× Cookies are disabled! This site requires cookies to be enabled to work properly
SHA256: 187659510a57bad968afcf4e24f47dc2e59d40be9831eeceee1cd25bb2cb5f63
File name: efec8ed4cad9c41e242acab452efd40c5942ffbb
Detection ratio: 8 / 56
Analysis date: 2015-07-20 23:37:57 UTC ( 3 years, 8 months ago )
Antivirus Result Update
Avira (no cloud) TR/Crypt.EPACK.1684 20150721
Baidu-International Adware.Win32.iBryte.DQQC 20150720
ESET-NOD32 a variant of Win32/Kryptik.DQQC 20150720
Fortinet W32/Kryptik.DQQC!tr 20150720
Kaspersky Trojan-Spy.Win32.Zbot.vsut 20150720
McAfee Artemis!9E220E3C3E53 20150720
McAfee-GW-Edition BehavesLike.Win32.Fujacks.dm 20150720
Qihoo-360 HEUR/QVM19.1.Malware.Gen 20150721
Ad-Aware 20150720
AegisLab 20150720
Yandex 20150720
AhnLab-V3 20150720
Alibaba 20150720
ALYac 20150721
Antiy-AVL 20150720
Arcabit 20150720
Avast 20150721
AVG 20150721
AVware 20150720
BitDefender 20150720
Bkav 20150720
ByteHero 20150721
CAT-QuickHeal 20150717
ClamAV 20150720
Comodo 20150720
Cyren 20150720
DrWeb 20150721
Emsisoft 20150721
F-Prot 20150720
F-Secure 20150720
GData 20150720
Ikarus 20150720
Jiangmin 20150720
K7AntiVirus 20150720
K7GW 20150720
Kingsoft 20150721
Malwarebytes 20150720
Microsoft 20150720
eScan 20150720
NANO-Antivirus 20150720
nProtect 20150720
Panda 20150720
Rising 20150720
Sophos AV 20150721
SUPERAntiSpyware 20150721
Symantec 20150721
Tencent 20150721
TheHacker 20150717
TotalDefense 20150720
TrendMicro 20150720
TrendMicro-HouseCall 20150720
VBA32 20150718
VIPRE 20150720
ViRobot 20150720
Zillya 20150720
Zoner 20150720
The file being studied is a Portable Executable file! More specifically, it is a Win32 EXE file for the Windows GUI subsystem.
PE header basic information
Target machine Intel 386 or later processors and compatible processors
Compilation timestamp 2005-06-07 10:24:44
Entry Point 0x00001000
Number of sections 12
PE sections
PE imports
RegCreateKeyExW
RegCloseKey
RegDeleteKeyW
AdjustTokenPrivileges
InitializeAcl
RegCreateKeyExA
RegQueryValueExW
SetSecurityDescriptorDacl
CloseServiceHandle
OpenProcessToken
AddAccessAllowedAce
RegOpenKeyW
RegOpenKeyExA
GetTokenInformation
RegQueryInfoKeyW
RegEnumKeyExW
RegEnumValueW
RegSetValueExW
FreeSid
AllocateAndInitializeSid
InitializeSecurityDescriptor
RegSetValueExA
GetCaretBlinkTime
GetForegroundWindow
GetParent
SetPropA
CreateIconIndirect
GetCapture
SetMenuContextHelpId
EnumWindowStationsW
SendIMEMessageExW
SendNotifyMessageW
GetShellWindow
GetDesktopWindow
GetSystemMetrics
CascadeWindows
SetProcessWindowStation
GetWindow
GetSysColor
ActivateKeyboardLayout
SetActiveWindow
GetCursorPos
GetKeyNameTextA
UnregisterClassW
ToAscii
CreateDialogParamA
LoadCursorA
TranslateAcceleratorA
FillRect
RegisterClipboardFormatW
GetSysColorBrush
CallWindowProcA
ToUnicode
LoadAcceleratorsW
GetTopWindow
GetUpdateRect
GetKeyboardType
IsChild
Number of PE resources by type
RT_GROUP_CURSOR 1
RT_CURSOR 1
RT_VERSION 1
Number of PE resources by language
ENGLISH US 2
CHINESE SIMPLIFIED 1
PE resources
ExifTool file metadata
MIMEType
application/octet-stream

Subsystem
Windows GUI

MachineType
Intel 386 or later, and compatibles

FileTypeExtension
exe

TimeStamp
2005:06:07 11:24:44+01:00

FileType
Win32 EXE

PEType
PE32

CodeSize
205312

LinkerVersion
0.0

EntryPoint
0x1000

InitializedDataSize
34816

SubsystemVersion
4.1

ImageVersion
0.0

OSVersion
4.0

UninitializedDataSize
0

File identification
MD5 9e220e3c3e53f4f51b63dc4d3ff506e5
SHA1 2f4d8d38a219784a298f1acfd4113b2916f7c37d
SHA256 187659510a57bad968afcf4e24f47dc2e59d40be9831eeceee1cd25bb2cb5f63
ssdeep
3072:waj+0bZgcLWlgZj5l85TLNDGn38qRPFmT6+yD2J1IDPNFG:LK0bZgcClVOMYNL+yD2JwPNFG

authentihash 3fdb23d1f0c34914f832dc0b6299d17c0d272fd1718a49bbddeb1987a5fd634b
imphash 7cc45e89260335e9ef9ed44519da1e3b
File size 254.5 KB ( 260608 bytes )
File type Win32 EXE
Magic literal
PE32 executable for MS Windows (GUI) Intel 80386 32-bit

TrID Win32 Executable (generic) (52.7%)
Generic Win/DOS Executable (23.4%)
DOS Executable Generic (23.4%)
VXD Driver (0.3%)
Tags
peexe

VirusTotal metadata
First submission 2015-07-20 20:55:38 UTC ( 3 years, 8 months ago )
Last submission 2015-07-20 23:37:57 UTC ( 3 years, 8 months ago )
File names efec8ed4cad9c41e242acab452efd40c5942ffbb
Advanced heuristic and reputation engines
Symantec reputation Suspicious.Insight
No comments. No VirusTotal Community member has commented on this item yet, be the first one to do so!

Leave your comment...

?
Post comment

You have not signed in. Only registered users can leave comments, sign in and have a voice!

No votes. No one has voted on this item yet, be the first one to do so!
Condensed report! The following is a condensed report of the behaviour of the file when executed in a controlled environment. The actions and events described were either performed by the file itself or by any other process launched by the executed file or subjected to code injection by the executed file.
Opened files
Read files
Written files
Created processes
Created mutexes
Opened mutexes
Runtime DLLs