× Cookies are disabled! This site requires cookies to be enabled to work properly
SHA256: 1932a262e59e0128b78e775daa745cc5b60c064e1e64461d22c767e1932692c8
File name: 9a6750215046dc1e0b338781257a3bd2
Detection ratio: 7 / 56
Analysis date: 2016-05-04 15:40:44 UTC ( 2 years, 2 months ago ) View latest
Antivirus Result Update
Avast Win32:Trojan-gen 20160504
ESET-NOD32 Win32/Dridex.AA 20160504
Kaspersky Trojan.Win32.Waldek.lmv 20160504
Malwarebytes Trojan.Crypt.RV 20160504
McAfee-GW-Edition BehavesLike.Win32.PWSZbot.dh 20160504
Qihoo-360 QVM07.1.Malware.Gen 20160504
Rising Malware.XPACK-HIE/Heur!1.9C48 20160504
Ad-Aware 20160504
AegisLab 20160504
AhnLab-V3 20160504
Alibaba 20160504
ALYac 20160504
Antiy-AVL 20160504
Arcabit 20160504
AVG 20160504
Avira (no cloud) 20160504
AVware 20160504
Baidu 20160504
Baidu-International 20160504
BitDefender 20160504
CAT-QuickHeal 20160504
ClamAV 20160503
CMC 20160504
Comodo 20160504
Cyren 20160504
DrWeb 20160504
Emsisoft 20160503
F-Prot 20160504
F-Secure 20160504
Fortinet 20160504
GData 20160504
Ikarus 20160504
Jiangmin 20160504
K7AntiVirus 20160504
K7GW 20160504
Kingsoft 20160504
McAfee 20160504
Microsoft 20160504
eScan 20160504
NANO-Antivirus 20160504
nProtect 20160504
Panda 20160504
Sophos AV 20160504
SUPERAntiSpyware 20160504
Symantec 20160504
Tencent 20160504
TheHacker 20160503
TotalDefense 20160504
TrendMicro 20160504
TrendMicro-HouseCall 20160504
VBA32 20160504
VIPRE 20160504
ViRobot 20160504
Yandex 20160502
Zillya 20160503
Zoner 20160504
The file being studied is a Portable Executable file! More specifically, it is a Win32 EXE file for the Windows command line subsystem.
PE header basic information
Target machine Intel 386 or later processors and compatible processors
Compilation timestamp 2013-03-24 18:40:42
Entry Point 0x00027300
Number of sections 4
PE sections
PE imports
UnlockServiceDatabase
RegisterEventSourceW
OpenSCManagerW
LockServiceDatabase
RegisterEventSourceA
DeleteService
ChangeServiceConfigW
ReportEventA
Ord(6)
PropertySheetA
ImageList_SetOverlayImage
FlatSB_GetScrollPos
GetTextCharsetInfo
CreateFontIndirectW
CreateMetaFileA
GetNearestColor
TextOutA
CreateICW
SetDeviceGammaRamp
CombineRgn
GetObjectType
GetDeviceGammaRamp
GetObjectA
SetPixel
LineTo
DeleteDC
GetWindowOrgEx
GetBitmapDimensionEx
GetMetaFileA
ChoosePixelFormat
GetTextFaceW
GetTextFaceA
EnumFontFamiliesA
GetICMProfileW
SetDIBitsToDevice
GetTextExtentPointW
CreatePatternBrush
GetDeviceCaps
ExtTextOutW
CreateEllipticRgn
CreateBitmap
CreatePalette
EnumFontFamiliesExW
SelectPalette
GdiFlush
CreateRoundRectRgn
SelectClipRgn
GetTextAlign
StretchDIBits
SetBrushOrgEx
ExtEscape
SelectObject
GetTextExtentPoint32A
SetPolyFillMode
GetTextMetricsA
SetBitmapDimensionEx
Escape
GetViewportExtEx
CreateHalftonePalette
GetTextCharacterExtra
CreatePenIndirect
SymGetSymFromName
StackWalk
SymGetModuleInfo
ImagehlpApiVersionEx
__p__fmode
_acmdln
fscanf
_adjust_fdiv
__setusermatherr
ldexp
memcmp
exit
_XcptFilter
__getmainargs
_initterm
_controlfp
__p__commode
__set_app_type
CreateErrorInfo
SafeArrayAccessData
VarUdateFromDate
CreateDispTypeInfo
LoadRegTypeLib
SysAllocStringLen
SafeArrayUnaccessData
VariantCopy
OaBuildVersion
LoadTypeLibEx
GetErrorInfo
SysFreeString
QueryPathOfRegTypeLib
SysAllocStringByteLen
SetErrorInfo
ShellAboutA
ExtractIconExA
ExtractIconA
ShellExecuteW
SHGetPathFromIDListW
SHGetSettings
FindExecutableW
SHGetSpecialFolderLocation
SHGetFileInfoW
ShellAboutW
SHGetMalloc
Shell_NotifyIconA
InternetSetStatusCallback
InternetSetCookieA
HttpOpenRequestA
HttpQueryInfoA
InternetGetConnectedState
InternetErrorDlg
InternetCanonicalizeUrlA
HttpSendRequestExA
InternetTimeFromSystemTime
HttpAddRequestHeadersA
InternetCloseHandle
InternetConnectA
InternetGetCookieA
InternetQueryOptionA
InternetSetOptionExA
InternetAttemptConnect
InternetQueryDataAvailable
InternetWriteFile
InternetReadFile
FindFirstUrlCacheEntryExA
HttpSendRequestA
InternetOpenUrlA
InternetOpenA
InternetCombineUrlA
DeleteUrlCacheEntry
InternetCrackUrlA
InternetOpenW
timeKillEvent
mixerGetDevCapsA
waveInOpen
mmioOpenA
mixerOpen
waveInGetDevCapsA
midiInOpen
mixerGetLineControlsA
SendDriverMessage
timeGetTime
waveOutGetDevCapsA
waveOutGetNumDevs
mciGetErrorStringA
joySetThreshold
midiOutGetDevCapsA
mixerGetLineInfoW
mixerGetNumDevs
joyGetPos
PrintDlgW
GetOpenFileNameW
GetOpenFileNameA
CommDlgExtendedError
PageSetupDlgW
GetSaveFileNameA
CoUninitialize
IIDFromString
DoDragDrop
StgOpenStorageOnILockBytes
CoFreeLibrary
CreateStreamOnHGlobal
CoCreateGuid
RegisterDragDrop
StringFromCLSID
CoRegisterMessageFilter
OleGetClipboard
StringFromIID
CoGetClassObject
CoRegisterClassObject
CoInitialize
OleInitialize
CoLockObjectExternal
CoTaskMemRealloc
CoCreateInstance
CoResumeClassObjects
CoCreateFreeThreadedMarshaler
StgIsStorageFile
GetRunningObjectTable
CoFileTimeToDosDateTime
OleCreate
CreateBindCtx
CoDisconnectObject
OleSetContainedObject
MkParseDisplayName
CoTaskMemFree
Number of PE resources by type
RT_DIALOG 9
RT_MENU 7
RT_ACCELERATOR 3
RT_VERSION 1
Number of PE resources by language
ENGLISH AUS 20
PE resources
ExifTool file metadata
SubsystemVersion
4.0

