× Cookies are disabled! This site requires cookies to be enabled to work properly
SHA256: 373d793d72a1bd1993873ff3555fbb844dcf8e8b95a1c9072cc1cf78b1105e70
File name: 299dc3d36d5d1f2927829925cacb001c0d4ccdc5
Detection ratio: 27 / 54
Analysis date: 2015-12-06 02:36:14 UTC ( 2 years, 7 months ago )
Antivirus Result Update
Ad-Aware Trojan.GenericKD.2908104 20151206
Yandex Trojan.Fsysna! 20151205
AhnLab-V3 Trojan/Win32.Dridex 20151205
Antiy-AVL Trojan[Spy]/Win32.BitWall 20151206
Arcabit Trojan.Generic.D2C5FC8 20151206
Avast Win32:Malware-gen 20151206
AVG Generic14_c.AHKE 20151206
BitDefender Trojan.GenericKD.2908104 20151206
Bkav HW32.Packed.EDD9 20151205
ClamAV Win.Trojan.Agent-958137 20151204
DrWeb Trojan.PWS.Siggen1.29325 20151206
Emsisoft Trojan.GenericKD.2908104 (B) 20151206
ESET-NOD32 a variant of Win32/Injector.CNSG 20151205
F-Secure Trojan.GenericKD.2908104 20151205
Fortinet W32/Injector.CNQP!tr 20151204
GData Trojan.GenericKD.2908104 20151206
Ikarus Evilware.Outbreak 20151205
Kaspersky UDS:DangerousObject.Multi.Generic 20151206
Malwarebytes Trojan.Dridex 20151205
McAfee Drixed-FCR!68F89BF47F74 20151206
McAfee-GW-Edition BehavesLike.Win32.VBObfus.dc 20151205
Microsoft Backdoor:Win32/Drixed.J 20151205
eScan Trojan.GenericKD.2908104 20151206
NANO-Antivirus Trojan.Win32.Siggen1.dyzxwe 20151206
nProtect Trojan.Agent.BOST 20151204
Qihoo-360 HEUR/QVM07.1.Malware.Gen 20151206
Sophos AV Troj/Dridex-KL 20151205
AegisLab 20151205
Alibaba 20151204
ALYac 20151204
Avira (no cloud) 20151205
Baidu-International 20151205
ByteHero 20151206
CAT-QuickHeal 20151205
CMC 20151201
Comodo 20151202
Cyren 20151206
F-Prot 20151206
Jiangmin 20151205
K7AntiVirus 20151202
K7GW 20151202
Panda 20151205
Rising 20151205
SUPERAntiSpyware 20151205
Symantec 20151205
TheHacker 20151205
TotalDefense 20151205
TrendMicro 20151206
TrendMicro-HouseCall 20151206
VBA32 20151204
VIPRE 20151206
ViRobot 20151205
Zillya 20151205
Zoner 20151206
The file being studied is a Portable Executable file! More specifically, it is a Win32 EXE file for the Windows GUI subsystem.
PE header basic information
Target machine Intel 386 or later processors and compatible processors
Compilation timestamp 2015-12-02 20:06:41
Entry Point 0x0000B0B2
Number of sections 6
PE sections
Overlays
MD5 b06e1add3f93685f1a68c208fcbca107
File type data
Offset 106496
Size 135302
Entropy 8.00
PE imports
RegCreateKeyW
GetObjectA
GetPixel
CreateSolidBrush
SetPaletteEntries
CreateCompatibleDC
DeleteObject
StretchBlt
GetStdHandle
GetModuleFileNameW
GetVersionExW
GetEnvironmentStringsW
HeapDestroy
VirtualProtect
GetModuleFileNameA
GetStartupInfoA
GlobalLock
GetCurrentThread
GetTimeFormatW
GetModuleHandleA
ReadFile
FindNextFileA
SetCommTimeouts
CreateProcessA
GetTimeZoneInformation
GetEnvironmentVariableA
FindClose
CreateFileA
GetLocaleInfoW
GetEnvironmentVariableW
Ord(1775)
Ord(4080)
Ord(537)
Ord(4710)
Ord(2414)
Ord(3597)
Ord(1641)
Ord(3136)
Ord(6375)
Ord(3626)
Ord(755)
Ord(3798)
Ord(2621)
Ord(3259)
Ord(2446)
Ord(815)
Ord(922)
Ord(641)
Ord(5277)
Ord(2514)
Ord(4425)
Ord(4353)
Ord(4441)
Ord(1134)
Ord(4465)
Ord(2863)
Ord(5300)
Ord(4627)
Ord(1168)
Ord(3738)
Ord(4853)
Ord(2982)
Ord(4234)
Ord(825)
Ord(3081)
Ord(5199)
Ord(5307)
Ord(4424)
Ord(540)
Ord(4078)
Ord(2554)
Ord(6376)
Ord(1727)
Ord(940)
Ord(823)
Ord(5785)
Ord(2379)
Ord(2725)
Ord(4998)
Ord(800)
Ord(3749)
Ord(2512)
Ord(470)
Ord(4274)
Ord(5261)
Ord(2859)
Ord(4079)
Ord(1146)
Ord(3147)
Ord(2124)
Ord(6052)
Ord(3262)
Ord(1576)
Ord(5065)
Ord(4407)
Ord(3663)
Ord(3346)
Ord(858)
Ord(2396)
Ord(3831)
Ord(6374)
Ord(5280)
Ord(3825)
Ord(2976)
Ord(323)
Ord(1089)
Ord(2985)
Ord(3922)
Ord(6877)
Ord(4160)
Ord(4376)
Ord(324)
Ord(3830)
Ord(2385)
Ord(4278)
Ord(3079)
Ord(2055)
Ord(4837)
Ord(5241)
Ord(2648)
Ord(5714)
Ord(5289)
Ord(4622)
Ord(561)
Ord(5302)
Ord(1640)
Ord(4486)
Ord(4698)
Ord(5163)
Ord(5265)
Ord(4673)
Ord(3571)
Ord(5731)
__p__fmode
_acmdln
_ftol
memset
__dllonexit
_except_handler3
?terminate@@YAXXZ
strtol
sqrt
_onexit
abs
exit
_XcptFilter
__setusermatherr
_controlfp
_adjust_fdiv
__CxxFrameHandler
__p__commode
__getmainargs
_initterm
_setmbcp
_exit
__set_app_type
PostQuitMessage
ShowWindow
ToAsciiEx
SetWindowPos
GetSystemMetrics
AppendMenuA
EnableWindow
MessageBoxIndirectA
DrawIcon
GetDC
SetClipboardData
SendMessageA
GetClientRect
SystemParametersInfoW
WinHelpA
IsIconic
RegisterClassA
LoadIconA
GetKeyboardLayout
LoadImageA
GetSystemMenu
GetWindowTextLengthW
OpenClipboard
Number of PE resources by type
RT_DIALOG 2
RT_ICON 1
RT_GROUP_ICON 1
Number of PE resources by language
NEUTRAL 2
GERMAN 1
GERMAN SWISS 1
PE resources
ExifTool file metadata
MIMEType
application/octet-stream

