× Cookies are disabled! This site requires cookies to be enabled to work properly
SHA256: 34ca1099cdb6d4bacf6bc36562b1171b60d28b79907e399efa61eb574eaa4338
File name: 34ca1099cdb6d4bacf6bc36562b1171b60d28b79907e399efa61eb574eaa4338....
Detection ratio: 8 / 56
Analysis date: 2016-10-29 02:01:50 UTC ( 2 years, 4 months ago ) View latest
Antivirus Result Update
Avast Win32:Malware-gen 20161029
Baidu Win32.Trojan.WisdomEyes.16070401.9500.9999 20161028
CrowdStrike Falcon (ML) malicious_confidence_61% (W) 20161024
DrWeb Trojan.DownLoader23.5451 20161029
ESET-NOD32 a variant of Win32/Kryptik.FIIZ 20161029
Kaspersky Trojan.Win32.Inject.abtrq 20161029
McAfee Artemis!57D39DE50AF0 20161029
McAfee-GW-Edition BehavesLike.Win32.Downloader.cc 20161029
Ad-Aware 20161029
AegisLab 20161028
AhnLab-V3 20161028
Alibaba 20161028
ALYac 20161029
Antiy-AVL 20161029
Arcabit 20161029
AVG 20161029
Avira (no cloud) 20161028
AVware 20161029
BitDefender 20161029
Bkav 20161028
CAT-QuickHeal 20161028
ClamAV 20161029
CMC 20161028
Comodo 20161028
Cyren 20161029
Emsisoft 20161029
F-Prot 20161029
F-Secure 20161029
Fortinet 20161029
GData 20161029
Ikarus 20161028
Sophos ML 20161018
Jiangmin 20161028
K7AntiVirus 20161028
K7GW 20161029
Kingsoft 20161029
Malwarebytes 20161028
Microsoft 20161029
eScan 20161029
NANO-Antivirus 20161028
nProtect 20161028
Panda 20161028
Qihoo-360 20161029
Rising 20161029
Sophos AV 20161028
SUPERAntiSpyware 20161029
Symantec 20161029
Tencent 20161029
TheHacker 20161028
TrendMicro 20161029
TrendMicro-HouseCall 20161029
VBA32 20161028
VIPRE 20161029
ViRobot 20161028
Yandex 20161028
Zillya 20161028
Zoner 20161029
The file being studied is a Portable Executable file! More specifically, it is a Win32 EXE file for the Windows GUI subsystem.
PE header basic information
Target machine Intel 386 or later processors and compatible processors
Compilation timestamp 2016-10-27 01:53:33
Entry Point 0x000025DB
Number of sections 5
PE sections
PE imports
GetSystemTime
GetLastError
ReleaseMutex
GetModuleFileNameW
SetEvent
QueryPerformanceCounter
IsDebuggerPresent
ExitProcess
GetLocalTime
GetProcessId
GetCurrentProcess
FileTimeToLocalFileTime
GetCurrentProcessId
UnhandledExceptionFilter
GetSystemRegistryQuota
GetStartupInfoW
InterlockedCompareExchange
InterlockedExchange
SetUnhandledExceptionFilter
PulseEvent
GetSystemTimeAsFileTime
GetSystemTimes
GetModuleHandleW
TerminateProcess
GlobalAlloc
Sleep
GetTickCount
GetCurrentThreadId
?uncaught_exception@std@@YA_NXZ
??6?$basic_ostream@DU?$char_traits@D@std@@@std@@QAEAAV01@P6AAAV01@AAV01@@Z@Z
?endl@std@@YAAAV?$basic_ostream@DU?$char_traits@D@std@@@1@AAV21@@Z
?sputc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@QAEHD@Z
?cout@std@@3V?$basic_ostream@DU?$char_traits@D@std@@@1@A
?sputn@?$basic_streambuf@DU?$char_traits@D@std@@@std@@QAEHPBDH@Z
?_Unlock@?$basic_streambuf@DU?$char_traits@D@std@@@std@@QAEXXZ
?_Osfx@?$basic_ostream@DU?$char_traits@D@std@@@std@@QAEXXZ
?_Lock@?$basic_streambuf@DU?$char_traits@D@std@@@std@@QAEXXZ
?flush@?$basic_ostream@DU?$char_traits@D@std@@@std@@QAEAAV12@XZ
??6?$basic_ostream@DU?$char_traits@D@std@@@std@@QAEAAV01@K@Z
?setstate@?$basic_ios@DU?$char_traits@D@std@@@std@@QAEXH_N@Z
__wgetmainargs
__p__fmode
__dllonexit
_controlfp_s
_invoke_watson
_amsg_exit
?terminate@@YAXXZ
_lock
__p__commode
_onexit
exit
_XcptFilter
_encode_pointer
__setusermatherr
_initterm_e
_adjust_fdiv
_wcmdln
_cexit
_unlock
_crt_debugger_hook
__CxxFrameHandler3
_except_handler4_common
_initterm
_decode_pointer
_configthreadlocale
_exit
__set_app_type
GetWindowThreadProcessId
PeekMessageW
GetShellWindow
EnumDesktopWindows
GetClassNameA
CharLowerW
CreateWindowExW
GetWindowTextA
GetWindowContextHelpId
DispatchMessageW
CharToOemA
Number of PE resources by type
RT_BITMAP 17
RT_ICON 8
RT_GROUP_ICON 1
RT_MANIFEST 1
Number of PE resources by language
ENGLISH US 27
PE resources
ExifTool file metadata
MIMEType
application/octet-stream

