× Cookies are disabled! This site requires cookies to be enabled to work properly
SHA256: 1ae5a3fd561c5140d9725b4ba77801ea14ed184279ab58ff9fd7043fe2a23cc9
File name: inst.exe
Detection ratio: 33 / 57
Analysis date: 2016-12-01 17:37:10 UTC ( 2 years, 4 months ago ) View latest
Antivirus Result Update
Ad-Aware Trojan.GenericKD.3795360 20161201
AegisLab Heur.Advml.Gen!c 20161201
ALYac Trojan.GenericKD.3795445 20161201
Arcabit Trojan.Generic.D39E9A0 20161201
Avast Win32:Malware-gen 20161201
AVG Generic38.AAYL 20161201
Avira (no cloud) TR/Pennelas.afupa 20161201
AVware Trojan.Win32.Generic!BT 20161201
Baidu Win32.Trojan.WisdomEyes.16070401.9500.9999 20161201
BitDefender Trojan.GenericKD.3795360 20161201
CrowdStrike Falcon (ML) malicious_confidence_100% (W) 20161024
Cyren W32/Trojan.GXUR-5710 20161201
DrWeb Trojan.PWS.Papras.2166 20161201
Emsisoft Trojan.GenericKD.3795360 (B) 20161201
ESET-NOD32 Win32/PSW.Papras.EJ 20161201
F-Secure Trojan.GenericKD.3795360 20161201
GData Trojan.GenericKD.3795360 20161201
Ikarus Trojan.Win32.PSW 20161201
Sophos ML generic.a 20161128
Kaspersky Trojan-Banker.Win32.Neverquest2.abf 20161201
Malwarebytes Trojan.MalPack 20161201
McAfee Artemis!AA736B6E8E55 20161201
McAfee-GW-Edition Artemis!Trojan 20161201
eScan Trojan.GenericKD.3795360 20161201
Panda Trj/GdSda.A 20161201
Qihoo-360 HEUR/QVM20.1.859F.Malware.Gen 20161201
Rising Malware.Generic!reu4VH0DE4V@2 (thunder) 20161201
Sophos AV Troj/Zbot-LNT 20161201
Symantec Trojan.Snifula.F 20161201
TrendMicro BKDR_VAWTRAK.YUYLJ 20161201
TrendMicro-HouseCall BKDR_VAWTRAK.YUYLJ 20161201
VIPRE Trojan.Win32.Generic!BT 20161201
ViRobot Trojan.Win32.S.Agent.185344.GI[h] 20161201
AhnLab-V3 20161201
Alibaba 20161201
Antiy-AVL 20161201
Bkav 20161201
CAT-QuickHeal 20161201
ClamAV 20161201
CMC 20161201
Comodo 20161201
F-Prot 20161201
Fortinet 20161201
Jiangmin 20161201
K7AntiVirus 20161201
K7GW 20161201
Kingsoft 20161201
Microsoft 20161201
NANO-Antivirus 20161201
nProtect 20161201
SUPERAntiSpyware 20161201
Tencent 20161201
TheHacker 20161130
TotalDefense 20161201
Trustlook 20161201
VBA32 20161201
WhiteArmor 20161125
Yandex 20161201
Zillya 20161201
Zoner 20161201
The file being studied is a Portable Executable file! More specifically, it is a Win32 EXE file for the Windows GUI subsystem.
PE header basic information
Target machine Intel 386 or later processors and compatible processors
Compilation timestamp 2015-04-14 09:24:00
Entry Point 0x00004CA6
Number of sections 5
PE sections
PE imports
AreFileApisANSI
GetLastError
lstrcatA
LoadLibraryW
GetSystemWow64DirectoryW
CopyFileA
GetTickCount
VirtualProtect
CreateMailslotA
LockFile
GetLocalTime
GetCurrentProcess
UnlockFile
SetThreadPriority
GetCurrentProcessId
CopyFileExA
GetLogicalDrives
GetConsoleTitleA
DeleteTimerQueueTimer
GetCurrentThread
GetTimeFormatW
SetFilePointer
GetSystemDirectoryW
ReadFile
WriteFile
CloseHandle
GetProcessWorkingSetSize
GetDateFormatA
SetThreadIdealProcessor
GetSystemWindowsDirectoryA
MoveFileA
GetProcessShutdownParameters
GetCurrencyFormatA
GetCurrencyFormatW
Sleep
IsBadReadPtr
GetFullPathNameW
CreateFileA
GetVersion
GetNumberFormatW
GetModuleHandleA
AsrAddSifEntryW
AsrCreateStateFileW
AsrFreeContext
AsrRestorePlugPlayRegistryData
AsrAddSifEntryA
SetupInfObjectInstallActionW
GetForegroundWindow
GetKeyboardLayoutNameA
RegisterWindowMessageA
FindWindowW
ClipCursor
PostQuitMessage
GetShellWindow
FlashWindowEx
LoadMenuW
wvsprintfW
AppendMenuA
GetWindowRect
MessageBoxA
CloseWindowStation
SetProcessWindowStation
GetAltTabInfoA
GetMenuDefaultItem
IMPSetIMEA
GetAsyncKeyState
AdjustWindowRectEx
GetMenu
GetQueueStatus
IsWindowVisible
GetClientRect
GetKeyboardLayoutList
UnionRect
GetClassLongA
GetKeyNameTextW
AnimateWindow
GetWindowLongA
FindWindowExA
GetDCEx
IsCharUpperA
CountClipboardFormats
DrawFrame
GetActiveWindow
AdjustWindowRect
CharNextA
GetDesktopWindow
IsWindowUnicode
IsMenu
DdeFreeStringHandle
SnmpMgrClose
SnmpMgrStrToOid
SnmpMgrTrapListen
SnmpMgrRequest
SnmpMgrGetTrap
SnmpMgrCtl
ExifTool file metadata
MIMEType
application/octet-stream

