× Cookies are disabled! This site requires cookies to be enabled to work properly
SHA256: 166f6ca7907a18e62b180f0bb2d9e8bcc1c20764ba9bdc2ad1dcc7986dfcc3c5
File name: 166f6ca7907a18e62b180f0bb2d9e8bcc1c20764ba9bdc2ad1dcc7986dfcc3c5
Detection ratio: 46 / 68
Analysis date: 2018-01-09 03:34:38 UTC ( 1 year, 3 months ago )
Antivirus Result Update
Ad-Aware Trojan.Agent.CSUZ 20180109
AegisLab Troj.W32.Refinka!c 20180109
AhnLab-V3 Backdoor/Win32.Poison.R217323 20180108
ALYac Trojan.Agent.CSUZ 20180108
Arcabit Trojan.Agent.CSUZ 20180109
Avast Win32:Malware-gen 20180109
AVG Win32:Malware-gen 20180109
Avira (no cloud) TR/Crypt.XPACK.Gen 20180109
Baidu Win32.Trojan.WisdomEyes.16070401.9500.9999 20180108
BitDefender Trojan.Agent.CSUZ 20180109
Bkav HW32.Packed.7319 20180106
CrowdStrike Falcon (ML) malicious_confidence_100% (W) 20171016
Cylance Unsafe 20180109
Cyren W32/Trojan.TOOH-1149 20180109
eGambit Unsafe.AI_Score_100% 20180109
Emsisoft Trojan.Agent.CSUZ (B) 20180109
Endgame malicious (high confidence) 20171130
ESET-NOD32 a variant of Win32/Kryptik.GBGC 20180109
F-Secure Trojan.Agent.CSUZ 20180109
Fortinet W32/GenKryptik.BJHM!tr 20180109
GData Trojan.Agent.CSUZ 20180109
Ikarus Trojan.Win32.Crypt 20180108
Sophos ML heuristic 20170914
Jiangmin Trojan.Refinka.apx 20180108
K7AntiVirus Trojan ( 00522bf81 ) 20180108
K7GW Trojan ( 00522bf81 ) 20180109
Kaspersky Trojan.Win32.Refinka.oay 20180109
Malwarebytes Trojan.MalPack 20180109
MAX malware (ai score=98) 20180109
McAfee Artemis!66E9736B9BD5 20180109
McAfee-GW-Edition BehavesLike.Win32.Ransomware.cc 20180109
eScan Trojan.Agent.CSUZ 20180109
NANO-Antivirus Trojan.Win32.Kryptik.ewrnbh 20180109
nProtect Trojan/W32.Refinka.165888.I 20180109
Palo Alto Networks (Known Signatures) generic.ml 20180109
Panda Trj/Genetic.gen 20180108
Rising Trojan.Kryptik!1.AE8C (CLASSIC) 20180106
SentinelOne (Static ML) static engine - malicious 20171224
Sophos AV Mal/Generic-S 20180109
Symantec Packed.Generic.493 20180109
Tencent Win32.Trojan.Refinka.Wrgz 20180109
TrendMicro TROJ_GEN.R004C0WA718 20180109
TrendMicro-HouseCall TROJ_GEN.R004C0WA718 20180109
VIPRE Trojan.Win32.Generic!BT 20180109
ViRobot Trojan.Win32.Z.Kryptik.165888.EW 20180108
ZoneAlarm by Check Point Trojan.Win32.Refinka.oay 20180109
Alibaba 20180109
Antiy-AVL 20180109
Avast-Mobile 20180108
AVware 20180103
CAT-QuickHeal 20180109
ClamAV 20180108
CMC 20180108
Comodo 20180109
Cybereason 20171103
DrWeb 20180109
F-Prot 20180109
Kingsoft 20180109
Microsoft 20180109
Qihoo-360 20180109
SUPERAntiSpyware 20180108
TheHacker 20180108
TotalDefense 20180108
Trustlook 20180109
VBA32 20180108
Webroot 20180109
WhiteArmor 20171226
Yandex 20171229
Zillya 20180108
Zoner 20180109
The file being studied is a Portable Executable file! More specifically, it is a Win32 EXE file for the Windows GUI subsystem.
PE header basic information
Target machine Intel 386 or later processors and compatible processors
Compilation timestamp 2016-06-09 09:13:41
Entry Point 0x00001004
Number of sections 4
PE sections
PE imports
CADeleteCA
CAEnumNextCA
CACloseCA
CACloseCertType
CmMalloc
CmRealloc
MoveFileA
GetCurrentProcess
OpenFileMappingW
SearchPathW
lstrcatA
WaitForSingleObject
GetCommandLineW
lstrcat
GetDateFormatW
LoadLibraryExW
GetSystemDirectoryA
CreateMailslotA
LoadLibraryA
GetProcAddress
GetShortPathNameA
LeaveCriticalSection
TraceSQLCancel
TraceSQLFetch
TraceSQLError
TraceSQLConnect
UrlCanonicalizeA
PathCompactPathW
UrlHashW
PathCommonPrefixW
UrlIsA
UrlCreateFromPathA
UrlGetLocationW
UrlUnescapeW
PathIsRootA
UrlEscapeA
UrlCompareW
InsertMenuA
wsprintfA
LoadIconA
LoadMenuA
DrawStateA
GetDlgItemTextA
LoadCursorW
PeekMessageA
CreateWindowExW
DialogBoxParamA
GetWindow
IsCharLowerW
GetPropA
LoadBitmapA
CharToOemA
Number of PE resources by type
RT_RCDATA 1
Number of PE resources by language
NEUTRAL 1
PE resources
Debug information
ExifTool file metadata
MIMEType
application/octet-stream

