× Cookies are disabled! This site requires cookies to be enabled to work properly
SHA256: 2ba3d70da7da411ef7bc88e16d35bc3c6eada35d36905c79b2d1a7e56b13a457
File name: 4e16f5aeb8caf95fe2399e072b6df103.virus
Detection ratio: 30 / 55
Analysis date: 2016-07-26 18:48:32 UTC ( 2 years, 6 months ago )
Antivirus Result Update
Ad-Aware Trojan.GenericKD.3414838 20160726
AhnLab-V3 Malware/Win32.Generic.N2047760189 20160726
ALYac Trojan.GenericKD.3414838 20160726
Antiy-AVL Trojan[Downloader]/Win32.Gootkit 20160726
Arcabit Trojan.Generic.D341B36 20160726
Avast Win32:Malware-gen 20160726
AVG Downloader.Generic14.BBNX 20160726
Avira (no cloud) TR/AD.Gootkit.Y.taxd 20160726
AVware Trojan.Win32.Generic!BT 20160726
BitDefender Trojan.GenericKD.3414838 20160726
DrWeb Trojan.Siggen6.58358 20160726
Emsisoft Trojan.GenericKD.3414838 (B) 20160726
ESET-NOD32 Win32/TrojanDownloader.Agent.CFH 20160726
F-Secure Trojan.GenericKD.3414838 20160726
Fortinet W32/Agent.CFH!tr.dldr 20160726
GData Trojan.GenericKD.3414838 20160726
K7AntiVirus Trojan-Downloader ( 004e141d1 ) 20160726
K7GW Trojan-Downloader ( 004e141d1 ) 20160726
Kaspersky Trojan-Downloader.Win32.Gootkit.pr 20160726
McAfee Artemis!4E16F5AEB8CA 20160726
McAfee-GW-Edition BehavesLike.Win32.PWSZbot.dh 20160726
Microsoft Trojan:Win32/Dynamer!ac 20160726
eScan Trojan.GenericKD.3414838 20160726
nProtect Trojan.GenericKD.3414838 20160726
Panda Trj/GdSda.A 20160726
Qihoo-360 HEUR/QVM09.0.0000.Malware.Gen 20160726
Sophos AV Mal/Generic-S 20160726
Tencent Win32.Trojan-downloader.Gootkit.Pdmk 20160726
TrendMicro TROJ_GEN.R011C0DGJ16 20160726
VIPRE Trojan.Win32.Generic!BT 20160726
AegisLab 20160726
Alibaba 20160726
Baidu 20160726
Bkav 20160726
CAT-QuickHeal 20160726
ClamAV 20160726
CMC 20160725
Comodo 20160726
Cyren 20160726
F-Prot 20160726
Ikarus 20160726
Jiangmin 20160726
Kingsoft 20160726
Malwarebytes 20160726
NANO-Antivirus 20160726
SUPERAntiSpyware 20160726
Symantec 20160726
TheHacker 20160726
TotalDefense 20160726
TrendMicro-HouseCall 20160726
VBA32 20160726
ViRobot 20160726
Yandex 20160724
Zillya 20160724
Zoner 20160726
The file being studied is a Portable Executable file! More specifically, it is a Win32 EXE file for the Windows GUI subsystem.
PE header basic information
Target machine Intel 386 or later processors and compatible processors
Compilation timestamp 2007-10-10 19:41:09
Entry Point 0x0000C9E2
Number of sections 5
PE sections
PE imports
CreateRectRgn
PtVisible
SelectClipRgn
CreateCompatibleDC
GetPixel
CreateFontW
GetStdHandle
GetConsoleOutputCP
HeapDestroy
FreeEnvironmentStringsA
DeleteCriticalSection
GetCurrentProcess
GetConsoleMode
GetLocaleInfoA
FreeEnvironmentStringsW
GetLocaleInfoW
SetStdHandle
GetCPInfo
GetStringTypeA
InterlockedExchange
WriteFile
GetSystemTimeAsFileTime
HeapReAlloc
GetStringTypeW
LocalFree
InitializeCriticalSection
InterlockedDecrement
FormatMessageA
SetLastError
GetModuleFileNameW
IsDebuggerPresent
HeapAlloc
FlushFileBuffers
GetModuleFileNameA
EnumSystemLocalesA
UnhandledExceptionFilter
TlsGetValue
MultiByteToWideChar
SetFilePointer
SetUnhandledExceptionFilter
TerminateProcess
WriteConsoleA
GetCurrentThreadId
InterlockedIncrement
WriteConsoleW
HeapFree
EnterCriticalSection
SetHandleCount
GetOEMCP
QueryPerformanceCounter
GetTickCount
TlsAlloc
GetVersionExA
LoadLibraryA
RtlUnwind
GetStartupInfoA
GetStartupInfoW
GetUserDefaultLCID
GetProcessHeap
WaitNamedPipeA
IsValidLocale
GetProcAddress
GetFileType
TlsSetValue
CreateFileA
ExitProcess
LeaveCriticalSection
GetLastError
LCMapStringW
GetConsoleCP
LCMapStringA
GetEnvironmentStringsW
FindFirstChangeNotificationW
GetEnvironmentStrings
GetCurrentProcessId
GetCommandLineW
WideCharToMultiByte
HeapSize
GetCommandLineA
InterlockedCompareExchange
RaiseException
TlsFree
GetModuleHandleA
ReadFile
CloseHandle
GetACP
GetModuleHandleW
IsValidCodePage
HeapCreate
VirtualFree
Sleep
VirtualAlloc
Ord(129)
Ord(86)
Ord(113)
Ord(66)
Ord(7)
Ord(37)
Ord(39)
Ord(88)
Ord(70)
Ord(72)
Ord(131)
Ord(94)
Ord(155)
Ord(82)
Ord(141)
Ord(137)
Ord(84)
Ord(96)
Ord(43)
Ord(111)
Ord(10)
Ord(45)
Ord(8)
Ord(67)
Ord(16)
Ord(14)
Ord(41)
NetWkstaGetInfo
NetGetAnyDCName
NetApiBufferFree
MapWindowPoints
EmptyClipboard
ShowScrollBar
GetSystemMetrics
EndDialog
BeginPaint
OffsetRect
SetDlgItemInt
WindowFromPoint
ValidateRect
LoadIconW
DestroyMenu
GetMessageW
CloseClipboard
InsertMenuItemW
PostMessageW
InvalidateRect
GetDlgItemInt
SetCursor
Number of PE resources by type
BIN 1
RT_MANIFEST 1
RT_VERSION 1
Number of PE resources by language
ENGLISH US 3
PE resources
Debug information
ExifTool file metadata
UninitializedDataSize
0

