× Cookies are disabled! This site requires cookies to be enabled to work properly
SHA256: 3299bc422016f1941b3d14599bbbc129e84395a8151d3ac5e0f5dda760e3fb74
File name: e4bb420031363025166b1d4683ef45e5aa2056c8
Detection ratio: 25 / 56
Analysis date: 2015-09-19 15:13:21 UTC ( 3 years, 6 months ago )
Antivirus Result Update
Ad-Aware Trojan.Agent.BMRK 20150919
ALYac Trojan.Agent.BMRK 20150919
Antiy-AVL Trojan[Banker]/Win32.Tinba 20150919
Arcabit Trojan.Agent.BMRK 20150919
Avast Win32:Crypt-SIQ [Trj] 20150919
AVG Inject3.GGX 20150919
Avira (no cloud) TR/Crypt.Xpack.279758 20150919
BitDefender Trojan.Agent.BMRK 20150919
Bkav HW32.Packed.F315 20150919
Cyren W32/Trojan.AQLP-3879 20150919
DrWeb Trojan.Siggen6.40373 20150919
Emsisoft Trojan.Agent.BMRK (B) 20150919
ESET-NOD32 a variant of Win32/Injector.CIYF 20150919
F-Prot W32/Trojan3.RTC 20150919
F-Secure Trojan.Agent.BMRK 20150919
Fortinet W32/CIYF.UE!tr 20150919
GData Trojan.Agent.BMRK 20150919
Ikarus Trojan.Win32.Injector 20150919
K7GW Trojan ( 004cfba61 ) 20150919
Kaspersky Trojan-Spy.Win32.Zbot.vzmx 20150919
McAfee Artemis!3BFACA888D0B 20150919
McAfee-GW-Edition BehavesLike.Win32.Downloader.dc 20150919
eScan Trojan.Agent.BMRK 20150919
Rising PE:Malware.RDM.40!5.2E[F1] 20150918
Sophos AV Mal/Zbot-UE 20150919
AegisLab 20150919
Yandex 20150917
AhnLab-V3 20150919
Alibaba 20150918
AVware 20150919
Baidu-International 20150919
ByteHero 20150919
CAT-QuickHeal 20150919
ClamAV 20150918
CMC 20150916
Comodo 20150919
Jiangmin 20150916
K7AntiVirus 20150919
Kingsoft 20150919
Malwarebytes 20150919
Microsoft 20150919
NANO-Antivirus 20150919
nProtect 20150918
Panda 20150919
Qihoo-360 20150919
SUPERAntiSpyware 20150918
Symantec 20150918
TheHacker 20150916
TotalDefense 20150919
TrendMicro 20150919
TrendMicro-HouseCall 20150919
VBA32 20150918
VIPRE 20150919
ViRobot 20150919
Zillya 20150919
Zoner 20150919
The file being studied is a Portable Executable file! More specifically, it is a Win32 EXE file for the Windows GUI subsystem.
PE header basic information
Target machine Intel 386 or later processors and compatible processors
Compilation timestamp 2015-09-12 15:56:00
Entry Point 0x0000319A
Number of sections 4
PE sections
Overlays
MD5 7f7511191f7f23ba362e83377faa4de6
File type data
Offset 274432
Size 512
Entropy 7.56
PE imports
GetDeviceCaps
CreateFileMappingW
GetLastError
GetStartupInfoA
GlobalMemoryStatus
CreateProcessA
LoadLibraryW
GetCommState
GetDateFormatW
GetStartupInfoW
GetSystemTimeAsFileTime
CreateFileA
GetModuleFileNameA
LoadLibraryA
DeleteFileA
GetModuleHandleW
SetCurrentDirectoryA
Ord(3820)
Ord(4609)
Ord(6113)
Ord(4621)
Ord(537)
Ord(5233)
Ord(6332)
Ord(2980)
Ord(6371)
Ord(2438)
Ord(5237)
Ord(4073)
Ord(6048)
Ord(5996)
Ord(5278)
Ord(5257)
Ord(3733)
Ord(5736)
Ord(3311)
Ord(5236)
Ord(2606)
Ord(4523)
Ord(5238)
Ord(5727)
Ord(4786)
Ord(3744)
