× Cookies are disabled! This site requires cookies to be enabled to work properly
SHA256: 3908b3e121cb983bc6f3f7ec34aa91798b8f6a713dff4f24ab966072e5a8a734
File name: 3908b3e121cb983bc6f3f7ec34aa91798b8f6a713dff4f24ab966072e5a8a734
Detection ratio: 22 / 56
Analysis date: 2016-06-18 22:17:16 UTC ( 2 years, 9 months ago )
Antivirus Result Update
Ad-Aware Gen:Variant.Graftor.291102 20160618
AhnLab-V3 Win-Trojan/Cerber.Gen 20160618
Arcabit Trojan.Graftor.D4711E 20160618
Avast Win32:Trojan-gen 20160618
AVG Generic_r.KAC 20160618
Avira (no cloud) TR/Crypt.ZPACK.xsfb 20160618
AVware Trojan.Win32.Generic!BT 20160618
Baidu Win32.Trojan.Filecoder.q 20160618
BitDefender Gen:Variant.Graftor.291102 20160618
Bkav HW32.Packed.6402 20160618
Emsisoft Gen:Variant.Graftor.291102 (B) 20160618
ESET-NOD32 Win32/TrojanDownloader.Agent.CFH 20160618
F-Secure Gen:Variant.Graftor.291102 20160618
Fortinet W32/Agent.CFH!tr.dldr 20160618
GData Gen:Variant.Graftor.291102 20160618
McAfee Artemis!67892212B808 20160618
McAfee-GW-Edition BehavesLike.Win32.BadFile.ch 20160618
eScan Gen:Variant.Graftor.291102 20160618
Qihoo-360 HEUR/QVM20.1.0000.Malware.Gen 20160618
Sophos AV Mal/Generic-S 20160618
TotalDefense Win32/DropExec_im 20160618
VIPRE Trojan.Win32.Generic!BT 20160618
AegisLab 20160618
Alibaba 20160617
ALYac 20160618
Antiy-AVL 20160618
Baidu-International 20160614
CAT-QuickHeal 20160618
ClamAV 20160618
CMC 20160616
Comodo 20160618
Cyren 20160618
DrWeb 20160618
F-Prot 20160618
Ikarus 20160618
Jiangmin 20160618
K7AntiVirus 20160618
K7GW 20160618
Kaspersky 20160618
Kingsoft 20160618
Malwarebytes 20160618
Microsoft 20160618
NANO-Antivirus 20160618
nProtect 20160617
Panda 20160618
SUPERAntiSpyware 20160618
Symantec 20160618
Tencent 20160618
TheHacker 20160617
TrendMicro 20160618
TrendMicro-HouseCall 20160618
VBA32 20160617
ViRobot 20160618
Yandex 20160616
Zillya 20160618
Zoner 20160618
The file being studied is a Portable Executable file! More specifically, it is a Win32 EXE file for the Windows GUI subsystem.
PE header basic information
Target machine Intel 386 or later processors and compatible processors
Compilation timestamp 2016-06-17 04:49:47
Entry Point 0x00016D80
Number of sections 4
PE sections
PE imports
CryptDeriveKey
RegEnumKeyW
RegDeleteValueW
CryptReleaseContext
RegCloseKey
RegSetValueExW
RegCreateKeyExW
RegQueryValueExA
CryptDestroyKey
RegOpenKeyExW
CryptAcquireContextW
RegOpenKeyW
RegOpenKeyExA
CryptHashData
CryptDecrypt
RegQueryValueExW
CryptDestroyHash
CryptCreateHash
ImageList_ReplaceIcon
PropertySheetW
ImageList_Destroy
CreateFontIndirectW
PatBlt
PathToRegion
UpdateColors
CreateMetaFileW
GetDeviceCaps
ExcludeClipRect
DeleteDC
SetBkMode
GetObjectW
BitBlt
RealizePalette
SetTextColor
GetTextExtentPointW
ExtTextOutW
GetTextExtentPoint32W
CreatePalette
GetStockObject
SelectPalette
GetDIBits
CreateRoundRectRgn
SelectClipRgn
CreateCompatibleDC
StretchDIBits
SwapBuffers
CreateRectRgn
SelectObject
CreateSolidBrush
SetBkColor
DeleteObject
CreateCompatibleBitmap
GetUserDefaultUILanguage
GetLastError
Toolhelp32ReadProcessMemory
GetDriveTypeW
ReleaseMutex
LoadLibraryA
LoadLibraryW
GlobalFree
WaitForSingleObject
GetVersionExW
GetExitCodeThread
GetTickCount
GlobalUnlock
lstrcpyW
lstrcmpiW
GlobalAlloc
lstrlenW
DeleteCriticalSection
GetStartupInfoA
EnterCriticalSection
LocalAlloc
GetUserDefaultLCID
MapViewOfFileEx
ProcessIdToSessionId
GetModuleHandleW
GlobalReAlloc
GetShortPathNameW
SetErrorMode
MultiByteToWideChar
GetLogicalDrives
