× Cookies are disabled! This site requires cookies to be enabled to work properly
SHA256: 13854ac70cb8c7d7e8a269942077ffcc24c21df3636c0f9d9b706174c80a5ac4
File name: xseg.dump.bin
Detection ratio: 22 / 56
Analysis date: 2016-05-27 11:48:10 UTC ( 2 years, 8 months ago )
Antivirus Result Update
Ad-Aware Gen:Variant.Symmi.17697 20160527
ALYac Gen:Variant.Symmi.17697 20160527
Antiy-AVL Trojan[Downloader:HEUR]/Win32.AGeneric 20160527
Arcabit Trojan.Symmi.D4521 20160527
Avast Win32:Evo-gen [Susp] 20160527
AVG Downloader.Generic14.ARRM 20160527
Avira (no cloud) TR/Taranis.2895 20160527
Baidu Win32.Trojan.WisdomEyes.151026.9950.9999 20160527
BitDefender Gen:Variant.Symmi.17697 20160527
DrWeb Trojan.Siggen6.58358 20160527
Emsisoft Gen:Variant.Symmi.17697 (B) 20160527
ESET-NOD32 a variant of Win32/TrojanDownloader.Agent.CFH 20160527
F-Secure Gen:Variant.Symmi.17697 20160527
GData Gen:Variant.Symmi.17697 20160527
Jiangmin TrojanDownloader.Generic.arjs 20160527
K7AntiVirus Trojan-Downloader ( 004e137c1 ) 20160527
K7GW Trojan-Downloader ( 004e137c1 ) 20160527
McAfee-GW-Edition BehavesLike.Win32.Ransom.mh 20160527
eScan Gen:Variant.Symmi.17697 20160527
NANO-Antivirus Trojan.Win32.Agent.ebeycc 20160527
Qihoo-360 QVM20.1.Malware.Gen 20160527
Rising Malware.Generic!SStBlBVXtRG@2 (Thunder) 20160527
AegisLab 20160527
AhnLab-V3 20160527
Alibaba 20160527
AVware 20160527
Baidu-International 20160527
Bkav 20160527
CAT-QuickHeal 20160527
ClamAV 20160527
CMC 20160523
Comodo 20160527
Cyren 20160527
F-Prot 20160527
Fortinet 20160527
Ikarus 20160527
Kaspersky 20160527
Kingsoft 20160527
Malwarebytes 20160527
McAfee 20160527
Microsoft 20160527
nProtect 20160527
Panda 20160527
Sophos AV 20160527
SUPERAntiSpyware 20160527
Symantec 20160527
Tencent 20160527
TheHacker 20160526
TrendMicro 20160527
TrendMicro-HouseCall 20160527
VBA32 20160527
VIPRE 20160527
ViRobot 20160527
Yandex 20160526
Zillya 20160526
Zoner 20160527
The file being studied is a Portable Executable file! More specifically, it is a Win32 EXE file for the Windows GUI subsystem.
PE header basic information
Target machine Intel 386 or later processors and compatible processors
Compilation timestamp 2015-11-18 18:46:59
Entry Point 0x000053A3
Number of sections 5
PE sections
Overlays
MD5 53e979547d8c2ea86560ac45de08ae25
File type ASCII text
Offset 84480
Size 1536
Entropy 0.00
PE imports
GetLastError
HeapFree
CopyFileW
ReleaseMutex
TerminateThread
GetModuleFileNameW
WaitForSingleObject
SetEvent
HeapAlloc
TlsAlloc
VirtualProtect
GetVersionExA
LoadLibraryA
GetFileSize
GetCurrentProcess
SetThreadPriority
LocalAlloc
SetErrorMode
SetThreadAffinityMask
WaitForMultipleObjects
GetSystemInfo
OpenMutexA
CreateMutexA
CreateThread
TlsFree
GetModuleHandleA
GetSystemDirectoryW
GetExitCodeThread
InterlockedExchange
SetUnhandledExceptionFilter
WriteFile
ReadFile
GetCommandLineA
GetSystemDirectoryA
GetProcAddress
GetLongPathNameW
SetPriorityClass
LocalFree
IsWow64Process
ResumeThread
HeapCreate
GetTempPathW
CreateFileW
CreateProcessW
CreateEventA
TlsGetValue
Sleep
TlsSetValue
CreateFileA
ExitProcess
GetCurrentThreadId
VirtualAlloc
GetCurrentProcessId
CloseHandle
RpcStringFreeA
UuidToStringA
CreateWindowStationA
ShowScrollBar
CreateWindowExA
CloseWindowStation
LoadIconA
UpdateWindow
CreateDesktopA
CloseDesktop
SetThreadDesktop
EnableScrollBar
CreateMenu
DestroyMenu
SetWindowLongA
DefWindowProcA
ShowWindow
UnregisterClassA
RegisterClassA
SetWindowPos
DestroyWindow
_snwprintf
swprintf
memset
memcpy
NtQuerySystemInformation
RtlInitUnicodeString
RtlImageNtHeader
NtOpenFile
RtlQueryEnvironmentVariable_U
RtlTimeToTimeFields
NtTerminateThread
NtSetTimer
NtTerminateProcess
NtClose
NtAllocateVirtualMemory
NtCreateTimer
NtQueryInformationFile
CsrClientConnectToServer
Number of PE resources by type
RT_RCDATA 1
Number of PE resources by language
ENGLISH US 1
PE resources
ExifTool file metadata
MIMEType
application/octet-stream

