× Cookies are disabled! This site requires cookies to be enabled to work properly
SHA256: 20d713e51c9f8349c028d93f7db1716ad2fa314a9e896822bcb332099ac9e6fc
File name: admin.rar
Detection ratio: 6 / 56
Analysis date: 2016-04-13 19:24:17 UTC ( 2 years, 10 months ago ) View latest
Antivirus Result Update
Bkav HW32.Packed.1E3A 20160413
Kaspersky UDS:DangerousObject.Multi.Generic 20160413
McAfee Artemis!CA4126813904 20160413
McAfee-GW-Edition BehavesLike.Win32.VirRansom.dc 20160413
Qihoo-360 HEUR/QVM07.1.Malware.Gen 20160413
Rising PE:Malware.XPACK-HIE/Heur!1.9C48 [F] 20160413
Ad-Aware 20160413
AegisLab 20160413
AhnLab-V3 20160413
Alibaba 20160413
ALYac 20160413
Antiy-AVL 20160413
Arcabit 20160413
Avast 20160413
AVG 20160413
Avira (no cloud) 20160413
AVware 20160413
Baidu 20160413
Baidu-International 20160413
BitDefender 20160413
CAT-QuickHeal 20160413
ClamAV 20160412
CMC 20160412
Comodo 20160413
Cyren 20160413
DrWeb 20160413
Emsisoft 20160413
ESET-NOD32 20160413
F-Prot 20160413
F-Secure 20160413
Fortinet 20160404
GData 20160413
Ikarus 20160413
Jiangmin 20160413
K7AntiVirus 20160413
K7GW 20160404
Kingsoft 20160413
Malwarebytes 20160413
Microsoft 20160413
eScan 20160413
NANO-Antivirus 20160413
nProtect 20160412
Panda 20160413
Sophos AV 20160413
SUPERAntiSpyware 20160413
Symantec 20160413
Tencent 20160413
TheHacker 20160412
TrendMicro 20160413
TrendMicro-HouseCall 20160413
VBA32 20160413
VIPRE 20160413
ViRobot 20160413
Yandex 20160412
Zillya 20160413
Zoner 20160413
The file being studied is a Portable Executable file! More specifically, it is a Win32 EXE file for the Windows command line subsystem.
PE header basic information
Target machine Intel 386 or later processors and compatible processors
Compilation timestamp 2014-01-10 04:23:58
Entry Point 0x00027B46
Number of sections 4
PE sections
PE imports
PropertySheetA
Ord(8)
ImageList_Destroy
ImageList_Add
CreateICA
GetSystemPaletteEntries
CreateMetaFileA
CreatePen
GetBkMode
SaveDC
TextOutA
CreateFontIndirectA
GetTextMetricsA
GetClipBox
GetWindowExtEx
GetDeviceGammaRamp
GetBrushOrgEx
CreateDCA
TranslateCharsetInfo
LineTo
DeleteDC
SetEnhMetaFileBits
SetBkMode
GetWindowOrgEx
SetMetaFileBitsEx
SetPixel
GetMetaFileA
ChoosePixelFormat
SetPaletteEntries
BitBlt
Polyline
CreateDIBSection
GdiSetBatchLimit
EnumFontFamiliesA
GetICMProfileW
CreateFontIndirectW
ExtTextOutW
CreateEllipticRgn
DescribePixelFormat
GetTextFaceW
RectVisible
CreatePalette
CreateBrushIndirect
GetCurrentPositionEx
ExtTextOutA
GetDIBits
GetTextExtentPointA
ExtCreateRegion
EnumFontFamiliesExA
CreateFontW
GetFontLanguageInfo
ExtEscape
CreateRectRgn
RemoveFontResourceA
DeleteObject
SetWindowExtEx
SetWindowOrgEx
SetBitmapDimensionEx
DPtoLP
GetMapMode
SetWinMetaFileBits
GetCharWidth32A
GetTextExtentPoint32W
CheckSumMappedFile
SymGetSymFromName
SymSetOptions
ImageDirectoryEntryToData
SymCleanup
MapDebugInformation
SymRegisterCallback
StackWalk
SymGetModuleInfo
ImageGetCertificateHeader
SymGetLineFromAddr
ImagehlpApiVersionEx
SymGetSearchPath
ImageEnumerateCertificates
SymInitialize
SymLoadModule
MakeSureDirectoryPathExists
EnumerateLoadedModules
SymEnumerateModules
GetStartupInfoA
GetModuleHandleA
SafeArrayAccessData
VariantTimeToSystemTime
SysStringLen
CreateDispTypeInfo
SysStringByteLen
RegisterTypeLib
SafeArrayUnaccessData
VariantCopyInd
VariantClear
SysAllocString
SafeArrayAllocDescriptor
VariantCopy
SysReAllocString
OaBuildVersion
LoadTypeLibEx
VarUdateFromDate
SysFreeString
QueryPathOfRegTypeLib
OleLoadPicturePath
RasEnumDevicesA
RasGetEntryDialParamsA
RasEnumConnectionsA
RasDeleteEntryA
ShellExecuteExA
SHAppBarMessage
waveInOpen
mmioWrite
waveOutGetDevCapsA
mciGetErrorStringA
waveInGetErrorTextA
timeBeginPeriod
mixerGetNumDevs
mmioSeek
timeEndPeriod
mixerGetLineInfoW
joyGetDevCapsA
mmioOpenA
OpenDriver
mixerGetID
mixerGetDevCapsA
CloseDriver
midiOutGetNumDevs
mmioRead
waveOutPrepareHeader
timeSetEvent
mixerGetControlDetailsA
waveOutGetVolume
mciSendCommandA
PrintDlgW
GetOpenFileNameA
GetOpenFileNameW
CommDlgExtendedError
ChooseFontA
Number of PE resources by type
RT_ACCELERATOR 3
RT_DIALOG 3
RT_MENU 1
RT_VERSION 1
Number of PE resources by language
ENGLISH AUS 8
PE resources
ExifTool file metadata
UninitializedDataSize
0

