× Cookies are disabled! This site requires cookies to be enabled to work properly
SHA256: 312de96dd1b0499dcece6d7069d7464356fed06e36dc9a255b3e2fc02ecc795b
File name: 312de96dd1b0499dcece6d7069d7464356fed06e36dc9a255b3e2fc02ecc795b
Detection ratio: 50 / 68
Analysis date: 2017-12-23 05:52:41 UTC ( 1 year, 4 months ago ) View latest
Antivirus Result Update
Ad-Aware Trojan.GenericKD.12691697 20171223
AegisLab Backdoor.W32.Vawtrak!c 20171223
ALYac Trojan.GenericKD.12691697 20171223
Antiy-AVL Trojan[Backdoor]/Win32.Vawtrak 20171223
Arcabit Trojan.Generic.DC1A8F1 20171223
Avast Win32:Malware-gen 20171223
AVG Win32:Malware-gen 20171223
Avira (no cloud) TR/Crypt.ZPACK.aeapv 20171223
AVware Trojan.Win32.Generic!BT 20171223
Baidu Win32.Trojan.WisdomEyes.16070401.9500.9999 20171222
BitDefender Trojan.GenericKD.12691697 20171223
CAT-QuickHeal Backdoor.Vawtrak 20171222
CrowdStrike Falcon (ML) malicious_confidence_100% (W) 20171016
Cybereason malicious.f27620 20171103
Cylance Unsafe 20171223
Cyren W32/Trojan.GMZY-6547 20171223
DrWeb Trojan.DownLoader26.2989 20171223
eGambit Unsafe.AI_Score_100% 20171223
Emsisoft Trojan.GenericKD.12691697 (B) 20171223
Endgame malicious (high confidence) 20171130
ESET-NOD32 a variant of Generik.EQHUNBM 20171223
F-Secure Trojan.GenericKD.12691697 20171223
Fortinet Generik.EQHUNBM!tr 20171223
GData Trojan.GenericKD.12691697 20171223
Ikarus Backdoor.Win32.Vawtrak 20171222
Sophos ML heuristic 20170914
K7AntiVirus Riskware ( 0040eff71 ) 20171223
K7GW Riskware ( 0040eff71 ) 20171223
Kaspersky Backdoor.Win32.Vawtrak.afm 20171223
Malwarebytes Trojan.MalPack 20171223
MAX malware (ai score=100) 20171223
McAfee RDN/Generic BackDoor 20171223
McAfee-GW-Edition BehavesLike.Win32.Trojan.cc 20171223
eScan Trojan.GenericKD.12691697 20171223
NANO-Antivirus Trojan.Win32.Vawtrak.ewfaov 20171223
Palo Alto Networks (Known Signatures) generic.ml 20171223
Panda Trj/GdSda.A 20171222
Qihoo-360 Win32/Trojan.09b 20171223
Rising Malware.XPACK-LNR/Heur!1.5594 (CLASSIC) 20171223
SentinelOne (Static ML) static engine - malicious 20171207
Sophos AV Mal/Generic-S 20171223
Symantec Trojan.Gen 20171222
Tencent Suspicious.Heuristic.Gen.b.0 20171223
TrendMicro TROJ_GEN.R002C0WLM17 20171223
TrendMicro-HouseCall TROJ_GEN.R002C0WLM17 20171223
VBA32 Trojan.FakeAV.01657 20171222
VIPRE Trojan.Win32.Generic!BT 20171223
ViRobot Trojan.Win32.Z.Vawtrak.153600 20171223
WhiteArmor Malware.HighConfidence 20171204
ZoneAlarm by Check Point Backdoor.Win32.Vawtrak.afm 20171223
AhnLab-V3 20171222
Alibaba 20171222
Avast-Mobile 20171222
Bkav 20171222
ClamAV 20171223
CMC 20171223
Comodo 20171222
F-Prot 20171223
Jiangmin 20171221
Kingsoft 20171223
Microsoft 20171223
nProtect 20171223
SUPERAntiSpyware 20171222
Symantec Mobile Insight 20171222
TheHacker 20171219
TotalDefense 20171223
Trustlook 20171223
Webroot 20171223
Yandex 20171222
Zillya 20171222
Zoner 20171223
The file being studied is a Portable Executable file! More specifically, it is a Win32 EXE file for the Windows GUI subsystem.
PE header basic information
Target machine Intel 386 or later processors and compatible processors
Compilation timestamp 2017-05-09 02:47:42
Entry Point 0x00009077
Number of sections 3
PE sections
PE imports
CAEnumFirstCA
CAEnumNextCA
lstrcat
GetStartupInfoA
CreateProcessA
VirtualAllocEx
lstrcmpiW
AddAtomA
GetConsoleTitleW
InterlockedExchange
ResetEvent
ReadConsoleW
ReadProcessMemory
CreateFileA
GetCommandLineA
LoadLibraryA
SleepEx
OpenJobObjectA
ExtractIconA
ShellAboutA
SHChangeNotify
SHGetDesktopFolder
ShellMessageBoxA
DragQueryPoint
DragAcceptFiles
SHGetDiskFreeSpaceA
DragQueryFileA
SHGetMalloc
SHFileOperationA
wsprintfA
LoadCursorA
PeekMessageW
IsDialogMessageW
CharToOemW
CreateDesktopW
DispatchMessageW
DialogBoxParamA
DrawStateW
GetPropA
LoadBitmapA
GetClassLongA
LoadIconA
Number of PE resources by type
RT_RCDATA 3
Number of PE resources by language
ENGLISH US 3
PE resources
ExifTool file metadata
MIMEType
application/octet-stream

