× Cookies are disabled! This site requires cookies to be enabled to work properly
SHA256: 32b8fc0639b98912d6fa716b907c69eec9c28c9fae052247d9158942e7a66813
File name: hancitor_dump.bin
Detection ratio: 40 / 57
Analysis date: 2017-02-17 18:20:19 UTC ( 7 months, 1 week ago ) View latest
Antivirus Result Update
Ad-Aware Trojan.GenericKD.3458706 20170217
AhnLab-V3 Trojan/Win32.Fareit.C1520536 20170217
ALYac Trojan.GenericKD.3458706 20170217
Antiy-AVL Trojan/Win32.Scarsi 20170217
Arcabit Trojan.Generic.D34C692 20170217
Avast Win32:Malware-gen 20170217
AVG Generic_r.MFU 20170217
AVware Trojan.Win32.TeslaCrypt.a (v) 20170217
Baidu Win32.Trojan.WisdomEyes.16070401.9500.9997 20170217
BitDefender Trojan.GenericKD.3458706 20170217
CAT-QuickHeal Trojan.Scar 20170217
CrowdStrike Falcon (ML) malicious_confidence_100% (D) 20170130
Cyren W32/Agent.WBAP-6632 20170217
DrWeb Trojan.DownLoader22.19003 20170217
Emsisoft Trojan.GenericKD.3458706 (B) 20170217
Endgame malicious (moderate confidence) 20170217
ESET-NOD32 Win32/Agent.RWB 20170217
F-Prot W32/Agent.KZZ 20170217
F-Secure Trojan.GenericKD.3458706 20170217
GData Trojan.GenericKD.3458706 20170217
Sophos ML trojan.win32.skeeyah.a!rfn 20170203
Jiangmin Trojan.Scarsi.xv 20170217
K7AntiVirus Trojan ( 00467f191 ) 20170217
K7GW Trojan ( 00467f191 ) 20170217
Kaspersky Trojan-Dropper.VBS.Agent.gx 20170217
Malwarebytes Trojan.Injector 20170217
Microsoft TrojanDownloader:Win32/Zdowbot.A 20170217
eScan Trojan.GenericKD.3458706 20170217
NANO-Antivirus Trojan.Win32.DownLoader22.eflzju 20170217
Panda Trj/GdSda.A 20170217
Qihoo-360 HEUR/QVM10.1.0000.Malware.Gen 20170217
Rising Malware.Heuristic!ET#91% (rdm+) 20170217
Symantec Ransom.Cerber 20170217
TrendMicro Ransom_HPCRYPHYDRA.SM 20170217
VBA32 Trojan.Scarsi 20170217
VIPRE Trojan.Win32.TeslaCrypt.a (v) 20170217
ViRobot Trojan.Win32.Agent.86016.DS[h] 20170217
Yandex Trojan.Scarsi!9543+e7jPUc 20170217
Zillya Trojan.Scarsi.Win32.2706 20170216
Zoner Trojan.Agent 20170217
AegisLab 20170217
Alibaba 20170217
Avira (no cloud) 20170217
Bkav 20170217
ClamAV 20170217
CMC 20170217
Comodo 20170217
Fortinet 20170217
Ikarus 20170217
Kingsoft 20170217
McAfee 20170217
McAfee-GW-Edition 20170216
nProtect 20170217
Sophos AV 20170217
SUPERAntiSpyware 20170217
Tencent 20170217
TheHacker 20170217
Trustlook 20170217
Webroot 20170217
WhiteArmor 20170215
The file being studied is a Portable Executable file! More specifically, it is a Win32 EXE file for the Windows GUI subsystem.
FileVersionInfo properties
Copyright
Copyright 1997 - 2001