_llseek
lstrcatW
_lread
GetPrivateProfileStringW
GetLocaleInfoW
GetTempFileNameW
ExitThread
GetModuleFileNameW
ExpandEnvironmentStringsW
_lclose
WideCharToMultiByte
GetProcAddress
GetModuleHandleA
GetSystemDirectoryW
ReadFile
GetTempPathW
CreateMutexW
GetVolumeNameForVolumeMountPointW
DeleteFileW
lstrcmpW
CreateThread
GlobalLock
SetThreadExecutionState
SetVolumeLabelW
FreeLibrary
LocalFree
GetPrivateProfileIntW
GlobalMemoryStatus
SearchPathW
InitializeCriticalSection
WriteFile
CreateFileW
GlobalHandle
GetLogicalDriveStringsW
GetFileAttributesW
InterlockedDecrement
Sleep
GetCommandLineW
CloseHandle
ExitProcess
GetCurrentThreadId
InterlockedIncrement
VirtualAlloc
GetCurrentProcessId
LeaveCriticalSection
DragQueryFileW
SHCreateDirectoryExW
DragFinish
SHGetFolderPathW
DragAcceptFiles
Shell_NotifyIconW
ShellExecuteW
SHGetFileInfoW
ShellAboutW
PathAppendW
RedrawWindow
GetMessagePos
SetWindowRgn
LoadBitmapW
DestroyMenu
PostQuitMessage
GetForegroundWindow
SetWindowPos
EndPaint
WindowFromPoint
CharUpperBuffW
SetMenuItemInfoW
GetDC
GetAsyncKeyState
ReleaseDC
GetDlgCtrlID
SendMessageW
UnregisterClassW
GetClientRect
DefWindowProcW
SetMenuDefaultItem
GetNextDlgTabItem
GetThreadDesktop
CallNextHookEx
LoadImageW
CountClipboardFormats
ClientToScreen
GetTopWindow
GetWindowTextW
LockWindowUpdate
DrawTextW
PtInRect
DrawEdge
GetParent
UpdateWindow
GetPropW
GetMessageW
ShowWindow
SetPropW
EnumDisplayMonitors
PeekMessageW
EnableWindow
SetWindowPlacement
CharUpperW
LoadIconW
ChildWindowFromPoint
TranslateMessage
IsWindowEnabled
CharUpperA
RegisterClassW
GetWindowPlacement
LoadStringW
IsIconic
TrackPopupMenuEx
GetSubMenu
CreateMenu
IsDialogMessageW
FillRect
DeferWindowPos
CreateWindowExW
GetWindowLongW
DestroyWindow
IsChild
MapWindowPoints
RegisterWindowMessageW
BeginPaint
SetFocus
DrawIcon
KillTimer
GetClipboardData
GetSystemMetrics
SetWindowLongW
GetWindowRect
SetCapture
ReleaseCapture
EnumChildWindows
RegisterDeviceNotificationW
SendDlgItemMessageW
PostMessageW
MonitorFromRect
CheckDlgButton
CreateDialogParamW
WaitMessage
CreatePopupMenu
DrawFocusRect
GetLastActivePopup
DrawIconEx
SetWindowTextW
SetTimer
GetDlgItem
RemovePropW
BringWindowToTop
ScreenToClient
TrackPopupMenu
GetMenuItemCount
GetDesktopWindow
SetWindowsHookExW
LoadCursorW
GetSystemMenu
DispatchMessageW
SetForegroundWindow
GetMenuItemInfoW
GetCursorPos
IntersectRect
EndDialog
GetKeyboardLayout
FindWindowW
GetCapture
GetShellWindow
MessageBeep
LoadMenuW
RemoveMenu
wvsprintfW
BeginDeferWindowPos
MessageBoxW
GetKBCodePage
RegisterClassExW
UnhookWindowsHookEx
MoveWindow
DialogBoxParamW
AppendMenuW
GetSysColor
SetDlgItemTextW
EndDeferWindowPos
GetDoubleClickTime
EnableMenuItem
IsWindowVisible
WinHelpW
SystemParametersInfoW
SetRect
InvalidateRect
CallWindowProcW
DestroyIcon
ModifyMenuW
UnregisterDeviceNotification
GetFocus
wsprintfW
CloseClipboard
DefDlgProcW
SetCursor
__p__fmode
_wcsupr
rand
_ftol
srand
wcschr
_wcslwr
isdigit
towupper
_except_handler3
__p__commode
wcslen
wcscmp
exit
_XcptFilter
__setusermatherr
wcsncpy
towlower
_acmdln
iswctype
_adjust_fdiv
wcscat
wcscspn
__getmainargs
_controlfp
wcsspn
swscanf
wcscpy
wcsstr
_initterm
_exit
__set_app_type
CreateStreamOnHGlobal
OleUninitialize
OleInitialize
Number of PE resources by type
RT_CURSOR 16
RT_GROUP_CURSOR 15
RT_ICON 12
RT_DIALOG 4
RT_STRING 3
RT_GROUP_ICON 2
RT_MESSAGETABLE 1
Number of PE resources by language
ENGLISH US 39
NEUTRAL 14
PE resources
ExifTool file metadata
MIMEType
application/octet-stream

