× Cookies are disabled! This site requires cookies to be enabled to work properly
SHA256: 3329ebb01feef7d7a0be5a8803fbd7fd6e785878d68b326cd6e282ff69259533
File name: conlhost_dump.exe
Detection ratio: 28 / 56
Analysis date: 2016-04-23 00:30:29 UTC ( 2 years, 2 months ago ) View latest
Antivirus Result Update
Ad-Aware Gen:Variant.Graftor.280500 20160422
ALYac Gen:Variant.Graftor.280500 20160423
Antiy-AVL Trojan[Backdoor]/Win32.Androm 20160423
Arcabit Trojan.Graftor.D447B4 20160422
AVG Generic37.AXWE 20160422
AVware Trojan.Win32.Injector.cdgy (v) 20160423
BitDefender Gen:Variant.Graftor.280500 20160423
Bkav W32.BckdrAndromJ.Trojan 20160422
DrWeb Trojan.Packed2.37677 20160423
Emsisoft Gen:Variant.Graftor.280500 (B) 20160423
ESET-NOD32 a variant of Win32/Injector.CWVF 20160423
F-Secure Gen:Variant.Graftor.280500 20160422
Fortinet W32/Injector.CWVF!tr 20160422
GData Gen:Variant.Graftor.280500 20160422
Jiangmin 5ޫy5ޫy5ޫy5ޫy5ޫy5ޫy5ޫy5ޫy5ޫy5ޫy5ޫy5ޫy5ޫy5ޫy5ޫy5ޫy5ޫy5ޫy5ޫy5ޫy5ޫy5ޫy5ޫy5ޫy5ޫy5ޫy5ޫy5ޫy5ޫy5ޫy5ޫy5ޫy5ޫy5ޫy5ޫy5ޫy5ޫy5ޫy5ޫy5ޫy5ޫy5ޫy5ޫy5ޫy5ޫy5ޫy5ޫy5ޫy5ޫy5ޫy5ޫy5ޫy5ޫy5ޫy5ޫy5ޫy5ޫy5ޫy5ޫy5ޫy5ޫy5ޫy5ޫy5ޫy5ޫy5ޫy5ޫy5ޫy5ޫy5ޫy5ޫy5ޫy5ޫy5ޫy5ޫy5ޫy5ޫy5ޫy5ޫy5ޫy5ޫy5ޫy5ޫy5ޫy5ޫy5ޫy5ޫy5ޫy5ޫy5ޫy5ޫy5ޫy5ޫy5ޫy5ޫy5ޫy5ޫy5ޫy5ޫy5ޫy5ޫy5ޫy5ޫy5ޫy5ޫy5ޫy5ޫy5ޫy5ޫy5ޫy5ޫy5ޫy5ޫy5ޫy5ޫy5ޫy5ޫy5ޫy5ޫy5ޫy5ޫy5ޫy5ޫy5ޫy5ޫy5ޫy5ޫy5ޫy5ޫy5ޫy5ޫy5ޫy5ޫy5ޫy5ޫy5ޫy5ޫy5ޫy5ޫy5ޫy5ޫy5ޫy5ޫy5ޫy5ޫy5ޫy5ޫy5ޫy5ޫy5ޫy5ޫy5ޫy5ޫy5ޫy5ޫy5ޫy5ޫy5ޫy5ޫy5ޫy5ޫy5ޫy5ޫy5ޫy5ޫy5ޫy5ޫy5ޫy5ޫy5ޫy5ޫy5ޫy5ޫy5ޫy5ޫy5ޫy5ޫy5ޫy5ޫy5ޫy5ޫy5ޫy5ޫy5ޫy5ޫy5ޫy5ޫy5ޫy5ޫy5ޫy5ޫy5ޫy5ޫy5ޫy5ޫy5ޫy5ޫy5ޫy5ޫy5ޫy5ޫy5ޫy5ޫy5ޫy5ޫy5ޫy5ޫy5ޫy5ޫy5ޫy5ޫy5ޫy5ޫy5ޫy5ޫy5ޫy5ޫy5ޫy5ޫy5ޫy5ޫy5ޫy5ޫy5ޫy5ޫy5ޫy5ޫy5ޫy5ޫy5ޫy5ޫy5ޫy5ޫy5ޫy5ޫy5ޫy5ޫy5ޫy5ޫy5ޫy5ޫy5ޫy5ޫy5ޫy5ޫy5ޫy5ޫy5ޫy5ޫy5ޫy5ޫy5ޫy5ޫy5ޫy5ޫy5ޫy5ޫy5ޫy5ޫy5ޫy5ޫy5ޫy5ޫy5ޫy5ޫy5ޫy5ޫy5ޫy5ޫy5ޫy5ޫy5ޫy5ޫy5ޫy5ޫy5ޫy5ޫy5ޫy5ޫy5ޫy5ޫy5ޫy5ޫy5ޫy5ޫy5ޫy5ޫy5ޫy5ޫy5ޫy5ޫy5ޫy5ޫy5ޫy5ޫy5ޫy5ޫy5ޫy5ޫy5ޫy5ޫy5ޫy5ޫy5ޫy5ޫy5ޫy5ޫy5ޫy5ޫy5ޫy5ޫy5ޫy5ޫy5ޫy5ޫy5ޫy5ޫy5ޫy5ޫy5ޫy5ޫy5ޫy5ޫy5ޫy5ޫy5ޫy5ޫy5ޫy5ޫy5ޫy5ޫy5ޫy5ޫy5ޫy5ޫy5ޫy5ޫy5ޫy5ޫy5ޫy5ޫy5ޫy5ޫy5ޫy5ޫy5ޫy5ޫy5ޫy5ޫy5ޫy5ޫy5ޫy5ޫy5ޫy5ޫy5ޫy5ޫy5ޫy5ޫy5ޫy5ޫy5ޫy5ޫy5ޫy5ޫy5ޫy5ޫy5ޫy5ޫy5ޫy5ޫy5ޫy5ޫy5ޫy5ޫy5ޫy5ޫy5ޫy5ޫy5ޫy5ޫy5ޫy5ޫy5ޫy5ޫy5ޫy5ޫy5ޫy5ޫy5ޫy5ޫy5ޫy5ޫy5ޫy5ޫy5ޫy5ޫy5ޫy5ޫy5ޫy5ޫy5ޫy5ޫy5ޫy5ޫy5ޫy5ޫy5ޫy5ޫy5ޫy5ޫy5ޫy5ޫy5ޫy5ޫy5ޫy5ޫy5ޫy5ޫy5ޫy5ޫy5ޫy5ޫy5ޫy5ޫy5ޫy5ޫy5ޫy5ޫy5ޫy5ޫy5ޫy5ޫy5ޫy5ޫy5ޫy5ޫy5ޫy5ޫy5ޫy5ޫy5ޫy5ޫy5ޫy5ޫy5ޫy5ޫy5ޫy5ޫy5ޫy5ޫy5ޫy5ޫy5ޫy5ޫy5ޫy5ޫy5ޫy5ޫy5ޫy5ޫy5ޫy5ޫy5ޫy5ޫy5ޫy5ޫy5ޫy5ޫy5ޫy5ޫy5ޫy5ޫy5ޫy5ޫy5ޫy5ޫy5ޫy5ޫy5ޫy5ޫy5ޫy5ޫy5ޫy5ޫy5ޫy5ޫy5ޫy5ޫy5ޫy5ޫy5ޫy5ޫy5ޫy5ޫy5ޫy5ޫy5ޫy5ޫy5ޫy5ޫy5ޫy5ޫy5ޫy5ޫy5ޫy5ޫy5ޫy5ޫy5ޫy5ޫy5ޫy5ޫy5ޫy5ޫy5ޫy5ޫy5ޫy5ޫy5ޫy5ޫy5ޫy5ޫy5ޫy5ޫy5ޫy5 20160422
