× Cookies are disabled! This site requires cookies to be enabled to work properly
SHA256: 28cbb392d7e671ed83d25ff6475cbcf7ceeaa75158653134a1339f273318b99f
File name: index[1].exe
Detection ratio: 10 / 56
Analysis date: 2016-09-29 06:30:46 UTC ( 2 years, 5 months ago ) View latest
Antivirus Result Update
AhnLab-V3 Trojan/Win32.Injector.N2117476117 20160928
Baidu Win32.Trojan.Kryptik.anp 20160929
CrowdStrike Falcon (ML) malicious_confidence_100% (W) 20160725
ESET-NOD32 Win32/Filecoder.TorrentLocker.A 20160929
Sophos ML ransom.win32.teerac.a 20160928
Kaspersky UDS:DangerousObject.Multi.Generic 20160929
McAfee Artemis!8F42ED48E5E9 20160929
McAfee-GW-Edition BehavesLike.Win32.PWSZbot.cm 20160929
Qihoo-360 Win32/Trojan.Multi.daf 20160929
Rising Malware.Generic!jSZX0m9kHmO@2 (thunder) 20160929
Ad-Aware 20160929
AegisLab 20160929
Alibaba 20160928
ALYac 20160929
Antiy-AVL 20160929
Arcabit 20160929
Avast 20160929
AVG 20160928
Avira (no cloud) 20160929
AVware 20160929
BitDefender 20160929
Bkav 20160928
CAT-QuickHeal 20160929
ClamAV 20160929
CMC 20160928
Comodo 20160929
Cyren 20160929
DrWeb 20160928
F-Prot 20160926
F-Secure 20160929
Fortinet 20160929
GData 20160929
Ikarus 20160928
Jiangmin 20160929
K7AntiVirus 20160928
K7GW 20160929
Kingsoft 20160929
Malwarebytes 20160929
Microsoft 20160929
eScan 20160929
NANO-Antivirus 20160927
nProtect 20160929
Panda 20160928
Sophos AV 20160929
SUPERAntiSpyware 20160929
Symantec 20160929
Tencent 20160929
TheHacker 20160927
TrendMicro 20160929
TrendMicro-HouseCall 20160929
VBA32 20160928
VIPRE 20160929
ViRobot 20160929
Yandex 20160928
Zillya 20160928
Zoner 20160929
The file being studied is a Portable Executable file! More specifically, it is a Win32 EXE file for the Windows GUI subsystem.
PE header basic information
Target machine Intel 386 or later processors and compatible processors
Compilation timestamp 2016-09-30 03:42:55
Entry Point 0x00073EF0
Number of sections 4
PE sections
PE imports
RegDeleteKeyA
RegCloseKey
RegQueryValueExA
RegOpenKeyExW
RegSetValueExA
RegEnumKeyA
RegEnumValueA
RegOpenKeyW
RegCreateKeyExA
RegOpenKeyExA
RegDeleteValueA
RegQueryValueExW
CreatePropertySheetPageW
ImageList_Create
InitCommonControlsEx
PropertySheetW
GetOpenFileNameW
GetDeviceCaps
AddFontResourceA
CreateFontIndirectW
SetBkMode
CreateBrushIndirect
CreateFontIndirectA
SelectObject
AddFontResourceW
GetEnhMetaFileW
GetMapMode
SetBkColor
DeleteObject
SetTextColor
CreateMetaFileW
GetDriveTypeW
GetFileAttributesA
WaitForSingleObject
GetDriveTypeA
FindFirstFileW
DebugBreak
GetFileAttributesW
DeleteCriticalSection
GetCurrentProcess
FileTimeToDosDateTime
LocalAlloc
lstrcatA
ExpandEnvironmentStringsA
OpenFileMappingA
ExitProcess
SetErrorMode
lstrcatW
GetFullPathNameA
GetTempPathA
WideCharToMultiByte
LoadLibraryW
GetDiskFreeSpaceW
WriteFile
FormatMessageW
GetSystemTimeAsFileTime
GetDiskFreeSpaceA
SetFileAttributesA
SetEvent
LocalFree
MoveFileA
InitializeCriticalSection
FindClose
SetFileAttributesW
GetEnvironmentVariableW
SetLastError
DeviceIoControl
CopyFileW
GetModuleFileNameW
CopyFileA
HeapAlloc
GetModuleFileNameA
LoadLibraryExA
GetPrivateProfileStringA
UnhandledExceptionFilter
LoadLibraryExW
MultiByteToWideChar
GetModuleHandleA
CreateThread
GetSystemDirectoryW
SetUnhandledExceptionFilter