InitializedDataSize
176128

ImageVersion
0.0

FileVersionNumber
0.169.157.115

LanguageCode
Neutral

FileFlagsMask
0x003f

FileDescription
Pincers

CharacterSet
Unicode

LinkerVersion
8.0

FileTypeExtension
exe

OriginalFileName
Sketchier.exe

MIMEType
application/octet-stream

Subsystem
Windows command line

FileVersion
148, 159, 127, 232

TimeStamp
2014:01:10 05:23:58+01:00

FileType
Win32 EXE

PEType
PE32

InternalName
Place

ProductVersion
221, 92, 115, 10

SubsystemVersion
4.0

OSVersion
4.0

FileOS
Windows NT 32-bit

LegalCopyright
Copyright 2011

MachineType
Intel 386 or later, and compatibles

CompanyName
Serence Inc.

CodeSize
159744

FileSubtype
0

ProductVersionNumber
0.42.214.36

EntryPoint
0x27b46

ObjectFileType
Executable application

File identification
MD5 ca4126813904b02ddb8c295fd25e9e0f
SHA1 095355b908b803721774559283ea11c3e552082b
SHA256 20d713e51c9f8349c028d93f7db1716ad2fa314a9e896822bcb332099ac9e6fc
ssdeep
3072:CRcMRcMEEUjmqWwxAQ5CW/iAoMnCeyY/3TSNTjjjVrYmnntPyxxuiIt/IFT+gk2N:CyMRcdEUKRwxpCQNCnY8Qu0T+p

imphash bd1801a1d6a327c3eecff21070ca579c
File size 212.0 KB ( 217088 bytes )
File type Win32 EXE
Magic literal
PE32 executable for MS Windows (console) Intel 80386 32-bit

TrID Win32 Executable MS Visual C++ (generic) (35.0%)
Win64 Executable (generic) (31.0%)
Windows screen saver (14.7%)
Win32 Dynamic Link Library (generic) (7.3%)
Win32 Executable (generic) (5.0%)
Tags
peexe

VirusTotal metadata
First submission 2016-04-13 16:07:06 UTC ( 2 years, 10 months ago )
Last submission 2018-05-13 17:41:55 UTC ( 9 months, 2 weeks ago )
File names login.php
admin_exe
dmin.exe
admin.rar
R92Fe.docm
No comments. No VirusTotal Community member has commented on this item yet, be the first one to do so!

Leave your comment...

?
Post comment

You have not signed in. Only registered users can leave comments, sign in and have a voice!

No votes. No one has voted on this item yet, be the first one to do so!
Condensed report! The following is a condensed report of the behaviour of the file when executed in a controlled environment. The actions and events described were either performed by the file itself or by any other process launched by the executed file or subjected to code injection by the executed file.
Opened files
Read files
Created mutexes
Opened mutexes
Opened service managers
Runtime DLLs