× Cookies are disabled! This site requires cookies to be enabled to work properly
SHA256: 2e322602d2a62cd09ee673079a974fd00ebd2c96b41ba7e32c113b65dc58b92c
File name: b14433591a43b650983ce08d11f6b58f.virus
Detection ratio: 39 / 57
Analysis date: 2016-10-02 09:17:59 UTC ( 2 years, 4 months ago )
Antivirus Result Update
Ad-Aware Gen:Variant.Razy.94477 20161002
AhnLab-V3 Trojan/Win32.Tuhkit.N2107357270 20161001
ALYac Gen:Variant.Razy.94477 20160930
Antiy-AVL Trojan[Banker]/Win32.Tuhkit 20161002
Arcabit Trojan.Razy.D1710D 20161002
Avast Win32:Malware-gen 20161002
AVG Crypt6.ARM 20161002
Avira (no cloud) TR/Crypt.ZPACK.guasy 20161001
AVware Trojan.Win32.Generic!BT 20161002
Baidu Win32.Trojan.WisdomEyes.151026.9950.9998 20161001
BitDefender Gen:Variant.Razy.94477 20161002
Bkav HW32.Packed.5829 20161001
CrowdStrike Falcon (ML) malicious_confidence_100% (D) 20160725
Cyren W32/Trojan.KVVB-7535 20161002
DrWeb Trojan.Siggen6.58358 20161002
Emsisoft Gen:Variant.Razy.94477 (B) 20161002
ESET-NOD32 a variant of Win32/Kryptik.FGII 20161001
F-Secure Gen:Variant.Razy.94477 20161002
Fortinet W32/Generic.AP.1201C4!tr 20161002
GData Gen:Variant.Razy.94477 20161002
Sophos ML virus.win32.sality.at 20160928
Jiangmin Trojan.Banker.Tuhkit.k 20161002
K7AntiVirus Trojan ( 004f8cc21 ) 20161002
K7GW Trojan ( 004f8cc21 ) 20161002
Kaspersky Trojan-Banker.Win32.Tuhkit.ap 20161002
Malwarebytes Trojan.Downloader 20161002
McAfee Artemis!B14433591A43 20161002
McAfee-GW-Edition BehavesLike.Win32.VBObfus.cc 20161002
eScan Gen:Variant.Razy.94477 20161002
NANO-Antivirus Trojan.Win32.Siggen6.egocxy 20161002
Panda Trj/GdSda.A 20161001
Qihoo-360 HEUR/QVM20.1.0000.Malware.Gen 20161002
Rising Malware.XPACK-HIE/Heur!1.9C48-RcEO2Lgm9kL (cloud) 20161002
Sophos AV Mal/Generic-S 20161002
Symantec Trojan.Gen 20161002
Tencent Win32.Trojan-banker.Tuhkit.Pcie 20161002
TrendMicro TROJ_GEN.R000C0GIK16 20161002
TrendMicro-HouseCall TROJ_HPTALAPEK.SMEND 20161002
VIPRE Trojan.Win32.Generic!BT 20161002
AegisLab 20161002
Alibaba 20160930
CAT-QuickHeal 20161001
ClamAV 20161002
CMC 20160930
Comodo 20161002
F-Prot 20160926
Ikarus 20161001
Kingsoft 20161002
Microsoft 20161002
nProtect 20161002
SUPERAntiSpyware 20161002
TheHacker 20161001
VBA32 20161001
ViRobot 20161002
Yandex 20161001
Zillya 20161001
Zoner 20161002
The file being studied is a Portable Executable file! More specifically, it is a Win32 EXE file for the Windows GUI subsystem.
Packers identified
PEiD Ste@lth PE 1.01 -> BGCorp
PE header basic information
Target machine Intel 386 or later processors and compatible processors
Compilation timestamp 2012-07-14 10:54:05
Entry Point 0x00005810
Number of sections 3
PE sections
PE imports
lstrcpynW
GetStartupInfoA
GetVolumeInformationA
GetStdHandle
ReleaseSemaphore
CreateThread
GetEnvironmentVariableA
WaitForSingleObject
CreateWaitableTimerW
GetTickCount
GetFullPathNameW
LoadLibraryA
OpenEventA
GetProcAddress
TraceSQLFetch
TraceSQLBindCol
ShellMessageBoxW
SHCreateShellItem
DuplicateIcon
SHGetSettings
DragQueryPoint
FreeIconList
StrChrA
ExtractIconA
DllRegisterServer
SHFileOperationA
SE_InstallAfterInit
SE_IsShimDll
SE_ProcessDying
SE_DllLoaded
SE_InstallBeforeInit
Number of PE resources by type
RT_RCDATA 9
RT_DIALOG 1
Number of PE resources by language
NEUTRAL 10
PE resources
Debug information
ExifTool file metadata
MIMEType
application/octet-stream

Subsystem
Windows GUI

MachineType
Intel 386 or later, and compatibles

TimeStamp
2012:07:14 11:54:05+01:00

FileType
Win32 EXE

PEType
PE32

CodeSize
127488

LinkerVersion
7.0

FileTypeExtension
exe

InitializedDataSize
36352

SubsystemVersion
4.0

EntryPoint
0x5810

OSVersion
5.1

ImageVersion
5.1

UninitializedDataSize
0

File identification
MD5 b14433591a43b650983ce08d11f6b58f
SHA1 1fb60fb15bce88cacf94cb2d4585ad6ec671576c
SHA256 2e322602d2a62cd09ee673079a974fd00ebd2c96b41ba7e32c113b65dc58b92c
ssdeep
3072:XxgbJJi1vVsph6cuGPSgnD2jhgWNkCoZc:Xabmyph6cuGPliSWa

authentihash 019a77ea4d2a8d67b3e369e5527ce24592d5e971faa35f53bee28874209d11d5
imphash 8c30c459890df1e7a071d13a67c1f63b
File size 161.0 KB ( 164864 bytes )
File type Win32 EXE
Magic literal
PE32 executable for MS Windows (GUI) Intel 80386 32-bit

TrID Win32 Dynamic Link Library (generic) (43.5%)
Win32 Executable (generic) (29.8%)
Generic Win/DOS Executable (13.2%)
DOS Executable Generic (13.2%)
Tags
peexe stealth

VirusTotal metadata
First submission 2016-10-02 09:17:59 UTC ( 2 years, 4 months ago )
Last submission 2016-10-02 09:17:59 UTC ( 2 years, 4 months ago )
File names b14433591a43b650983ce08d11f6b58f.virus
No comments. No VirusTotal Community member has commented on this item yet, be the first one to do so!

Leave your comment...

?
Post comment

You have not signed in. Only registered users can leave comments, sign in and have a voice!

No votes. No one has voted on this item yet, be the first one to do so!
Condensed report! The following is a condensed report of the behaviour of the file when executed in a controlled environment. The actions and events described were either performed by the file itself or by any other process launched by the executed file or subjected to code injection by the executed file.
Opened files
Read files
Written files
Deleted files
Created processes
Code injections in the following processes
Created mutexes
Opened mutexes
Opened service managers
Opened services
Runtime DLLs
HTTP requests
DNS requests
TCP connections
UDP communications