Ord(6617)
Ord(3164)
Ord(4616)
Ord(3167)
Ord(5298)
Ord(2873)
Ord(3917)
Ord(4852)
Ord(1569)
Ord(4539)
Ord(6370)
Ord(554)
Ord(815)
Ord(4525)
Ord(3257)
Ord(922)
Ord(641)
Ord(3345)
Ord(4583)
Ord(3449)
Ord(2388)
Ord(5277)
Ord(2354)
Ord(338)
Ord(6898)
Ord(2502)
Ord(3076)
Ord(4414)
Ord(4233)
Ord(1739)
Ord(4430)
Ord(3142)
Ord(3060)
Ord(3193)
Ord(5285)
Ord(4617)
Ord(5699)
Ord(1903)
Ord(776)
Ord(1165)
Ord(2486)
Ord(617)
Ord(4451)
Ord(366)
Ord(825)
Ord(535)
Ord(4604)
Ord(5710)
Ord(693)
Ord(5276)
Ord(4146)
Ord(567)
Ord(4401)
Ord(2874)
Ord(540)
Ord(6119)
Ord(4606)
Ord(5706)
Ord(4461)
Ord(4692)
Ord(1006)
Ord(2619)
Ord(4286)
Ord(1767)
Ord(4527)
Ord(4607)
Ord(4229)
Ord(2294)
Ord(823)
Ord(4715)
Ord(2047)
Ord(775)
Ord(4537)
Ord(5186)
Ord(4954)
Ord(2504)
Ord(5006)
Ord(4219)
Ord(800)
Ord(5157)
Ord(4124)
Ord(1254)
Ord(5468)
Ord(6051)
Ord(5261)
Ord(3074)
Ord(4334)
Ord(2613)
Ord(3592)
Ord(5673)
Ord(4459)
Ord(3309)
Ord(4381)
Ord(2109)
Ord(2387)
Ord(2977)
Ord(2116)
Ord(4418)
Ord(1718)
Ord(2641)
Ord(1834)
Ord(3053)
Ord(796)
Ord(4957)
Ord(674)
Ord(2382)
Ord(4831)
Ord(5070)
Ord(538)
Ord(4255)
Ord(2618)
Ord(1089)
Ord(2527)
Ord(5573)
Ord(6076)
Ord(2715)
Ord(4426)
Ord(2482)
Ord(6117)
Ord(2717)
Ord(5704)
Ord(858)
Ord(4269)
Ord(4992)
Ord(5297)
Ord(4608)
Ord(4883)
Ord(3398)
Ord(4480)
Ord(520)
Ord(4817)
Ord(3743)
Ord(986)
Ord(2377)
Ord(4893)
Ord(3825)
Ord(4419)
Ord(4074)
Ord(1904)
Ord(2640)
Ord(6318)
Ord(503)
Ord(3490)
Ord(4421)
Ord(3365)
Ord(807)
Ord(4520)
Ord(3254)
Ord(2506)
Ord(4947)
Ord(3341)
Ord(4237)
Ord(5654)
Ord(2574)
Ord(5273)
Ord(2971)
Ord(2601)
Ord(2534)
Ord(1817)
Ord(4347)
Ord(5248)
Ord(1658)
Ord(324)
Ord(4341)
Ord(2391)
Ord(5296)
Ord(6050)
Ord(504)
Ord(1768)
Ord(4704)
Ord(3793)
Ord(5097)
Ord(3826)
Ord(5193)
Ord(4847)
Ord(4298)
Ord(1720)
Ord(4075)
Ord(4396)
Ord(5679)
Ord(652)
Ord(5004)
Ord(5094)
Ord(4420)
Ord(1986)
Ord(2756)
Ord(1131)
Ord(3635)
Ord(2546)
Ord(4435)
Ord(5303)
Ord(4518)
Ord(6171)
Ord(5208)
Ord(861)
Ord(3993)
Ord(2359)
Ord(561)
Ord(3054)
Ord(975)
Ord(6372)
Ord(3131)
Ord(4154)
Ord(4158)
Ord(5059)
Ord(924)
Ord(6211)
Ord(4072)
Ord(4103)
Ord(529)
Ord(4370)
Ord(2083)
Ord(296)
Ord(5649)
Ord(5239)
Ord(1766)
Ord(1779)
Ord(5286)
Ord(4690)
Ord(860)
_except_handler3
?terminate@@YAXXZ
__CxxFrameHandler
__p__fmode
_exit
__p__commode
__setusermatherr
__dllonexit
_onexit
__wgetmainargs
wcscmp
exit
_XcptFilter
clock
_ftol
_initterm
_controlfp
_wcmdln
_adjust_fdiv
__set_app_type
RegisterWindowMessageW
MessageBoxW
CheckMenuItem
SendMessageW
UpdateWindow
EnableWindow
GetWindowPlacement
FindWindowA
IsWindow
Number of PE resources by type
RT_STRING 15
RT_DIALOG 3
24 1
RT_ICON 1
Struct(241) 1
RT_MENU 1
RT_ACCELERATOR 1
RT_BITMAP 1
RT_GROUP_ICON 1
Number of PE resources by language
FRENCH BELGIAN 17
CHINESE SIMPLIFIED 4
NEUTRAL 3
FRENCH SWISS 1
PE resources
ExifTool file metadata
MIMEType
application/octet-stream

