× Cookies are disabled! This site requires cookies to be enabled to work properly
SHA256: 2140d05b96cf6a444c07b48f0b6c69cc05f9ef0789085b66e189a23713c46da8
File name: fd1eb7239414f9aedf63e17ebdd5c1d7.exe
Detection ratio: 19 / 56
Analysis date: 2016-08-25 23:22:58 UTC ( 2 years, 6 months ago ) View latest
Antivirus Result Update
Ad-Aware Trojan.Injector.CEP 20160825
AegisLab Heur.Advml.Gen!c 20160825
Arcabit Trojan.Injector.CEP 20160825
Avira (no cloud) TR/Crypt.Xpack.zldn 20160825
BitDefender Trojan.Injector.CEP 20160825
CrowdStrike Falcon (ML) malicious_confidence_100% (W) 20160825
Emsisoft Trojan.Injector.CEP (B) 20160826
ESET-NOD32 a variant of Win32/GenKryptik.BNI 20160825
F-Secure Trojan.Injector.CEP 20160826
GData Trojan.Injector.CEP 20160826
Kaspersky Trojan.Win32.Inject.aavqv 20160825
Malwarebytes Trojan.Injector 20160825
McAfee Artemis!FD1EB7239414 20160825
McAfee-GW-Edition BehavesLike.Win32.Generic.cc 20160825
eScan Trojan.Injector.CEP 20160825
Sophos AV Mal/Generic-S 20160825
Symantec Heur.AdvML.B 20160825
TrendMicro TSPY_ZBOT.YUYARO 20160825
TrendMicro-HouseCall TSPY_ZBOT.YUYARO 20160825
AhnLab-V3 20160825
Alibaba 20160825
ALYac 20160825
Antiy-AVL 20160825
Avast 20160825
AVG 20160825
AVware 20160825
Baidu 20160825
Bkav 20160825
CAT-QuickHeal 20160825
ClamAV 20160825
CMC 20160824
Comodo 20160825
Cyren 20160825
DrWeb 20160825
F-Prot 20160826
Fortinet 20160826
Ikarus 20160825
Jiangmin 20160825
K7AntiVirus 20160825
K7GW 20160826
Kingsoft 20160826
Microsoft 20160825
NANO-Antivirus 20160825
nProtect 20160825
Panda 20160825
Qihoo-360 20160826
Rising 20160825
SUPERAntiSpyware 20160825
Tencent 20160826
TheHacker 20160824
TotalDefense 20160825
VBA32 20160825
VIPRE 20160825
ViRobot 20160825
Yandex 20160825
Zillya 20160825
Zoner 20160825
The file being studied is a Portable Executable file! More specifically, it is a Win32 EXE file for the Windows GUI subsystem.
PE header basic information
Target machine Intel 386 or later processors and compatible processors
Compilation timestamp 2016-08-23 16:26:24
Entry Point 0x00005526
Number of sections 4
PE sections
PE imports
SetSecurityDescriptorDacl
LookupAccountNameA
RegCloseKey
LsaClose
RegQueryValueExA
GetSecurityDescriptorDacl
AddAccessAllowedAce
AllocateAndInitializeSid
GetAce
GetLengthSid
InitializeAcl
GetFileSecurityA
RegOpenKeyExA
SetFileSecurityA
RegEnumKeyExA
InitializeSecurityDescriptor
ImageList_GetImageCount
ImageList_BeginDrag
ImageList_Draw
ImageList_GetImageInfo
ImageList_DragMove
Ord(17)
ImageList_ReplaceIcon
ImageList_DragEnter
ImageList_EndDrag
GetOpenFileNameA
GetEnhMetaFileA
SetGraphicsMode
DeleteEnhMetaFile
CreateHalftonePalette
SetDCBrushColor
SetStretchBltMode
GetDeviceCaps
LineTo
SetDCPenColor
SetBkMode
RealizePalette
SetTextColor
GetObjectA
ExtTextOutW
SetTextAlign
CreateFontA
PlayEnhMetaFile
SelectPalette
GetFontData
SetArcDirection
GdiFlush
SetROP2
CreateCompatibleDC
SetBrushOrgEx
CreateFontIndirectA
SelectObject
GetEnhMetaFileHeader
SetBkColor
DeleteObject
GetLastError
InitializeCriticalSectionAndSpinCount
HeapFree
GetStdHandle
EnterCriticalSection
LCMapStringW
SetHandleCount
lstrlenA
GetConsoleCP
GetOEMCP
QueryPerformanceCounter
IsDebuggerPresent
ExitProcess
TlsAlloc
GlobalUnlock
GetEnvironmentStringsW
FlushFileBuffers
GetModuleFileNameA
RtlUnwind
LoadLibraryA
GetLocalTime
FreeEnvironmentStringsA
DeleteCriticalSection
GetStartupInfoA
GetEnvironmentStrings
GetConsoleMode
GetLocaleInfoA
GetCurrentProcessId
GetConsoleOutputCP
lstrcatA
GetModuleHandleW
GetCPInfo
UnhandledExceptionFilter
TlsGetValue
MultiByteToWideChar
HeapSize
FreeEnvironmentStringsW
GetCommandLineA
CloseHandle
GetStringTypeA
SetStdHandle
CompareStringW
HeapAlloc
RaiseException
WideCharToMultiByte
TlsFree
SetFilePointer
GlobalLock
GetModuleHandleA
SetUnhandledExceptionFilter
WriteFile
GetCurrentProcess
CompareStringA
GetSystemTimeAsFileTime
GetComputerNameA
GlobalMemoryStatusEx
GetACP
HeapReAlloc
GetStringTypeW
GetProcAddress
SetEnvironmentVariableA
InterlockedExchange
TerminateProcess
LCMapStringA
WriteConsoleA
SetLastError
IsValidCodePage
HeapCreate
lstrcpyA
VirtualFree
InterlockedDecrement
Sleep
GetFileType
TlsSetValue
CreateFileA
GetTickCount
GetCurrentThreadId
InterlockedIncrement
VirtualAlloc
WriteConsoleW
LeaveCriticalSection
NetUserAdd
NetLocalGroupAddMember
SysAllocString
CharPrevA
GetForegroundWindow
LoadImageA
GetCursorInfo
EndDialog
BeginPaint
HideCaret
CheckRadioButton
PostQuitMessage
DefWindowProcA
IsWindowEnabled
SetClipboardViewer
GetWindowThreadProcessId
CharLowerA
IsWindow
AppendMenuA
GetWindowRect
EndPaint
SetMenu
UpdateWindow
SetCapture
DrawIcon
CharUpperBuffA
WindowFromPoint
MessageBoxA
GetClipboardData
DialogBoxParamA
GetSysColor
GetDC
ChangeClipboardChain
GetCursorPos
DrawTextA
UpdateLayeredWindow
GetIconInfo
LoadStringA
PtInRect
OpenClipboard
GetSystemMetrics
SetForegroundWindow
SetWindowTextW
GetDlgItem
BringWindowToTop
GetClientRect
InvalidateRect
IsClipboardFormatAvailable
CreateMenu
LoadCursorA
FillRect
AttachThreadInput
CharNextA
GetWindowTextW
CallWindowProcA
GetCursor
ReleaseDC
GetTopWindow
CloseClipboard
GetWindowInfo
DestroyWindow
SetCursor
ScriptGetGlyphABCWidth
ScriptFreeCache
WICMapGuidToShortName
WlanEnumInterfaces
Number of PE resources by type
RT_STRING 8
RT_BITMAP 7
RT_DIALOG 6
RT_GROUP_CURSOR 2
RT_CURSOR 2
RT_MANIFEST 1
Number of PE resources by language
ENGLISH US 26
PE resources
ExifTool file metadata
MIMEType
application/octet-stream

