× Cookies are disabled! This site requires cookies to be enabled to work properly
SHA256: 20cafffd23d794b3f74241930fee14e4ddd1aa9b491767977b924a28cc1559d4
File name: malekal_8116304470648882a05104a5f0b473de
Detection ratio: 41 / 57
Analysis date: 2016-04-25 23:25:23 UTC ( 1 year, 1 month ago )
Antivirus Result Update
Ad-Aware Gen:Variant.Symmi.30104 20160425
Antiy-AVL Trojan[:HEUR]/Win32.Unknown 20160425
Arcabit Trojan.Symmi.D7598 20160425
Avast Win32:Trustezeb-J [Cryp] 20160425
AVG Ransomer.COB 20160425
Avira (no cloud) TR/PSW.Zbot.11533 20160425
AVware Trojan.Win32.Generic!BT 20160425
Baidu Win32.Trojan.WisdomEyes.151026.9950.9999 20160422
Baidu-International Trojan.Win32.Zbot.olte 20160425
BitDefender Gen:Variant.Symmi.30104 20160425
Comodo UnclassifiedMalware 20160425
Cyren W32/S-c66dc27a!Eldorado 20160425
DrWeb Trojan.Proxy.26055 20160425
Emsisoft Gen:Variant.Symmi.30104 (B) 20160425
ESET-NOD32 Win32/Spy.Zbot.AAO 20160425
F-Prot W32/S-c66dc27a!Eldorado 20160425
F-Secure Gen:Variant.Symmi.30104 20160425
Fortinet W32/Zbot.OLTE!tr 20160425
GData Gen:Variant.Symmi.30104 20160425
Ikarus Win32.SuspectCrc 20160425
K7AntiVirus Trojan ( 0048f0eb1 ) 20160425
K7GW Trojan ( 0048f0eb1 ) 20160425
Kaspersky Trojan-Spy.Win32.Zbot.olte 20160425
Malwarebytes Trojan.Dropper.SFXAI 20160425
McAfee Artemis!811630447064 20160425
McAfee-GW-Edition BehavesLike.Win32.PackedAP.bc 20160425
Microsoft TrojanSpy:Win32/Westnet.A 20160425
eScan Gen:Variant.Symmi.30104 20160425
NANO-Antivirus Trojan.Win32.Zbot.cbokph 20160425
Panda Trj/CI.A 20160425
Qihoo-360 Win32/Trojan.Spy.296 20160426
Rising Trojan.Win32.Generic.15A414E1 (Cloud) 20160425
Sophos Mal/EncPk-ALZ 20160425
Symantec SAPE.Heur.E2007 20160425
Tencent Win32.Trojan-spy.Zbot.Dwiw 20160426
TrendMicro TROJ_SPNR.15IA13 20160425
TrendMicro-HouseCall TROJ_SPNR.15IA13 20160425
VBA32 TrojanSpy.Zbot 20160425
VIPRE Trojan.Win32.Generic!BT 20160425
Yandex TrojanSpy.Zbot!F8Fvkg01nzE 20160425
Zillya Dropper.Agent.Win32.155959 20160425
AegisLab 20160425
AhnLab-V3 20160425
Alibaba 20160425
ALYac 20160425
Bkav 20160425
CAT-QuickHeal 20160425
ClamAV 20160425
CMC 20160425
Jiangmin 20160425
Kingsoft 20160426
nProtect 20160425
SUPERAntiSpyware 20160425
TheHacker 20160424
TotalDefense 20160425
ViRobot 20160425
Zoner 20160425
The file being studied is a Portable Executable file! More specifically, it is a Win32 EXE file for the Windows GUI subsystem.
Packers identified
F-PROT RAR, Aspack
PE header basic information
Target machine Intel 386 or later processors and compatible processors
Compilation timestamp 2012-06-09 13:19:49
Entry Point 0x0000AC87
Number of sections 5
PE sections
Overlays
MD5 286504c93447d8e088935a9b54638f9b
File type application/x-rar
Offset 311808
Size 444689
Entropy 8.00
PE imports
RegCreateKeyExW
RegCloseKey
OpenProcessToken
RegSetValueExW
RegOpenKeyExW
SetFileSecurityW
AdjustTokenPrivileges
LookupPrivilegeValueW
SetFileSecurityA
RegQueryValueExW
InitCommonControlsEx
GetSaveFileNameW
CommDlgExtendedError
GetOpenFileNameW
GetDeviceCaps
DeleteDC
SelectObject
StretchBlt
GetObjectW
CreateCompatibleDC
DeleteObject
CreateCompatibleBitmap
SetFilePointer
GetSystemTime
GetLastError
HeapFree
GetStdHandle
DosDateTimeToFileTime
ReadFile
FileTimeToSystemTime
GetModuleFileNameW
WaitForSingleObject
GetVersionExW
FreeLibrary
FindNextFileA
CompareStringW
HeapAlloc
SystemTimeToFileTime
FlushFileBuffers
IsDBCSLeadByte
GetCommandLineW
GetFileAttributesW
GetTickCount
SetFileAttributesA
FileTimeToLocalFileTime
OpenFileMappingW
GetCurrentProcessId
CreateDirectoryA
DeleteFileA
GetCPInfo
GetDateFormatW
MultiByteToWideChar
MapViewOfFile
CreateDirectoryW
DeleteFileW
GetProcAddress
GetProcessHeap
CreateFileMappingW
GetTimeFormatW
WriteFile
SetFileAttributesW
CloseHandle
WideCharToMultiByte
LoadLibraryW
MoveFileExW
ExpandEnvironmentStringsW
FindNextFileW
SetEndOfFile
GetFileAttributesA
GetTempPathW
GetCurrentProcess
FindFirstFileA
CompareStringA
FindFirstFileW
SetEnvironmentVariableW
HeapReAlloc
GetModuleHandleW
GetFullPathNameA
GetExitCodeProcess
GetCurrentDirectoryW
SetCurrentDirectoryW
UnmapViewOfFile
FindResourceW
CreateFileW
GlobalAlloc
LocalFileTimeToFileTime
FindClose
Sleep
GetFileType
GetFullPathNameW
SetFileTime
CreateFileA
ExitProcess
GetLocaleInfoW
GetNumberFormatW
SetLastError
MoveFileW
VariantInit
SHBrowseForFolderW
SHChangeNotify
SHFileOperationW
SHGetPathFromIDListW
SHGetSpecialFolderLocation
ShellExecuteExW
SHGetFileInfoW
SHGetMalloc
SHAutoComplete
MapWindowPoints
SetFocus
GetParent
UpdateWindow
EndDialog
LoadBitmapW
SetWindowTextW
DefWindowProcW
GetWindowTextW
GetMessageW
ShowWindow
GetSystemMetrics
SetWindowPos
wvsprintfW
CharToOemBuffA
SetWindowLongW
IsWindow
SendMessageW
GetWindowRect
RegisterClassExW
CharUpperW
DialogBoxParamW
CharToOemBuffW
wvsprintfA
TranslateMessage
GetDlgItemTextW
PostMessageW
GetSysColor
SetDlgItemTextW
DispatchMessageW
ReleaseDC
DestroyIcon
SendDlgItemMessageW
IsWindowVisible
LoadStringW
GetClientRect
GetDlgItem
GetWindow
MessageBoxW
GetDC
GetClassNameW
PeekMessageW
CharUpperA
OemToCharA
EnableWindow
CopyRect
WaitForInputIdle
OemToCharBuffA
LoadCursorW
LoadIconW
FindWindowExW
CreateWindowExW
GetWindowLongW
SetForegroundWindow
CharToOemA
DestroyWindow
CreateStreamOnHGlobal
OleUninitialize
CLSIDFromString
OleInitialize
CoCreateInstance
Number of PE resources by type
RT_ICON 18
RT_DIALOG 6
RT_STRING 6
RT_MANIFEST 1
RT_BITMAP 1
RT_GROUP_ICON 1
Number of PE resources by language
NEUTRAL DEFAULT 19
ENGLISH US 14
PE resources
Debug information
ExifTool file metadata
MIMEType
application/octet-stream