Subsystem
Windows GUI

MachineType
Intel 386 or later, and compatibles

TimeStamp
2015:04:14 10:24:00+01:00

FileType
Win32 EXE

PEType
PE32

CodeSize
51200

LinkerVersion
10.0

ImageFileCharacteristics
No relocs, Executable, 32-bit

FileTypeExtension
exe

InitializedDataSize
133120

SubsystemVersion
6.0

EntryPoint
0x4ca6

OSVersion
6.0

ImageVersion
0.0

UninitializedDataSize
0

File identification
MD5 aa736b6e8e55b91ce00e572befc179f4
SHA1 8541e6ed1ccccd692f6a497b417e7c77094bb07a
SHA256 1ae5a3fd561c5140d9725b4ba77801ea14ed184279ab58ff9fd7043fe2a23cc9
ssdeep
3072:pXPQe/FujloUIDn4Wq7gAj17dNSNc19xR9xeXJIShxWfrh:dPQe/MBo1+7gAjZdNSe92qS8

authentihash 522b5ce5d5cbaf6bbfe970758ea5f8641091bb57e5072ab5d55e22bb40d37f7a
imphash 94f8aa8af354ce57b7d5115a11041f24
File size 181.0 KB ( 185344 bytes )
File type Win32 EXE
Magic literal
PE32 executable for MS Windows (GUI) Intel 80386 32-bit

TrID Win32 Executable MS Visual C++ (generic) (41.0%)
Win64 Executable (generic) (36.3%)
Win32 Dynamic Link Library (generic) (8.6%)
Win32 Executable (generic) (5.9%)
OS/2 Executable (generic) (2.6%)
Tags
peexe

VirusTotal metadata
First submission 2016-11-30 15:15:37 UTC ( 2 years, 4 months ago )
Last submission 2017-01-13 02:49:36 UTC ( 2 years, 3 months ago )
File names output.105535075.txt
output.105120918.txt
inst.exe
name
1ae5a3fd561c5140d9725b4ba77801ea14ed184279ab58ff9fd7043fe2a23cc9
VirusShare_aa736b6e8e55b91ce00e572befc179f4
LawTugx.exe
HitVixd.exe
5aLFb.exe
aa
No comments. No VirusTotal Community member has commented on this item yet, be the first one to do so!

Leave your comment...

?
Post comment

You have not signed in. Only registered users can leave comments, sign in and have a voice!

No votes. No one has voted on this item yet, be the first one to do so!