× Cookies are disabled! This site requires cookies to be enabled to work properly
SHA256: 122a8ebb07a266d2c525420183323f06711a5cc42ad28bd5cdbb078624627ed2
File name: BA46.tmp
Detection ratio: 17 / 57
Analysis date: 2016-05-31 17:49:06 UTC ( 2 years, 9 months ago ) View latest
Antivirus Result Update
Avast Win32:Malware-gen 20160531
Avira (no cloud) TR/Crypt.ZPACK.rbwv 20160531
Baidu Win32.Trojan.WisdomEyes.151026.9950.9999 20160530
Bkav HW32.Packed.66CC 20160531
DrWeb Trojan.Siggen6.58358 20160531
ESET-NOD32 Win32/TrojanDownloader.Agent.CFH 20160531
Fortinet W32/Injector.CZFI!tr 20160531
Ikarus Trojan-Downloader.Win32.Agent 20160531
Kaspersky Trojan.Win32.Agent.nevnbh 20160531
Malwarebytes Trojan.Crypt 20160531
McAfee Artemis!EE49DFBD11EB 20160531
McAfee-GW-Edition BehavesLike.Win32.Backdoor.cc 20160531
Panda Trj/Genetic.gen 20160531
Qihoo-360 HEUR/QVM20.1.Malware.Gen 20160531
Rising Malware.XPACK-HIE/Heur!1.9C48 20160531
Symantec Trojan Horse 20160531
Tencent Win32.Trojan-downloader.Agent.Amcf 20160531
Ad-Aware 20160531
AegisLab 20160531
AhnLab-V3 20160531
Alibaba 20160531
ALYac 20160531
Antiy-AVL 20160531
Arcabit 20160531
AVG 20160531
AVware 20160531
Baidu-International 20160531
BitDefender 20160531
CAT-QuickHeal 20160531
ClamAV 20160531
CMC 20160530
Comodo 20160531
Cyren 20160531
Emsisoft 20160531
F-Prot 20160531
F-Secure 20160531
GData 20160531
Jiangmin 20160531
K7AntiVirus 20160531
K7GW 20160531
Kingsoft 20160531
Microsoft 20160531
eScan 20160531
NANO-Antivirus 20160531
nProtect 20160531
Sophos AV 20160531
SUPERAntiSpyware 20160531
TheHacker 20160530
TotalDefense 20160531
TrendMicro 20160531
TrendMicro-HouseCall 20160531
VBA32 20160531
VIPRE 20160531
ViRobot 20160531
Yandex 20160531
Zillya 20160531
Zoner 20160531
The file being studied is a Portable Executable file! More specifically, it is a Win32 EXE file for the Windows GUI subsystem.
PE header basic information
Target machine Intel 386 or later processors and compatible processors
Compilation timestamp 2012-07-14 08:37:33
Entry Point 0x0001967F
Number of sections 4
PE sections
PE imports
ClusterEnum
CloseClusterGroup
ClusterControl
CloseCluster
CloseClusterNode
McastApiCleanup
McastApiStartup
DefineDosDeviceW
CreateHardLinkA
CopyFileA
GetVolumeNameForVolumeMountPointA
WaitForSingleObjectEx
GetSystemDirectoryA
GetLocaleInfoA
GetFileSize
CreateDirectoryA
TlsGetValue
DeleteFileW
GetProcAddress
GetProcessHeap
OpenMutexA
lstrcpynW
CompareStringW
GetModuleHandleA
IsBadCodePtr
WriteFile
CreateMutexW
CloseHandle
FindNextFileA
GetACP
GetDiskFreeSpaceA
SetEnvironmentVariableA
GetLongPathNameW
GetExpandedNameW
GetNumberFormatA
OpenSemaphoreA
InterlockedDecrement
CreateFileA
GetVersion
WriteConsoleW
GetThemeFont
IsThemeActive
DrawThemeEdge
GetWindowTheme
GetThemeBool
GetThemeTextExtent
OpenThemeData
CloseThemeData
DrawThemeBackground
SetWindowTheme
GetThemeTextMetrics
GetThemeInt
WTSSetUserConfigA
WTSVirtualChannelPurgeInput
WTSEnumerateSessionsA
WTSQuerySessionInformationA
WTSQueryUserToken
WTSCloseServer
WTSVirtualChannelWrite
WTSOpenServerA
WTSFreeMemory
WTSRegisterSessionNotification
WTSLogoffSession
WTSUnRegisterSessionNotification
WTSEnumerateProcessesA
WTSWaitSystemEvent
WTSVirtualChannelOpen
WTSVirtualChannelQuery
WTSEnumerateServersA
Number of PE resources by type
RT_RCDATA 4
Number of PE resources by language
ENGLISH US 4
PE resources
Debug information
ExifTool file metadata
MIMEType
application/octet-stream

Subsystem
Windows GUI

MachineType
Intel 386 or later, and compatibles

FileTypeExtension
exe

TimeStamp
2012:07:14 09:37:33+01:00

FileType
Win32 EXE

PEType
PE32

CodeSize
103424

LinkerVersion
6.0

EntryPoint
0x1967f

InitializedDataSize
8704

SubsystemVersion
4.0

ImageVersion
0.0

OSVersion
4.0

UninitializedDataSize
0

File identification
MD5 ee49dfbd11eba8f07fdbd804ee1fd141
SHA1 457301a1730f41d60dd556847e720f326f05d5dc
SHA256 122a8ebb07a266d2c525420183323f06711a5cc42ad28bd5cdbb078624627ed2
ssdeep
3072:kJhrxKIzB1JYBWtZ1F3zyy3usxoTfDXl27C:kJhr4aB1CBWfMTTLXl27

authentihash f985fcb1ce94037256815ff228f4912545896b60cdfc01e5c8ee244fa7787e29
imphash a1f9b642e2d621091a1b8c0a9dd3944f
File size 110.5 KB ( 113152 bytes )
File type Win32 EXE
Magic literal
PE32 executable for MS Windows (GUI) Intel 80386 32-bit

TrID Win32 Dynamic Link Library (generic) (43.5%)
Win32 Executable (generic) (29.8%)
Generic Win/DOS Executable (13.2%)
DOS Executable Generic (13.2%)
Tags
peexe

VirusTotal metadata
First submission 2016-05-30 15:38:06 UTC ( 2 years, 9 months ago )
Last submission 2016-05-30 15:38:06 UTC ( 2 years, 9 months ago )
File names BA46.tmp
No comments. No VirusTotal Community member has commented on this item yet, be the first one to do so!

Leave your comment...

?
Post comment

You have not signed in. Only registered users can leave comments, sign in and have a voice!

No votes. No one has voted on this item yet, be the first one to do so!
Condensed report! The following is a condensed report of the behaviour of the file when executed in a controlled environment. The actions and events described were either performed by the file itself or by any other process launched by the executed file or subjected to code injection by the executed file.
Opened files
Read files
Written files
Deleted files
Created processes
Code injections in the following processes
Created mutexes
Opened mutexes
Opened service managers
Opened services
Runtime DLLs
HTTP requests
DNS requests
TCP connections
UDP communications