× Cookies are disabled! This site requires cookies to be enabled to work properly
SHA256: 2f327b5056857c42e65f95fbc57a190aeb296e254d22739e4f269b786034ab36
File name: 8c9f9ccffbd2c888b9b5300412f8e580.virobj
Detection ratio: 48 / 67
Analysis date: 2018-01-25 05:09:35 UTC ( 4 months, 3 weeks ago )
Antivirus Result Update
AegisLab Troj.W32.VB.bilq!c 20180125
ALYac Backdoor.RAT.DarkComet.gen 20180125
Antiy-AVL Trojan/Win32.VB 20180125
Arcabit Trojan.Kazy.D10A73 20180125
Avast Win32:VB-ACZZ [Trj] 20180125
AVG Win32:VB-ACZZ [Trj] 20180125
Avira (no cloud) TR/Zapchast.CC 20180124
AVware Trojan.Win32.Generic!BT 20180124
BitDefender Gen:Variant.Kazy.68211 20180125
Bkav W32.WatimozD.Trojan 20180124
CAT-QuickHeal Backdoor.Fynloski 20180124
Comodo TrojWare.BAT.Small.~d1 20180125
CrowdStrike Falcon (ML) malicious_confidence_60% (D) 20171016
Cybereason malicious.1b8fb7 20171103
Cylance Unsafe 20180125
Cyren W32/Trojan.XYAP-7436 20180125
DrWeb Trojan.Siggen3.59088 20180125
Emsisoft Gen:Variant.Kazy.68211 (B) 20180125
Endgame malicious (moderate confidence) 20171130
ESET-NOD32 Win32/Delf.OAZ 20180125
F-Secure Gen:Variant.Kazy.68211 20180125
GData Gen:Variant.Kazy.68211 20180125
Ikarus Trojan.Win32.VB 20180124
Jiangmin Trojan/VB.cklw 20180125
K7AntiVirus Trojan ( 004b90cc1 ) 20180124
K7GW Trojan ( 004b90cc1 ) 20180125
Kaspersky Trojan.Win32.VB.bilq 20180125
McAfee Artemis!8C9F9CCFFBD2 20180125
McAfee-GW-Edition Artemis!Trojan 20180125
Microsoft Backdoor:Win32/Fynloski.A 20180125
eScan Gen:Variant.Kazy.68211 20180125
NANO-Antivirus Trojan.Win32.VB.pynvt 20180125
Palo Alto Networks (Known Signatures) generic.ml 20180125
Panda Trj/CI.A 20180124
Qihoo-360 Win32/Trojan.58b 20180125
Rising Backdoor.Fynloski!8.1FD (TFE:4:Vr9VvXRtxDN) 20180125
SentinelOne (Static ML) static engine - malicious 20180115
Sophos AV Mal/Generic-S 20180125
Symantec Backdoor.Breut 20180125
Tencent Win32.Trojan.Vb.Edoh 20180125
TrendMicro BKDR_ZA.D62A3021 20180125
TrendMicro-HouseCall BKDR_ZA.D62A3021 20180125
VBA32 TScope.Trojan.VB 20180124
VIPRE Trojan.Win32.Generic!BT 20180125
Webroot W32.Trojan.Gen 20180125
Yandex Trojan.VB!XHIrSgSulP4 20180112
Zillya Trojan.VB.Win32.79231 20180124
ZoneAlarm by Check Point Trojan.Win32.VB.bilq 20180125
Ad-Aware 20180125
AhnLab-V3 20180125
Alibaba 20180125
Avast-Mobile 20180124
Baidu 20180124
ClamAV 20180125
CMC 20180125
eGambit 20180125
F-Prot 20180125
Fortinet 20180125
Sophos ML 20180121
Kingsoft 20180125
Malwarebytes 20180125
MAX 20180125
nProtect 20180125
SUPERAntiSpyware 20180125
Symantec Mobile Insight 20180125
TheHacker 20180124
TotalDefense 20180124
Trustlook 20180125
ViRobot 20180125
Zoner 20180125
The file being studied is a Portable Executable file! More specifically, it is a Win32 EXE file for the Windows GUI subsystem.
Packers identified
Command RAR
F-PROT RAR
PE header basic information
Target machine Intel 386 or later processors and compatible processors
Compilation timestamp 2012-01-09 13:44:06