InitializedDataSize
196608

ImageVersion
0.0

ProductName
Meantyoung Postsoft

FileVersionNumber
1.0.0.1

LanguageCode
English (U.S.)

FileFlagsMask
0x0000

CharacterSet
Windows, Latin1

LinkerVersion
8.0

FileTypeExtension
exe

OriginalFileName
cloudenemy.exe

MIMEType
application/octet-stream

Subsystem
Windows GUI

FileVersion
1.0.0.1

TimeStamp
2007:10:10 20:41:09+01:00

FileType
Win32 EXE

PEType
PE32

InternalName
cloudenemy.exe

ProductVersion
1.0.0.1

SubsystemVersion
4.0

OSVersion
4.0

FileOS
Win32

LegalCopyright
Copy right(c) 2006. All rights reserved.

MachineType
Intel 386 or later, and compatibles

CodeSize
135168

FileSubtype
0

ProductVersionNumber
1.0.0.1

EntryPoint
0xc9e2

ObjectFileType
Executable application

File identification
MD5 4e16f5aeb8caf95fe2399e072b6df103
SHA1 b3293d7fe5490449f9fe2ca78969c74f43e53c1e
SHA256 2ba3d70da7da411ef7bc88e16d35bc3c6eada35d36905c79b2d1a7e56b13a457
ssdeep

authentihash c7037f0a130ea4463d96ce425e9bda92393eadeb1380276afc4946cadb633337
imphash 59f3ed58c2b491f0f30c48e025903075
File size 288.0 KB ( 294912 bytes )
File type Win32 EXE
Magic literal

TrID
Tags
peexe

VirusTotal metadata
First submission 2016-07-26 18:48:32 UTC ( 2 years, 6 months ago )
Last submission 2016-07-26 18:48:32 UTC ( 2 years, 6 months ago )
File names 4e16f5aeb8caf95fe2399e072b6df103.virus
No comments. No VirusTotal Community member has commented on this item yet, be the first one to do so!

Leave your comment...

?
Post comment

You have not signed in. Only registered users can leave comments, sign in and have a voice!

No votes. No one has voted on this item yet, be the first one to do so!