Subsystem
Windows GUI

MachineType
Intel 386 or later, and compatibles

TimeStamp
2015:11:18 19:46:59+01:00

FileType
Win32 EXE

PEType
PE32

CodeSize
29184

LinkerVersion
14.0

FileTypeExtension
exe

InitializedDataSize
58880

SubsystemVersion
5.1

EntryPoint
0x53a3

OSVersion
5.1

ImageVersion
2.1

UninitializedDataSize
0

File identification
MD5 e8e999747a8e94b65b42e8073ddb1b93
SHA1 8b9608be7073a90aa52c24ba290bd2ac5b29fdda
SHA256 13854ac70cb8c7d7e8a269942077ffcc24c21df3636c0f9d9b706174c80a5ac4
ssdeep
1536:tdU01tzCEe4fOrOBt4cqRkYKvH4duvhd8t:tdU01tmEe4fOet4cOTyHV8t

authentihash 59fdeeed1078aa8e554723ceb71f2c2ad1db4b04b0f4d376cbfe24e2510ac6b0
imphash 991d492905021be6a6b7f9182b0a4831
File size 84.0 KB ( 86016 bytes )
File type Win32 EXE
Magic literal
PE32 executable for MS Windows (GUI) Intel 80386 32-bit

TrID Win32 Executable MS Visual C++ (generic) (64.5%)
Win32 Dynamic Link Library (generic) (13.6%)
Win32 Executable (generic) (9.3%)
Win16/32 Executable Delphi generic (4.2%)
Generic Win/DOS Executable (4.1%)
Tags
peexe overlay

VirusTotal metadata
First submission 2016-05-27 11:48:10 UTC ( 2 years, 8 months ago )
Last submission 2016-05-27 11:48:10 UTC ( 2 years, 8 months ago )
File names xseg.dump.bin
No comments. No VirusTotal Community member has commented on this item yet, be the first one to do so!

Leave your comment...

?
Post comment

You have not signed in. Only registered users can leave comments, sign in and have a voice!

No votes. No one has voted on this item yet, be the first one to do so!
Condensed report! The following is a condensed report of the behaviour of the file when executed in a controlled environment. The actions and events described were either performed by the file itself or by any other process launched by the executed file or subjected to code injection by the executed file.
Opened files
Read files
Written files
Deleted files
Created processes
Code injections in the following processes
Created mutexes
Opened mutexes
Opened service managers
Opened services
Runtime DLLs
HTTP requests
DNS requests
TCP connections
UDP communications