× Cookies are disabled! This site requires cookies to be enabled to work properly
SHA256: 241236193c1c26fb147738517cca2a10d380382e3f29dcfcc7eccf094e312f61
File name: cef5fb00cde7b458b2e36dec84c018f1
Detection ratio: 29 / 57
Analysis date: 2016-05-23 03:04:14 UTC ( 2 years, 11 months ago )
Antivirus Result Update
Ad-Aware Gen:Variant.Razy.56407 20160523
AhnLab-V3 Trojan/Win32.Locky 20160522
ALYac Gen:Variant.Razy.56407 20160523
Antiy-AVL Trojan/Win32.SGeneric 20160522
Arcabit Trojan.Razy.DDC57 20160523
Avast Win32:Dorder-AD [Trj] 20160523
Avira (no cloud) TR/Crypt.ZPACK.vsgr 20160522
AVware Trojan.Win32.Generic!BT 20160523
Baidu Win32.Trojan.WisdomEyes.151026.9950.9999 20160520
BitDefender Gen:Variant.Razy.56407 20160523
Emsisoft Gen:Variant.Razy.56407 (B) 20160523
ESET-NOD32 a variant of Win32/Kryptik.EXME 20160522
F-Secure Gen:Variant.Razy.56407 20160523
Fortinet W32/Kryptik.EXIZ!tr 20160523
GData Gen:Variant.Razy.56407 20160523
Jiangmin Trojan.Agent.aady 20160523
K7GW Hacktool ( 655367771 ) 20160523
Kaspersky HEUR:Trojan.Win32.Generic 20160523
McAfee Artemis!CEF5FB00CDE7 20160523
McAfee-GW-Edition BehavesLike.Win32.Backdoor.cc 20160522
Microsoft Trojan:Win32/Dynamer!ac 20160523
eScan Gen:Variant.Razy.56407 20160523
Panda Trj/CI.A 20160522
Qihoo-360 QVM20.1.Malware.Gen 20160523
Rising Malware.Generic!FBmbBnygPkS@4 (Thunder) 20160522
Sophos AV Mal/Generic-S 20160522
SUPERAntiSpyware Trojan.Agent/Gen-Kryptik 20160523
TrendMicro TROJ_GEN.R08NC0DEL16 20160523
VIPRE Trojan.Win32.Generic!BT 20160523
AegisLab 20160521
Alibaba 20160523
AVG 20160522
Baidu-International 20160522
Bkav 20160521
CAT-QuickHeal 20160521
ClamAV 20160523
CMC 20160520
Comodo 20160523
Cyren 20160523
DrWeb 20160523
F-Prot 20160523
Ikarus 20160522
K7AntiVirus 20160522
Kingsoft 20160523
Malwarebytes 20160522
NANO-Antivirus 20160522
nProtect 20160520
Symantec 20160523
Tencent 20160523
TheHacker 20160522
TotalDefense 20160522
TrendMicro-HouseCall 20160523
VBA32 20160520
ViRobot 20160522
Yandex 20160522
Zillya 20160521
Zoner 20160523
The file being studied is a Portable Executable file! More specifically, it is a Win32 EXE file for the Windows GUI subsystem.
PE header basic information
Target machine Intel 386 or later processors and compatible processors
Compilation timestamp 2013-08-18 21:42:37
Entry Point 0x00021AC3
Number of sections 4
PE sections
PE imports
DefineDosDeviceW
GetTickCount
LoadLibraryA
WaitForSingleObjectEx
GetSystemDirectoryA
GetLocaleInfoA
lstrcatA
CreateDirectoryA
DeleteFileW
GetProcAddress
GetProcessHeap
lstrcpynW
GetFileTime
CompareStringW
CloseHandle
SetEnvironmentVariableW
GetDiskFreeSpaceW
ReadFile
CreateSemaphoreW
WriteFile
CreateMutexW
GetVolumeNameForVolumeMountPointW
OpenMutexW
FindNextFileA
GetACP
MoveFileExA
CreateHardLinkW
WriteConsoleA
GetExpandedNameW
OpenSemaphoreA
MoveFileW
IsBadCodePtr
GetVersion
OpenJobObjectA
SHBindToParent
FindExecutableA
ExtractIconExA
ExtractIconA
PickIconDlg
SHGetDesktopFolder
DragQueryFileA
DragAcceptFiles
SHChangeNotify
StrChrA
ShellAboutW
DllRegisterServer
ShellMessageBoxA
SE_IsShimDll
SE_ProcessDying
SE_InstallAfterInit
Number of PE resources by type
RT_DIALOG 4
RT_VERSION 1
Number of PE resources by language
ENGLISH US 5
PE resources
Debug information
ExifTool file metadata
MIMEType
application/octet-stream

Subsystem
Windows GUI

MachineType
Intel 386 or later, and compatibles

TimeStamp
2013:08:18 22:42:37+01:00

FileType
Win32 EXE

PEType
PE32

CodeSize
135168

LinkerVersion
6.0

Warning
Possibly corrupt Version resource

FileTypeExtension
exe

InitializedDataSize
8192

SubsystemVersion
4.0

EntryPoint
0x21ac3

OSVersion
4.0

ImageVersion
0.0

UninitializedDataSize
0

File identification
MD5 cef5fb00cde7b458b2e36dec84c018f1
SHA1 82c89e413c39b998732a453327c617675f993a9b
SHA256 241236193c1c26fb147738517cca2a10d380382e3f29dcfcc7eccf094e312f61
ssdeep
3072:zyGQT4mbdTqpLBONU6/+JfkC9f7WWWW9WPzoKbM:zyYmbpqpLBONU62JfkCxWWWWsoKb

authentihash 2d3b011ae967ba3efcff414576c08159491876352a1eaa889da45698e0160541
imphash 2ea199c9f0a4d48db474adca3c7d8605
File size 141.0 KB ( 144384 bytes )
File type Win32 EXE
Magic literal
PE32 executable for MS Windows (GUI) Intel 80386 32-bit

TrID Win32 Executable (generic) (52.9%)
Generic Win/DOS Executable (23.5%)
DOS Executable Generic (23.5%)
Tags
peexe

VirusTotal metadata
First submission 2016-05-23 03:04:14 UTC ( 2 years, 11 months ago )
Last submission 2016-05-23 03:04:14 UTC ( 2 years, 11 months ago )
No comments. No VirusTotal Community member has commented on this item yet, be the first one to do so!

Leave your comment...

?
Post comment

You have not signed in. Only registered users can leave comments, sign in and have a voice!

No votes. No one has voted on this item yet, be the first one to do so!
Condensed report! The following is a condensed report of the behaviour of the file when executed in a controlled environment. The actions and events described were either performed by the file itself or by any other process launched by the executed file or subjected to code injection by the executed file.
Opened files
Read files
Written files
Deleted files
Created processes
Code injections in the following processes
Created mutexes
Opened mutexes
Opened service managers
Opened services
Runtime DLLs
HTTP requests
DNS requests
TCP connections
UDP communications