× Cookies are disabled! This site requires cookies to be enabled to work properly
SHA256: 1fe874d558ddd6fa5d97c8a6f89aa13ccf6895e125aebe51aea5fa08cd241dbe
File name: CCTAPpSs.exe
Detection ratio: 46 / 60
Analysis date: 2017-06-06 05:24:13 UTC ( 1 month, 2 weeks ago )
Antivirus Result Update
Ad-Aware Trojan.GenericKD.4549973 20170606
AegisLab Troj.W32.Generic!c 20170606
ALYac Trojan.GenericKD.4549973 20170606
Arcabit Trojan.Generic.D456D55 20170606
Avast Win32:Malware-gen 20170606
AVG MSIL11.ADTP 20170606
Avira (no cloud) TR/Dropper.MSIL.sxbxz 20170605
AVware Trojan.Win32.Generic!BT 20170606
Baidu Win32.Trojan.WisdomEyes.16070401.9500.9999 20170601
BitDefender Trojan.GenericKD.4549973 20170606
Bkav W32.Clod7fe.Trojan.d71f 20170605
CAT-QuickHeal Trojan.Generic 20170606
Comodo Backdoor.Win32.Trojan.NCP.kvobd 20170606
CrowdStrike Falcon (ML) malicious_confidence_89% (W) 20170420
Cyren W32/Trojan.UCCS-3620 20170606
DrWeb Trojan.DownLoader23.46495 20170606
Emsisoft Trojan.GenericKD.4549973 (B) 20170606
Endgame malicious (high confidence) 20170515
ESET-NOD32 a variant of MSIL/Injector.RJM 20170606
F-Secure Trojan.GenericKD.4549973 20170606
Fortinet MSIL/Injector.RJM!tr 20170606
GData Trojan.GenericKD.4549973 20170606
Ikarus Trojan.MSIL.Injector 20170605
Sophos ML trojan.win32.skeeyah.a!rfn 20170604
Jiangmin Trojan.Generic.bakrl 20170606
K7AntiVirus Trojan ( 00504b621 ) 20170605
K7GW Trojan ( 00504b621 ) 20170606
Kaspersky HEUR:Trojan.Win32.Generic 20170606
Malwarebytes Backdoor.LuminosityLink 20170606
McAfee Artemis!624CA0085451 20170606
McAfee-GW-Edition BehavesLike.Win32.Trojan.tc 20170605
Microsoft VirTool:MSIL/Subti.K 20170606
eScan Trojan.GenericKD.4549973 20170606
NANO-Antivirus Trojan.Win32.Mlw.emfdrb 20170606
Palo Alto Networks (Known Signatures) generic.ml 20170606
Panda Trj/GdSda.A 20170605
Qihoo-360 Win32/Trojan.Dropper.7a4 20170606
SentinelOne (Static ML) static engine - malicious 20170516
Sophos AV Mal/Generic-S 20170606
Symantec Trojan.Luminrat 20170606
Tencent Win32.Trojan.Inject.Auto 20170606
TrendMicro-HouseCall TROJ_GEN.R01BC0VCA17 20170606
VIPRE Trojan.Win32.Generic!BT 20170606
Webroot W32.Malware.Gen 20170606
Yandex Trojan.Agent!KEeYqK7xaOo 20170602
ZoneAlarm by Check Point HEUR:Trojan.Win32.Generic 20170606
AhnLab-V3 20170605
Alibaba 20170606
ClamAV 20170605
CMC 20170606
F-Prot 20170606
Kingsoft 20170606
nProtect 20170606
Rising 20170604
SUPERAntiSpyware 20170606
Symantec Mobile Insight 20170605
TheHacker 20170605
TotalDefense 20170606
Trustlook 20170606
VBA32 20170605
ViRobot 20170606
WhiteArmor 20170601
Zillya 20170605
Zoner 20170606
The file being studied is a Portable Executable file! More specifically, it is a Win32 EXE file for the Windows GUI subsystem.
FileVersionInfo properties
Copyright
copyright@colcopy2014

