× Cookies are disabled! This site requires cookies to be enabled to work properly
SHA256: 29c4290ab1bc26c10978c0b6c8f036758f637df1530c2396a5b1779a5851ba80
File name: 1a4821603cca644f3f420ec07d031244.virus
Detection ratio: 31 / 57
Analysis date: 2017-02-08 01:22:37 UTC ( 2 years ago )
Antivirus Result Update
Ad-Aware Gen:Variant.Symmi.70629 20170208
AhnLab-V3 Trojan/Win32.MDA.C1771777 20170207
ALYac Gen:Variant.Midie.34956 20170208
Arcabit Trojan.Symmi.D113E5 20170208
Avast Win32:Malware-gen 20170208
AVG Crypt7.DKE 20170207
Avira (no cloud) TR/Crypt.ZPACK.cjquc 20170207
AVware Trojan.Win32.Generic!BT 20170208
Baidu Win32.Trojan.WisdomEyes.16070401.9500.9951 20170207
BitDefender Gen:Variant.Symmi.70629 20170208
CMC Trojan.Win32.Swizzor.1!O 20170207
CrowdStrike Falcon (ML) malicious_confidence_100% (D) 20170130
Cyren W32/S-e2e07e9d!Eldorado 20170208
Emsisoft Gen:Variant.Symmi.70629 (B) 20170207
ESET-NOD32 a variant of Win32/Kryptik.FNWG 20170208
F-Prot W32/S-e2e07e9d!Eldorado 20170208
F-Secure Gen:Variant.Symmi.70629 20170207
Fortinet W32/Kryptik.FNWG!tr 20170208
GData Gen:Variant.Symmi.70629 20170208
Sophos ML worm.win32.dorkbot.i 20170203
Jiangmin TrojanProxy.Lethic.aia 20170207
Kaspersky HEUR:Trojan.Win32.Generic 20170208
Malwarebytes Backdoor.Andromeda 20170207
McAfee-GW-Edition BehavesLike.Win32.Generic.ch 20170208
eScan Gen:Variant.Symmi.70629 20170208
Panda Trj/GdSda.A 20170207
Qihoo-360 HEUR/QVM09.0.F62B.Malware.Gen 20170208
Rising Malware.Generic!SoAqu2nj2TV@5 (thunder) 20170207
Symantec Trojan.Gen.2 20170207
Tencent Win32.Trojan.Kryptik.Dygu 20170208
VIPRE Trojan.Win32.Generic!BT 20170208
AegisLab 20170207
Alibaba 20170122
Antiy-AVL 20170208
Bkav 20170207
CAT-QuickHeal 20170207
ClamAV 20170208
Comodo 20170207
DrWeb 20170208
Ikarus 20170207
K7AntiVirus 20170207
K7GW 20170208
Kingsoft 20170208
McAfee 20170208
Microsoft 20170207
NANO-Antivirus 20170207
nProtect 20170208
Sophos AV 20170207
SUPERAntiSpyware 20170208
TheHacker 20170205
TotalDefense 20170207
TrendMicro 20170208
TrendMicro-HouseCall 20170208
Trustlook 20170208
VBA32 20170207
ViRobot 20170208
WhiteArmor 20170202
Yandex 20170208
Zillya 20170207
Zoner 20170207
The file being studied is a Portable Executable file! More specifically, it is a Win32 EXE file.
PE header basic information
Target machine Intel 386 or later processors and compatible processors
Compilation timestamp 2017-02-04 10:56:34
Entry Point 0x000049C2
Number of sections 4
PE sections
PE imports
GetDeviceCaps
SetMapMode
CreateRectRgn
RestoreDC
SetBkMode
BitBlt
GetStockObject
SaveDC
CreateFontIndirectA
SelectObject
DeleteObject
CombineRgn
GetClipBox
SetBkColor
CreateCompatibleDC
GetBkColor
StretchBlt
SetTextColor
GetStdHandle
GetConsoleOutputCP
GetFileAttributesA
WaitForSingleObject
HeapDestroy
FreeEnvironmentStringsA
DeleteCriticalSection
GetCurrentProcess
GetConsoleMode
GetLocaleInfoA
lstrcatA
SetErrorMode
FreeEnvironmentStringsW
SetStdHandle
GetTempPathA
WideCharToMultiByte
GetStringTypeA
WriteFile
GetSystemTimeAsFileTime
GetDiskFreeSpaceA
GetStringTypeW
SetFileAttributesA
GetExitCodeProcess
MoveFileA
InitializeCriticalSection
FindClose
InterlockedDecrement
SetLastError
CopyFileA
ExitProcess
GetVersionExA
RemoveDirectoryA
LoadLibraryExA
GetPrivateProfileStringA
UnhandledExceptionFilter
TlsGetValue
MultiByteToWideChar
GetModuleHandleA
CreateThread
SetUnhandledExceptionFilter
MulDiv
GetSystemDirectoryA
SetEnvironmentVariableA
TerminateProcess
WriteConsoleA
GlobalAlloc
SearchPathA
GetVersion
InterlockedIncrement
SetCurrentDirectoryA
WriteConsoleW
HeapFree
EnterCriticalSection
SetHandleCount
lstrcmpiA
FreeLibrary
QueryPerformanceCounter
GetTickCount
TlsAlloc
FlushFileBuffers
LoadLibraryA
RtlUnwind
GetStartupInfoA
GetDateFormatA
GetFileSize
CreateDirectoryA
DeleteFileA
GetWindowsDirectoryA
GetFullPathNameA
GetProcAddress
GetProcessHeap
CompareStringW
lstrcmpA
FindFirstFileA
CompareStringA
GetTempFileNameA
FindNextFileA
ExpandEnvironmentStringsA
GetTimeZoneInformation
IsDebuggerPresent
GetFileType
TlsSetValue
CreateFileA
HeapAlloc
LeaveCriticalSection
GetLastError
LCMapStringW
lstrlenA
GlobalFree
GetConsoleCP
LCMapStringA
HeapReAlloc
GetEnvironmentStringsW
GlobalUnlock
GetModuleFileNameA
GetShortPathNameA
GetEnvironmentStrings
CompareFileTime
WritePrivateProfileStringA
GetCurrentProcessId
SetFileTime
GetCPInfo
HeapSize
GetCommandLineA
RaiseException
TlsFree
SetFilePointer
ReadFile
CloseHandle
lstrcpynA
GetACP
GlobalLock
GetCurrentThreadId
CreateProcessA
HeapCreate
VirtualFree
Sleep
VirtualAlloc
GetOEMCP
GetTimeFormatA
SetFocus
GetParent
EndDialog
DrawTextW
DefWindowProcW
ShowWindow
MessageBeep
SetWindowPos
wvsprintfW
GetSystemMetrics
SetWindowLongW
GetWindowRect
ScreenToClient
CharUpperW
MessageBoxA
LoadIconW
GetWindowDC
GetWindow
SetDlgItemTextW
GetDC
GetKeyState
ReleaseDC
SendMessageW
GetWindowLongW
DrawIconEx
SetWindowTextW
GetDlgItem
SystemParametersInfoW
CallWindowProcW
EnableMenuItem
ClientToScreen
SetTimer
LoadImageW
DialogBoxIndirectParamW
GetClientRect
GetSystemMenu
GetWindowTextLengthW
wsprintfW
GetFileVersionInfoSizeA
GetFileVersionInfoA
VerQueryValueA
OpenPrinterA
DocumentPropertiesA
ClosePrinter
Number of PE resources by type
RT_MANIFEST 1
RT_DIALOG 1
Number of PE resources by language
ARABIC UAE 1
NEUTRAL 1
PE resources
File identification
MD5 1a4821603cca644f3f420ec07d031244
SHA1 18e8da4a4febe32aaac82e8abef5f16633b8412f
SHA256 29c4290ab1bc26c10978c0b6c8f036758f637df1530c2396a5b1779a5851ba80
ssdeep
3072:N4sQRVkh3SovxlYvd3DFZvDj9LiXmih3/6huHk+:qX2fxCpT1Umih3/