Entry Point 0x0000B3C1
Number of sections 5
PE sections
Overlays
MD5 cce009ae8ff27c66538ab81bf48ca847
File type application/x-rar
Offset 446464
Size 414144
Entropy 8.00
PE imports
RegCreateKeyExW
RegCloseKey
OpenProcessToken
RegSetValueExW
RegOpenKeyExW
SetFileSecurityW
AdjustTokenPrivileges
LookupPrivilegeValueW
SetFileSecurityA
RegQueryValueExW
InitCommonControlsEx
GetSaveFileNameW
CommDlgExtendedError
GetOpenFileNameW
GetDeviceCaps
DeleteDC
SelectObject
StretchBlt
GetObjectW
CreateCompatibleDC
DeleteObject
CreateCompatibleBitmap
SetFilePointer
GetSystemTime
GetLastError
HeapFree
GetStdHandle
DosDateTimeToFileTime
ReadFile
FileTimeToSystemTime
GetModuleFileNameW
WaitForSingleObject
GetVersionExW
GetExitCodeProcess
FindNextFileA
CompareStringW
HeapAlloc
SystemTimeToFileTime
IsDBCSLeadByte
GetCommandLineW
GetFileAttributesW
GetCurrentProcess
FileTimeToLocalFileTime
MoveFileW
OpenFileMappingW
SetFileAttributesA
GetDateFormatW
CreateDirectoryA
DeleteFileA
GetCPInfo
ExitProcess
MultiByteToWideChar
SetEnvironmentVariableW
CreateDirectoryW
DeleteFileW
GetProcAddress
GetProcessHeap
CreateFileMappingW
GetTimeFormatW
WriteFile
SetFileAttributesW
CloseHandle
WideCharToMultiByte
MapViewOfFile
MoveFileExW
ExpandEnvironmentStringsW
FindNextFileW
SetEndOfFile
GetFileAttributesA
GetTempPathW
FindFirstFileA
FindFirstFileW
HeapReAlloc
GetModuleHandleW
GetFullPathNameA
FreeLibrary
GetCurrentDirectoryW
LoadLibraryW
SetCurrentDirectoryW
UnmapViewOfFile
FindResourceW
CreateFileW
GlobalAlloc
LocalFileTimeToFileTime
FindClose
Sleep
GetFileType
GetFullPathNameW
SetFileTime
CreateFileA
GetTickCount
GetLocaleInfoW
GetNumberFormatW
SetLastError
CompareStringA
VariantInit
SHBrowseForFolderW
SHChangeNotify
SHFileOperationW
SHGetPathFromIDListW
SHGetSpecialFolderLocation
ShellExecuteExW
SHGetFileInfoW
SHGetMalloc
SHAutoComplete
SetFocus
MapWindowPoints
GetParent
UpdateWindow
EndDialog
LoadBitmapW
DefWindowProcW
GetWindowTextW
GetMessageW
ShowWindow
GetSystemMetrics
SetWindowPos
wvsprintfW
CharToOemBuffA
SetWindowLongW
IsWindow
SendMessageW
GetWindowRect
RegisterClassExW
CharUpperW
DialogBoxParamW
CharToOemBuffW
wvsprintfA
SendDlgItemMessageW
GetDlgItemTextW
PostMessageW
GetSysColor
SetDlgItemTextW
GetDC
ReleaseDC
DestroyIcon
TranslateMessage
IsWindowVisible
LoadStringW
SetWindowTextW
GetDlgItem
GetWindow
MessageBoxW
DispatchMessageW
GetClassNameW
PeekMessageW
CharUpperA
GetClientRect
OemToCharA
EnableWindow
CopyRect
WaitForInputIdle
OemToCharBuffA
LoadCursorW
LoadIconW
FindWindowExW
CreateWindowExW
GetWindowLongW
SetForegroundWindow
DestroyWindow
CharToOemA
CreateStreamOnHGlobal
OleUninitialize
CoCreateInstance
OleInitialize
CLSIDFromString
Number of PE resources by type
RT_DIALOG 6
RT_STRING 6
RT_ICON 1
RT_MANIFEST 1
RT_BITMAP 1
RT_GROUP_ICON 1
Number of PE resources by language
ENGLISH US 13
NEUTRAL DEFAULT 3
PE resources
Debug information
ExifTool file metadata
MIMEType
application/octet-stream

