× Cookies are disabled! This site requires cookies to be enabled to work properly
SHA256: 1667a057cdd3c43837baf9be38c130dfac303a92cdf51552ac1e211f2a1b618a
File name: 534934dcd06109768a65279fbdbfe336
Detection ratio: 43 / 61
Analysis date: 2017-05-26 10:09:58 UTC ( 1 year, 10 months ago )
Antivirus Result Update
Ad-Aware Trojan.Generic.20234967 20170526
AegisLab Troj.W32.Yakes!c 20170526
ALYac Trojan.Generic.20234967 20170526
Arcabit Trojan.Generic.D134C2D7 20170526
Avast Win32:Malware-gen 20170526
AVG Generic_r.PQL 20170526
Avira (no cloud) TR/Crypt.ZPACK.cdjqk 20170526
AVware Trojan.Win32.Generic!BT 20170526
Baidu Win32.Trojan.WisdomEyes.16070401.9500.9999 20170525
BitDefender Trojan.Generic.20234967 20170526
Bkav HW32.Packed.6DF3 20170525
CAT-QuickHeal Trojan.Derbit 20170526
CrowdStrike Falcon (ML) malicious_confidence_100% (D) 20170420
Cyren W32/Trojan.YICQ-3890 20170526
DrWeb Trojan.PWS.Siggen1.59708 20170526
Emsisoft Trojan.Generic.20234967 (B) 20170526
Endgame malicious (moderate confidence) 20170515
ESET-NOD32 a variant of Win32/Kryptik.FKEB 20170526
F-Secure Trojan.Generic.20234967 20170526
Fortinet W32/Yakes.RRTQ!tr 20170526
GData Trojan.Generic.20234967 20170526
Sophos ML backdoor.win32.poison.e 20170519
K7AntiVirus Trojan ( 004ffcb81 ) 20170526
K7GW Trojan ( 004ffcb81 ) 20170525
Kaspersky HEUR:Trojan.Win32.Generic 20170526
McAfee RDN/Generic.dx 20170526
McAfee-GW-Edition RDN/Generic.dx 20170525
Microsoft Trojan:Win32/Derbit.A 20170526
eScan Trojan.Generic.20234967 20170526
NANO-Antivirus Trojan.Win32.Kryptik.eldmgd 20170526
Palo Alto Networks (Known Signatures) generic.ml 20170526
Panda Trj/GdSda.A 20170526
Qihoo-360 Win32/Trojan.fcf 20170526
Rising Malware.XPACK-HIE/Heur!1.9C48 (cloud:cyJD2CAq47S) 20170526
Sophos AV Mal/Generic-S 20170526
Symantec Trojan.Gen 20170526
Tencent Win32.Trojan.Yakes.Stkj 20170526
TrendMicro TROJ_GEN.R000C0DKQ16 20170526
TrendMicro-HouseCall TROJ_GEN.R000C0DKQ16 20170525
VIPRE Trojan.Win32.Generic!BT 20170526
Yandex Trojan.Yakes!GSlSPOoVZuk 20170518
Zillya Trojan.Kryptik.Win32.997766 20170525
ZoneAlarm by Check Point HEUR:Trojan.Win32.Generic 20170526
AhnLab-V3 20170526
Alibaba 20170526
ClamAV 20170526
CMC 20170525
Comodo 20170526
F-Prot 20170526
Ikarus 20170526
Jiangmin 20170526
Kingsoft 20170526
Malwarebytes 20170526
nProtect 20170526
SentinelOne (Static ML) 20170516
SUPERAntiSpyware 20170526
Symantec Mobile Insight 20170526
TheHacker 20170525
TotalDefense 20170526
Trustlook 20170526
VBA32 20170526
ViRobot 20170526
Webroot 20170526
WhiteArmor 20170524
Zoner 20170526
The file being studied is a Portable Executable file! More specifically, it is a Win32 EXE file for the Windows GUI subsystem.
PE header basic information
Target machine Intel 386 or later processors and compatible processors
Compilation timestamp 2011-01-27 01:59:17
Entry Point 0x00029DFE
Number of sections 3
PE sections
PE imports
BuildTrusteeWithSidA
CredWriteDomainCredentialsW
LsaSetTrustedDomainInfoByName
CloseEncryptedFileRaw
GetSystemTime
HeapFree
EnterCriticalSection
FileTimeToSystemTime
HeapAlloc
GetFileAttributesW
DeleteCriticalSection
LeaveCriticalSection
LoadLibraryExA
GetCurrentDirectoryA
GetCurrentThread
GetFileTime
GetTimeFormatW
MulDiv
FindNextFileA
GlobalUnWire
RtlMoveMemory
GetFullPathNameW
GetProcessHeap
VirtualAlloc
WriteConsoleW
CloseHandle
VarI8FromStr
VarDecFromI1
VariantCopy
VarUI1FromStr
OleLoadPicture
ShellExec_RunDLLW
SHLimitInputEdit
PrintersGetCommand_RunDLLA
RealShellExecuteExA
SHInvokePrinterCommandA
SHFreeNameMappings
SHGetFolderPathA
StrChrIA
SHGetImageList
DragQueryFileAorW
CommandLineToArgvW
DAD_DragMove
ToUnicodeEx
GetWindowLongA
UnhookWinEvent
AppendMenuA
GetWindowRect
DrawIconEx
GetWindowTextW
GetWindow
DefMDIChildProcA
FindWindowA
InSendMessage
SetScrollRange
SetSystemMenu
Number of PE resources by type
RT_STRING 2
RT_DIALOG 2
RT_ICON 1
RT_GROUP_ICON 1
Number of PE resources by language
ENGLISH US 6
PE resources
ExifTool file metadata
MIMEType
application/octet-stream

