× Cookies are disabled! This site requires cookies to be enabled to work properly
SHA256: 25d4f6a5ba2e04660e761eb1c5c40fe91b7f2a59aa2bdb8f69bfd7ed78d62d38
File name: silv.exe
Detection ratio: 51 / 64
Analysis date: 2017-07-20 04:11:24 UTC ( 16 hours, 24 minutes ago )
Antivirus Result Update
Ad-Aware Trojan.Inject.AGE 20170720
AegisLab Troj.W32.Agent2.ffle!c 20170720
ALYac Backdoor.RAT.Xtreme 20170719
Antiy-AVL Trojan/Win32.AGeneric 20170720
Arcabit Trojan.Inject.AGE 20170720
Avast Win32:Malware-gen 20170720
AVG Win32:Malware-gen 20170720
Avira (no cloud) BDS/Xtrat.A.1923 20170719
AVware Trojan.Win32.Generic!BT 20170720
BitDefender Trojan.Inject.AGE 20170720
CAT-QuickHeal Trojan.VBKrypt 20170719
ClamAV Win.Trojan.Agent-413756 20170720
Comodo UnclassifiedMalware 20170720
Cylance Unsafe 20170720
Cyren W32/Trojan.YMLG-0030 20170720
DrWeb Trojan.VbCrypt.196 20170720
Emsisoft Trojan.Inject.AGE (B) 20170720
Endgame malicious (moderate confidence) 20170713
ESET-NOD32 a variant of Win32/Injector.RBP 20170720
F-Secure Trojan.Inject.AGE 20170720
Fortinet W32/Agent.CEBOPCX 20170720
GData Trojan.Inject.AGE 20170720
Ikarus Trojan-Spy.Agent 20170719
Sophos ML heuristic 20170607
Jiangmin Trojan.VBKrypt.avei 20170720
K7AntiVirus Backdoor ( 04c502b11 ) 20170720
K7GW Backdoor ( 04c502b11 ) 20170720
Kaspersky Trojan.Win32.Inject.jfmb 20170720
McAfee Generic.dx!FB6E419E0FD9 20170720
McAfee-GW-Edition Generic.dx!FB6E419E0FD9 20170720
eScan Trojan.Inject.AGE 20170720
NANO-Antivirus Trojan.Win32.Agent.srubw 20170720
Palo Alto Networks (Known Signatures) generic.ml 20170720
Qihoo-360 Win32/Trojan.e2d 20170720
Rising Trojan.Generic (cloud:yEQchTP8QOO) 20170720
SentinelOne (Static ML) static engine - malicious 20170718
Sophos AV Mal/Generic-L 20170720
SUPERAntiSpyware Trojan.Agent/Gen-Inject 20170720
Symantec Trojan Horse 20170719
Tencent Win32.Trojan.Inject.Eere 20170720
TheHacker Trojan/Chifrax.cmb 20170719
TotalDefense Win32/VBInject.M!generic 20170719
TrendMicro TROJ_REPORD.JS 20170720
TrendMicro-HouseCall TROJ_REPORD.JS 20170720
VBA32 Trojan.Agent2 20170719
VIPRE Trojan.Win32.Generic!BT 20170720
ViRobot Trojan.Win32.Z.Inject.233825 20170719
Webroot W32.Trojan.Gen 20170720
Yandex Trojan.DL.Genome!s1KzpgMLm70 20170719
Zillya Trojan.Agent2.Win32.20880 20170719
ZoneAlarm by Check Point Trojan.Win32.Inject.jfmb 20170719
AhnLab-V3 20170719
Alibaba 20170719
Baidu 20170719
Bkav 20170719
CMC 20170719
CrowdStrike Falcon (ML) 20170710
F-Prot 20170720
Kingsoft 20170720
Malwarebytes 20170720
MAX 20170720
Microsoft 20170719
nProtect 20170720
Panda 20170719
Symantec Mobile Insight 20170720
Trustlook 20170720
WhiteArmor 20170713
Zoner 20170720
The file being studied is a Portable Executable file! More specifically, it is a Win32 EXE file for the Windows GUI subsystem.
Packers identified
F-PROT RAR
PE header basic information
Target machine Intel 386 or later processors and compatible processors
Compilation timestamp 2011-05-28 16:04:29
Entry Point 0x0000B480
Number of sections 5
PE sections
Overlays
MD5 9082fa14e021ddcb23ee5d5c89991510
File type application/x-rar
Offset 190464
Size 43361
Entropy 7.99
PE imports
RegCreateKeyExW
RegCloseKey
OpenProcessToken
RegSetValueExW
RegOpenKeyExW
SetFileSecurityW
AdjustTokenPrivileges
LookupPrivilegeValueW
SetFileSecurityA
RegQueryValueExW
Ord(17)
InitCommonControlsEx
GetSaveFileNameW
CommDlgExtendedError
GetOpenFileNameW
GetDeviceCaps
DeleteDC
SelectObject
StretchBlt
GetObjectW
CreateCompatibleDC
DeleteObject
CreateCompatibleBitmap
SetFilePointer
GetSystemTime
GetLastError
HeapFree
GetStdHandle
SystemTimeToFileTime
ReadFile
FileTimeToSystemTime
GetModuleFileNameW
WaitForSingleObject
GetVersionExW
FreeLibrary
FindNextFileA
CompareStringW
HeapAlloc
SetFileTime
IsDBCSLeadByte
GetCommandLineW
GetFileAttributesW
GetCurrentProcess
FileTimeToLocalFileTime
MoveFileW
OpenFileMappingW
SetFileAttributesA
GetDateFormatW
CreateDirectoryA
DeleteFileA
GetCPInfo
ExitProcess
MultiByteToWideChar
SetEnvironmentVariableW
CreateDirectoryW
DeleteFileW
GetProcAddress
GetProcessHeap
CreateFileMappingW
GetTimeFormatW
WriteFile
SetFileAttributesW
DosDateTimeToFileTime
CloseHandle
WideCharToMultiByte
MapViewOfFile
MoveFileExW
ExpandEnvironmentStringsW
FindNextFileW
SetEndOfFile
GetFileAttributesA
GetTempPathW
FindFirstFileA
FindFirstFileW
HeapReAlloc
GetModuleHandleW
GetFullPathNameA
GetCurrentDirectoryW
LoadLibraryW
SetCurrentDirectoryW
UnmapViewOfFile
FindResourceW
CreateFileW
GlobalAlloc
LocalFileTimeToFileTime
FindClose
Sleep
GetFileType
GetFullPathNameW
CreateFileA
GetTickCount
GetLocaleInfoW
GetNumberFormatW
SetLastError
CompareStringA
VariantInit
SHBrowseForFolderW
SHChangeNotify
SHFileOperationW
SHGetPathFromIDListW
SHGetSpecialFolderLocation
ShellExecuteExW
SHGetFileInfoW
SHGetMalloc
SHAutoComplete
SetFocus
MapWindowPoints
GetParent
UpdateWindow
EndDialog
LoadBitmapW
DefWindowProcW
CopyRect
GetWindowTextW
GetMessageW
ShowWindow
GetSystemMetrics
SetWindowPos
wvsprintfW
CharToOemBuffA
SetWindowLongW
IsWindow
SendMessageW
GetWindowRect
RegisterClassExW
CharUpperW
DialogBoxParamW
CharToOemBuffW
wvsprintfA
SendDlgItemMessageW
GetDlgItemTextW
PostMessageW
GetSysColor
SetDlgItemTextW
GetDC
ReleaseDC
DestroyIcon
TranslateMessage
IsWindowVisible
LoadStringW
SetWindowTextW
GetDlgItem
GetWindow
MessageBoxW
DispatchMessageW
GetClassNameW
PeekMessageW
CharUpperA
OemToCharA
EnableWindow
GetClientRect
WaitForInputIdle
OemToCharBuffA
LoadCursorW
LoadIconW
FindWindowExW
CreateWindowExW
GetWindowLongW
SetForegroundWindow
DestroyWindow
CharToOemA
CreateStreamOnHGlobal
OleUninitialize
CoCreateInstance
OleInitialize
CLSIDFromString
Number of PE resources by type
RT_DIALOG 6
RT_STRING 5
RT_ICON 3
RT_MANIFEST 1
RT_BITMAP 1
RT_GROUP_ICON 1
Number of PE resources by language
ENGLISH US 12
NEUTRAL DEFAULT 5
PE resources
Debug information
ExifTool file metadata
MIMEType
application/octet-stream

