× Cookies are disabled! This site requires cookies to be enabled to work properly
SHA256: 225635b5e4910e58f9d509d560fca394f599c9e27eaeffdd6d0d3a0d37f96976
File name: 36db89ce063df807349bf5fbaf3d0e9e251e1bb4
Detection ratio: 33 / 57
Analysis date: 2016-09-18 13:24:07 UTC ( 2 years, 5 months ago ) View latest
Antivirus Result Update
Ad-Aware Trojan.GenericKD.3529057 20160918
AhnLab-V3 Downloader/Win32.Gootkit.N2106067863 20160918
Arcabit Trojan.Generic.D35D961 20160917
Avast Win32:Malware-gen 20160918
AVG Downloader.Generic14.BERD 20160918
Avira (no cloud) TR/Crypt.ZPACK.clp 20160918
AVware Trojan.Win32.Generic!BT 20160918
Baidu Win32.Trojan.WisdomEyes.151026.9950.9999 20160914
BitDefender Trojan.GenericKD.3529057 20160918
Bkav HW32.Packed.B352 20160917
CrowdStrike Falcon (ML) malicious_confidence_100% (D) 20160725
Cyren W32/Trojan.HPEG-6526 20160918
DrWeb Trojan.Siggen6.58358 20160918
Emsisoft Trojan.GenericKD.3529057 (B) 20160918
ESET-NOD32 Win32/TrojanDownloader.Agent.CFH 20160918
F-Secure Trojan.GenericKD.3529057 20160918
Fortinet W32/Kryptik.FGFS!tr 20160918
GData Trojan.GenericKD.3529057 20160918
Ikarus Trojan-Downloader.Win32.Agent 20160918
Sophos ML virus.win32.sality.at 20160917
Kaspersky Trojan-Downloader.Win32.Gootkit.vu 20160918
Malwarebytes Trojan.Crypt 20160918
McAfee Trojan-FJQX!774A3AF35DF5 20160918
McAfee-GW-Edition BehavesLike.Win32.BadFile.cc 20160918
eScan Trojan.GenericKD.3529057 20160918
Panda Trj/GdSda.A 20160918
Qihoo-360 HEUR/QVM20.1.0000.Malware.Gen 20160918
Rising Malware.Generic!6aukseCqUgU@2 (thunder) 20160918
Sophos AV Mal/Generic-S 20160918
Symantec Heur.AdvML.B 20160918
Tencent Win32.Trojan-downloader.Gootkit.Agva 20160918
TrendMicro-HouseCall TROJ_GEN.R011H0CIG16 20160918
VIPRE Trojan.Win32.Generic!BT 20160918
AegisLab 20160918
Alibaba 20160918
ALYac 20160918
Antiy-AVL 20160918
CAT-QuickHeal 20160917
ClamAV 20160916
CMC 20160916
Comodo 20160916
F-Prot 20160918
Jiangmin 20160918
K7AntiVirus 20160918
K7GW 20160918
Kingsoft 20160918
Microsoft 20160918
NANO-Antivirus 20160918
nProtect 20160918
SUPERAntiSpyware 20160918
TheHacker 20160918
TrendMicro 20160918
VBA32 20160917
ViRobot 20160918
Yandex 20160917
Zillya 20160915
Zoner 20160918
The file being studied is a Portable Executable file! More specifically, it is a Win32 EXE file for the Windows GUI subsystem.
Packers identified
PEiD Ste@lth PE 1.01 -> BGCorp
PE header basic information
Target machine Intel 386 or later processors and compatible processors
Compilation timestamp 2012-07-14 10:54:05
Entry Point 0x00004BB2
Number of sections 3
PE sections
PE imports
AuthzAddSidsToContext
AuthzFreeContext
ReleaseMutex
WaitForSingleObject
GetOEMCP
RemoveDirectoryA
LoadLibraryA
GetVolumeInformationA
GetCompressedFileSizeA
GetProcAddress
OpenMutexA
lstrcpynW
GetFileTime
SetEndOfFile
MapViewOfFile
GlobalAddAtomA
DeleteFileW
GetACP
GetStringTypeW
CreateEventW
GetFullPathNameW
FindResourceA
GetEnvironmentVariableW
InterlockedIncrement
SHGetFileInfoA
ExtractIconA
SHFree
ShellAboutA
DuplicateIcon
ShellMessageBoxA
DllUnregisterServer
SHGetDiskFreeSpaceA
SHGetDataFromIDListA
SHGetDesktopFolder
DragFinish
Number of PE resources by type
RT_RCDATA 9
RT_DIALOG 1
Number of PE resources by language
NEUTRAL 10
PE resources
Debug information
ExifTool file metadata
MIMEType
application/octet-stream

Subsystem
Windows GUI

MachineType
Intel 386 or later, and compatibles

TimeStamp
2012:07:14 11:54:05+01:00

FileType
Win32 EXE

PEType
PE32

CodeSize
108032

LinkerVersion
7.0

FileTypeExtension
exe

InitializedDataSize
33792

SubsystemVersion
4.0

EntryPoint
0x4bb2

OSVersion
5.1

ImageVersion
5.1

UninitializedDataSize
0

File identification
MD5 774a3af35df5e3e7efd5434ba0df127b
SHA1 36db89ce063df807349bf5fbaf3d0e9e251e1bb4
SHA256 225635b5e4910e58f9d509d560fca394f599c9e27eaeffdd6d0d3a0d37f96976
ssdeep
3072:xQBCvv4Djj4nVDnlCnGa66qj+J3R8/ysM8y:xN3qjjCJkGl2BM31

authentihash 42e17e9eb967674c98f672359422fd42f916ac37b014a1a23c3fe6db146b4681
imphash 8e33c09bdbab032e66bbf417d85af7cb
File size 139.5 KB ( 142848 bytes )
File type Win32 EXE
Magic literal
PE32 executable for MS Windows (GUI) Intel 80386 32-bit

TrID Win32 Dynamic Link Library (generic) (43.5%)
Win32 Executable (generic) (29.8%)
Generic Win/DOS Executable (13.2%)
DOS Executable Generic (13.2%)
Tags
stealth peexe

VirusTotal metadata
First submission 2016-09-18 13:24:07 UTC ( 2 years, 5 months ago )
Last submission 2016-09-18 13:24:07 UTC ( 2 years, 5 months ago )
No comments. No VirusTotal Community member has commented on this item yet, be the first one to do so!

Leave your comment...

?
Post comment

You have not signed in. Only registered users can leave comments, sign in and have a voice!

No votes. No one has voted on this item yet, be the first one to do so!
Condensed report! The following is a condensed report of the behaviour of the file when executed in a controlled environment. The actions and events described were either performed by the file itself or by any other process launched by the executed file or subjected to code injection by the executed file.
Created processes
Created mutexes
Opened mutexes
Runtime DLLs
DNS requests
UDP communications