CreateMutexW
MulDiv
GetSystemDirectoryA
TerminateProcess
SetCurrentDirectoryW
GlobalAlloc
SearchPathA
GetVersion
SetCurrentDirectoryA
CloseHandle
HeapFree
EnterCriticalSection
lstrcmpiA
GetVersionExW
GetExitCodeProcess
QueryPerformanceCounter
GetTickCount
GetVersionExA
LoadLibraryA
ExitThread
FreeLibrary
GetStartupInfoA
GetWindowsDirectoryW
GetFileSize
OpenProcess
CreateDirectoryA
DeleteFileA
GetWindowsDirectoryA
CreateDirectoryW
DeleteFileW
GetProcAddress
GetProcessHeap
lstrcpyW
ExpandEnvironmentStringsW
lstrcmpA
FindNextFileW
ResetEvent
GetTempFileNameA
CreateFileMappingA
FindNextFileA
WaitForMultipleObjects
SetCommTimeouts
CreateEventW
SetCommState
CreateFileW
CreateEventA
CreateFileA
GetCurrentThreadId
LeaveCriticalSection
GetLastError
lstrlenA
GlobalFree
GlobalUnlock
IsDBCSLeadByte
GetCommState
RemoveDirectoryA
GetShortPathNameA
FileTimeToLocalFileTime
GetCurrentDirectoryW
WritePrivateProfileStringA
GetCurrentProcessId
SetFileTime
lstrlenW
GetCommandLineA
MapViewOfFile
SetFilePointer
ReadFile
FindFirstFileA
lstrcpynA
GlobalLock
GetModuleHandleW
CreateProcessA
CompareFileTime
UnmapViewOfFile
CreateProcessW
Sleep
SHGetFileInfoA
SHBrowseForFolderA
SHBrowseForFolderW
SHGetPathFromIDListW
SHGetSpecialFolderLocation
SHGetFileInfoW
SHGetDesktopFolder
SHGetPathFromIDListA
SHGetMalloc
ShellExecuteA
SHFileOperationA
StrCmpW
StrCmpNIW
PathIsRootW
StrDupW
StrCpyNW
StrChrIW
StrCpyW
StrCatW
PathAppendW
StrCmpIW
PathCombineW
PathIsDirectoryW
SHGetValueW
GetMessagePos
PostQuitMessage
LoadBitmapA
SetWindowPos
IsWindow
DispatchMessageA
EndPaint
CopyRect
GetDC
DrawTextA
GetClassInfoA
SendMessageW
SendMessageA
GetClientRect
LoadImageA
DestroyWindow
UpdateWindow
GetMessageW
ShowWindow
SetClassLongA
EnableWindow
GetDlgItemTextA
PeekMessageA
TranslateMessage
IsWindowEnabled
CharUpperA
LoadStringA
SetClipboardData
CharLowerA
LoadStringW
EnableMenuItem
RegisterClassA
GetWindowLongA
CreateWindowExA
FillRect
EnumThreadWindows
CharNextA
CreateWindowExW
CharNextW
SetFocus
CharPrevA
BeginPaint
DefWindowProcW
DefWindowProcA
GetSystemMetrics
GetWindowRect
CharLowerW
SetWindowLongA
SendDlgItemMessageW
CheckDlgButton
CreatePopupMenu
SetTimer
GetDlgItem
CreateDialogParamA
ScreenToClient
FindWindowExA
LoadCursorA
TrackPopupMenu
GetSystemMenu
DispatchMessageW
SetForegroundWindow
ExitWindowsEx
OpenClipboard
EmptyClipboard
ReleaseDC
EndDialog
FindWindowW
SetWindowTextA
MessageBoxW
AppendMenuA
RegisterClassExW
SetDlgItemTextA
MessageBoxIndirectA
MessageBoxA
DialogBoxParamA
GetSysColor
GetKeyState
SystemParametersInfoA
IsWindowVisible
LoadIconW
InvalidateRect
wsprintfA
SendMessageTimeoutA
CallWindowProcA
CloseClipboard
SetCursor
__lconv_init
__p__fmode
_ftol
wcschr
_cexit
strtoul
_except_handler3
_c_exit
_mbsrchr
setlocale
__p__commode
wcslen
exit
towlower
wcsrchr
__setusermatherr
wcsncpy
_XcptFilter
_acmdln
_wcsicmp
_wcsnicmp
_adjust_fdiv
free
_mbsinc
wcscat
wcsncmp
__getmainargs
_exit
_mbschr
memmove
wcscpy
iswspace
_initterm
_controlfp
_wtoi
__set_app_type
OleUninitialize
CoUninitialize
CoInitialize
CoTaskMemAlloc
CLSIDFromString
CoCreateInstance
CoTaskMemFree
OleInitialize
Number of PE resources by type
RT_VERSION 1
Number of PE resources by language
DUTCH 1
PE resources
ExifTool file metadata
UninitializedDataSize
0

