× Cookies are disabled! This site requires cookies to be enabled to work properly
SHA256: 1d64db20e038ba848f2720138122bf08e98cd647da33d2d448ae2586596c9ef6
File name: 69.exe
Detection ratio: 3 / 55
Analysis date: 2016-03-10 13:43:38 UTC ( 3 years, 2 months ago ) View latest
Antivirus Result Update
McAfee-GW-Edition BehavesLike.Win32.Backdoor.cc 20160310
Qihoo-360 QVM19.1.Malware.Gen 20160310
Rising PE:Malware.XPACK/RDM!5.1 [F] 20160310
Ad-Aware 20160310
AegisLab 20160310
Yandex 20160308
AhnLab-V3 20160310
Alibaba 20160310
ALYac 20160310
Antiy-AVL 20160310
Arcabit 20160310
Avast 20160310
AVG 20160310
AVware 20160310
Baidu 20160310
Baidu-International 20160310
BitDefender 20160310
Bkav 20160310
ByteHero 20160310
CAT-QuickHeal 20160310
ClamAV 20160310
CMC 20160307
Comodo 20160310
Cyren 20160310
DrWeb 20160310
Emsisoft 20160310
ESET-NOD32 20160310
F-Prot 20160310
F-Secure 20160310
Fortinet 20160310
GData 20160310
Ikarus 20160310
Jiangmin 20160310
K7AntiVirus 20160310
K7GW 20160310
Kaspersky 20160310
Malwarebytes 20160310
McAfee 20160310
Microsoft 20160310
eScan 20160310
NANO-Antivirus 20160310
nProtect 20160310
Panda 20160309
Sophos AV 20160310
SUPERAntiSpyware 20160310
Symantec 20160309
Tencent 20160310
TheHacker 20160310
TrendMicro 20160310
TrendMicro-HouseCall 20160310
VBA32 20160309
VIPRE 20160310
ViRobot 20160310
Zillya 20160310
Zoner 20160310
The file being studied is a Portable Executable file! More specifically, it is a Win32 EXE file for the Windows GUI subsystem.
PE header basic information
Target machine Intel 386 or later processors and compatible processors
Compilation timestamp 2016-03-10 13:54:09
Entry Point 0x00008000
Number of sections 9
PE sections
PE imports
ImmReleaseContext
FreeLibrary
GetLastError
lstrcpyW
RaiseException
LocalAlloc
lstrcatA
InterlockedExchange
IsBadReadPtr
TransmitCommChar
LoadLibraryA
FindResourceA
GetProcAddress
ReadConsoleOutputA
DsFreeDomainControllerInfoA
DsListRolesA
ShellAboutA
SHInvokePrinterCommandW
SHEmptyRecycleBinW
SHInvokePrinterCommandA
isalnum
memset
mblen
labs
iswalpha
isspace
ReleaseStgMedium
OleConvertIStorageToOLESTREAMEx
StgConvertPropertyToVariant
PdhOpenQueryA
PdhSetQueryTimeRange
Number of PE resources by type
RT_ACCELERATOR 1
RT_ICON 1
RT_MENU 1
RT_GROUP_ICON 1
Number of PE resources by language
ENGLISH US 4
PE resources
ExifTool file metadata
MIMEType
application/octet-stream

Subsystem
Windows GUI

MachineType
Intel 386 or later, and compatibles

TimeStamp
2016:03:10 13:54:09+00:00

FileType
Win32 EXE

PEType
PE32

CodeSize
23552

LinkerVersion
8.0

FileTypeExtension
exe

InitializedDataSize
164864

SubsystemVersion
4.0

EntryPoint
0x8000

OSVersion
5.0

ImageVersion
0.0

UninitializedDataSize
0

File identification
MD5 47becc218351868696361fd24a9926ba
SHA1 4f39182bcce347788ca8f2b10b0f93bdefdecc78
SHA256 1d64db20e038ba848f2720138122bf08e98cd647da33d2d448ae2586596c9ef6
ssdeep
3072:sefkpi0vJk62W6bCLwry5LKDGrnoJ6JBAPR9O6ozkma02ksXBn:sefGx12W6PuDroJ6EPR9OHzkma08d

authentihash 225529d88f688b311bc2f288ece7e18448adbcaaef9804eb9b91a281c46d5e3b
imphash 88b4a0d437a28b934b58161756695818
File size 179.0 KB ( 183296 bytes )
File type Win32 EXE
Magic literal
PE32 executable for MS Windows (GUI) Intel 80386 32-bit

TrID Win32 Dynamic Link Library (generic) (38.4%)
Win32 Executable (generic) (26.3%)
OS/2 Executable (generic) (11.8%)
Generic Win/DOS Executable (11.6%)
DOS Executable Generic (11.6%)
Tags
peexe

VirusTotal metadata
First submission 2016-03-10 13:19:34 UTC ( 3 years, 2 months ago )
Last submission 2018-05-06 06:25:27 UTC ( 1 year ago )
File names 69.exe
jhQFt7FS.exe
VcNLHAw.vsd
No comments. No VirusTotal Community member has commented on this item yet, be the first one to do so!

Leave your comment...

?
Post comment

You have not signed in. Only registered users can leave comments, sign in and have a voice!

No votes. No one has voted on this item yet, be the first one to do so!
Condensed report! The following is a condensed report of the behaviour of the file when executed in a controlled environment. The actions and events described were either performed by the file itself or by any other process launched by the executed file or subjected to code injection by the executed file.
Opened files
Read files
Created mutexes
Opened mutexes
Opened service managers
Opened services
Runtime DLLs
UDP communications