× Cookies are disabled! This site requires cookies to be enabled to work properly
SHA256: 2e896ed8d8a07350fa0e9e48c5f87e7335c74506df77510577605bec70269790
File name: martin.php
Detection ratio: 6 / 55
Analysis date: 2015-12-02 09:35:35 UTC ( 2 years, 8 months ago ) View latest
Antivirus Result Update
AVG Generic_s.BJT 20151130
Bkav HW32.Packed.6274 20151201
Kaspersky UDS:DangerousObject.Multi.Generic 20151202
McAfee-GW-Edition BehavesLike.Win32.Downloader.cc 20151202
Qihoo-360 QVM07.1.Malware.Gen 20151202
Rising PE:Malware.Obscure/Heur!1.9E03 [F] 20151129
Ad-Aware 20151130
AegisLab 20151202
Yandex 20151201
AhnLab-V3 20151201
Alibaba 20151202
ALYac 20151202
Antiy-AVL 20151202
Arcabit 20151202
Avast 20151202
Avira (no cloud) 20151201
AVware 20151202
Baidu-International 20151201
BitDefender 20151202
ByteHero 20151202
CAT-QuickHeal 20151202
ClamAV 20151202
CMC 20151201
Comodo 20151202
Cyren 20151202
DrWeb 20151202
Emsisoft 20151202
ESET-NOD32 20151202
F-Prot 20151202
F-Secure 20151202
Fortinet 20151202
GData 20151202
Ikarus 20151201
Jiangmin 20151201
K7AntiVirus 20151202
K7GW 20151202
Malwarebytes 20151202
McAfee 20151202
Microsoft 20151202
eScan 20151202
NANO-Antivirus 20151202
nProtect 20151202
Panda 20151201
Sophos AV 20151202
SUPERAntiSpyware 20151202
Symantec 20151201
Tencent 20151202
TheHacker 20151127
TrendMicro 20151202
TrendMicro-HouseCall 20151202
VBA32 20151201
VIPRE 20151202
ViRobot 20151202
Zillya 20151201
Zoner 20151202
The file being studied is a Portable Executable file! More specifically, it is a Win32 EXE file for the Windows GUI subsystem.
PE header basic information
Target machine Intel 386 or later processors and compatible processors
Compilation timestamp 2015-12-01 19:41:52
Entry Point 0x000050C8
Number of sections 4
PE sections
Overlays
MD5 d6ae1bb3a7340ba72662fa894d190fe3
File type data
Offset 188416
Size 120
Entropy 4.72
PE imports
RegEnumKeyA
SelectObject
CreatePen
SetPixel
CreateSolidBrush
BitBlt
CreateCompatibleDC
Rectangle
GetLastError
GetStartupInfoA
GetTimeZoneInformation
MapViewOfFile
GetModuleHandleA
GetModuleFileNameW
LocalFree
CreateFileW
FreeLibrary
GetCurrentProcess
MultiByteToWideChar
GetFileType
HeapReAlloc
VirtualAlloc
GetModuleHandleW
Ord(6197)
Ord(1775)
Ord(2438)
Ord(4080)
Ord(2362)
Ord(537)
Ord(4710)
Ord(2414)
Ord(3597)
Ord(1641)
Ord(3136)
Ord(6375)
Ord(2455)
Ord(3626)
Ord(755)
Ord(3798)
Ord(2621)
Ord(3259)
Ord(5290)
Ord(2446)
Ord(4297)
Ord(5787)
Ord(815)
Ord(922)
Ord(641)
Ord(5788)
Ord(2645)
Ord(5277)
Ord(2514)
Ord(6379)
Ord(4425)
Ord(4353)
Ord(3574)
Ord(1134)
Ord(4465)
Ord(609)
Ord(5300)
Ord(4627)
Ord(1168)
Ord(3738)
Ord(4853)
Ord(2982)
Ord(4234)
Ord(825)
Ord(3081)
Ord(5199)
Ord(5307)
Ord(4441)
Ord(4424)
Ord(540)
Ord(4078)
Ord(2554)
Ord(6376)
Ord(2294)
Ord(1727)
Ord(3402)
Ord(5785)
Ord(1644)
Ord(2379)
Ord(2725)
Ord(640)
Ord(4133)
Ord(4998)
Ord(3654)
Ord(800)
Ord(3749)
Ord(2512)
Ord(470)
Ord(4274)
Ord(5261)
Ord(2859)
Ord(4079)
Ord(1146)
Ord(3147)
Ord(2124)
Ord(6052)
Ord(2584)
Ord(3262)
Ord(1576)
Ord(3573)
Ord(2575)
Ord(5065)
Ord(4407)
Ord(4220)
Ord(3663)
Ord(6877)
Ord(858)
Ord(3693)
Ord(2396)
Ord(3831)
Ord(289)
Ord(6374)
Ord(5280)
Ord(3825)
Ord(2976)
Ord(323)
Ord(1089)
Ord(2985)
Ord(3922)
Ord(3346)
Ord(4376)
Ord(1776)
Ord(324)
Ord(567)
Ord(3830)
Ord(5794)
Ord(2385)
Ord(4278)
Ord(3079)
Ord(4396)
Ord(2055)
Ord(4837)
Ord(3571)
Ord(2648)
Ord(5714)
Ord(5289)
Ord(4622)
Ord(561)
Ord(5302)
Ord(1640)
Ord(2302)
Ord(4486)
Ord(4698)
Ord(613)
Ord(5163)
Ord(6055)
Ord(5265)
Ord(4673)
Ord(5241)
Ord(5731)
Ord(5873)
_except_handler3
__p__fmode
strtol
_acmdln
_XcptFilter
__CxxFrameHandler
_setmbcp
_exit
__p__commode
__setusermatherr
__dllonexit
_onexit
exit
sprintf
__getmainargs
_initterm
_controlfp
strlen
_adjust_fdiv
__set_app_type
RedrawWindow
GetMessageA
LoadMenuA
GetCapture
KillTimer
GetMessageW
RegisterWindowMessageW
LoadBitmapA
GetSystemMetrics
PeekMessageW
GetWindowRect
EnableWindow
SetMenu
DrawIcon
TranslateMessage
CheckMenuItem
SendMessageA
GetClientRect
GetDlgItem
IsIconic
InvalidateRect
LoadIconA
CopyRect
GetDesktopWindow
Number of PE resources by type
RT_DIALOG 3
RT_ICON 1
RMVB 1
RT_MENU 1
RT_GROUP_ICON 1
Number of PE resources by language
NEUTRAL 3
SPANISH MODERN 2
SPANISH MEXICAN 1
POLISH DEFAULT 1
PE resources
Debug information
ExifTool file metadata
MIMEType
application/octet-stream

