-gen 20160619
AVG Generic_r.JYK 20160619
Avira (no cloud) TR/Crypt.ZPACK.dhhr 20160618
AVware Trojan.Win32.Generic!BT 20160619
Baidu Win32.Trojan.WisdomEyes.151026.9950.9999 20160618
BitDefender Trojan.GenericKD.3316435 20160619
Cyren W32/Trojan.UGBR-0544 20160619
DrWeb Trojan.Encoder.4855 20160619
Emsisoft Trojan.Win32.Agent (A) 20160619
ESET-NOD32 a variant of Win32/Kryptik.FAAK 20160618
F-Secure Trojan.GenericKD.3316435 20160619
Fortinet Malicious_Behavior.VEX.99 20160619
GData Trojan.GenericKD.3316435 20160619
Ikarus Trojan-Ransom.Crypt0L0cker 20160618
Jiangmin Trojan.Rack.ai 20160619
K7AntiVirus Trojan ( 004f21061 ) 20160618
K7GW Trojan ( 004f21061 ) 20160619
Kaspersky Backdoor.Win32.Androm.jyrw 20160619
Malwarebytes Ransom.Crypt0L0cker 20160618
McAfee GenericR-HWN!24EEDC1D6B08 20160619
McAfee-GW-Edition BehavesLike.Win32.Trojan.bm 20160619
eScan Trojan.GenericKD.3316435 20160619
nProtect Trojan.GenericKD.3316435 20160617
Panda Trj/GdSda.A 20160618
Qihoo-360 HEUR/QVM20.1.0000.Malware.Gen 20160619
Sophos AV Mal/Generic-S 20160619
Symantec Trojan.Cryptolocker.H 20160619
Tencent Win32.Trojan.Kryptik.Hsta 20160619
TrendMicro TROJ_GEN.R00UC0EFI16 20160619
VIPRE Trojan.Win32.Generic!BT 20160619
ViRobot Trojan.Win32.CryptoLocker.799744.A[h] 20160618
Alibaba 20160617
Baidu-International 20160614
Bkav 20160618
CAT-QuickHeal 20160618
ClamAV 20160619
CMC 20160616
Comodo 20160618
F-Prot 20160619
Kingsoft 20160619
Microsoft 20160619
NANO-Antivirus 20160619
SUPERAntiSpyware 20160618
TheHacker 20160617
TotalDefense 20160618
TrendMicro-HouseCall 20160619
VBA32 20160617
Yandex 20160616
Zillya 20160618
Zoner 20160619
The file being studied is a Portable Executable file! More specifically, it is a Win32 EXE file for the Windows GUI subsystem.
FileVersionInfo properties
Copyright
Copyright (C) 1999 - 2013 Speedbit Ltd.

Product DAP Ununstall
Original name DapRemove.exe
Internal name DapRemove
File version 10, 0, 5, 2
Description DAP Ununstall
PE header basic information
Target machine Intel 386 or later processors and compatible processors
Compilation timestamp 2016-06-15 08:40:58
Entry Point 0x00001EC0
Number of sections 5
PE sections
PE imports
RegQueryValueExW
GetEnhMetaFileA
PathToRegion
CreateMetaFileA
EngAlphaBlend
GetRgnBox
EngStretchBlt
GetEnhMetaFileBits
GdiProcessSetup
GetEnhMetaFileW
SetStretchBltMode
EngBitBlt
EngDeleteSurface
DeleteDC
SetBkMode
GetCharWidthA
SetTextColor
FillRgn
SetAbortProc
PlayEnhMetaFile
ExtTextOutA
SaveDC
SetTextAlign
CreateRoundRectRgn
CreateCompatibleDC
PolyBezierTo
SelectObject
CreateFontIndirectExA
CopyMetaFileW
GetWinMetaFileBits
CreateColorSpaceW
GetSystemPaletteUse
WidenPath
UpdateICMRegKeyW
GetLastError
GetStdHandle
GetDriveTypeW
lstrlenW
FindFirstChangeNotificationA
lstrlenA
LoadLibraryW
FreeLibrary
ReplaceFile
DefineDosDeviceA
LoadLibraryA
GetFileAttributesW
VerifyVersionInfoW
GetStartupInfoA
LocalAlloc
GetCommandLineW
MultiByteToWideChar
GetCommandLineA
GetProcAddress
GetFileType
GetFileAttributesA
GetModuleHandleA
FindNextFileW
FindFirstFileW
GetModuleHandleW
EscapeCommFunction
GetDriveTypeA
LocalFree
FormatMessageW
UnmapViewOfFile
Sleep
SetLastError
HeapAlloc
GetVersion
GetProcessHeap
VirtualAlloc
WriteConsoleW
ShellAboutA
ShellExecuteExA
SHCreateDirectoryExW
FindExecutableA
ExtractIconExA
SHBindToParent
SHIsFileAvailableOffline
ShellExecuteW
SHEmptyRecycleBinA
SHGetSettings
ExtractAssociatedIconExA
SHBrowseForFolderA
SHPathPrepareForWriteW
Shell_NotifyIcon
DoEnvironmentSubstA
SHGetDiskFreeSpaceExW
SHLoadNonloadedIconOverlayIdentifiers
StrChrIA
StrCmpNW
StrStrIW
StrStrW
TranslateAccelerator
ChildWindowFromPointEx
DrawTextExW
SetMenuItemBitmaps
DestroyWindow
CharUpperW
CheckRadioButton
CharUpperA
ShowWindow
FindWindowA
LoadBitmapA
GetClipboardData
LoadBitmapW
GetSystemMetrics
HiliteMenuItem
IsWindow
PeekMessageW
DestroyIcon
UpdateWindow
CopyAcceleratorTableW
DdeKeepStringHandle
LoadIconW
CharLowerW
SetWindowLongA
CharNextW
DdeEnableCallback
GetProcessWindowStation
OpenWindowStationA
GetPropW
GetDC
DestroyCursor
EndDeferWindowPos
CreateWindowStationA
GetProcessDefaultLayout
CreatePopupMenu
ShowCaret
EnableMenuItem
SetParent
GetLastActivePopup
IsWindowVisible
GetGuiResources
LoadStringW
GetDlgItem
AllowSetForegroundWindow
GetNextDlgTabItem
SetKeyboardState
GetScrollInfo
BroadcastSystemMessage
AnimateWindow
FindWindowExA
GetSysColor
PostThreadMessageW
SwitchToThisWindow
ShowCursor
CharNextA
WaitForInputIdle
EnumPropsExW
ExcludeUpdateRgn
ChangeMenuW
EnumPropsW
CreateWindowExW
CharLowerA
CloseClipboard
CharToOemA
GetKeyState
TranslateAcceleratorW
timeGetTime
__p__fmode
malloc
setlocale
fprintf
_cexit
__initenv
_c_exit
_wcsdup
vfwprintf
exit
_XcptFilter
__setusermatherr
_adjust_fdiv
_except_handler3
__p__commode
free
vswprintf
__getmainargs
fwprintf
_controlfp
_initterm
_exit
__set_app_type
_iob
Number of PE resources by type
RT_DIALOG 3
RT_HTML 3
RT_ICON 3
RT_GROUP_ICON 2
RT_GROUP_CURSOR 1
RT_CURSOR 1
RT_VERSION 1
Number of PE resources by language
ENGLISH US 14
PE resources
ExifTool file metadata
SubsystemVersion
5.0