K7AntiVirus Trojan ( 004e659f1 ) 20160422
K7GW Trojan ( 004e659f1 ) 20160422
Kaspersky HEUR:Trojan.Win32.Generic 20160422
Malwarebytes Ransom.7ev3n 20160422
eScan Gen:Variant.Graftor.280500 20160423
NANO-Antivirus Trojan.Win32.Encoder.ebqrvy 20160423
Qihoo-360 QVM07.1.Malware.Gen 20160423
Rising PE:Malware.Obscure!1.9C59 [F] 20160422
Sophos AV Mal/Zbot-UM 20160423
Symantec Trojan.Cryptolocker.AD 20160423
VIPRE Trojan.Win32.Injector.cdgy (v) 20160423
Yandex Backdoor.Androm!DoUPvR5KYms 20160422
Zillya Backdoor.Androm.Win32.33988 20160422
AegisLab 20160422
AhnLab-V3 20160422
Alibaba 20160422
Avast 20160423
Avira (no cloud) 20160423
Baidu 20160422
Baidu-International 20160422
CAT-QuickHeal 20160422
ClamAV 20160422
CMC 20160421
Comodo 20160422
Cyren 20160422
F-Prot 20160422
Ikarus 20160422
Kingsoft 20160423
McAfee 20160422
McAfee-GW-Edition 20160423
Microsoft 20160423
nProtect 20160422
Panda 20160422
SUPERAntiSpyware 20160423
Tencent 20160423
TheHacker 20160422
TrendMicro 20160423
TrendMicro-HouseCall 20160423
VBA32 20160421
ViRobot 20160422
Zoner 20160422
The file being studied is a Portable Executable file! More specifically, it is a Win32 EXE file for the Windows GUI subsystem.
PE header basic information
Target machine Intel 386 or later processors and compatible processors
Compilation timestamp 2016-04-12 16:56:45
Entry Point 0x00005996
Number of sections 6
PE sections
PE imports
RegQueryValueExW
GetObjectA
GetCharABCWidthsFloatA
GetCharacterPlacementW
GetTextMetricsA
GetObjectW
GetLastError
SetCurrentDirectoryW
GetCurrentDirectoryW
WideCharToMultiByte
SetFilePointer
GetModuleFileNameW
GlobalFree
CreateFileW
LCMapStringA
HeapAlloc
GetStartupInfoW
GetStringTypeW
GetModuleHandleW
HeapSize
Ord(3820)
Ord(2438)
Ord(4621)
Ord(5298)
Ord(2980)
Ord(6371)
Ord(5237)
Ord(4073)
Ord(6048)
Ord(5257)
Ord(4435)
Ord(755)
Ord(3577)
Ord(5727)
Ord(3744)
Ord(4616)
Ord(795)
Ord(616)
Ord(815)
Ord(3257)
Ord(2717)
Ord(641)
Ord(3917)
Ord(2570)
Ord(2506)
Ord(2388)
Ord(3716)
Ord(567)
Ord(3076)
