× Cookies are disabled! This site requires cookies to be enabled to work properly
SHA256: 149a5a36278d308f1821d9c7e2d164a93c2fcff46696e4b287a8585ed9e94017
File name: smoke927251.exe
Detection ratio: 30 / 55
Analysis date: 2017-01-24 13:09:19 UTC ( 2 years, 3 months ago ) View latest
Antivirus Result Update
Ad-Aware Trojan.GenericKD.4218616 20170124
AegisLab Ml.Attribute.Veryhighconfidence.[Heur.Advml!c 20170124
AhnLab-V3 Trojan/Win32.Banki.R194291 20170124
Antiy-AVL Trojan/Win32.TSGeneric 20170124
Arcabit Trojan.Generic.D405EF8 20170124
Avast Win32:Malware-gen 20170124
Avira (no cloud) TR/Crypt.Xpack.zyvff 20170124
AVware Trojan.Win32.Generic!BT 20170124
Baidu Win32.Trojan.WisdomEyes.16070401.9500.9986 20170124
BitDefender Trojan.GenericKD.4218616 20170124
CrowdStrike Falcon (ML) malicious_confidence_66% (W) 20161024
Cyren W32/S-e2e07e9d!Eldorado 20170124
DrWeb Trojan.Proxy2.159 20170124
Emsisoft Trojan.GenericKD.4218616 (B) 20170124
ESET-NOD32 a variant of Win32/Kryptik.FNIA 20170124
F-Prot W32/S-e2e07e9d!Eldorado 20170124
F-Secure Trojan.GenericKD.4218616 20170124
Fortinet W32/Kryptik.FNIA!tr 20170124
GData Trojan.GenericKD.4218616 20170124
Ikarus Trojan.Win32.Krypt 20170124
K7AntiVirus Trojan ( 005034681 ) 20170124
K7GW Trojan ( 005034681 ) 20170124
Kaspersky Trojan-Ransom.Win32.Blocker.jwqg 20170124
McAfee Trojan-FKQX!99EB2CF09388 20170124
McAfee-GW-Edition Trojan-FKQX!99EB2CF09388 20170124
eScan Trojan.GenericKD.4218616 20170124
Panda Trj/Genetic.gen 20170123
Sophos AV Mal/Generic-S 20170124
Symantec ML.Relationship.HighConfidence [Trojan.Gen.2] 20170123
VIPRE Trojan.Win32.Generic!BT 20170124
Alibaba 20170122
ALYac 20170124
AVG 20170124
CAT-QuickHeal 20170124
ClamAV 20170124
CMC 20170124
Comodo 20170124
Sophos ML 20170111
Jiangmin 20170124
Kingsoft 20170124
Malwarebytes 20170124
Microsoft 20170124
NANO-Antivirus 20170124
nProtect 20170124
Qihoo-360 20170124
Rising 20170124
SUPERAntiSpyware 20170124
Tencent 20170124
TheHacker 20170123
TotalDefense 20170124
TrendMicro-HouseCall 20170124
Trustlook 20170124
VBA32 20170123
ViRobot 20170124
WhiteArmor 20170123
Yandex 20170123
Zillya 20170124
Zoner 20170124
The file being studied is a Portable Executable file! More specifically, it is a Win32 EXE file for the Windows GUI subsystem.
PE header basic information
Target machine Intel 386 or later processors and compatible processors
Compilation timestamp 2017-01-23 07:23:26
Entry Point 0x000031DF
Number of sections 4
PE sections
PE imports
GetStdHandle
GetConsoleOutputCP
WaitForSingleObject
HeapDestroy
GetExitCodeProcess
FreeEnvironmentStringsA
DeleteCriticalSection
GetCurrentProcess
GetConsoleMode
GetLocaleInfoA
SetErrorMode
FreeEnvironmentStringsW
SetStdHandle
GetTempPathA
GetCPInfo
GetStringTypeA
WriteFile
GetSystemTimeAsFileTime
GetDiskFreeSpaceA
GetStringTypeW
GetOEMCP
InitializeCriticalSection
FindClose
TlsGetValue
SetLastError
GetUserDefaultLangID
IsDebuggerPresent
ExitProcess
FlushFileBuffers
RemoveDirectoryA
GetPrivateProfileStringA
UnhandledExceptionFilter
InterlockedDecrement
MultiByteToWideChar
GetModuleHandleA
CreateThread
SetUnhandledExceptionFilter
MulDiv
GetSystemDirectoryA
SetEnvironmentVariableA
TerminateProcess
WriteConsoleA
GlobalAlloc
SetEndOfFile
GetCurrentThreadId
InterlockedIncrement
WriteConsoleW
HeapFree
EnterCriticalSection
SetHandleCount
FreeLibrary
QueryPerformanceCounter
GetTickCount
TlsAlloc
GetVersionExA
LoadLibraryA
RtlUnwind
GetStartupInfoA
DeleteFileA
GetWindowsDirectoryA
GetProcAddress
GetProcessHeap
CompareStringW
FindFirstFileA
lstrcpyA
CompareStringA
GetTempFileNameA
CreateFileMappingA
FindNextFileA
GlobalLock
GetTimeZoneInformation
CopyFileA
GetFileType
TlsSetValue
CreateFileA
HeapAlloc
LeaveCriticalSection
GetLastError
LCMapStringW
HeapCreate
lstrlenA
GlobalFree
GetConsoleCP
LCMapStringA
HeapReAlloc
GetEnvironmentStringsW
GlobalUnlock
GetModuleFileNameA
GetEnvironmentStrings
WritePrivateProfileStringA
GetCurrentProcessId
WideCharToMultiByte
HeapSize
GetCommandLineA
RaiseException
MapViewOfFile
TlsFree
SetFilePointer
ReadFile
CloseHandle
lstrcpynA
GetACP
GetVersion
CreateProcessA
UnmapViewOfFile
VirtualFree
Sleep
VirtualAlloc
Number of PE resources by type
RT_STRING 17
RT_MANIFEST 1
Number of PE resources by language
NEUTRAL 17
ENGLISH ARABIC QATAR 1
PE resources
ExifTool file metadata
MIMEType
application/octet-stream

