× Cookies are disabled! This site requires cookies to be enabled to work properly
SHA256: 28e2d5898d52255dd324cb0059a34a32b2ea0bf024553e482a967202262ab68c
File name: 968247268e6b4dda43a0ee23c337a76c2082692f
Detection ratio: 41 / 55
Analysis date: 2015-10-24 16:40:07 UTC ( 7 months ago )
Antivirus Result Update
AVG BitCoin 20151025
AVware Trojan.Win32.CoinMiner.b (v) 20151025
Ad-Aware Application.BitCoinMiner.BK 20151025
Yandex RiskTool.BitCoinMiner!b+VxDblijXQ 20151025
AhnLab-V3 Trojan/Win32.BitCoinMiner 20151025
Antiy-AVL RiskWare[RiskTool:not-a-virus]/Win32.BitCoinMiner 20151025
Arcabit Application.BitCoinMiner.BK 20151025
Avast Win32:BitCoinMiner-FA [PUP] 20151025
Avira (no cloud) APPL/BitCoinMiner.BK.5 20151025
Baidu-International Hacktool.Win32.BitCoinMiner.lrc 20151025
BitDefender Application.BitCoinMiner.BK 20151025
CAT-QuickHeal RiskTool.BitCoinMin.07866 20151024
ClamAV Win.Trojan.Bitcoinminer-80 20151025
Comodo UnclassifiedMalware 20151025
Cyren W32/Agent.ADQ.gen!Eldorado 20151025
DrWeb Tool.BtcMine.605 20151025
ESET-NOD32 Win32/BitCoinMiner.W potentially unsafe 20151025
F-Prot W32/Agent.ADQ.gen!Eldorado 20151025
F-Secure Application.BitCoinMiner.BK 20151023
GData Application.BitCoinMiner.BK 20151025
Ikarus Win32.SuspectCrc 20151025
Jiangmin Trojan/Generic.bpagm 20151024
K7AntiVirus Riskware ( 004abfa31 ) 20151025
K7GW Riskware ( 004abfa31 ) 20151025
Kaspersky not-a-virus:RiskTool.Win32.BitCoinMiner.lrc 20151025
Malwarebytes RiskWare.BitCoinMiner 20151025
McAfee Artemis!7B935A7E12EE 20151025
McAfee-GW-Edition BehavesLike.Win32.PUP.bc 20151025
eScan Application.BitCoinMiner.BK 20151025
NANO-Antivirus Riskware.Win32.BitCoinMiner.cvikrw 20151025
Panda Generic Malware 20151025
Qihoo-360 Win32/Virus.RiskTool.26e 20151025
Symantec Trojan.Dropper 20151025
Tencent Trojan.Win32.BitCoinMiner.aab 20151025
TotalDefense Win32/BitcoinMiner.dBJcNGB 20151025
TrendMicro HKTL_BITMINE.SML 20151025
TrendMicro-HouseCall HKTL_BITMINE.SML 20151025
VBA32 TrojanPSW.Ruftar 20151023
VIPRE Trojan.Win32.CoinMiner.b (v) 20151025
Zillya Tool.BitCoinMiner.Win32.2 20151025
Zoner Trojan.Generic 20151025
AegisLab 20151025
Alibaba 20151023
Bkav 20151025
ByteHero 20151025
CMC 20151021
Emsisoft 20151025
Fortinet 20151025
Microsoft 20151025
Rising 20151024
SUPERAntiSpyware 20151024
Sophos 20151025
TheHacker 20151025
ViRobot 20151025
nProtect 20151023
The file being studied is a Portable Executable file! More specifically, it is a Win32 EXE file for the Windows command line subsystem.
Packers identified
F-PROT embedded
PE header basic information
Target machine Intel 386 or later processors and compatible processors
Compilation timestamp 2013-07-18 14:00:44
Entry Point 0x00001290
Number of sections 9
PE sections
PE imports
SHGetFolderPathW
SHGetFolderPathA
RegOpenKeyExA
RegQueryValueExA
RegCloseKey
RegOpenKeyA
GetStdHandle
FileTimeToDosDateTime
GetFileAttributesA
WaitForSingleObject
FindFirstFileW
GetFileAttributesW
GetLocalTime
DeleteCriticalSection
GetCurrentProcess
GetLocaleInfoA
LocalAlloc
GetThreadContext
GetLocaleInfoW
GetFullPathNameA
GetTempPathA
WideCharToMultiByte
WriteFile
GetDiskFreeSpaceA
SetFileAttributesA
SetEvent
LocalFree
InitializeCriticalSection
LoadResource
GetStringTypeExW
GetLogicalDriveStringsW
FindClose
TlsGetValue
QueryDosDeviceW
FormatMessageA
SetFileAttributesW
GetStringTypeExA
SetLastError
WriteProcessMemory
RemoveDirectoryW
ExitProcess
GetModuleFileNameA
EnumCalendarInfoA
LoadLibraryExA
UnhandledExceptionFilter
InterlockedDecrement
MultiByteToWideChar
FlushInstructionCache
GetModuleHandleA
GetFullPathNameW
GetSystemDirectoryW
GetSystemDirectoryA
SetThreadContext
SetCurrentDirectoryW
VirtualQuery
SetEndOfFile
GetCurrentThreadId
InterlockedIncrement
SetCurrentDirectoryA
CloseHandle
EnterCriticalSection
LoadLibraryW
FreeLibrary
QueryPerformanceCounter
GetTickCount
IsBadWritePtr
TlsAlloc
VirtualProtect
GetVersionExA
LoadLibraryA
RtlUnwind
ExitThread
GetStartupInfoA
GetDateFormatA
GetWindowsDirectoryW
GetFileSize
CreateDirectoryA
DeleteFileA
GetWindowsDirectoryA
ReadProcessMemory
GetCPInfo
DeleteFileW
GetProcAddress
VirtualProtectEx
GetTempFileNameW
CompareStringW
GetModuleFileNameW
FindFirstFileA
CreateDirectoryW
ResetEvent
GetTempFileNameA
FindNextFileA
CreateFileW
CreateEventA
TlsSetValue
CreateFileA
LeaveCriticalSection
GetLastError
SystemTimeToFileTime
VirtualAllocEx
lstrlenA
FindResourceW
GetThreadLocale
RemoveDirectoryA
FileTimeToLocalFileTime
SizeofResource
GetCurrentDirectoryW
GetCurrentProcessId
LockResource
SetFileTime
GetCurrentDirectoryA
GetCommandLineA
RaiseException
TlsFree
SetFilePointer
ReadFile
FindNextFileW
lstrcpynA
GetACP
GetVersion
FreeResource
IsBadStringPtrW
GetTempPathW
PostQueuedCompletionStatus
VirtualFree
Sleep
IsBadReadPtr
VirtualAlloc
CompareStringA
ZwProtectVirtualMemory
RtlInitUnicodeString
RtlAnsiStringToUnicodeString
RtlFormatCurrentUserKeyPath
RtlInitAnsiString
LdrGetProcedureAddress
LdrLoadDll
RtlFreeUnicodeString
RtlDosPathNameToNtPathName_U
CreateStreamOnHGlobal
CoUninitialize
CoInitialize
VariantChangeType
SafeArrayGetLBound
SafeArrayPtrOfIndex
SysAllocStringLen
VariantClear
SafeArrayCreate
SysReAllocStringLen
SafeArrayGetUBound
VariantCopy
GetErrorInfo
SysFreeString
VariantInit
PathMatchSpecW
CharLowerBuffW
GetSystemMetrics
LoadStringA
CharLowerA
CharNextA
CharUpperW
MessageBoxA
CharLowerW
CharUpperBuffW
CharUpperA
GetKeyboardType
CharToOemA
ExifTool file metadata
MIMEType
application/octet-stream