Subsystem
Windows GUI

MachineType
Intel 386 or later, and compatibles

FileTypeExtension
exe

TimeStamp
2017:05:09 03:47:42+01:00

FileType
Win32 EXE

PEType
PE32

CodeSize
137728

LinkerVersion
33.0

ImageFileCharacteristics
No relocs, Executable, 32-bit

EntryPoint
0x9077

InitializedDataSize
19456

SubsystemVersion
4.0

ImageVersion
5.1

OSVersion
5.1

UninitializedDataSize
0

Compressed bundles
File identification
MD5 12effa25a1bb2aec275592abeec77251
SHA1 c5b4828f276205419d43ecc41f0adad1f9ca504e
SHA256 312de96dd1b0499dcece6d7069d7464356fed06e36dc9a255b3e2fc02ecc795b
ssdeep
3072:eCDdUc0tHpPx9Q1ZyauyVXgbx51QFmRb5tpNCJuFnedr7j2Z4XjW/:esdT0t7EuYXg15yQ5N4uFerfl

authentihash f21d15b8045bce47db92cf8216da787425f79fed604a70491af30604a591e83c
imphash df033a052c9a701cccc8a818cb71f9fd
File size 150.0 KB ( 153600 bytes )
File type Win32 EXE
Magic literal
PE32 executable for MS Windows (GUI) Intel 80386 32-bit

TrID Win32 Dynamic Link Library (generic) (38.4%)
Win32 Executable (generic) (26.3%)
OS/2 Executable (generic) (11.8%)
Generic Win/DOS Executable (11.6%)
DOS Executable Generic (11.6%)
Tags
peexe

VirusTotal metadata
First submission 2017-12-21 04:39:57 UTC ( 1 year, 4 months ago )
Last submission 2017-12-23 05:52:41 UTC ( 1 year, 4 months ago )
File names c5b4828f276205419d43ecc41f0adad1f9ca504e
1032-c5b4828f276205419d43ecc41f0adad1f9ca504e
No comments. No VirusTotal Community member has commented on this item yet, be the first one to do so!

Leave your comment...

?
Post comment

You have not signed in. Only registered users can leave comments, sign in and have a voice!

No votes. No one has voted on this item yet, be the first one to do so!
Condensed report! The following is a condensed report of the behaviour of the file when executed in a controlled environment. The actions and events described were either performed by the file itself or by any other process launched by the executed file or subjected to code injection by the executed file.
Opened files
Read files
Written files
Deleted files
Created processes
Created mutexes
Opened mutexes
Runtime DLLs
UDP communications