× Cookies are disabled! This site requires cookies to be enabled to work properly
SHA256: 1ae3a75cbb259bc733d96f36433ecdbd015ee327dc5cf5383ebb2f5823629f0a
File name: 6c8950bd30a787bd46eb97f382a0b8ec81a08d94
Detection ratio: 36 / 58
Analysis date: 2016-09-05 13:19:09 UTC ( 2 years, 5 months ago )
Antivirus Result Update
Ad-Aware Trojan.GenericKD.3500884 20160905
AegisLab Troj.W32.Gen.lTMU 20160905
AhnLab-V3 Trojan/Win32.Upbot.N2096828675 20160905
ALYac Trojan.GenericKD.3500884 20160905
Antiy-AVL Trojan[:HEUR]/Win32.AGeneric 20160905
Arcabit Trojan.Generic.D356B54 20160905
Avast Win32:Malware-gen 20160905
AVG Generic_r.MWN 20160905
Avira (no cloud) TR/Crypt.ZPACK.xidt 20160905
AVware LooksLike.Win32.Crowti.b (v) 20160905
Baidu Win32.Trojan.Kryptik.akc 20160905
BitDefender Trojan.GenericKD.3500884 20160905
Bkav W32.FamVT.RazyNHmA.Trojan 20160905
CrowdStrike Falcon (ML) malicious_confidence_100% (D) 20160725
Cyren W32/S-e2e07e9d!Eldorado 20160905
Emsisoft Trojan.GenericKD.3500884 (B) 20160905
ESET-NOD32 a variant of Win32/Kryptik.FFIP 20160905
F-Prot W32/S-e2e07e9d!Eldorado 20160905
F-Secure Trojan.GenericKD.3500884 20160905
GData Trojan.GenericKD.3500884 20160905
Ikarus Trojan.Win32.Crypt 20160905
Sophos ML virus.win32.sality.at 20160830
Jiangmin TrojanDropper.Injector.bjur 20160905
Kaspersky HEUR:Trojan.Win32.Generic 20160905
Malwarebytes Backdoor.BetaBot 20160905
McAfee GenericRXAG-ST!FD18946E54AB 20160905
McAfee-GW-Edition BehavesLike.Win32.PWSZbot.dh 20160904
Microsoft Trojan:Win32/Lethic.I 20160905
eScan Trojan.GenericKD.3500884 20160905
Panda Trj/GdSda.A 20160905
Qihoo-360 HEUR/QVM09.0.78E8.Malware.Gen 20160905
Rising Malware.Generic!74uV2Wnwm1@5 (thunder) 20160905
Sophos AV Mal/Generic-S 20160905
Symantec Trojan.Gen 20160905
Tencent Win32.Trojan.Kryptik.Ednk 20160905
VIPRE LooksLike.Win32.Crowti.b (v) 20160831
Alibaba 20160901
CAT-QuickHeal 20160904
ClamAV 20160905
CMC 20160905
Comodo 20160905
DrWeb 20160905
Fortinet 20160905
K7AntiVirus 20160905
K7GW 20160905
Kingsoft 20160905
NANO-Antivirus 20160905
nProtect 20160905
SUPERAntiSpyware 20160905
TheHacker 20160903
TotalDefense 20160905
TrendMicro 20160905
TrendMicro-HouseCall 20160905
VBA32 20160905
ViRobot 20160905
Yandex 20160904
Zillya 20160902
Zoner 20160905
The file being studied is a Portable Executable file! More specifically, it is a Win32 EXE file for the Windows GUI subsystem.
PE header basic information
Target machine Intel 386 or later processors and compatible processors
Compilation timestamp 2016-08-29 20:04:27
Entry Point 0x0000546D
Number of sections 4
PE sections
PE imports
GetLastError
HeapFree
GetStdHandle
EnterCriticalSection
GetConsoleOutputCP
ReadFile
SetHandleCount
GetConsoleCP
GetDriveTypeA
QueryPerformanceCounter
TlsSetValue
IsDebuggerPresent
HeapAlloc
TlsAlloc
GetVersionExA
GetEnvironmentStringsW
FlushFileBuffers
GetModuleFileNameA
RtlUnwind
LoadLibraryA
FreeEnvironmentStringsA
DeleteCriticalSection
GetCurrentProcess
EnumSystemLocalesA
GetEnvironmentStrings
GetFileType
GetConsoleMode
GetLocaleInfoA
GetCurrentProcessId
LCMapStringW
SetFilePointer
LCMapStringA
GetCPInfo
UnhandledExceptionFilter
TlsGetValue
MultiByteToWideChar
HeapSize
FreeEnvironmentStringsW
GetCommandLineA
GetUserDefaultLCID
GetStringTypeA
GetLocaleInfoW
SetStdHandle
CompareStringW
GetSystemDEPPolicy
RaiseException
CreateFileA
WideCharToMultiByte
TlsFree
GetModuleHandleA
LeaveCriticalSection
SetUnhandledExceptionFilter
WriteFile
GetStartupInfoA
CompareStringA
GetSystemTimeAsFileTime
IsValidLocale
GetACP
HeapReAlloc
GetStringTypeW
GetProcAddress
ExitProcess
SetEnvironmentVariableA
GetOEMCP
TerminateProcess
GetTimeZoneInformation
WriteConsoleA
InitializeCriticalSection
HeapCreate
VirtualFree
InterlockedDecrement
Sleep
WriteConsoleW
SetEndOfFile
HeapDestroy
CloseHandle
GetTickCount
GetCurrentThreadId
GetProcessHeap
VirtualAlloc
SetLastError
InterlockedIncrement
GetLayeredWindowAttributes
Number of PE resources by type
RT_DIALOG 4
RT_MANIFEST 1
Number of PE resources by language
ENGLISH US 4
NEUTRAL 1
PE resources
ExifTool file metadata
MIMEType
application/octet-stream

