× Cookies are disabled! This site requires cookies to be enabled to work properly
SHA256: 222cdca8fd25219d73aaacd823c9e2a523d39a4793da06b2b662aabc2415be59
File name: 459be1f0f2fa297ac57326900a11da17
Detection ratio: 39 / 57
Analysis date: 2016-12-13 22:06:30 UTC ( 2 years, 2 months ago ) View latest
Antivirus Result Update
Ad-Aware Gen:Variant.Mikey.56187 20161214
AegisLab Troj.W32.Yakes!c 20161213
ALYac Gen:Variant.Mikey.56187 20161213
Antiy-AVL Trojan/Win32.Razy 20161213
Arcabit Trojan.Mikey.DDB7B 20161213
Avast Win32:Malware-gen 20161213
AVG Crypt6.NSD 20161213
Avira (no cloud) TR/Crypt.ZPACK.euqzh 20161213
AVware Trojan.Win32.Generic!BT 20161213
Baidu Win32.Trojan.WisdomEyes.16070401.9500.9999 20161207
BitDefender Gen:Variant.Mikey.56187 20161214
CrowdStrike Falcon (ML) malicious_confidence_100% (W) 20161024
Cyren W32/Trojan.UMMU-2388 20161214
DrWeb Trojan.PWS.Papras.2460 20161214
Emsisoft Gen:Variant.Mikey.56187 (B) 20161214
ESET-NOD32 a variant of Win32/Kryptik.FKDB 20161214
F-Secure Gen:Variant.Mikey.56187 20161214
Fortinet W32/Generic.AC.3A696A!tr 20161214
GData Gen:Variant.Mikey.56187 20161214
Sophos ML generic.a 20161202
Jiangmin Backdoor.Androm.lza 20161213
K7AntiVirus Trojan ( 004fe9331 ) 20161213
K7GW Trojan ( 004fe9331 ) 20161214
Kaspersky Trojan.Win32.Yakes.rrer 20161214
Malwarebytes Trojan.Ursnif 20161214
McAfee Artemis!459BE1F0F2FA 20161214
McAfee-GW-Edition BehavesLike.Win32.Backdoor.cc 20161213
Microsoft TrojanDownloader:Win32/Talalpek.A 20161213
eScan Gen:Variant.Mikey.56187 20161214
NANO-Antivirus Trojan.Win32.Papras.eiqiee 20161214
Panda Trj/CI.A 20161213
Qihoo-360 Win32/Trojan.608 20161214
Rising Malware.Generic!shW9qVpWJAM@2 (thunder) 20161213
Sophos AV Mal/Generic-S 20161213
Symantec Trojan Horse 20161213
Tencent Win32.Trojan.Yakes.Pdct 20161214
TrendMicro TROJ_GEN.R00JC0OKN16 20161214
TrendMicro-HouseCall TROJ_GEN.R00JC0OKN16 20161214
VIPRE Trojan.Win32.Generic!BT 20161214
AhnLab-V3 20161213
Alibaba 20161213
Bkav 20161213
CAT-QuickHeal 20161213
ClamAV 20161213
CMC 20161213
Comodo 20161213
F-Prot 20161214
Ikarus 20161213
Kingsoft 20161214
nProtect 20161213
SUPERAntiSpyware 20161213
TheHacker 20161212
TotalDefense 20161213
Trustlook 20161214
VBA32 20161213
ViRobot 20161213
WhiteArmor 20161212
Yandex 20161213
Zillya 20161213
Zoner 20161213
The file being studied is a Portable Executable file! More specifically, it is a Win32 EXE file for the Windows GUI subsystem.
PE header basic information
Target machine Intel 386 or later processors and compatible processors
Compilation timestamp 2013-09-02 10:01:36
Entry Point 0x00002FA0
Number of sections 4
PE sections
PE imports
CheckADsError
ErrMsg
CrackName
QueryDosDeviceA
OpenSemaphoreW
CopyFileW
SystemTimeToFileTime
GetStringTypeA
InitializeCriticalSection
lstrcmpiA
GetLastError
CreateDirectoryA
DeleteFileA
GetModuleHandleA
FindFirstFileW
FindAtomA
GetStartupInfoA
CreateMutexW
CreateFileA
GetCommandLineA
GetProcAddress
WaitForSingleObjectEx
GetPrivateProfileStringW
SHGetFileInfoA
SHCreateShellItem
SHQueryRecycleBinW
SHFree
ShellAboutA
SHChangeNotify
SHFileOperationW
DragQueryFileA
DragQueryPoint
SHGetFolderPathA
DragAcceptFiles
SHGetDataFromIDListA
DllCanUnloadNow
SHGetDesktopFolder
FindExecutableA
DragFinish
FormatEx
Recover
Extend
Format
GetMessageA
CreateWindowExA
LoadCursorA
LoadStringA
RegisterClassExW
wsprintfA
MessageBoxA
OemToCharW
FindWindowExW
MapVirtualKeyW
LoadImageW
CharToOemA
Number of PE resources by type
BVAQ 2
Number of PE resources by language
ENGLISH US 2
PE resources
ExifTool file metadata
MIMEType
application/octet-stream

Subsystem
Windows GUI

MachineType
Intel 386 or later, and compatibles

TimeStamp
2013:09:02 11:01:36+01:00

FileType
Win32 EXE

PEType
PE32

CodeSize
16384

LinkerVersion
8.0

FileTypeExtension
exe

InitializedDataSize
139264

SubsystemVersion
4.0

EntryPoint
0x2fa0

OSVersion
4.0

ImageVersion
0.0

UninitializedDataSize
0

File identification
MD5 459be1f0f2fa297ac57326900a11da17
SHA1 3ea823addac46bd9a6c2599a89aef025ca995933
SHA256 222cdca8fd25219d73aaacd823c9e2a523d39a4793da06b2b662aabc2415be59
ssdeep
3072:S8N3QSKh1qCeAvLHKoDoYH9wJEc9k5JeLJe70gLbJ:l5Kh1qCekaYH9wJEc9k5/70ibJ

authentihash 157186622f56e9d37e28c5ca42cd2a25ff763644f824d30577123fb6e2882369
imphash eb3de710cf3831e13f90ea4ffb506873
File size 156.0 KB ( 159744 bytes )
File type Win32 EXE
Magic literal
PE32 executable for MS Windows (GUI) Intel 80386 32-bit

TrID Win32 Dynamic Link Library (generic) (43.5%)
Win32 Executable (generic) (29.8%)
Generic Win/DOS Executable (13.2%)
DOS Executable Generic (13.2%)
Tags
peexe

VirusTotal metadata
First submission 2016-12-13 18:18:12 UTC ( 2 years, 2 months ago )
Last submission 2016-12-13 22:06:30 UTC ( 2 years, 2 months ago )
No comments. No VirusTotal Community member has commented on this item yet, be the first one to do so!

Leave your comment...

?
Post comment

You have not signed in. Only registered users can leave comments, sign in and have a voice!

No votes. No one has voted on this item yet, be the first one to do so!
Condensed report! The following is a condensed report of the behaviour of the file when executed in a controlled environment. The actions and events described were either performed by the file itself or by any other process launched by the executed file or subjected to code injection by the executed file.
Opened files
Read files
Written files
Deleted files
Created processes
Code injections in the following processes
Created mutexes
Opened mutexes
Opened service managers
Opened services
Runtime DLLs
HTTP requests
DNS requests
TCP connections
UDP communications