Subsystem
Windows GUI

MachineType
Intel 386 or later, and compatibles

TimeStamp
2011:01:27 02:59:17+01:00

FileType
Win32 EXE

PEType
PE32

CodeSize
175104

LinkerVersion
10.0

FileTypeExtension
exe

InitializedDataSize
26624

SubsystemVersion
5.1

EntryPoint
0x29dfe

OSVersion
5.1

ImageVersion
10.0

UninitializedDataSize
0

File identification
MD5 534934dcd06109768a65279fbdbfe336
SHA1 855c7055ccbf15a6494bfbfad62a1f9b9b96b83b
SHA256 1667a057cdd3c43837baf9be38c130dfac303a92cdf51552ac1e211f2a1b618a
ssdeep
3072:Zlz/nE36pdxoApjIb0aKDxAAAtov14Bkn4dUNPQm+VuEsduXgpTOE6mIO0n91HEt:AodxxRxaKDSZovmB43PQm+VvsB5OE6mz

authentihash b203469f1414f35e1c97b2d6870897cade711f05bcc9130753b76bdacd4a8219
imphash a7a1569c46563e8600c969df6ac192a3
File size 178.0 KB ( 182272 bytes )
File type Win32 EXE
Magic literal
PE32 executable for MS Windows (GUI) Intel 80386 32-bit

TrID Win32 Dynamic Link Library (generic) (43.5%)
Win32 Executable (generic) (29.8%)
Generic Win/DOS Executable (13.2%)
DOS Executable Generic (13.2%)
Tags
peexe

VirusTotal metadata
First submission 2017-05-26 10:09:58 UTC ( 1 year, 10 months ago )
Last submission 2017-05-26 10:09:58 UTC ( 1 year, 10 months ago )
No comments. No VirusTotal Community member has commented on this item yet, be the first one to do so!

Leave your comment...

?
Post comment

You have not signed in. Only registered users can leave comments, sign in and have a voice!

No votes. No one has voted on this item yet, be the first one to do so!
Condensed report! The following is a condensed report of the behaviour of the file when executed in a controlled environment. The actions and events described were either performed by the file itself or by any other process launched by the executed file or subjected to code injection by the executed file.
Opened files
Created processes
Opened mutexes
Searched windows
Runtime DLLs