Ord(3142)
Ord(5285)
Ord(4667)
Ord(825)
Ord(5710)
Ord(5276)
Ord(4401)
Ord(540)
Ord(2858)
Ord(5273)
Ord(2403)
Ord(1767)
Ord(2371)
Ord(4480)
Ord(4229)
Ord(2294)
Ord(823)
Ord(3087)
Ord(4269)
Ord(2504)
Ord(4213)
Ord(4392)
Ord(800)
Ord(5157)
Ord(1569)
Ord(470)
Ord(6051)
Ord(5261)
Ord(3074)
Ord(2613)
Ord(3592)
Ord(2047)
Ord(2977)
Ord(2116)
Ord(4418)
Ord(4831)
Ord(2746)
Ord(5977)
Ord(4992)
Ord(4459)
Ord(2377)
Ord(3825)
Ord(4419)
Ord(4074)
Ord(2640)
Ord(1089)
Ord(3254)
Ord(1165)
Ord(3341)
Ord(4692)
Ord(2971)
Ord(4347)
Ord(324)
Ord(5296)
Ord(2015)
Ord(1768)
Ord(4704)
Ord(3793)
Ord(3826)
Ord(5193)
Ord(4847)
Ord(1720)
Ord(4075)
Ord(2854)
Ord(1131)
Ord(3733)
Ord(5303)
Ord(2546)
Ord(561)
Ord(1143)
Ord(6372)
Ord(3131)
Ord(5059)
Ord(3397)
Ord(4370)
Ord(4270)
Ord(2634)
Ord(5286)
Ord(6370)
??0?$basic_ofstream@DU?$char_traits@D@std@@@std@@QAE@PBDH@Z
??6std@@YAAAV?$basic_ostream@DU?$char_traits@D@std@@@0@AAV10@PBD@Z
??0?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@ABV?$allocator@D@1@@Z
??_D?$basic_ofstream@DU?$char_traits@D@std@@@std@@QAEXXZ
??6std@@YAAAV?$basic_ostream@DU?$char_traits@D@std@@@0@AAV10@ABV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@0@@Z
??1?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@XZ
??4?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEAAV01@ABV01@@Z
??7ios_base@std@@QBE_NXZ
?read@?$basic_istream@DU?$char_traits@D@std@@@std@@QAEAAV12@PADH@Z
?c_str@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QBEPBDXZ
??Bios_base@std@@QBEPAXXZ
??0?$basic_ifstream@DU?$char_traits@D@std@@@std@@QAE@PBDH@Z
??_D?$basic_ifstream@DU?$char_traits@D@std@@@std@@QAEXXZ
_except_handler3
__p__fmode
__CxxFrameHandler
_exit
__p__commode
__setusermatherr
__dllonexit
_onexit
__wgetmainargs
exit
_XcptFilter
_initterm
_controlfp
_wcmdln
_adjust_fdiv
__set_app_type
GetCapture
GetSystemMetrics
SetTimer
SendMessageW
IsIconic
ReleaseDC
EnableWindow
LoadIconW
GetClientRect
DrawIcon
SendMessageA
KillTimer
GetSystemMenu
CreateDialogParamA
GetWindowPlacement
GetDC
InvalidateRect
Number of PE resources by type
RT_BITMAP 1
RT_GROUP_ICON 1
RT_DIALOG 1
RT_VERSION 1
RT_ICON 1
Number of PE resources by language
NEUTRAL 2
CHINESE SIMPLIFIED 2
SPANISH MODERN 1
PE resources
ExifTool file metadata
MIMEType
application/octet-stream