Subsystem
Windows GUI

MachineType
Intel 386 or later, and compatibles

TimeStamp
2015:09:12 16:56:00+01:00

FileType
Win32 EXE

PEType
PE32

CodeSize
12288

LinkerVersion
6.0

FileTypeExtension
exe

InitializedDataSize
258048

SubsystemVersion
4.0

EntryPoint
0x319a

OSVersion
4.0

ImageVersion
0.0

UninitializedDataSize
0

File identification
MD5 3bfaca888d0bcb05433892390dc74a5e
SHA1 fcd83453405d3e9e58f17835bded3b8ebed7cdc8
SHA256 3299bc422016f1941b3d14599bbbc129e84395a8151d3ac5e0f5dda760e3fb74
ssdeep
6144:4XM9ZFR34lE0pRpKgf88coPVvB1uRwJeu:4eft4lE0pGgf3co9vvuRueu

authentihash 35aa442c6576f27f932161ebaafe7e4ffb34fa69b6fe50db51b6a2a73cfb0773
imphash 59e253aa170b944ab96fa1ef7a1baf68
File size 268.5 KB ( 274944 bytes )
File type Win32 EXE
Magic literal
PE32 executable for MS Windows (GUI) Intel 80386 32-bit

TrID Win32 Executable MS Visual C++ (generic) (46.3%)
Win64 Executable (generic) (41.0%)
Win32 Executable (generic) (6.6%)
Generic Win/DOS Executable (2.9%)
DOS Executable Generic (2.9%)
Tags
peexe overlay

VirusTotal metadata
First submission 2015-09-19 15:13:21 UTC ( 3 years, 6 months ago )
Last submission 2015-09-19 15:13:21 UTC ( 3 years, 6 months ago )
File names e4bb420031363025166b1d4683ef45e5aa2056c8
No comments. No VirusTotal Community member has commented on this item yet, be the first one to do so!

Leave your comment...

?
Post comment

You have not signed in. Only registered users can leave comments, sign in and have a voice!

No votes. No one has voted on this item yet, be the first one to do so!
Condensed report! The following is a condensed report of the behaviour of the file when executed in a controlled environment. The actions and events described were either performed by the file itself or by any other process launched by the executed file or subjected to code injection by the executed file.
Opened files
Read files
Written files
Created processes
Code injections in the following processes
Opened mutexes
Runtime DLLs