× Cookies are disabled! This site requires cookies to be enabled to work properly
SHA256: 2cd88a567c908365b9ed626ad1def43d0752c8dbd27e578db061ae89d780ba68
File name: 370efa46131ff8fc35de18f4612441dc
Detection ratio: 30 / 57
Analysis date: 2016-11-01 17:22:04 UTC ( 2 years, 3 months ago )
Antivirus Result Update
Ad-Aware Gen:Variant.Razy.103238 20161101
AhnLab-V3 Trojan/Win32.Zbot.N2142272950 20161101
ALYac Gen:Variant.Razy.103238 20161101
Arcabit Trojan.Razy.D19346 20161101
Avast Win32:Malware-gen 20161101
Avira (no cloud) TR/Crypt.ZPACK.yralc 20161101
AVware Trojan.Win32.Generic!BT 20161101
Baidu Win32.Trojan.Elenoocka.a 20161101
BitDefender Gen:Variant.Razy.103238 20161101
Bkav HW32.Packed.2A52 20161101
CrowdStrike Falcon (ML) malicious_confidence_100% (D) 20161024
DrWeb Trojan.MulDrop6.63378 20161101
Emsisoft Gen:Variant.Razy.103238 (B) 20161101
ESET-NOD32 a variant of Win32/Kryptik.FIMP 20161101
F-Secure Gen:Variant.Razy.103238 20161101
Fortinet W32/Kryptik.FILK!tr 20161101
GData Gen:Variant.Razy.103238 20161101
Sophos ML virus.win32.ramnit.i 20161018
Kaspersky Trojan.Win32.Zbot.fqk 20161101
Malwarebytes Trojan.MalPack 20161101
McAfee Trojan-FJSV!370EFA46131F 20161101
McAfee-GW-Edition BehavesLike.Win32.Backdoor.dc 20161101
eScan Gen:Variant.Razy.103238 20161101
Qihoo-360 HEUR/QVM20.1.0000.Malware.Gen 20161101
Rising Malware.Generic!2g1g3Cb0KUG@2 (thunder) 20161101
Sophos AV Mal/Generic-S 20161101
Symantec Heur.AdvML.B 20161101
TrendMicro-HouseCall TROJ_GEN.R021H0CJU16 20161101
VIPRE Trojan.Win32.Generic!BT 20161031
Yandex Trojan.Zbot!E3xbruIeZwM 20161101
AegisLab 20161101
Alibaba 20161101
Antiy-AVL 20161101
AVG 20161101
CAT-QuickHeal 20161101
ClamAV 20161101
CMC 20161101
Comodo 20161101
Cyren 20161101
F-Prot 20161101
Ikarus 20161101
Jiangmin 20161101
K7AntiVirus 20161101
K7GW 20161101
Kingsoft 20161101
Microsoft 20161101
NANO-Antivirus 20161101
nProtect 20161101
Panda 20161101
SUPERAntiSpyware 20161101
Tencent 20161101
TheHacker 20161101
TotalDefense 20161028
TrendMicro 20161101
VBA32 20161101
ViRobot 20161101
Zillya 20161031
Zoner 20161101
The file being studied is a Portable Executable file! More specifically, it is a Win32 EXE file for the Windows GUI subsystem.
PE header basic information
Target machine Intel 386 or later processors and compatible processors
Compilation timestamp 2014-10-29 20:36:29
Entry Point 0x00003731
Number of sections 3
PE sections
PE imports
RegRestoreKeyA
RegDeleteKeyA
ReadEventLogA
RegOpenKeyA
RegCloseKey
RegDeleteValueA
RegQueryValueA
RegFlushKey
RegEnumValueA
RegUnLoadKeyA
RegEnumKeyA
RegCreateKeyA
RegSaveKeyA
RegReplaceKeyA
ReadConsoleA
GetSystemTime
GetCurrentProcess
GetThreadPriority
GetLogicalDriveStringsA
GetModuleFileNameW
CreateNamedPipeW
GetStringTypeExW
GetSystemDirectoryW
WaitForSingleObject
FindResourceA
InterlockedExchange
GetCurrentDirectoryA
GetTapePosition
GetProcAddress
LoadLibraryA
GetCurrentThread
ResUtilGetBinaryValue
ClusWorkerTerminate
ResUtilDupString
ClusWorkerCreate
Number of PE resources by type
SATR 3
Number of PE resources by language
NEUTRAL 3
PE resources
Debug information
ExifTool file metadata
MIMEType
application/octet-stream

Subsystem
Windows GUI

MachineType
Intel 386 or later, and compatibles

TimeStamp
2014:10:29 21:36:29+01:00

FileType
Win32 EXE

PEType
PE32

CodeSize
222208

LinkerVersion
7.0

FileTypeExtension
exe

InitializedDataSize
7680

SubsystemVersion
4.0

EntryPoint
0x3731

OSVersion
5.1

ImageVersion
5.1

UninitializedDataSize
0

File identification
MD5 370efa46131ff8fc35de18f4612441dc
SHA1 a45e7ddc85057255735912ea41eed64e5ad49241
SHA256 2cd88a567c908365b9ed626ad1def43d0752c8dbd27e578db061ae89d780ba68
ssdeep
3072:2Ttq1vZN7eixMLSSSGjlKYjmXbkUbI+juVrf7xCufkn61uxbIrHuROviqzeN0dgr:gixKSYjmrw+iVrf7xCufkn6KMuAviV

authentihash 53954541f44ddb081c2fce9ba5846571f10cfbd89f94c170b90c2640cd461a7d
imphash a0f06f39da51fe3bb665ee89a232b7d7
File size 225.5 KB ( 230912 bytes )
File type Win32 EXE
Magic literal
PE32 executable for MS Windows (GUI) Intel 80386 32-bit

TrID Win32 Dynamic Link Library (generic) (43.5%)
Win32 Executable (generic) (29.8%)
Generic Win/DOS Executable (13.2%)
DOS Executable Generic (13.2%)
Tags
peexe

VirusTotal metadata
First submission 2016-11-01 17:22:04 UTC ( 2 years, 3 months ago )
Last submission 2016-11-01 17:22:04 UTC ( 2 years, 3 months ago )
No comments. No VirusTotal Community member has commented on this item yet, be the first one to do so!

Leave your comment...

?
Post comment

You have not signed in. Only registered users can leave comments, sign in and have a voice!

No votes. No one has voted on this item yet, be the first one to do so!
Condensed report! The following is a condensed report of the behaviour of the file when executed in a controlled environment. The actions and events described were either performed by the file itself or by any other process launched by the executed file or subjected to code injection by the executed file.
Opened files
Read files
Written files
Copied files
Deleted files
Created processes
Shell commands
Code injections in the following processes
Created mutexes
Opened mutexes
Runtime DLLs
UDP communications