Subsystem
Windows GUI

MachineType
Intel 386 or later, and compatibles

FileTypeExtension
exe

TimeStamp
2012:01:09 14:44:06+01:00

FileType
Win32 EXE

PEType
PE32

CodeSize
72704

LinkerVersion
9.0

EntryPoint
0xb3c1

InitializedDataSize
372736

SubsystemVersion
5.0

ImageVersion
0.0

OSVersion
5.0

UninitializedDataSize
0

File identification
MD5 8c9f9ccffbd2c888b9b5300412f8e580
SHA1 8712a891daa20aed12ae8f450bbd748362a602e3
SHA256 2f327b5056857c42e65f95fbc57a190aeb296e254d22739e4f269b786034ab36
ssdeep
12288:3xaVAh64U5l085pRq3uDrAzR17Fr59g/X5j:3xaVxr5C85pRq3uDrANxFwBj

authentihash cc2a26690a3c3a635ab9d1c793817124c2dbf1caa888686f728692593c033eca
imphash 2b8c9d9ab6fefc247adaf927e83dcea6
File size 840.4 KB ( 860608 bytes )
File type Win32 EXE
Magic literal
PE32 executable for MS Windows (GUI) Intel 80386 32-bit

TrID WinRAR Self Extracting archive (4.x-5.x) (91.6%)
Win32 Executable MS Visual C++ (generic) (3.5%)
Win64 Executable (generic) (3.1%)
Win32 Dynamic Link Library (generic) (0.7%)
Win32 Executable (generic) (0.5%)
Tags
peexe overlay

VirusTotal metadata
First submission 2012-06-06 06:42:47 UTC ( 6 years ago )
Last submission 2017-11-08 22:44:13 UTC ( 7 months, 1 week ago )
File names 2f327b5056857c42e65f95fbc57a190aeb296e254d22739e4f269b786034ab36
8c9f9ccffbd2c888b9b5300412f8e580.virobj
ورقة حول مجلس القيادة_as‮ fdp.scr_
fdp.scr
as‮ fdp.scr
000000
ورقة حول مجلس القيادة_as‮ fdp.scr
syrianmalware_com.scr
07.exe
???? ??? ???? ???????_as? fdp.scr
8c9f9ccffbd2c888b9b5300412f8e580
8C9F9CCFFBD2C888B9B5300412F8E580
ورقة حول مجلس القيادة_as‮fdp.scr
PDF.scr
1341415241.ولمجلسالقيادة_as‮fdp.scr
file-4144631_scr
Advanced heuristic and reputation engines
ClamAV
Possibly Unwanted Application. While not necessarily malicious, the scanned file presents certain characteristics which depending on the user policies and environment may or may not represent a threat. For full details see: https://www.clamav.net/documents/potentially-unwanted-applications-pua .

TrendMicro-HouseCall
TrendMicro's heuristic engine has flagged this file as: Suspicious_GEN.F47V1014.

Symantec reputation Suspicious.Insight
No comments. No VirusTotal Community member has commented on this item yet, be the first one to do so!

Leave your comment...

?
Post comment

You have not signed in. Only registered users can leave comments, sign in and have a voice!

No votes. No one has voted on this item yet, be the first one to do so!