× Cookies are disabled! This site requires cookies to be enabled to work properly
SHA256: 2af374f379834035e86e83e363c2b585bb64cbadb64b615264256f66e6b4b007
File name: dosya.exe
Detection ratio: 7 / 56
Analysis date: 2016-09-07 18:58:44 UTC ( 2 years, 3 months ago ) View latest
Antivirus Result Update
AegisLab Troj.W32.Agentb.maJN 20160907
Baidu Win32.Trojan.WisdomEyes.151026.9950.9999 20160907
Sophos ML trojandropper.win32.sventore.a 20160830
Kaspersky UDS:DangerousObject.Multi.Generic 20160907
McAfee Trojan-FJNQ!03FE3C1B91F9 20160907
McAfee-GW-Edition BehavesLike.Win32.MultiPlug.dc 20160907
Tencent Win32.Trojan.Raasj.Auto 20160907
Ad-Aware 20160907
AhnLab-V3 20160907
Alibaba 20160907
ALYac 20160907
Antiy-AVL 20160907
Arcabit 20160907
Avast 20160907
AVG 20160907
Avira (no cloud) 20160907
AVware 20160907
BitDefender 20160907
Bkav 20160907
CAT-QuickHeal 20160907
ClamAV 20160907
CMC 20160907
Comodo 20160907
Cyren 20160907
DrWeb 20160907
Emsisoft 20160907
ESET-NOD32 20160907
F-Prot 20160907
F-Secure 20160907
Fortinet 20160907
GData 20160907
Ikarus 20160907
Jiangmin 20160907
K7AntiVirus 20160907
K7GW 20160907
Kingsoft 20160907
Malwarebytes 20160907
Microsoft 20160907
eScan 20160907
NANO-Antivirus 20160907
nProtect 20160907
Panda 20160907
Qihoo-360 20160907
Rising 20160907
Sophos AV 20160907
SUPERAntiSpyware 20160907
Symantec 20160907
TheHacker 20160905
TrendMicro 20160907
TrendMicro-HouseCall 20160907
VBA32 20160907
VIPRE 20160907
ViRobot 20160907
Yandex 20160907
Zillya 20160907
Zoner 20160907
The file being studied is a Portable Executable file! More specifically, it is a Win32 EXE file for the Windows GUI subsystem.
PE header basic information
Target machine Intel 386 or later processors and compatible processors
Compilation timestamp 2016-09-07 13:18:55
Entry Point 0x000102DA
Number of sections 5
PE sections
Overlays
MD5 71f17140462eabc292ed383eda4f86d3
File type data
Offset 109568
Size 133425
Entropy 8.00
PE imports
AddAccessAllowedObjectAce
AddAccessDeniedAce
GetLastError
InitializeCriticalSectionAndSpinCount
HeapFree
FreeConsole
EnterCriticalSection
LCMapStringW
SetHandleCount
GetModuleFileNameW
GetOEMCP
QueryPerformanceCounter
IsDebuggerPresent
EncodePointer
TlsAlloc
GetEnvironmentStringsW
GetModuleFileNameA
RtlUnwind
GetStdHandle
HeapSetInformation
GetCurrentProcess
GetStringTypeW
GetCurrentProcessId
UnhandledExceptionFilter
GetCPInfo
ExitProcess
TlsGetValue
MultiByteToWideChar
GetStartupInfoW
FreeEnvironmentStringsW
GetCommandLineA
GetProcAddress
HeapSize
RaiseException
WideCharToMultiByte
LoadLibraryW
TlsFree
GetSystemTimeAsFileTime
DeleteCriticalSection
SetUnhandledExceptionFilter
WriteFile
IsProcessorFeaturePresent
GetACP
HeapReAlloc
DecodePointer
GetModuleHandleW
LocalFree
TerminateProcess
IsValidCodePage
HeapCreate
InterlockedDecrement
Sleep
GetFileType
GetTickCount
TlsSetValue
HeapAlloc
GetCurrentThreadId
LeaveCriticalSection
SetLastError
InterlockedIncrement
Number of PE resources by type
RT_DIALOG 1
Number of PE resources by language
ENGLISH US 1
PE resources
ExifTool file metadata
MIMEType
application/octet-stream

Subsystem
Windows GUI

MachineType
Intel 386 or later, and compatibles

TimeStamp
2016:09:07 14:18:55+01:00

FileType
Win32 EXE

PEType
PE32

CodeSize
82944

LinkerVersion
10.0

FileTypeExtension
exe

InitializedDataSize
29184

SubsystemVersion
5.1

EntryPoint
0x102da

OSVersion
5.1

ImageVersion
0.0

UninitializedDataSize
0

Compressed bundles
File identification
MD5 03fe3c1b91f97636c13843f1a2b07819
SHA1 b071cc802b145e60e1faa38477fdcde30ebcc9d6
SHA256 2af374f379834035e86e83e363c2b585bb64cbadb64b615264256f66e6b4b007
ssdeep
3072:HImouD4Mv3Zp9OA8phtSsUDO16s7X7bDjHs4C0GkO9ecUbPpIdUEcgEoCprdCJfZ:HImoE3Zp9OA8r/Sfsz3Hs4vvEtDCKfp

authentihash 2f4f5e14e57b31b87452f7c5028e59b5357b33a78f144721e3c1fc54e527b3fd
imphash b4d72bd21bb4a1727d07dca631bc6d1e
File size 237.3 KB ( 242993 bytes )
File type Win32 EXE
Magic literal
PE32 executable for MS Windows (GUI) Intel 80386 32-bit

TrID Win32 Executable MS Visual C++ (generic) (42.2%)
Win64 Executable (generic) (37.3%)
Win32 Dynamic Link Library (generic) (8.8%)
Win32 Executable (generic) (6.0%)
Generic Win/DOS Executable (2.7%)
Tags
peexe overlay

VirusTotal metadata
First submission 2016-09-07 16:15:09 UTC ( 2 years, 3 months ago )
Last submission 2017-04-16 18:42:49 UTC ( 1 year, 8 months ago )
File names 03fe3c1b91f97636c13843f1a2b07819.exe
2af374f379834035e86e83e363c2b585bb64cbadb64b615264256f66e6b4b007
dosya.exe
CERTIFICATE
dosya.exe
Advanced heuristic and reputation engines
TrendMicro-HouseCall
TrendMicro's heuristic engine has flagged this file as: Suspicious_GEN.F47V0908.

No comments. No VirusTotal Community member has commented on this item yet, be the first one to do so!

Leave your comment...

?
Post comment

You have not signed in. Only registered users can leave comments, sign in and have a voice!

No votes. No one has voted on this item yet, be the first one to do so!
Condensed report! The following is a condensed report of the behaviour of the file when executed in a controlled environment. The actions and events described were either performed by the file itself or by any other process launched by the executed file or subjected to code injection by the executed file.
Runtime DLLs
UDP communications