× Cookies are disabled! This site requires cookies to be enabled to work properly
SHA256: 366c39baa630ec6b2aa0eceb70a5573dd3cc5d7c6889fd2ad420ce0944c44f85
File name: 4B8E685E6C94D58EB6F3D0D90710CF59
Detection ratio: 14 / 54
Analysis date: 2015-11-23 10:32:17 UTC ( 3 years, 2 months ago ) View latest
Antivirus Result Update
Avast Win32:Malware-gen 20151123
AVG Crypt5.NKP 20151123
AVware Trojan.Win32.Generic!BT 20151123
DrWeb Trojan.DownLoader17.56161 20151123
ESET-NOD32 a variant of Win32/Kryptik.EFPM 20151123
K7AntiVirus Trojan ( 004d75bf1 ) 20151123
K7GW Trojan ( 004d75bf1 ) 20151123
Kaspersky Backdoor.Win32.Androm.isoz 20151123
NANO-Antivirus Trojan.Win32.DownLoader17.dyvxca 20151123
Panda Generic Suspicious 20151122
Qihoo-360 QVM07.1.Malware.Gen 20151123
Sophos AV Mal/Generic-S 20151123
Tencent Win32.Trojan.Crypt.Amcc 20151123
VIPRE Trojan.Win32.Generic!BT 20151123
Ad-Aware 20151123
AegisLab 20151123
Yandex 20151122
AhnLab-V3 20151122
Alibaba 20151123
ALYac 20151123
Arcabit 20151123
Baidu-International 20151123
BitDefender 20151123
Bkav 20151123
ByteHero 20151123
CAT-QuickHeal 20151123
ClamAV 20151123
CMC 20151118
Comodo 20151123
Cyren 20151123
Emsisoft 20151123
F-Prot 20151123
F-Secure 20151123
Fortinet 20151123
GData 20151123
Ikarus 20151123
Jiangmin 20151122
Malwarebytes 20151123
McAfee 20151123
McAfee-GW-Edition 20151123
Microsoft 20151123
eScan 20151123
nProtect 20151120
Rising 20151122
SUPERAntiSpyware 20151123
Symantec 20151122
TheHacker 20151121
TotalDefense 20151123
TrendMicro 20151123
TrendMicro-HouseCall 20151123
VBA32 20151120
ViRobot 20151123
Zillya 20151123
Zoner 20151123
The file being studied is a Portable Executable file! More specifically, it is a Win32 EXE file for the Windows GUI subsystem.
PE header basic information
Target machine Intel 386 or later processors and compatible processors
Compilation timestamp 2009-04-25 23:24:41
Entry Point 0x00011038
Number of sections 4
PE sections
Overlays
MD5 642d95ffb146c57c192767db96886f03
File type data
Offset 212992
Size 1137
Entropy 6.04
PE imports
GetUserNameA
RegEnumKeyExA
RegCreateKeyA
RegSetValueExA
GetStartupInfoA
CompareFileTime
CreateSemaphoreA
GetModuleHandleA
EnumSystemLocalesW
GetProfileIntW
FormatMessageA
GetTimeFormatA
__p__fmode
_acmdln
_adjust_fdiv
__setusermatherr
_CIsinh
modf
__getmainargs
_initterm
_controlfp
_wtoi
feof
__p__commode
__set_app_type
SHGetSettings
DdeUnaccessData
CharNextExA
DdeCreateStringHandleA
GetClassInfoA
DdeUninitialize
CharPrevA
GetKeyboardLayout
GetKeyboardType
AdjustWindowRect
GetClipboardViewer
DdePostAdvise
GetFocus
PackDDElParam
GetThreadDesktop
Number of PE resources by type
RT_ICON 5
RT_GROUP_ICON 5
RT_DIALOG 3
RT_VERSION 1
Struct(111) 1
Number of PE resources by language
MACEDONIAN DEFAULT 5
ENGLISH UK 5
SPANISH PUERTO RICO 5
PE resources
ExifTool file metadata
SubsystemVersion
4.0

LinkerVersion
6.0

ImageVersion
0.0

FileVersionNumber
0.4.49.168

UninitializedDataSize
0

LanguageCode
Neutral

FileFlagsMask
0x003f

CharacterSet
Unicode

InitializedDataSize
3776512

EntryPoint
0x11038

OriginalFileName
Obfuscates.exe

MIMEType
application/octet-stream

LegalCopyright
Speciation (C) 2010

FileVersion
0,73,114,233

TimeStamp
2009:04:26 00:24:41+01:00

FileType
Win32 EXE

PEType
PE32

ProductVersion
0,23,203,205

FileDescription
Seldom

OSVersion
4.0

FileOS
Windows NT 32-bit

Subsystem
Windows GUI

MachineType
Intel 386 or later, and compatibles

CompanyName
Ntreev Soft Co., Ltd.

CodeSize
69632

FileSubtype
0

ProductVersionNumber
0.160.64.188

FileTypeExtension
exe

ObjectFileType
Executable application

File identification
MD5 ed566a0cac1526f4767f56cc9eea74ab
SHA1 4b8e685e6c94d58eb6f3d0d90710cf59258c1929
SHA256 366c39baa630ec6b2aa0eceb70a5573dd3cc5d7c6889fd2ad420ce0944c44f85
ssdeep
6144:OlqTfGJaFLrrGIw9ivyCMKz6dicJ+O0jqWDsvGx:OlqTf44nSLivygzTcJ+VqWDsux

authentihash d86e12646feee63284033bed670f9f091ce44fd6d5fd1bedcf19a3edbb4a3769
imphash 4c80ed444bba04ca9f81af994e649e39
File size 209.1 KB ( 214129 bytes )
File type Win32 EXE
Magic literal
PE32 executable for MS Windows (GUI) Intel 80386 32-bit

TrID Win32 Dynamic Link Library (generic) (43.5%)
Win32 Executable (generic) (29.8%)
Generic Win/DOS Executable (13.2%)
DOS Executable Generic (13.2%)
Tags
peexe overlay

VirusTotal metadata
First submission 2015-11-23 10:32:17 UTC ( 3 years, 2 months ago )
Last submission 2017-01-11 02:33:58 UTC ( 2 years, 1 month ago )
File names 4b8e685e6c94d58eb6f3d0d90710cf59258c1929.bin
4B8E685E6C94D58EB6F3D0D90710CF59
No comments. No VirusTotal Community member has commented on this item yet, be the first one to do so!

Leave your comment...

?
Post comment

You have not signed in. Only registered users can leave comments, sign in and have a voice!

No votes. No one has voted on this item yet, be the first one to do so!
Condensed report! The following is a condensed report of the behaviour of the file when executed in a controlled environment. The actions and events described were either performed by the file itself or by any other process launched by the executed file or subjected to code injection by the executed file.
Opened files
Read files
Written files
Moved files
Deleted files
Created processes
Shell commands
Code injections in the following processes
Created mutexes
Opened mutexes
Opened service managers
Opened services
Runtime DLLs
HTTP requests
DNS requests
TCP connections
UDP communications