× Cookies are disabled! This site requires cookies to be enabled to work properly
SHA256: 1d3217d27d6192daaf4832b452a9c9b8d78dd0b51f7baa4840f28271e153f7dc
File name: 71189701e7f5eb3414941c83b1c1f80199de3208
Detection ratio: 4 / 55
Analysis date: 2015-11-29 03:12:44 UTC ( 3 years, 2 months ago ) View latest
Antivirus Result Update
ESET-NOD32 Win32/TrojanDownloader.Agent.BXE 20151128
Kaspersky UDS:DangerousObject.Multi.Generic 20151129
Malwarebytes Trojan.MalPack.DGI 20151129
Qihoo-360 HEUR/QVM07.1.Malware.Gen 20151129
Ad-Aware 20151129
AegisLab 20151128
Yandex 20151128
AhnLab-V3 20151128
Alibaba 20151127
ALYac 20151129
Antiy-AVL 20151129
Arcabit 20151129
Avast 20151129
AVG 20151129
Avira (no cloud) 20151128
AVware 20151129
Baidu-International 20151128
BitDefender 20151129
Bkav 20151128
ByteHero 20151129
CAT-QuickHeal 20151128
ClamAV 20151129
CMC 20151127
Comodo 20151129
Cyren 20151129
DrWeb 20151129
Emsisoft 20151129
F-Prot 20151129
F-Secure 20151128
Fortinet 20151128
GData 20151129
Ikarus 20151128
Jiangmin 20151128
K7AntiVirus 20151129
K7GW 20151128
McAfee 20151129
McAfee-GW-Edition 20151128
Microsoft 20151128
eScan 20151129
NANO-Antivirus 20151129
Panda 20151128
Rising 20151128
Sophos AV 20151129
SUPERAntiSpyware 20151129
Symantec 20151128
Tencent 20151129
TheHacker 20151127
TotalDefense 20151128
TrendMicro 20151129
TrendMicro-HouseCall 20151129
VBA32 20151129
VIPRE 20151129
ViRobot 20151128
Zillya 20151127
Zoner 20151129
The file being studied is a Portable Executable file! More specifically, it is a Win32 EXE file for the Windows GUI subsystem.
PE header basic information
Target machine Intel 386 or later processors and compatible processors
Compilation timestamp 2004-09-15 19:27:45
Entry Point 0x0001816E
Number of sections 4
PE sections
Overlays
MD5 4524db26455e6276b23c47e2e4bf4aea
File type data
Offset 266240
Size 2201
Entropy 6.16
PE imports
GetTrusteeNameA
RevertToSelf
DestroyPrivateObjectSecurity
ImpersonateSelf
MakeSelfRelativeSD
DuplicateToken
RegOpenKeyExA
BuildExplicitAccessWithNameA
MapGenericMask
ImageList_Replace
ImageList_ReplaceIcon
ImageList_DragEnter
SetMetaRgn
GdiSetBatchLimit
SetEnhMetaFileBits
AddFontResourceA
GetAspectRatioFilterEx
CreatePolygonRgn
CreateDIBSection
CreateBitmapIndirect
GetProcessHeap
GetStartupInfoA
GetPrivateProfileStringA
GetCPInfo
GetDiskFreeSpaceExW
GetSystemInfo
GetModuleHandleA
GlobalFree
GetLongPathNameA
GetPrivateProfileIntA
GetOEMCP
GetBinaryTypeW
EscapeCommFunction
GetProfileIntW
EnumTimeFormatsA
GetNamedPipeHandleStateW
GetProcessWorkingSetSize
GetNumberOfConsoleMouseButtons
GetCurrentThreadId
GetCommConfig
GetDefaultCommConfigA
WNetGetUniversalNameA
__p__fmode
puts
_acmdln
_adjust_fdiv
__setusermatherr
__p__winmajor
_getw
wcsncat
__getmainargs
_initterm
_controlfp
__p__commode
__set_app_type
LPSAFEARRAY_UserSize
RasGetProjectionInfoA
RasDialA
CreateIconFromResourceEx
CreateIconFromResource
GetSaveFileNameA
Number of PE resources by type
RT_GROUP_ICON 4
Number of PE resources by language
ENGLISH AUS 4
PE resources
ExifTool file metadata
UninitializedDataSize
0

InitializedDataSize
3989504

ImageVersion
0.0

FileVersionNumber
0.20.22.62

LanguageCode
Neutral

FileFlagsMask
0x003f

FileDescription
Probability

CharacterSet
Unicode

LinkerVersion
6.0

FileTypeExtension
exe

OriginalFileName
Reheat.exe

MIMEType
application/octet-stream

Subsystem
Windows GUI

FileVersion
0,181,114,146

TimeStamp
2004:09:15 20:27:45+01:00

FileType
Win32 EXE

PEType
PE32

ProductVersion
0,48,180,242

SubsystemVersion
4.0

OSVersion
4.0

FileOS
Windows NT 32-bit

LegalCopyright
Sugaring (C) 2018

MachineType
Intel 386 or later, and compatibles

CompanyName
Authentium

CodeSize
98304

FileSubtype
0

ProductVersionNumber
0.215.162.100

EntryPoint
0x1816e

ObjectFileType
Executable application

File identification
MD5 6da65edd23d41760d54ab6f8157ba138
SHA1 71189701e7f5eb3414941c83b1c1f80199de3208
SHA256 1d3217d27d6192daaf4832b452a9c9b8d78dd0b51f7baa4840f28271e153f7dc
ssdeep
3072:e75B2pppkIgrqS6iu6bxQiUezBKBZ45NNOkE4zEBXOzeCuu7Ze7LUWHtp:CQTkbqUOQKBCjNOvuNzeKNqLUy

authentihash 185727c816b723cb9182222318b964d7b70253abdb3d8d88c605bfb37ddd7018
imphash 8a483a7af09a1c8d72cf0bf6689062d4
File size 262.1 KB ( 268441 bytes )
File type Win32 EXE
Magic literal
PE32 executable for MS Windows (GUI) Intel 80386 32-bit

TrID Win32 Dynamic Link Library (generic) (43.5%)
Win32 Executable (generic) (29.8%)
Generic Win/DOS Executable (13.2%)
DOS Executable Generic (13.2%)
Autodesk FLIC Image File (extensions: flc, fli, cel) (0.0%)
Tags
peexe overlay

VirusTotal metadata
First submission 2015-11-29 03:12:44 UTC ( 3 years, 2 months ago )
Last submission 2015-11-29 03:12:44 UTC ( 3 years, 2 months ago )
Advanced heuristic and reputation engines
TrendMicro-HouseCall
TrendMicro's heuristic engine has flagged this file as: TROJ_GEN.R00JC0DL115.

No comments. No VirusTotal Community member has commented on this item yet, be the first one to do so!

Leave your comment...

?
Post comment

You have not signed in. Only registered users can leave comments, sign in and have a voice!

No votes. No one has voted on this item yet, be the first one to do so!
Condensed report! The following is a condensed report of the behaviour of the file when executed in a controlled environment. The actions and events described were either performed by the file itself or by any other process launched by the executed file or subjected to code injection by the executed file.
Opened files
Read files
Written files
Moved files
Deleted files
Created processes
Shell commands
Code injections in the following processes
Created mutexes
Opened mutexes
Opened service managers
Opened services
Runtime DLLs
HTTP requests
DNS requests
TCP connections