Subsystem
Windows GUI

MachineType
Intel 386 or later, and compatibles

FileTypeExtension
exe

TimeStamp
2016:06:09 10:13:41+01:00

FileType
Win32 EXE

PEType
PE32

CodeSize
145920

LinkerVersion
36.35

EntryPoint
0x1004

InitializedDataSize
18944

SubsystemVersion
5.1

ImageVersion
0.0

OSVersion
5.1

UninitializedDataSize
0

File identification
MD5 66e9736b9bd5062b99b42aefeed83e22
SHA1 8d5d778254594b6a1b75cc55825e4d015a71acdf
SHA256 166f6ca7907a18e62b180f0bb2d9e8bcc1c20764ba9bdc2ad1dcc7986dfcc3c5
ssdeep
3072:69FiIWGGZ3JrhmVSKchi7Vf6PLZCMTc9f:3ZrhoSK4ve

authentihash 9384e806513de79ad5cf80c0eae9ae3f4527458fa0fbf6145e6d33e4601554d6
imphash d765bc29b72af8ea08e3a13270da540e
File size 162.0 KB ( 165888 bytes )
File type Win32 EXE
Magic literal
PE32 executable for MS Windows (GUI) Intel 80386 32-bit

TrID Win32 Dynamic Link Library (generic) (38.3%)
Win32 Executable (generic) (26.2%)
Win16/32 Executable Delphi generic (12.0%)
Generic Win/DOS Executable (11.6%)
DOS Executable Generic (11.6%)
Tags
peexe

VirusTotal metadata
First submission 2018-01-07 22:11:00 UTC ( 1 year, 3 months ago )
Last submission 2018-01-09 03:34:38 UTC ( 1 year, 3 months ago )
File names 66e9736b9bd5062b99b42aefeed83e22.virus
No comments. No VirusTotal Community member has commented on this item yet, be the first one to do so!

Leave your comment...

?
Post comment

You have not signed in. Only registered users can leave comments, sign in and have a voice!

No votes. No one has voted on this item yet, be the first one to do so!