Subsystem
Windows GUI

MachineType
Intel 386 or later, and compatibles

FileTypeExtension
exe

TimeStamp
2012:06:09 14:19:49+01:00

FileType
Win32 EXE

PEType
PE32

CodeSize
74752

LinkerVersion
9.0

EntryPoint
0xac87

InitializedDataSize
236032

SubsystemVersion
5.0

ImageVersion
0.0

OSVersion
5.0

UninitializedDataSize
0

File identification
MD5 8116304470648882a05104a5f0b473de
SHA1 479936bae5ee0edbccfd6474ad50d8df9555eb25
SHA256 20cafffd23d794b3f74241930fee14e4ddd1aa9b491767977b924a28cc1559d4
ssdeep
12288:TK2mhAMJ/cPlpP7r9r/+ppppppppppppppppppppppppppppp0GiRJoo0o3/3XeE:W2O/Glp1qifoo0KHesCKAjGcovxLWYFp

authentihash 1d50303fae22126b326e53685292b24d8536b8e6d592fe752f1e614293fb14c8
imphash 3c98c11017e670673be70ad841ea9c37
File size 738.8 KB ( 756497 bytes )
File type Win32 EXE
Magic literal
PE32 executable for MS Windows (GUI) Intel 80386 32-bit

TrID Win32 Executable MS Visual C++ (generic) (52.5%)
Windows screen saver (22.0%)
Win32 Dynamic Link Library (generic) (11.0%)
Win32 Executable (generic) (7.5%)
Generic Win/DOS Executable (3.3%)
Tags
peexe aspack overlay

VirusTotal metadata
First submission 2013-08-15 19:47:54 UTC ( 3 years, 10 months ago )
Last submission 2013-08-15 19:47:54 UTC ( 3 years, 10 months ago )
File names malekal_8116304470648882a05104a5f0b473de
Advanced heuristic and reputation engines
Symantec reputation Suspicious.Insight
No comments. No VirusTotal Community member has commented on this item yet, be the first one to do so!

Leave your comment...

?
Post comment

You have not signed in. Only registered users can leave comments, sign in and have a voice!

No votes. No one has voted on this item yet, be the first one to do so!
Condensed report! The following is a condensed report of the behaviour of the file when executed in a controlled environment. The actions and events described were either performed by the file itself or by any other process launched by the executed file or subjected to code injection by the executed file.
Opened files
Read files
Runtime DLLs
UDP communications