Subsystem
Windows GUI

MachineType
Intel 386 or later, and compatibles

TimeStamp
2015:12:02 20:06:41+00:00

FileType
Win32 EXE

PEType
PE32

CodeSize
53248

LinkerVersion
6.0

FileTypeExtension
exe

InitializedDataSize
49152

SubsystemVersion
4.0

EntryPoint
0xb0b2

OSVersion
4.0

ImageVersion
0.0

UninitializedDataSize
0

File identification
MD5 68f89bf47f74e7804815aa800d4a385a
SHA1 299dc3d36d5d1f2927829925cacb001c0d4ccdc5
SHA256 373d793d72a1bd1993873ff3555fbb844dcf8e8b95a1c9072cc1cf78b1105e70
ssdeep
3072:8tJ4pI97OUx80CfrK17l3mMPwWGGUQFe61bHlJg9WtwZR+Znh8UfP7ntIT4jJ:yJDf4Il3mMPyQp1rHQc8R+ZnVfjWkt

authentihash 82b9e889cc2bbf08e3a101e81ceaa893001f5d335014eb044c0daf43a5cbc3a5
imphash d32c061d80c90d5ce38530d750416359
File size 236.1 KB ( 241798 bytes )
File type Win32 EXE
Magic literal
PE32 executable for MS Windows (GUI) Intel 80386 32-bit

TrID Win32 Executable MS Visual C++ (generic) (67.3%)
Win32 Dynamic Link Library (generic) (14.2%)
Win32 Executable (generic) (9.7%)
Generic Win/DOS Executable (4.3%)
DOS Executable Generic (4.3%)
Tags
peexe overlay

VirusTotal metadata
First submission 2015-12-06 02:36:14 UTC ( 2 years, 7 months ago )
Last submission 2015-12-06 02:36:14 UTC ( 2 years, 7 months ago )
No comments. No VirusTotal Community member has commented on this item yet, be the first one to do so!

Leave your comment...

?
Post comment

You have not signed in. Only registered users can leave comments, sign in and have a voice!

No votes. No one has voted on this item yet, be the first one to do so!
Condensed report! The following is a condensed report of the behaviour of the file when executed in a controlled environment. The actions and events described were either performed by the file itself or by any other process launched by the executed file or subjected to code injection by the executed file.
Opened files
Read files
Written files
Created processes
Code injections in the following processes
Opened mutexes
Runtime DLLs