× Cookies are disabled! This site requires cookies to be enabled to work properly
SHA256: 157542668ba0f3ae9fb07cb761a5ba2dad120a18c955c082460a05f20e5fe2ff
File name: 0ad741b48c30fc2d6dea39f272642622.virus
Detection ratio: 42 / 62
Analysis date: 2017-04-02 04:31:03 UTC ( 1 year, 11 months ago ) View latest
Antivirus Result Update
Ad-Aware Trojan.Agent.CDTG 20170402
AhnLab-V3 Backdoor/Win32.Ruskill.C1781360 20170402
ALYac Trojan.Agent.CDTG 20170331
Arcabit Trojan.Agent.CDTG 20170402
Avast Win32:Malware-gen 20170402
AVG Generic_r.RGV 20170402
Baidu Win32.Trojan.Kryptik.bhz 20170331
BitDefender Trojan.Agent.CDTG 20170402
Comodo TrojWare.Win32.Lethic.WA 20170402
CrowdStrike Falcon (ML) malicious_confidence_100% (D) 20170130
Cyren W32/S-e2e07e9d!Eldorado 20170402
DrWeb Trojan.DownLoader23.32524 20170402
Emsisoft Trojan.Agent.CDTG (B) 20170402
Endgame malicious (high confidence) pefuj1 20170401
ESET-NOD32 a variant of Win32/Kryptik.FOED 20170402
F-Prot W32/S-e2e07e9d!Eldorado 20170402
F-Secure Trojan.Agent.CDTG 20170402
Fortinet W32/Kryptik.FMOE!tr 20170402
GData Trojan.Agent.CDTG 20170402
Ikarus Trojan.Win32.Lethic 20170402
Sophos ML worm.win32.dorkbot.i 20170203
Jiangmin Backdoor.Ruskill.yj 20170402
K7AntiVirus Trojan ( 00507f291 ) 20170402
K7GW Trojan ( 00507f291 ) 20170402
Kaspersky HEUR:Trojan.Win32.Generic 20170402
McAfee Artemis!0AD741B48C30 20170402
McAfee-GW-Edition BehavesLike.Win32.PWSZbot.ch 20170402
Microsoft Trojan:Win32/Dynamer!ac 20170402
eScan Trojan.Agent.CDTG 20170402
NANO-Antivirus Trojan.Win32.Kryptik.elnnmz 20170402
Palo Alto Networks (Known Signatures) generic.ml 20170402
Panda Trj/GdSda.A 20170401
Qihoo-360 Win32/Trojan.b34 20170402
Rising Malware.Obscure/Heur!1.A121 (cloud:nki46wQh7vI) 20170402
SentinelOne (Static ML) static engine - malicious 20170330
Sophos AV Mal/Generic-S 20170402
Symantec Trojan.Gen 20170401
Tencent Win32.Trojan.Scar.Ist 20170402
TrendMicro TROJ_GEN.R03HC0DCT17 20170402
TrendMicro-HouseCall TROJ_GEN.R03HC0DCT17 20170402
VBA32 Trojan.Garrun 20170331
ZoneAlarm by Check Point HEUR:Trojan.Win32.Generic 20170402
AegisLab 20170402
Alibaba 20170402
Antiy-AVL 20170402
Avira (no cloud) 20170402
AVware 20170330
Bkav 20170402
CAT-QuickHeal 20170401
ClamAV 20170402
CMC 20170402
Kingsoft 20170402
Malwarebytes 20170402
nProtect 20170402
SUPERAntiSpyware 20170402
Symantec Mobile Insight 20170331
TheHacker 20170330
TotalDefense 20170402
Trustlook 20170402
VIPRE 20170402
ViRobot 20170402
Webroot 20170402
WhiteArmor 20170327
Yandex 20170327
Zillya 20170402
Zoner 20170402
The file being studied is a Portable Executable file! More specifically, it is a Win32 EXE file for the Windows GUI subsystem.
PE header basic information
Target machine Intel 386 or later processors and compatible processors
Compilation timestamp 2017-02-11 08:25:04
Entry Point 0x00004E9C
Number of sections 4
PE sections
PE imports
GetDeviceCaps
GetObjectA
DeleteDC
SelectObject
StretchBlt
GetObjectW
CreateCompatibleDC
DeleteObject
CreateCompatibleBitmap
GetStdHandle
GetConsoleOutputCP
FileTimeToSystemTime
WaitForSingleObject
FindFirstFileW
HeapDestroy
FreeEnvironmentStringsA
DeleteCriticalSection
GetCurrentProcess
GetConsoleMode
GetLocaleInfoA
lstrcatA
ExpandEnvironmentStringsA
FreeEnvironmentStringsW
SetStdHandle
GetTempPathA
WideCharToMultiByte
GetStringTypeA
WriteFile
GetSystemTimeAsFileTime
HeapReAlloc
GetStringTypeW
GetExitCodeProcess
MoveFileA
InitializeCriticalSection
FindClose
TlsGetValue
SetLastError
IsDebuggerPresent
ExitProcess
GetVersionExA
RemoveDirectoryA
LoadLibraryExA
GetPrivateProfileStringA
UnhandledExceptionFilter
InterlockedDecrement
MultiByteToWideChar
GetModuleHandleA
CreateThread
SetUnhandledExceptionFilter
MulDiv
ExitThread
SetEnvironmentVariableA
TerminateProcess
WriteConsoleA
GetNumberFormatA
VirtualQuery
LocalFileTimeToFileTime
SetEndOfFile
GetCurrentThreadId
InterlockedIncrement
SetCurrentDirectoryA
WriteConsoleW
HeapFree
EnterCriticalSection
SetHandleCount
lstrcmpiA
FreeLibrary
QueryPerformanceCounter
GetTickCount
TlsAlloc
FlushFileBuffers
LoadLibraryA
RtlUnwind
GetSystemDirectoryA
GetStartupInfoA
GetDateFormatA
GetFileSize
CreateDirectoryA
DeleteFileA
CreateDirectoryW
DeleteFileW
GetProcAddress
GetProcessHeap
CompareStringW
lstrcmpA
FindFirstFileA
CompareStringA
GetTempFileNameA
FindNextFileA
GlobalLock
GetTimeZoneInformation
CreateFileW
GetFileType
TlsSetValue
CreateFileA
HeapAlloc
LeaveCriticalSection
GetLastError
DosDateTimeToFileTime
LCMapStringW
lstrlenA
GlobalFree
GetConsoleCP
LCMapStringA
FindNextFileW
GetThreadLocale
GetEnvironmentStringsW
GlobalUnlock
GlobalAlloc
GetModuleFileNameA
FileTimeToLocalFileTime
GetEnvironmentStrings
GetCurrentDirectoryW
WritePrivateProfileStringA
GetCurrentProcessId
SetFileTime
GetCPInfo
HeapSize
GetCommandLineA
RaiseException
TlsFree
SetFilePointer
ReadFile
CloseHandle
lstrcpynA
GetACP
GetVersion
CreateProcessA
IsValidCodePage
HeapCreate
VirtualFree
Sleep
FindResourceA
VirtualAlloc
GetOEMCP
GetTimeFormatA
SHGetFileInfoA
ShellExecuteExA
SHBrowseForFolderA
SHChangeNotify
SHGetSpecialFolderLocation
SHGetPathFromIDListA
SHGetMalloc
SHFileOperationA
GetFileVersionInfoSizeA
GetFileVersionInfoA
VerQueryValueW
GetFileVersionInfoW
GetFileVersionInfoSizeW
VerQueryValueA
CreateStreamOnHGlobal
OleUninitialize
CoCreateInstance
OleInitialize
CLSIDFromString
Number of PE resources by type
RT_ACCELERATOR 1
RT_MANIFEST 1
RT_MENU 1
RT_DIALOG 1
Number of PE resources by language
RUSSIAN 3
ARABIC UAE 1
PE resources
ExifTool file metadata
MIMEType
application/octet-stream