Product fRAazaHH
Original name WDlÌDgYmZNwgKt.exe
File version 22,2,13,9
Description NÌOpsC
PE header basic information
Target machine Intel 386 or later processors and compatible processors
Compilation timestamp 2016-08-11 14:13:45
Entry Point 0x000045E5
Number of sections 4
PE sections
Overlays
MD5 2de5beb3df2e1a8d1874581a52f68a9c
File type data
Offset 86016
Size 75535
Entropy 5.17
PE imports
CloseServiceHandle
OpenProcessToken
RegSetValueExW
QueryServiceStatus
ControlService
RegCreateKeyA
GetOpenFileNameA
ChooseColorA
GetSaveFileNameA
GetFileTitleW
PrintDlgExW
TextOutW
DeleteDC
EndDoc
GetObjectW
CreateCompatibleDC
StartDocW
EndPage
GetStdHandle
WaitForSingleObject
GetDriveTypeA
HeapDestroy
GetFileAttributesW
GetLocalTime
FreeEnvironmentStringsA
DeleteCriticalSection
GetCurrentProcess
RtlZeroMemory
GetLocaleInfoA
ExpandEnvironmentStringsA
FreeEnvironmentStringsW
GetCPInfo
GetProcAddress
GetStringTypeA
FindResourceExW
GetSystemTimeAsFileTime
HeapReAlloc
GetStringTypeW
GetOEMCP
ResumeThread
GetEnvironmentVariableA
LoadResource
InterlockedDecrement
SetLastError
WriteProcessMemory
IsDebuggerPresent
HeapAlloc
GetModuleFileNameA
FlushViewOfFile
UnhandledExceptionFilter
TlsGetValue
MultiByteToWideChar
FatalAppExitA
FoldStringW
CreateThread
DebugSetProcessKillOnExit
SetUnhandledExceptionFilter
SetThreadContext
TerminateProcess
WriteConsoleA
GetCurrentThreadId
LeaveCriticalSection
InitializeCriticalSectionAndSpinCount
HeapFree
EnterCriticalSection
SetHandleCount
TerminateThread
LoadLibraryW
SetEvent
QueryPerformanceCounter
GetTickCount
TlsAlloc
LoadLibraryA
RtlUnwind
GetStartupInfoA
GetUserDefaultLCID
GetProcessHeap
CreateFileMappingW
GetProfileStringW
GlobalReAlloc
lstrcpyA
lstrcmpW
GlobalLock
CreateEventA
GetFileType
TlsSetValue
ExitProcess
LocalUnlock
InterlockedIncrement
GetLastError
DosDateTimeToFileTime
LCMapStringW
VirtualAllocEx
LCMapStringA
DefineDosDeviceA
GetEnvironmentStringsW
GetEnvironmentStrings
GetCurrentProcessId
LockResource
WideCharToMultiByte
HeapSize
GetCommandLineA
OpenMutexA
QueryPerformanceFrequency
TlsFree
GetModuleHandleA
VirtualUnlock
GetACP
GetModuleHandleW
CreateProcessA
IsValidCodePage
HeapCreate
WriteFile
VirtualFree
Sleep
FindResourceA
VirtualAlloc
DragFinish
EndDialog
HideCaret
OffsetRect
DefWindowProcA
DestroyMenu
RegisterWindowMessageA
SetWinEventHook
LoadMenuW
GetSystemMetrics
EnableMenuItem
IsWindow
PeekMessageW
GetWindowRect
RegisterClassExW
DialogBoxParamW
GetDlgItemTextA
MessageBoxA
PeekMessageA
DialogBoxParamA
GetSysColor
LoadBitmapA
InsertMenuItemA
ReleaseDC
GetMenu
LoadStringA
WinHelpW
GetWindowPlacement
SendMessageA
SetWindowTextW
GetDlgItem
IsZoomed
DrawTextW
IsIconic
DeleteMenu
AppendMenuA
LoadIconA
IsDialogMessageW
AttachThreadInput
GetDialogBaseUnits
CloseClipboard
CharNextW
IsChild
IsDialogMessageA
DestroyWindow
ClosePrinter
Number of PE resources by type
RT_STRING 43
RT_ACCELERATOR 7
RT_DIALOG 2
RT_MENU 2
RT_RCDATA 1
RT_VERSION 1
Number of PE resources by language
ENGLISH US 56
PE resources
ExifTool file metadata
SubsystemVersion
5.0

LinkerVersion
9.0

ImageVersion
0.0

FileSubtype
0

FileVersionNumber
22.2.13.9

UninitializedDataSize
0

LanguageCode
English (U.S.)

FileFlagsMask
0x003f

CharacterSet
Windows, Hebrew

InitializedDataSize
49152

EntryPoint
0x45e5

OriginalFileName
WDl DgYmZNwgKt.exe

MIMEType
application/octet-stream

LegalCopyright
Copyright 1997 - 2001

FileVersion
22,2,13,9

TimeStamp
2016:08:11 15:13:45+01:00

FileType
Win32 EXE

PEType
PE32

ProductVersion
22,2,13,9

FileDescription
N OpsC

OSVersion
5.0

FileOS
Windows NT 32-bit

Subsystem
Windows GUI

MachineType
Intel 386 or later, and compatibles

CompanyName
SynSoft, Corporation.

CodeSize
38912

ProductName
fRAazaHH

ProductVersionNumber
22.2.13.9

FileTypeExtension
exe

ObjectFileType
Executable application

File identification
MD5 621f2ed2d8041859e9274de60dc8c38d
SHA1 39b2495bea07828430e574d488c2e2fb1bc57303
SHA256 32b8fc0639b98912d6fa716b907c69eec9c28c9fae052247d9158942e7a66813
ssdeep
3072:UKnZ53/50VML6aP2pOtjlka3pvOkz+Nb+B3/ei++++++++++Bb+++++++++++++c:UCZdB0iHtjh5GHQJhSE33KIh

authentihash c7222dcb19af1b105948590e616071c3d84b8f41fa06b1b87e95882768b76e37
imphash f6703b3f3a9a4c0751ca3d6b0a99e0a0
File size 157.8 KB ( 161551 bytes )
File type Win32 EXE
Magic literal
PE32 executable for MS Windows (GUI) Intel 80386 32-bit

TrID Win32 Executable MS Visual C++ (generic) (42.2%)
Win64 Executable (generic) (37.3%)
Win32 Dynamic Link Library (generic) (8.8%)
Win32 Executable (generic) (6.0%)
Generic Win/DOS Executable (2.7%)
Tags
peexe overlay

VirusTotal metadata
First submission 2017-02-17 18:20:19 UTC ( 7 months, 1 week ago )
Last submission 2017-02-17 18:20:19 UTC ( 7 months, 1 week ago )
File names hancitor_dump.bin
WDlÌDgYmZNwgKt.exe
No comments. No VirusTotal Community member has commented on this item yet, be the first one to do so!

Leave your comment...

?
Post comment

You have not signed in. Only registered users can leave comments, sign in and have a voice!

No votes. No one has voted on this item yet, be the first one to do so!
Condensed report! The following is a condensed report of the behaviour of the file when executed in a controlled environment. The actions and events described were either performed by the file itself or by any other process launched by the executed file or subjected to code injection by the executed file.
Created processes
Code injections in the following processes
Opened mutexes
Runtime DLLs
UDP communications