× Cookies are disabled! This site requires cookies to be enabled to work properly
SHA256: 1e106e61bb975d21c31fe3d382efaf291a97d3055273d5bf8e771b63ff76d213
File name: befef3b5242306d5609c4459a072e59c.virus
Detection ratio: 31 / 56
Analysis date: 2016-08-16 08:35:36 UTC ( 2 years, 6 months ago )
Antivirus Result Update
Ad-Aware Trojan.GenericKD.3456298 20160816
AhnLab-V3 Malware/Win32.Generic.N2073051970 20160815
ALYac Trojan.GenericKD.3456298 20160816
Antiy-AVL Trojan/Win32.TSGeneric 20160816
Arcabit Trojan.Generic.D34BD2A 20160816
AVG PSW.Generic13.LSM 20160816
Avira (no cloud) TR/Crypt.ZPACK.fxkv 20160816
AVware Trojan.Win32.Generic!BT 20160816
BitDefender Trojan.GenericKD.3456298 20160816
Bkav HW32.Packed.18E3 20160815
Cyren W32/Trojan.KVYS-8354 20160816
DrWeb Trojan.Inject2.26678 20160816
Emsisoft Trojan.GenericKD.3456298 (B) 20160816
ESET-NOD32 Win32/PSW.Papras.EH 20160816
F-Secure Trojan.GenericKD.3456298 20160816
Fortinet W32/Papras.EH!tr.pws 20160816
GData Trojan.GenericKD.3456298 20160816
Malwarebytes Trojan.Crypt 20160816
McAfee Fareit-FFS!BEFEF3B52423 20160816
McAfee-GW-Edition BehavesLike.Win32.Backdoor.dc 20160816
Microsoft TrojanSpy:Win32/Ursnif.HP!bit 20160816
eScan Trojan.GenericKD.3456298 20160816
nProtect Trojan.GenericKD.3456298 20160812
Panda Trj/GdSda.A 20160815
Qihoo-360 QVM20.1.Malware.Gen 20160816
Rising Malware.XPACK-HIE/Heur!1.9C48 20160816
Sophos AV Mal/Generic-S 20160816
TrendMicro TROJ_GEN.R011C0DHA16 20160816
TrendMicro-HouseCall TROJ_GEN.R011C0DHA16 20160816
VIPRE Trojan.Win32.Generic!BT 20160816
Yandex Trojan.PWS.Papras!V7B6x4CNU8k 20160815
AegisLab 20160816
Alibaba 20160816
Avast 20160816
Baidu 20160813
CAT-QuickHeal 20160816
ClamAV 20160816
CMC 20160816
Comodo 20160816
F-Prot 20160816
Ikarus 20160816
Jiangmin 20160816
K7AntiVirus 20160816
K7GW 20160816
Kaspersky 20160816
Kingsoft 20160816
NANO-Antivirus 20160816
SUPERAntiSpyware 20160816
Symantec 20160816
Tencent 20160816
TheHacker 20160814
TotalDefense 20160816
VBA32 20160815
ViRobot 20160816
Zillya 20160815
Zoner 20160816
The file being studied is a Portable Executable file! More specifically, it is a Win32 EXE file for the Windows GUI subsystem.
PE header basic information
Target machine Intel 386 or later processors and compatible processors
Compilation timestamp 2012-07-14 10:54:05
Entry Point 0x000079EB
Number of sections 4
PE sections
PE imports
CloseClusterGroup
CloseCluster
CloseClusterNode
CryptUnprotectData
CertFreeCRLContext
CertFreeCTLContext
CertDuplicateCRLContext
CertAddStoreToCollection
CertDuplicateStore
CryptSignMessage
CertFindExtension
CertFindAttribute
CryptMemFree
CertNameToStrA
CryptMsgClose
CryptMemAlloc
CryptSIPLoad
EapHostPeerFreeMemory
EapHostPeerConfigBlob2Xml
EapHostPeerGetMethods
EapHostPeerFreeErrorMemory
OpenMutexA
CompareStringW
lstrlenW
GetStringTypeA
GetModuleHandleA
GetVersionExW
GetOEMCP
LocalFileTimeToFileTime
HeapReAlloc
GetTickCount
CreateHardLinkW
lstrcpynA
FindNextFileA
GetProcAddress
WaitForSingleObjectEx
GetFileSize
WriteConsoleW
InterlockedIncrement
StrChrW
DragAcceptFiles
SHFileOperationW
ShellAboutW
FreeIconList
SHGetDiskFreeSpaceA
SHGetFolderPathA
SheChangeDirA
SHCreateDirectoryExA
SHGetDataFromIDListA
DuplicateIcon
DragQueryFileA
ExtractAssociatedIconA
SHUpdateImageW
Number of PE resources by type
RT_RCDATA 1
RT_VERSION 1
Number of PE resources by language
NEUTRAL 2
PE resources
Debug information
ExifTool file metadata
MIMEType
application/octet-stream

Subsystem
Windows GUI

MachineType
Intel 386 or later, and compatibles

FileTypeExtension
exe

TimeStamp
2012:07:14 11:54:05+01:00

FileType
Win32 EXE

PEType
PE32

CodeSize
209408

LinkerVersion
6.0

Warning
Possibly corrupt Version resource

EntryPoint
0x79eb

InitializedDataSize
6144

SubsystemVersion
4.0

ImageVersion
0.0

OSVersion
4.0

UninitializedDataSize
0

File identification
MD5 befef3b5242306d5609c4459a072e59c
SHA1 39ed62e0f24073938367dd6dde25c82ad8b1b5da
SHA256 1e106e61bb975d21c31fe3d382efaf291a97d3055273d5bf8e771b63ff76d213
ssdeep
6144:MaoOAcvrkIBG6yJn1MbqeYoBGQ9km25diH6Q:MYA6+lVqjYy9km25sn

authentihash 29c0eaac1cad1efd956781db2f66e71518786b7958e1df5b5b93bf8174a6fc2c
imphash 62dfc49f4f76cc771387e6302925746f
File size 211.5 KB ( 216576 bytes )
File type Win32 EXE
Magic literal
PE32 executable for MS Windows (GUI) Intel 80386 32-bit

TrID Win32 Dynamic Link Library (generic) (43.5%)
Win32 Executable (generic) (29.8%)
Generic Win/DOS Executable (13.2%)
DOS Executable Generic (13.2%)
Tags
peexe

VirusTotal metadata
First submission 2016-08-16 08:35:36 UTC ( 2 years, 6 months ago )
Last submission 2016-08-16 08:35:36 UTC ( 2 years, 6 months ago )
File names befef3b5242306d5609c4459a072e59c.virus
No comments. No VirusTotal Community member has commented on this item yet, be the first one to do so!

Leave your comment...

?
Post comment

You have not signed in. Only registered users can leave comments, sign in and have a voice!

No votes. No one has voted on this item yet, be the first one to do so!