authentihash d3ce9771e1b376c01c3c827e81bfc96c4d26d5a8dbf56f61e63eee092d6dae89
imphash b2d88db918ecfe4f11d27d2270aef17c
File size 180.0 KB ( 184320 bytes )
File type Win32 EXE
Magic literal
PE32 executable for MS Windows (GUI) Intel 80386 32-bit

TrID Win32 Executable MS Visual C++ (generic) (42.2%)
Win64 Executable (generic) (37.3%)
Win32 Dynamic Link Library (generic) (8.8%)
Win32 Executable (generic) (6.0%)
Generic Win/DOS Executable (2.7%)
Tags
peexe

VirusTotal metadata
First submission 2017-02-08 01:22:37 UTC ( 2 years ago )
Last submission 2017-02-08 01:22:37 UTC ( 2 years ago )
File names 1a4821603cca644f3f420ec07d031244.virus
No comments. No VirusTotal Community member has commented on this item yet, be the first one to do so!

Leave your comment...

?
Post comment

You have not signed in. Only registered users can leave comments, sign in and have a voice!

No votes. No one has voted on this item yet, be the first one to do so!
Condensed report! The following is a condensed report of the behaviour of the file when executed in a controlled environment. The actions and events described were either performed by the file itself or by any other process launched by the executed file or subjected to code injection by the executed file.
Opened files
Runtime DLLs
UDP communications