Subsystem
Windows GUI

MachineType
Intel 386 or later, and compatibles

TimeStamp
2016:06:17 05:49:47+01:00

FileType
Win32 EXE

PEType
PE32

CodeSize
93184

LinkerVersion
9.0

FileTypeExtension
exe

InitializedDataSize
77312

SubsystemVersion
5.0

EntryPoint
0x16d80

OSVersion
5.0

ImageVersion
0.0

UninitializedDataSize
0

File identification
MD5 67892212b8089c08ded176d69a98615f
SHA1 a11f6cbc09c91eb9615b54de5072c0e600628241
SHA256 3908b3e121cb983bc6f3f7ec34aa91798b8f6a713dff4f24ab966072e5a8a734
ssdeep
3072:fIUQ8ykuZsv9k4FiRHpAf2Nc36MzVsP/GdtKP9:E8+ZslfiRHXNcZO/Gd+

authentihash 781b56bad09cb73cdd033a8c604d3491d8ac5efe9552e514083ca4e47e3501ea
imphash fcd8a6644e50e6aef706f7548cb52edb
File size 167.5 KB ( 171520 bytes )
File type Win32 EXE
Magic literal
PE32 executable for MS Windows (GUI) Intel 80386 32-bit

TrID Win32 Executable MS Visual C++ (generic) (42.2%)
Win64 Executable (generic) (37.3%)
Win32 Dynamic Link Library (generic) (8.8%)
Win32 Executable (generic) (6.0%)
Generic Win/DOS Executable (2.7%)
Tags
peexe

VirusTotal metadata
First submission 2016-06-18 22:17:16 UTC ( 2 years, 9 months ago )
Last submission 2016-06-18 22:17:16 UTC ( 2 years, 9 months ago )
No comments. No VirusTotal Community member has commented on this item yet, be the first one to do so!

Leave your comment...

?
Post comment

You have not signed in. Only registered users can leave comments, sign in and have a voice!

No votes. No one has voted on this item yet, be the first one to do so!
Condensed report! The following is a condensed report of the behaviour of the file when executed in a controlled environment. The actions and events described were either performed by the file itself or by any other process launched by the executed file or subjected to code injection by the executed file.
Opened files
Read files
Written files
Deleted files
Created processes
Code injections in the following processes
Created mutexes
Opened mutexes
Opened service managers
Opened services
Runtime DLLs
HTTP requests
DNS requests
TCP connections
UDP communications