LinkerVersion
8.0

ImageVersion
0.0

FileVersionNumber
0.123.218.104

UninitializedDataSize
0

LanguageCode
Neutral

FileFlagsMask
0x003f

CharacterSet
Unicode

InitializedDataSize
196608

EntryPoint
0x27300

OriginalFileName
Incapability.exe

MIMEType
application/octet-stream

LegalCopyright
Copyright 2012

FileVersion
157, 149, 224, 73

TimeStamp
2013:03:24 19:40:42+01:00

FileType
Win32 EXE

PEType
PE32

InternalName
Guise

ProductVersion
157, 151, 86, 185

FileDescription
Imposed

OSVersion
4.0

FileOS
Windows NT 32-bit

Subsystem
Windows command line

MachineType
Intel 386 or later, and compatibles

CompanyName
Returnil SIA

CodeSize
159744

FileSubtype
0

ProductVersionNumber
0.49.256.18

FileTypeExtension
exe

ObjectFileType
Executable application

File identification
MD5 9a6750215046dc1e0b338781257a3bd2
SHA1 393583eb15343f08805e899b99d3bf72d10a2ad7
SHA256 1932a262e59e0128b78e775daa745cc5b60c064e1e64461d22c767e1932692c8
ssdeep
3072:aai9go0XAyzHKl1uHJMiblfgspZKTkFjdKifM6vRdVJ0YABxr5YbZ/Z32bC9:aFN0wyz5J3lfgp2jIibdVJ0YS1YbPE

authentihash b064fa24cec292db4118de51f532f92a6a7041837ec13cec657c1140a95fa473
imphash 653ece30fcc709c07f9415d98373e2bd
File size 232.0 KB ( 237568 bytes )
File type Win32 EXE
Magic literal
PE32 executable for MS Windows (console) Intel 80386 32-bit

TrID Win64 Executable (generic) (49.5%)
Windows screen saver (23.4%)
Win32 Dynamic Link Library (generic) (11.7%)
Win32 Executable (generic) (8.0%)
Generic Win/DOS Executable (3.5%)
Tags
peexe

VirusTotal metadata
First submission 2016-05-04 15:40:44 UTC ( 2 years, 2 months ago )
Last submission 2016-09-12 08:25:38 UTC ( 1 year, 10 months ago )
No comments. No VirusTotal Community member has commented on this item yet, be the first one to do so!

Leave your comment...

?
Post comment

You have not signed in. Only registered users can leave comments, sign in and have a voice!

No votes. No one has voted on this item yet, be the first one to do so!
Condensed report! The following is a condensed report of the behaviour of the file when executed in a controlled environment. The actions and events described were either performed by the file itself or by any other process launched by the executed file or subjected to code injection by the executed file.
Opened files
Read files
Created mutexes
Opened mutexes
Opened service managers
Runtime DLLs
UDP communications