LinkerVersion
9.0

ImageVersion
0.0

FileVersionNumber
0.0.0.0

LanguageCode
English (U.S.)

FileFlagsMask
0x0000

FileDescription
M icrosoft Office Outlook OST Integrity Check

ImageFileCharacteristics
No relocs, Executable, 32-bit

CharacterSet
Windows, Latin1

InitializedDataSize
372224

EntryPoint
0x73ef0

MIMEType
application/octet-stream

TimeStamp
2016:09:30 04:42:55+01:00

FileType
Win32 EXE

PEType
PE32

SubsystemVersion
5.0

OSVersion
5.0

FileOS
Unknown (0)

Subsystem
Windows GUI

MachineType
Intel 386 or later, and compatibles

CompanyName
Mic rosoft Corporation

CodeSize
472576

FileSubtype
0

ProductVersionNumber
0.0.0.0

FileTypeExtension
exe

ObjectFileType
Unknown

File identification
MD5 8f42ed48e5e9cd08487c912da9c157f8
SHA1 f77b033729e7c3d25ba03cca14ed5664eeb18486
SHA256 28cbb392d7e671ed83d25ff6475cbcf7ceeaa75158653134a1339f273318b99f
ssdeep
12288:964ebtg76l53mtsfQpTl6KGUKnqkAiK3luvxu355fDW:84exg76l53mtGkJKndAF3lIU3L6

authentihash 103fe15cc318aeaab323e63f71a1699ff2b497f13a653d7c6ac23f8e059f19f9
imphash c7413dccc70b557d0e7376155cc225aa
File size 826.0 KB ( 845824 bytes )
File type Win32 EXE
Magic literal
PE32 executable for MS Windows (GUI) Intel 80386 32-bit

TrID Win32 Executable MS Visual C++ (generic) (41.0%)
Win64 Executable (generic) (36.3%)
Win32 Dynamic Link Library (generic) (8.6%)
Win32 Executable (generic) (5.9%)
OS/2 Executable (generic) (2.6%)
Tags
peexe

VirusTotal metadata
First submission 2016-09-29 04:43:45 UTC ( 2 years, 5 months ago )
Last submission 2018-12-27 05:53:08 UTC ( 2 months, 3 weeks ago )
File names ROAMING.EXE
index[1].exe
index.exe
No comments. No VirusTotal Community member has commented on this item yet, be the first one to do so!

Leave your comment...

?
Post comment

You have not signed in. Only registered users can leave comments, sign in and have a voice!

No votes. No one has voted on this item yet, be the first one to do so!
Condensed report! The following is a condensed report of the behaviour of the file when executed in a controlled environment. The actions and events described were either performed by the file itself or by any other process launched by the executed file or subjected to code injection by the executed file.
Opened files
Read files
Written files
Created processes
Code injections in the following processes
Created mutexes
Opened mutexes
Opened service managers
Opened services
Runtime DLLs
HTTP requests
DNS requests
TCP connections
UDP communications