Subsystem
Windows GUI

MachineType
Intel 386 or later, and compatibles

FileTypeExtension
exe

TimeStamp
2016:10:27 02:53:33+01:00

FileType
Win32 EXE

PEType
PE32

CodeSize
7168

LinkerVersion
9.0

EntryPoint
0x25db

InitializedDataSize
191488

SubsystemVersion
5.0

ImageVersion
0.0

OSVersion
5.0

UninitializedDataSize
0

File identification
MD5 57d39de50af090c533c4d9d15882f2d1
SHA1 a07f497b6d5150039822afa1eef57fb36242fcbb
SHA256 34ca1099cdb6d4bacf6bc36562b1171b60d28b79907e399efa61eb574eaa4338
ssdeep
1536:gcuIUFt5n5RP3iNjEB92YUa540iYabQl6YfjWJKQannjay:5uIUFt5nHwjE/2BX0MbQl6YfjWJKQga

authentihash a90fbf45a175d2d3623d7e19ee4802b74ce9dd23c9787da26b4031ee3e65f126
imphash 7bce96530fd10bfb006cab793659cc50
File size 195.0 KB ( 199680 bytes )
File type Win32 EXE
Magic literal
PE32 executable for MS Windows (GUI) Intel 80386 32-bit

TrID Win64 Executable (generic) (64.6%)
Win32 Dynamic Link Library (generic) (15.4%)
Win32 Executable (generic) (10.5%)
Generic Win/DOS Executable (4.6%)
DOS Executable Generic (4.6%)
Tags
peexe

VirusTotal metadata
First submission 2016-10-28 16:01:41 UTC ( 2 years, 4 months ago )
Last submission 2016-10-31 20:23:51 UTC ( 2 years, 4 months ago )
File names 34ca1099cdb6d4bacf6bc36562b1171b60d28b79907e399efa61eb574eaa4338.exe.000
infected_promos.hls
No comments. No VirusTotal Community member has commented on this item yet, be the first one to do so!

Leave your comment...

?
Post comment

You have not signed in. Only registered users can leave comments, sign in and have a voice!

No votes. No one has voted on this item yet, be the first one to do so!
Condensed report! The following is a condensed report of the behaviour of the file when executed in a controlled environment. The actions and events described were either performed by the file itself or by any other process launched by the executed file or subjected to code injection by the executed file.
Created processes
Opened mutexes
Runtime DLLs
UDP communications