Subsystem
Windows GUI

MachineType
Intel 386 or later, and compatibles

FileTypeExtension
exe

TimeStamp
2017:02:11 09:25:04+01:00

FileType
Win32 EXE

PEType
PE32

CodeSize
84992

LinkerVersion
9.0

EntryPoint
0x4e9c

InitializedDataSize
162816

SubsystemVersion
5.0

ImageVersion
0.0

OSVersion
5.0

UninitializedDataSize
0

File identification
MD5 0ad741b48c30fc2d6dea39f272642622
SHA1 7908353806446c699fa45181fb89e3f04994e738
SHA256 157542668ba0f3ae9fb07cb761a5ba2dad120a18c955c082460a05f20e5fe2ff
ssdeep
3072:cKa7OTmEM4FlpuAg0FudSndDJXbW0uc0HyiSmKFAtAKWt7/8Ym9wc+:OnEDFqAOknLXS0ucwyiS/eqfd

authentihash d7a598d4ad754fcfa9fbf3d9b6d97e72eb248bfafd8ccb671ae6b87da17c5bed
imphash df268236f578aac4cda2dd7d9fd76ac3
File size 199.5 KB ( 204288 bytes )
File type Win32 EXE
Magic literal
PE32 executable for MS Windows (GUI) Intel 80386 32-bit

TrID Win32 Executable MS Visual C++ (generic) (42.2%)
Win64 Executable (generic) (37.3%)
Win32 Dynamic Link Library (generic) (8.8%)
Win32 Executable (generic) (6.0%)
Generic Win/DOS Executable (2.7%)
Tags
peexe

VirusTotal metadata
First submission 2017-04-02 04:31:03 UTC ( 1 year, 11 months ago )
Last submission 2017-04-02 04:31:03 UTC ( 1 year, 11 months ago )
File names 0ad741b48c30fc2d6dea39f272642622.virus
No comments. No VirusTotal Community member has commented on this item yet, be the first one to do so!

Leave your comment...

?
Post comment

You have not signed in. Only registered users can leave comments, sign in and have a voice!

No votes. No one has voted on this item yet, be the first one to do so!
Condensed report! The following is a condensed report of the behaviour of the file when executed in a controlled environment. The actions and events described were either performed by the file itself or by any other process launched by the executed file or subjected to code injection by the executed file.
Opened files
Read files
Written files
Created processes
Opened mutexes
Runtime DLLs