Subsystem
Windows GUI

MachineType
Intel 386 or later, and compatibles

TimeStamp
2016:08:29 21:04:27+01:00

FileType
Win32 EXE

PEType
PE32

CodeSize
80384

LinkerVersion
9.0

FileTypeExtension
exe

InitializedDataSize
126976

SubsystemVersion
5.0

EntryPoint
0x546d

OSVersion
5.0

ImageVersion
0.0

UninitializedDataSize
0

File identification
MD5 fd18946e54ab9ad049f35961bf42cf16
SHA1 6c8950bd30a787bd46eb97f382a0b8ec81a08d94
SHA256 1ae3a75cbb259bc733d96f36433ecdbd015ee327dc5cf5383ebb2f5823629f0a
ssdeep
6144:hbz5me8mf6DlKYohsqqKf+7K4hhd7wBYK8:hf5PMIDhhNfhGH

authentihash 80e17d968b9ee15fc5dc6504b12092b9991a1aeb6714d52f1cad33f9c182480f
imphash 40041fc890bbfde597a0961324ff3fe8
File size 203.5 KB ( 208384 bytes )
File type Win32 EXE
Magic literal
PE32 executable for MS Windows (GUI) Intel 80386 32-bit

TrID Win32 Executable MS Visual C++ (generic) (42.2%)
Win64 Executable (generic) (37.3%)
Win32 Dynamic Link Library (generic) (8.8%)
Win32 Executable (generic) (6.0%)
Generic Win/DOS Executable (2.7%)
Tags
peexe

VirusTotal metadata
First submission 2016-09-05 13:19:09 UTC ( 2 years, 5 months ago )
Last submission 2016-09-05 13:19:09 UTC ( 2 years, 5 months ago )
No comments. No VirusTotal Community member has commented on this item yet, be the first one to do so!

Leave your comment...

?
Post comment

You have not signed in. Only registered users can leave comments, sign in and have a voice!

No votes. No one has voted on this item yet, be the first one to do so!
Condensed report! The following is a condensed report of the behaviour of the file when executed in a controlled environment. The actions and events described were either performed by the file itself or by any other process launched by the executed file or subjected to code injection by the executed file.
Created processes
Opened mutexes
Runtime DLLs
UDP communications