Product avaz
Original name CCTAPpSs.exe
Internal name CCTAPpSs.exe
File version 6.2.8.2
Description cooldoc
Comments prodoc
PE header basic information
Target machine Intel 386 or later processors and compatible processors
Compilation timestamp 2017-02-10 16:14:21
Entry Point 0x000F9BBE
Number of sections 3
.NET details
Module Version ID 37468c04-7f08-4598-b3fc-8e15d2486e32
TypeLib ID 3ff37c2e-8699-4c13-a2c7-20813d745936
PE sections
PE imports
_CorExeMain
Number of PE resources by type
RT_ICON 25
RT_STRING 21
RT_GROUP_ICON 6
RT_VERSION 2
Number of PE resources by language
ENGLISH US 42
ENGLISH NZ 8
NEUTRAL 4
PE resources
ExifTool file metadata
SubsystemVersion
4.0

Comments
prodoc

LinkerVersion
8.0

ImageVersion
0.0

FileSubtype
0

FileVersionNumber
6.2.8.2

LanguageCode
Neutral

FileFlagsMask
0x003f

FileDescription
cooldoc

CharacterSet
Unicode

InitializedDataSize
70144

EntryPoint
0xf9bbe

OriginalFileName
CCTAPpSs.exe

MIMEType
application/octet-stream

LegalCopyright
copyright@colcopy2014

FileVersion
6.2.8.2

TimeStamp
2017:02:10 17:14:21+01:00

FileType
Win32 EXE

PEType
PE32

InternalName
CCTAPpSs.exe

ProductVersion
6.2.8.2

UninitializedDataSize
0

OSVersion
4.0

FileOS
Win32

Subsystem
Windows GUI

MachineType
Intel 386 or later, and compatibles

CompanyName
Colcopy

CodeSize
1014784

ProductName
avaz

ProductVersionNumber
6.2.8.2

FileTypeExtension
exe

ObjectFileType
Executable application

AssemblyVersion
6.2.8.2

Compressed bundles
File identification
MD5 624ca00854511bad165c4bc543aaba1a
SHA1 e03243eff48064a04796bfcb25006125cfcf890e
SHA256 1fe874d558ddd6fa5d97c8a6f89aa13ccf6895e125aebe51aea5fa08cd241dbe
ssdeep
24576:m7FzGdeRisD+yU/Rl3OhVgcFRf/kzAB6QHFrrsYFJVAe:mRD+yU/RtOhyc2ABzPJVA

authentihash c812a56784c8bd18fb63bc836737febc9a8c5e66c9f879cb8cbd629b140bc618
imphash f34d5f2d4577ed6d9ceec516c1f5a744
File size 1.0 MB ( 1085440 bytes )
File type Win32 EXE
Magic literal
PE32 executable for MS Windows (GUI) Intel 80386 32-bit Mono/.Net assembly

TrID Generic CIL Executable (.NET, Mono, etc.) (82.9%)
Win32 Dynamic Link Library (generic) (7.4%)
Win32 Executable (generic) (5.1%)
Generic Win/DOS Executable (2.2%)
DOS Executable Generic (2.2%)
Tags
peexe assembly

VirusTotal metadata
First submission 2017-03-09 12:38:41 UTC ( 4 months, 2 weeks ago )
Last submission 2017-06-06 05:24:13 UTC ( 1 month, 2 weeks ago )
File names 624CA00854511BAD165C4BC543AABA1A
CCTAPpSs.exe
1703291014.exe
PowerBlank.exe
Behaviour characterization
Zemana
dll-injection

No comments. No VirusTotal Community member has commented on this item yet, be the first one to do so!

Leave your comment...

?
Post comment

You have not signed in. Only registered users can leave comments, sign in and have a voice!

No votes. No one has voted on this item yet, be the first one to do so!