× Cookies are disabled! This site requires cookies to be enabled to work properly
SHA256: 14153009ac70d98c6b1fa660614e94242cdbea6cdd0014442ef3f3277a6518f5
File name: 0d1d0dbfb138ebd3f303747aed2e7aa7.virus
Detection ratio: 36 / 56
Analysis date: 2016-10-07 22:15:05 UTC ( 2 years, 4 months ago )
Antivirus Result Update
Ad-Aware Gen:Variant.Razy.94477 20161007
AhnLab-V3 Trojan/Win32.Tuhkit.N2107199995 20161007
ALYac Gen:Variant.Razy.94477 20161007
Antiy-AVL Trojan[Banker]/Win32.Tuhkit 20161007
Arcabit Trojan.Razy.D1710D 20161007
Avast Win32:Malware-gen 20161007
AVG Downloader.Generic14.BEQZ 20161007
Avira (no cloud) TR/Crypt.ZPACK.yabee 20161007
Baidu Win32.Trojan.WisdomEyes.151026.9950.9998 20161001
BitDefender Gen:Variant.Razy.94477 20161007
Bkav HW32.Packed.5829 20161007
CrowdStrike Falcon (ML) malicious_confidence_100% (D) 20160725
Cyren W32/Trojan.LMKQ-1141 20161007
DrWeb Trojan.Siggen6.58358 20161007
Emsisoft Gen:Variant.Razy.94477 (B) 20161007
ESET-NOD32 a variant of Win32/Kryptik.FGJM 20161007
F-Secure Gen:Variant.Razy.94477 20161007
Fortinet W32/Generic.AP.1E668!tr 20161007
GData Gen:Variant.Razy.94477 20161007
Sophos ML virus.win32.sality.at 20160928
Jiangmin Trojan.Banker.Tuhkit.k 20161007
K7AntiVirus Trojan ( 004f8cc61 ) 20161007
K7GW Trojan ( 004f8cc61 ) 20161007
Kaspersky Trojan-Banker.Win32.Tuhkit.au 20161007
Malwarebytes Trojan.Downloader 20161007
McAfee Artemis!0D1D0DBFB138 20161007
McAfee-GW-Edition BehavesLike.Win32.Expiro.cc 20161007
eScan Gen:Variant.Razy.94477 20161007
Panda Trj/GdSda.A 20161007
Qihoo-360 HEUR/QVM20.1.0000.Malware.Gen 20161007
Rising Malware.Generic!Ok1SHy0yGSE@2 (thunder) 20161007
Sophos AV Mal/Generic-S 20161007
Symantec Heur.AdvML.B 20161007
Tencent Win32.Trojan-banker.Tuhkit.Fij 20161007
TrendMicro TROJ_GEN.R000C0VIL16 20161007
TrendMicro-HouseCall TROJ_HPTALAPEK.SMEND 20161007
AegisLab 20161007
Alibaba 20161003
AVware 20161007
CAT-QuickHeal 20161007
ClamAV 20161007
CMC 20161003
Comodo 20161007
F-Prot 20161007
Ikarus 20161007
Kingsoft 20161007
Microsoft 20161007
NANO-Antivirus 20161007
nProtect 20161007
SUPERAntiSpyware 20161007
TheHacker 20161007
VBA32 20161007
VIPRE 20161007
ViRobot 20161007
Yandex 20161007
Zillya 20161007
Zoner 20161007
The file being studied is a Portable Executable file! More specifically, it is a Win32 EXE file for the Windows GUI subsystem.
Packers identified
PEiD Ste@lth PE 1.01 -> BGCorp
PE header basic information
Target machine Intel 386 or later processors and compatible processors
Compilation timestamp 2012-07-14 10:54:05
Entry Point 0x00005810
Number of sections 3
PE sections
PE imports
lstrcpynW
GetStartupInfoA
GetVolumeInformationA
GetStdHandle
ReleaseSemaphore
CreateThread
GetEnvironmentVariableA
WaitForSingleObject
CreateWaitableTimerW
GetTickCount
GetFullPathNameW
LoadLibraryA
OpenEventA
GetProcAddress
TraceSQLFetch
TraceSQLBindCol
ShellMessageBoxW
SHCreateShellItem
DuplicateIcon
SHGetSettings
DragQueryPoint
FreeIconList
StrChrA
ExtractIconA
DllRegisterServer
SHFileOperationA
SE_InstallAfterInit
SE_IsShimDll
SE_ProcessDying
SE_DllLoaded
SE_InstallBeforeInit
Number of PE resources by type
RT_RCDATA 9
RT_DIALOG 1
Number of PE resources by language
NEUTRAL 10
PE resources
Debug information
ExifTool file metadata
MIMEType
application/octet-stream

Subsystem
Windows GUI

MachineType
Intel 386 or later, and compatibles

TimeStamp
2012:07:14 11:54:05+01:00

FileType
Win32 EXE

PEType
PE32

CodeSize
127488

LinkerVersion
7.0

FileTypeExtension
exe

InitializedDataSize
36352

SubsystemVersion
4.0

EntryPoint
0x5810

OSVersion
5.1

ImageVersion
5.1

UninitializedDataSize
0

File identification
MD5 0d1d0dbfb138ebd3f303747aed2e7aa7
SHA1 2570ba4adeb8c4a0fe277d0b463cd30b3fb21aee
SHA256 14153009ac70d98c6b1fa660614e94242cdbea6cdd0014442ef3f3277a6518f5
ssdeep
3072:XxJbJJi1vVsph6cuGPSgnD2jhgWNkCoZc:Xzbmyph6cuGPliSWa

authentihash d870b993f3b8b1952d1c9bfc8a495ef423bc650ae9bc796160b50065f90a68eb
imphash 8c30c459890df1e7a071d13a67c1f63b
File size 161.0 KB ( 164864 bytes )
File type Win32 EXE
Magic literal
PE32 executable for MS Windows (GUI) Intel 80386 32-bit

TrID Win32 Dynamic Link Library (generic) (43.5%)
Win32 Executable (generic) (29.8%)
Generic Win/DOS Executable (13.2%)
DOS Executable Generic (13.2%)
Tags
peexe stealth suspicious-dns

VirusTotal metadata
First submission 2016-10-07 22:15:05 UTC ( 2 years, 4 months ago )
Last submission 2016-10-07 22:15:05 UTC ( 2 years, 4 months ago )
File names 0d1d0dbfb138ebd3f303747aed2e7aa7.virus
No comments. No VirusTotal Community member has commented on this item yet, be the first one to do so!

Leave your comment...

?
Post comment

You have not signed in. Only registered users can leave comments, sign in and have a voice!

No votes. No one has voted on this item yet, be the first one to do so!
Condensed report! The following is a condensed report of the behaviour of the file when executed in a controlled environment. The actions and events described were either performed by the file itself or by any other process launched by the executed file or subjected to code injection by the executed file.
Opened files
Read files
Written files
Deleted files
Created processes
Code injections in the following processes
Created mutexes
Opened mutexes
Opened service managers
Opened services
Runtime DLLs
HTTP requests
DNS requests
TCP connections
UDP communications