Subsystem
Windows GUI

MachineType
Intel 386 or later, and compatibles

FileTypeExtension
exe

TimeStamp
2016:04:12 17:56:45+01:00

FileType
Win32 EXE

PEType
PE32

CodeSize
28672

LinkerVersion
6.0

Warning
Error processing PE data dictionary

EntryPoint
0x5996

InitializedDataSize
40960

SubsystemVersion
4.0

ImageVersion
0.0

OSVersion
4.0

UninitializedDataSize
16

File identification
MD5 312c1a8ae0b82a8e6644114b2a0d5080
SHA1 741400e302252a81bbc1eeeae75b46562b97e5b3
SHA256 3329ebb01feef7d7a0be5a8803fbd7fd6e785878d68b326cd6e282ff69259533
ssdeep
768:Bg9n51SXJW5TQnU0lGuMD01fEA0s3WXOSt7n1mKAE6JTk:BiaYRvBD8lWeSHmKSJTk

authentihash e52d81910c8fae78fdcd1e774d8ac69c6b46549ca86d85d88142396481991423
imphash 88803cecfbc7cd6c2bef1eadbd8df5ca
File size 72.0 KB ( 73728 bytes )
File type Win32 EXE
Magic literal
PE32 executable for MS Windows (GUI) Intel 80386 32-bit

TrID Win32 Executable MS Visual C++ (generic) (67.4%)
Win32 Dynamic Link Library (generic) (14.2%)
Win32 Executable (generic) (9.7%)
Generic Win/DOS Executable (4.3%)
DOS Executable Generic (4.3%)
Tags
peexe

VirusTotal metadata
First submission 2016-04-23 00:30:29 UTC ( 2 years, 2 months ago )
Last submission 2016-04-28 23:23:52 UTC ( 2 years, 2 months ago )
File names conlhost_dump.exe
No comments. No VirusTotal Community member has commented on this item yet, be the first one to do so!

Leave your comment...

?
Post comment

You have not signed in. Only registered users can leave comments, sign in and have a voice!

No votes. No one has voted on this item yet, be the first one to do so!
Condensed report! The following is a condensed report of the behaviour of the file when executed in a controlled environment. The actions and events described were either performed by the file itself or by any other process launched by the executed file or subjected to code injection by the executed file.
Opened files
Read files
Written files
Created processes
Code injections in the following processes
Opened mutexes
Runtime DLLs
UDP communications