InitializedDataSize
722432

ImageVersion
0.0

ProductName
DAP Ununstall

FileVersionNumber
10.0.5.2

UninitializedDataSize
0

LanguageCode
English (U.S.)

FileFlagsMask
0x003f

ImageFileCharacteristics
No relocs, Executable, 32-bit

CharacterSet
Unicode

LinkerVersion
9.0

FileTypeExtension
exe

OriginalFileName
DapRemove.exe

MIMEType
application/octet-stream

Subsystem
Windows GUI

FileVersion
10, 0, 5, 2

TimeStamp
2016:06:15 09:40:58+01:00

FileType
Win32 EXE

PEType
PE32

InternalName
DapRemove

ProductVersion
10, 0, 5, 2

FileDescription
DAP Ununstall

OSVersion
5.0

FileOS
Win32

LegalCopyright
Copyright (C) 1999 - 2013 Speedbit Ltd.

MachineType
Intel 386 or later, and compatibles

CompanyName
S peedbit Ltd.

CodeSize
76800

FileSubtype
0

ProductVersionNumber
10.0.5.2

EntryPoint
0x1ec0

ObjectFileType
Executable application

Execution parents
Compressed bundles
File identification
MD5 24eedc1d6b08add073f64451a8f0d973
SHA1 024a68b8b3d3f8cc7f42da1ddbec443868007644
SHA256 0e8f5d3b942a829c7c44deb4358099b7eb0dde2e90f337efedc088c31ae2a9b9
ssdeep
6144:BtLtWmgBpPgaJtrYB7far1RAuIef/uI2GOV3RoTJ9dv63HowUGMJaLXXQgzqnh:BtY3DJtsI1RAHA/MG+AJ9c3oTGMH

authentihash 68ad67fe39cf83faf3f2568ffda24c96834eb123544864a23f0ce50e6f44704b
imphash 6cfa45bf553fa88413235e6617688589
File size 781.0 KB ( 799744 bytes )
File type Win32 EXE
Magic literal
PE32 executable for MS Windows (GUI) Intel 80386 32-bit

TrID Win32 Executable MS Visual C++ (generic) (41.0%)
Win64 Executable (generic) (36.3%)
Win32 Dynamic Link Library (generic) (8.6%)
Win32 Executable (generic) (5.9%)
OS/2 Executable (generic) (2.6%)
Tags
peexe

VirusTotal metadata
First submission 2016-06-15 08:51:30 UTC ( 2 years, 10 months ago )
Last submission 2017-08-19 16:26:52 UTC ( 1 year, 8 months ago )
File names VirusShare_24eedc1d6b08add073f64451a8f0d973
DapRemove
DapRemove.exe
file.exe
024a68b8b3d3f8cc7f42da1ddbec443868007644
ocaqeqic.exe
No comments. No VirusTotal Community member has commented on this item yet, be the first one to do so!

Leave your comment...

?
Post comment

You have not signed in. Only registered users can leave comments, sign in and have a voice!

No votes. No one has voted on this item yet, be the first one to do so!
Condensed report! The following is a condensed report of the behaviour of the file when executed in a controlled environment. The actions and events described were either performed by the file itself or by any other process launched by the executed file or subjected to code injection by the executed file.
Opened files
Read files
Written files
Created processes
Code injections in the following processes
Created mutexes
Opened mutexes
Opened service managers
Opened services
Runtime DLLs
HTTP requests
DNS requests
TCP connections
UDP communications