Subsystem
Windows command line

MachineType
Intel 386 or later, and compatibles

FileTypeExtension
exe

TimeStamp
2013:07:18 15:00:44+01:00

FileType
Win32 EXE

PEType
PE32

CodeSize
170496

LinkerVersion
2.23

EntryPoint
0x1290

InitializedDataSize
186880

SubsystemVersion
4.0

ImageVersion
1.0

OSVersion
4.0

UninitializedDataSize
4096

File identification
MD5 7b935a7e12ee5dfd207eca6aa0b3209a
SHA1 968247268e6b4dda43a0ee23c337a76c2082692f
SHA256 28e2d5898d52255dd324cb0059a34a32b2ea0bf024553e482a967202262ab68c
ssdeep
12288:6vJsH/qrhMmC5eadJqyX8q9Ccg5YqKZgWFqTdTHgCLdyLFNJ7YWmAHF2XpmA:TdwyXc5YrZgWFqT9gV5D0WmAHQXpmA

authentihash 4e6d2c400573cdbac26350f4fdb18129513bbd7d7498ddc7664fcc45c54d9f6a
imphash 25c0914e1e7dc7c3bb957d88e787a155
File size 735.5 KB ( 753152 bytes )
File type Win32 EXE
Magic literal
PE32 executable for MS Windows (console) Intel 80386 32-bit

TrID Win32 Executable MS Visual C++ (generic) (67.3%)
Win32 Dynamic Link Library (generic) (14.1%)
Win32 Executable (generic) (9.7%)
Generic Win/DOS Executable (4.3%)
DOS Executable Generic (4.3%)
Tags
peexe

VirusTotal metadata
First submission 2013-11-27 20:18:12 UTC ( 2 years, 5 months ago )
Last submission 2013-11-27 20:18:12 UTC ( 2 years, 5 months ago )
File names 968247268e6b4dda43a0ee23c337a76c2082692f
Advanced heuristic and reputation engines
Symantec reputation Suspicious.Insight
No comments. No VirusTotal Community member has commented on this item yet, be the first one to do so!

Leave your comment...

?
Post comment

You have not signed in. Only registered users can leave comments, sign in and have a voice!

No votes. No one has voted on this item yet, be the first one to do so!
Condensed report! The following is a condensed report of the behaviour of the file when executed in a controlled environment. The actions and events described were either performed by the file itself or by any other process launched by the executed file or subjected to code injection by the executed file.
Runtime DLLs
UDP communications