Subsystem
Windows GUI

MachineType
Intel 386 or later, and compatibles

FileTypeExtension
exe

TimeStamp
2015:12:01 20:41:52+01:00

FileType
Win32 EXE

PEType
PE32

CodeSize
268455936

LinkerVersion
6.0

EntryPoint
0x50c8

InitializedDataSize
163840

SubsystemVersion
4.0

ImageVersion
0.0

OSVersion
4.0

UninitializedDataSize
0

Compressed bundles
File identification
MD5 f5cff3570f89ce76bfa6d19b5d3724de
SHA1 7c9f602e49a7ac5688bc57bc26245ed632a8a37b
SHA256 2e896ed8d8a07350fa0e9e48c5f87e7335c74506df77510577605bec70269790
ssdeep
3072:IkaB8jDkkMXYCw9U06TJkP5sDJpBiIvwKWHA3DYlE+s4XzRROyuR/iq:bjDkk1CJTssDqZg3h+RDR+5iq

authentihash 0eda36bd71a586b14e1be77be82cec656cf48a4d179b5b4e4a16f7d64e0bfd7d
imphash b572403bee935db6858940c7c01c64bc
File size 184.1 KB ( 188536 bytes )
File type Win32 EXE
Magic literal
PE32 executable for MS Windows (GUI) Intel 80386 32-bit

TrID Win32 Executable MS Visual C++ (generic) (67.4%)
Win32 Dynamic Link Library (generic) (14.2%)
Win32 Executable (generic) (9.7%)
Generic Win/DOS Executable (4.3%)
DOS Executable Generic (4.3%)
Tags
peexe overlay

VirusTotal metadata
First submission 2015-12-02 09:04:23 UTC ( 2 years, 8 months ago )
Last submission 2015-12-03 02:49:45 UTC ( 2 years, 8 months ago )
File names martin.php
pacani.exe
db10.exe
Advanced heuristic and reputation engines
TrendMicro-HouseCall
TrendMicro's heuristic engine has flagged this file as: TROJ_GEN.R011C0CL515.

No comments. No VirusTotal Community member has commented on this item yet, be the first one to do so!

Leave your comment...

?
Post comment

You have not signed in. Only registered users can leave comments, sign in and have a voice!

No votes. No one has voted on this item yet, be the first one to do so!
Condensed report! The following is a condensed report of the behaviour of the file when executed in a controlled environment. The actions and events described were either performed by the file itself or by any other process launched by the executed file or subjected to code injection by the executed file.
Opened files
Read files
Written files
Created processes
Code injections in the following processes
Opened mutexes
Runtime DLLs