× Cookies are disabled! This site requires cookies to be enabled to work properly
SHA256: 2ff394a25350abfaec48a52a3b17ad48778051c7b84a2fa5c04b6742bd2e5d85
File name: 5dd8dc3d51a791ec4c5b7eb3cd505c27
Detection ratio: 36 / 58
Analysis date: 2016-09-29 20:13:34 UTC ( 2 years, 4 months ago )
Antivirus Result Update
Ad-Aware Gen:Variant.Razy.96573 20160929
AhnLab-V3 Trojan/Win32.Tuhkit.N2111054807 20160929
ALYac Gen:Variant.Razy.96573 20160929
Arcabit Trojan.Razy.D1793D 20160929
Avast Win32:Malware-gen 20160929
AVG Crypt6.BIU 20160929
Avira (no cloud) TR/Crypt.ZPACK.ezngl 20160929
AVware Trojan.Win32.Generic!BT 20160929
BitDefender Gen:Variant.Razy.96573 20160929
Bkav HW32.Packed.251A 20160929
CrowdStrike Falcon (ML) malicious_confidence_100% (D) 20160725
DrWeb Trojan.Siggen6.58358 20160929
Emsisoft Gen:Variant.Razy.96573 (B) 20160929
ESET-NOD32 a variant of Win32/Kryptik.FGOM 20160929
F-Secure Gen:Variant.Razy.96573 20160929
Fortinet W32/Tuhkit.CC!tr 20160929
GData Gen:Variant.Razy.96573 20160929
Sophos ML trojan.win32.ramnit.a 20160928
K7AntiVirus Trojan ( 004f906e1 ) 20160929
K7GW Trojan ( 004f906e1 ) 20160929
Kaspersky Trojan-Banker.Win32.Tuhkit.cc 20160929
Malwarebytes Trojan.Boaxxe 20160929
McAfee Artemis!5DD8DC3D51A7 20160929
McAfee-GW-Edition BehavesLike.Win32.Downloader.cc 20160929
Microsoft Trojan:Win32/Dynamer!ac 20160929
eScan Gen:Variant.Razy.96573 20160929
Panda Trj/GdSda.A 20160929
Qihoo-360 HEUR/QVM20.1.0000.Malware.Gen 20160929
Rising Malware.Generic!6aukseCqUgU@2 (thunder) 20160929
Sophos AV Mal/Generic-S 20160929
Symantec Heur.AdvML.C 20160929
Tencent Win32.Trojan-banker.Tuhkit.Tapk 20160929
TrendMicro TROJ_GEN.R00JC0DIN16 20160929
TrendMicro-HouseCall TROJ_HPTALAPEK.SMEND 20160929
VIPRE Trojan.Win32.Generic!BT 20160929
Yandex Trojan.PWS.Tuhkit! 20160929
AegisLab 20160929
Alibaba 20160929
Antiy-AVL 20160929
Baidu 20160929
CAT-QuickHeal 20160929
ClamAV 20160929
CMC 20160928
Comodo 20160929
Cyren 20160929
F-Prot 20160926
Ikarus 20160929
Jiangmin 20160929
Kingsoft 20160929
NANO-Antivirus 20160929
nProtect 20160929
SUPERAntiSpyware 20160929
TheHacker 20160927
TotalDefense 20160920
VBA32 20160929
ViRobot 20160929
Zillya 20160929
Zoner 20160929
The file being studied is a Portable Executable file! More specifically, it is a Win32 EXE file for the Windows GUI subsystem.
Packers identified
PEiD Ste@lth PE 1.01 -> BGCorp
PE header basic information
Target machine Intel 386 or later processors and compatible processors
Compilation timestamp 2012-07-14 10:54:05
Entry Point 0x00003002
Number of sections 3
PE sections
PE imports
AuthzFreeResourceManager
AuthzFreeAuditEvent
GetStdHandle
CreateMutexA
WaitForSingleObject
GetTickCount
CreateMailslotA
RemoveDirectoryA
LoadLibraryA
GetACP
DeleteFileW
GetProcAddress
CreateWaitableTimerW
GetFileTime
SetEndOfFile
GlobalAddAtomW
ReleaseSemaphore
MapViewOfFile
GetProcessVersion
GetCompressedFileSizeA
FindNextFileA
lstrcmpW
GetStringTypeW
GetGeoInfoW
GetThreadPriority
OpenJobObjectW
InterlockedDecrement
GetFullPathNameW
CreateFileA
GetCurrentThreadId
lstrcpyn
InterlockedIncrement
CPEncrypt
CPDecrypt
UrlCanonicalizeA
UrlHashW
PathAppendA
UrlIsA
UrlGetLocationW
UrlIsNoHistoryA
UrlCombineW
UrlUnescapeA
PathCompactPathA
UrlCreateFromPathW
Number of PE resources by type
RT_DIALOG 1
KURS 1
Number of PE resources by language
NEUTRAL 2
PE resources
Debug information
ExifTool file metadata
MIMEType
application/octet-stream

Subsystem
Windows GUI

MachineType
Intel 386 or later, and compatibles

TimeStamp
2012:07:14 11:54:05+01:00

FileType
Win32 EXE

PEType
PE32

CodeSize
130048

LinkerVersion
7.1

FileTypeExtension
exe

InitializedDataSize
8192

SubsystemVersion
4.0

EntryPoint
0x3002

OSVersion
5.1

ImageVersion
5.1

UninitializedDataSize
0

File identification
MD5 5dd8dc3d51a791ec4c5b7eb3cd505c27
SHA1 1635b8a6e3c366a26a1444081afe6b909b1ca65e
SHA256 2ff394a25350abfaec48a52a3b17ad48778051c7b84a2fa5c04b6742bd2e5d85
ssdeep
3072:knnnnxp2ksjafo2nbkFUyuIdBKq15jUkHiqEz/zYcHSXFKF:knnnnx7sjfhUOP1RfiqKLYcHS

authentihash 66aa8beb5d86840d57a0e78d742e56e0b5ad246952e84365da9d57db09dbf960
imphash b4b5d8e00f895e863c679e686e6517d8
File size 136.0 KB ( 139264 bytes )
File type Win32 EXE
Magic literal
PE32 executable for MS Windows (GUI) Intel 80386 32-bit

TrID Win32 Executable (generic) (52.9%)
Generic Win/DOS Executable (23.5%)
DOS Executable Generic (23.5%)
Tags
peexe stealth suspicious-dns

VirusTotal metadata
First submission 2016-09-29 20:13:34 UTC ( 2 years, 4 months ago )
Last submission 2016-09-29 20:13:34 UTC ( 2 years, 4 months ago )
No comments. No VirusTotal Community member has commented on this item yet, be the first one to do so!

Leave your comment...

?
Post comment

You have not signed in. Only registered users can leave comments, sign in and have a voice!

No votes. No one has voted on this item yet, be the first one to do so!
Condensed report! The following is a condensed report of the behaviour of the file when executed in a controlled environment. The actions and events described were either performed by the file itself or by any other process launched by the executed file or subjected to code injection by the executed file.
Opened files
Read files
Written files
Deleted files
Created processes
Code injections in the following processes
Created mutexes
Opened mutexes
Opened service managers
Opened services
Runtime DLLs
HTTP requests
DNS requests
TCP connections
UDP communications