Subsystem
Windows GUI

MachineType
Intel 386 or later, and compatibles

FileTypeExtension
exe

TimeStamp
2017:01:23 08:23:26+01:00

FileType
Win32 EXE

PEType
PE32

CodeSize
72704

LinkerVersion
9.0

EntryPoint
0x31df

InitializedDataSize
231936

SubsystemVersion
5.0

ImageVersion
0.0

OSVersion
5.0

UninitializedDataSize
0

File identification
MD5 99eb2cf093881ce51c0ab0c9e46fc2e5
SHA1 6f82d701888eda0d179fa9c1b3342491a09cf00f
SHA256 149a5a36278d308f1821d9c7e2d164a93c2fcff46696e4b287a8585ed9e94017
ssdeep
3072:3+zIWu9Pg7TznlfuPOyoFEG3qj3QOgudCCBz+kvZVE2Z+RXRjf32/zh3+Fif:31qzlmOyor39BunJ5psjY

authentihash 30a5494e6514696c0d843f62a99563c7a73e632f27c985f990878570eff761b6
imphash 8dd3fa68ac63598abcc0aa0448be0eab
File size 239.0 KB ( 244736 bytes )
File type Win32 EXE
Magic literal
PE32 executable for MS Windows (GUI) Intel 80386 32-bit

TrID Win32 Executable MS Visual C++ (generic) (42.2%)
Win64 Executable (generic) (37.3%)
Win32 Dynamic Link Library (generic) (8.8%)
Win32 Executable (generic) (6.0%)
Generic Win/DOS Executable (2.7%)
Tags
peexe

VirusTotal metadata
First submission 2017-01-23 07:42:28 UTC ( 2 years, 3 months ago )
Last submission 2017-01-23 07:42:28 UTC ( 2 years, 3 months ago )
File names smoke927251.exe
No comments. No VirusTotal Community member has commented on this item yet, be the first one to do so!

Leave your comment...

?
Post comment

You have not signed in. Only registered users can leave comments, sign in and have a voice!

No votes. No one has voted on this item yet, be the first one to do so!
Condensed report! The following is a condensed report of the behaviour of the file when executed in a controlled environment. The actions and events described were either performed by the file itself or by any other process launched by the executed file or subjected to code injection by the executed file.
Opened files
Read files
Written files
Created processes
Code injections in the following processes
Opened mutexes
Runtime DLLs