Subsystem
Windows GUI

MachineType
Intel 386 or later, and compatibles

TimeStamp
2016:08:23 17:26:24+01:00

FileType
Win32 EXE

PEType
PE32

CodeSize
76288

LinkerVersion
9.0

FileTypeExtension
exe

InitializedDataSize
83456

SubsystemVersion
5.0

EntryPoint
0x5526

OSVersion
5.0

ImageVersion
0.0

UninitializedDataSize
0

Compressed bundles
File identification
MD5 fd1eb7239414f9aedf63e17ebdd5c1d7
SHA1 96de42e4ba79aa5c96adaa2b89457424ba2ac923
SHA256 2140d05b96cf6a444c07b48f0b6c69cc05f9ef0789085b66e189a23713c46da8
ssdeep
3072:eN1LlfVQfo/pwBunNc/TjnsjmqwR53BfFH33rE5fBI4p:AlqfoOBUuTjnsjPwbRFHSfBR

authentihash 9ada60dbe1c93082b1c5538531d6c889b46fc49b37e0088709f54df0420565fb
imphash 296694391be39f0e2d438097ea3ab640
File size 157.0 KB ( 160768 bytes )
File type Win32 EXE
Magic literal
PE32 executable for MS Windows (GUI) Intel 80386 32-bit

TrID Win32 Executable MS Visual C++ (generic) (41.0%)
Win64 Executable (generic) (36.3%)
Win32 Dynamic Link Library (generic) (8.6%)
Win32 Executable (generic) (5.9%)
OS/2 Executable (generic) (2.6%)
Tags
peexe

VirusTotal metadata
First submission 2016-08-25 08:09:11 UTC ( 2 years, 6 months ago )
Last submission 2017-08-19 10:01:16 UTC ( 1 year, 7 months ago )
File names XXX (4).exe
2140d05b96cf6a444c07b48f0b6c69cc05f9ef0789085b66e189a23713c46da8
8B16CeHkvk.js
aa
VirusShare_fd1eb7239414f9aedf63e17ebdd5c1d7
update.exe
fd1eb7239414f9aedf63e17ebdd5c1d7.exe
fd1eb7239414f9aedf63e17ebdd5c1d7.exe
fd1eb7239414f9aedf63e17ebdd5c1d7
update.exe
No comments. No VirusTotal Community member has commented on this item yet, be the first one to do so!

Leave your comment...

?
Post comment

You have not signed in. Only registered users can leave comments, sign in and have a voice!

No votes. No one has voted on this item yet, be the first one to do so!
Condensed report! The following is a condensed report of the behaviour of the file when executed in a controlled environment. The actions and events described were either performed by the file itself or by any other process launched by the executed file or subjected to code injection by the executed file.
Opened files
Created processes
Opened mutexes
Runtime DLLs