Subsystem
Windows GUI

MachineType
Intel 386 or later, and compatibles

FileTypeExtension
exe

TimeStamp
2011:05:28 17:04:29+01:00

FileType
Win32 EXE

PEType
PE32

CodeSize
72192

LinkerVersion
9.0

EntryPoint
0xb480

InitializedDataSize
117248

SubsystemVersion
5.0

ImageVersion
0.0

OSVersion
5.0

UninitializedDataSize
0

File identification
MD5 fb6e419e0fd9c2f39be43bcadbd2879f
SHA1 a07209729e6f93e80fb116f18f746aad4b7400c5
SHA256 25d4f6a5ba2e04660e761eb1c5c40fe91b7f2a59aa2bdb8f69bfd7ed78d62d38
ssdeep
3072:Z4lRkAehGfzmuqTPryFq2TTNTJTCN5gTGhSkT5dgsUGOgkBFVYbsVTHuGETXvOTf:Z4lRkAehaKuqT+FJ85p8mlq0r0ds8

authentihash 2b79ff861d4054853af6fd5b979f8fa2d36f24feb7a34dd85b448c9cb8b2c982
imphash dbb1eb5c3476069287a73206929932fd
File size 228.3 KB ( 233825 bytes )
File type Win32 EXE
Magic literal
PE32 executable for MS Windows (GUI) Intel 80386 32-bit

TrID Win32 Executable MS Visual C++ (generic) (67.4%)
Win32 Dynamic Link Library (generic) (14.2%)
Win32 Executable (generic) (9.7%)
Generic Win/DOS Executable (4.3%)
DOS Executable Generic (4.3%)
Tags
peexe overlay

VirusTotal metadata
First submission 2012-01-19 11:49:51 UTC ( 5 years, 6 months ago )
Last submission 2017-06-13 15:19:21 UTC ( 1 month, 1 week ago )
File names silv.exe
4969e74c-6eca-4819-9f3b-852f58c65a21
x.exe
3.exe
fb6e419e0fd9c2f39be43bcadbd
XTremeRAT_silvia.exe_ FB6E419E0FD9C2F39BE43BCADBD2879F
1341415233._FB6E419E0FD9C2F39BE43BCADBD2879F
25d4f6a5ba2e04660e761eb1c5c40fe91b7f2a59aa2bdb8f69bfd7ed78d62d38
silvia.exe
7_NOT_DECTED.exe
fb6e419e0fd9c2f39be43bcadbd2879f
a07209729e6f93e80fb116f18f746aad4b7400c5
3ii0oJoNSi
FB6E419E0FD9C2F39BE43BCADBD2879F
XTremeRAT_silvia.exe
No comments. No VirusTotal Community member has commented on this item yet, be the first one to do so!

Leave your comment...

?
Post comment

You have not signed in. Only registered users can leave comments, sign in and have a voice!

No votes. No one has voted on this item yet, be the first one to do so!