× Cookies are disabled! This site requires cookies to be enabled to work properly
SHA256: 256b21e4e36bfea5cc4a89a034749306aea29622fa7c2db97ac4bd8d00e54e5e
File name: ae9f3fe6a4024b1564fe8f026e31d61e6cdaf6f6
Detection ratio: 22 / 56
Analysis date: 2016-10-03 14:16:08 UTC ( 2 years, 6 months ago )
Antivirus Result Update
AhnLab-V3 Trojan/Win32.Nymaim.N2119989137 20161003
Antiy-AVL Trojan[Backdoor]/Win32.Androm 20161003
Avast Win32:Malware-gen 20161003
AVG Generic38.OWR 20161003
Avira (no cloud) TR/Crypt.Xpack.kksol 20161003
Baidu Win32.Trojan.WisdomEyes.151026.9950.9994 20161001
CrowdStrike Falcon (ML) malicious_confidence_100% (D) 20160725
ESET-NOD32 a variant of Win32/GenKryptik.FOG 20161003
Fortinet W32/Androm.FOG!tr.bdr 20161003
GData Win32.Trojan.Agent.0MXROU 20161003
Ikarus Trojan.Win32.Krypt 20161003
Sophos ML virus.win32.parite.b 20160928
Kaspersky Backdoor.Win32.Androm.kwnj 20161003
McAfee Trojan-FJVE!D9E83ED20A65 20161003
McAfee-GW-Edition BehavesLike.Win32.PWSZbot.fc 20161003
Microsoft PWS:Win32/Zbot 20161003
Panda Trj/GdSda.A 20161002
Qihoo-360 HEUR/QVM07.1.0000.Malware.Gen 20161003
Rising Malware.Generic!AxH0tjoLARN@1 (thunder) 20161003
Symantec Trojan.Gen.2 20161003
TrendMicro TROJ_GEN.R0E9C0DJ116 20161003
TrendMicro-HouseCall TROJ_GEN.R0E9C0DJ116 20161003
Ad-Aware 20161003
AegisLab 20161003
Alibaba 20160930
ALYac 20160930
Arcabit 20161003
AVware 20161003
BitDefender 20161003
Bkav 20161003
CAT-QuickHeal 20161003
ClamAV 20161003
CMC 20161003
Comodo 20161003
Cyren 20161003
DrWeb 20161003
Emsisoft 20161003
F-Prot 20160926
F-Secure 20161003
Jiangmin 20161003
K7AntiVirus 20161003
K7GW 20161003
Kingsoft 20161003
Malwarebytes 20161003
eScan 20161003
NANO-Antivirus 20161003
nProtect 20161003
Sophos AV 20161003
SUPERAntiSpyware 20161002
Tencent 20161003
TheHacker 20161001
VBA32 20161001
VIPRE 20161003
ViRobot 20161003
Yandex 20161002
Zillya 20161001
Zoner 20161003
The file being studied is a Portable Executable file! More specifically, it is a Win32 EXE file for the Windows GUI subsystem.
PE header basic information
Target machine Intel 386 or later processors and compatible processors
Compilation timestamp 2016-09-23 17:00:43
Entry Point 0x0000F08A
Number of sections 4
PE sections
PE imports
CreateFileA
GetModuleFileNameA
GetStartupInfoA
GetModuleHandleA
Ord(1775)
Ord(4080)
Ord(4710)
Ord(3597)
Ord(3136)
Ord(2124)
Ord(755)
Ord(3798)
Ord(6052)
Ord(3259)
Ord(6288)
Ord(2652)
Ord(815)
Ord(641)
Ord(4353)
Ord(4425)
Ord(5277)
Ord(4441)
Ord(1134)
Ord(4465)
Ord(5300)
Ord(4627)
Ord(1168)
Ord(3738)
Ord(4853)
Ord(2982)
Ord(4234)
Ord(825)
Ord(3081)
Ord(5199)
Ord(5307)
Ord(4424)
Ord(4078)
Ord(2448)
Ord(2554)
Ord(6376)
Ord(1727)
Ord(2379)
Ord(2725)
Ord(4998)
Ord(3749)
Ord(2512)
Ord(470)
Ord(4274)
Ord(5261)
Ord(4079)
Ord(3147)
Ord(6375)
Ord(2621)
Ord(1669)
Ord(3262)
Ord(1576)
Ord(3873)
Ord(5065)
Ord(4407)
Ord(3346)
Ord(5681)
Ord(3831)
Ord(6374)
Ord(5280)
Ord(3825)
Ord(2976)
Ord(1089)
Ord(2985)
Ord(3922)
Ord(4376)
Ord(324)
Ord(2396)
Ord(3830)
Ord(2385)
Ord(3079)
Ord(2055)
Ord(4837)
Ord(5241)
Ord(2648)
Ord(5714)
Ord(5289)
Ord(4622)
Ord(561)
Ord(4486)
Ord(4698)
Ord(5163)
Ord(5265)
Ord(4673)
Ord(5302)
Ord(5731)
_except_handler3
__CxxFrameHandler
_acmdln
_ftol
_adjust_fdiv
__setusermatherr
__p__commode
_setmbcp
__dllonexit
__p__fmode
_controlfp
exit
_XcptFilter
__getmainargs
_exit
_onexit
_initterm
__set_app_type
RasGetEntryDialParamsA
RasHangUpA
RasDialA
GetSystemMetrics
EnableWindow
DrawIcon
FindWindowW
SendMessageA
GetClientRect
IsIconic
ExifTool file metadata
MIMEType
application/octet-stream

Subsystem
Windows GUI

MachineType
Intel 386 or later, and compatibles

FileTypeExtension
exe

TimeStamp
2016:09:23 18:00:43+01:00

FileType
Win32 EXE

PEType
PE32

CodeSize
61440

LinkerVersion
5.0

Warning
Error processing PE data dictionary

EntryPoint
0xf08a

InitializedDataSize
258048

SubsystemVersion
4.0

ImageVersion
0.0

OSVersion
4.0

UninitializedDataSize
0

File identification
MD5 d9e83ed20a652e7629b753e20336f7a4
SHA1 ae9f3fe6a4024b1564fe8f026e31d61e6cdaf6f6
SHA256 256b21e4e36bfea5cc4a89a034749306aea29622fa7c2db97ac4bd8d00e54e5e
ssdeep
6144:W959k6V8rtyP/6J907mBqGkyFq4VFT5yOpdxc6a4hnywHmT:W959TV4ty6X06HXFq4VFtyCxFDEP

authentihash 8eb939de6adf63a6b392afdba7b01bdea4d04324655db1365042607e9ab34e70
imphash ec8a3ce371255ecffa79ae2582b07a56
File size 316.0 KB ( 323584 bytes )
File type Win32 EXE
Magic literal
PE32 executable for MS Windows (GUI) Intel 80386 32-bit

TrID Win64 Executable (generic) (64.6%)
Win32 Dynamic Link Library (generic) (15.4%)
Win32 Executable (generic) (10.5%)
Generic Win/DOS Executable (4.6%)
DOS Executable Generic (4.6%)
Tags
peexe

VirusTotal metadata
First submission 2016-10-03 14:16:08 UTC ( 2 years, 6 months ago )
Last submission 2016-10-03 14:16:08 UTC ( 2 years, 6 months ago )
Advanced heuristic and reputation engines
No comments. No VirusTotal Community member has commented on this item yet, be the first one to do so!

Leave your comment...

?
Post comment

You have not signed in. Only registered users can leave comments, sign in and have a voice!

No votes. No one has voted on this item yet, be the first one to do so!