× Cookies are disabled! This site requires cookies to be enabled to work properly
SHA256: 39a9655c4ab3e90dc79f5a3d00add4a2f3a37baabead877d5d3c029f8e4047fc
File name: d7b1a9c7a0b2cd40f3ffedbb17e91827a410593d.exe
Detection ratio: 37 / 44
Analysis date: 2013-10-30 20:01:32 UTC ( 5 months, 3 weeks ago )
Antivirus Result Update
AVG Generic29.FLD 20131030
Agnitum Trojan.Birele!TnW/HSIn6LE 20131030
AntiVir TR/Crypt.ZPACK.Gen 20131030
Avast Win32:Malware-gen 20131030
Baidu-International Trojan.Win32.Kryptik.aGJA 20131030
BitDefender Trojan.Generic.KDV.663698 20131030
CAT-QuickHeal PACKER_UPX.TrojanRansom.Birel 20131030
Commtouch W32/Falab.G.gen!Eldorado 20131030
Comodo UnclassifiedMalware 20131030
DrWeb Trojan.PWS.Siggen.37539 20131030
ESET-NOD32 a variant of Win32/Kryptik.AHSH 20131030
Emsisoft Trojan.Generic.KDV.663698 (B) 20131030
F-Prot W32/Falab.G.gen!Eldorado 20131030
F-Secure Trojan.Generic.KDV.663698 20131030
Fortinet W32/Kryptik.AHSH!tr 20131030
GData Trojan.Generic.KDV.663698 20131030
Ikarus Trojan-Dropper.Win32.Injector 20131030
Jiangmin Trojan/Birele.brt 20131030
K7AntiVirus Trojan 20131030
K7GW Backdoor 20131030
Kaspersky Trojan-Ransom.Win32.Birele.vjr 20131030
Kingsoft Win32.Troj.Undef.(kcloud) 20130829
Malwarebytes Trojan.Phex.THAGen3 20131030
McAfee Generic PWS.aaf 20131030
McAfee-GW-Edition Generic PWS.aaf 20131030
MicroWorld-eScan Trojan.Generic.KDV.663698 20131028
Microsoft PWS:Win32/Fareit.gen!C 20131030
Norman Troj_Generic.CRYTK 20131030
Panda Trj/Genetic.gen 20131030
Sophos Mal/NecursDrp-A 20131030
TheHacker Trojan/Kryptik.ahsh 20131029
TrendMicro TROJ_GEN.FFFEZG9 20131030
TrendMicro-HouseCall TROJ_GEN.FFFEZG9 20131030
VBA32 Hoax.Birele 20131030
VIPRE Trojan.Win32.Generic.pak!cobra 20131030
ViRobot Trojan.Win32.A.Birele.88576.A 20131030
nProtect Trojan/W32.Agent.88576.PO 20131030
AhnLab-V3 20131030
Antiy-AVL 20131030
Bkav 20131030
ByteHero 20131028
ClamAV 20131030
NANO-Antivirus 20131030
Rising 20131029
SUPERAntiSpyware 20131030
Symantec 20131030
TotalDefense 20131029
The file being studied is a Portable Executable file! More specifically, it is a Win32 EXE file for the Windows GUI subsystem.
Authenticode signature block
Copyright
Mandatory Fractions

Publisher Mandatory Fractions
Product CooperativeRains+
Original name cooperativerains+.exe
Internal name CooperativeRains+
File version 2.3.0
Description CooperativeRains+
PE header basic information
Target machine Intel 386 or later processors and compatible processors
Compilation timestamp 2012-07-01 15:32:08
Entry Point 0x0000CB6B
Number of sections 5
PE sections
PE imports
CreateFontIndirectA
GetTextColor
DeleteObject
SetRectRgn
GetStockObject
HeapAlloc
GetLastError
GetStartupInfoA
GetDateFormatA
GetEnvironmentStrings
EnterCriticalSection
GetPrivateProfileStringA
CompareStringA
InitializeCriticalSection
HeapCreate
DeleteCriticalSection
FreeLibrary
HeapDestroy
GetTickCount
GetThreadLocale
HeapFree
LoadLibraryA
GetProcAddress
LeaveCriticalSection
GetMessageA
CreateWindowExA
LoadCursorA
LoadIconA
UpdateWindow
DispatchMessageA
RegisterClassExW
TranslateMessage
IsWindowVisible
SetWindowTextA
ShowWindow
BeginPaint
IsWindow
EndPaint
Number of PE resources by type
RT_ICON 2
RT_VERSION 1
RT_GROUP_ICON 1
Number of PE resources by language
ENGLISH US 4
ExifTool file metadata
SubsystemVersion
5.1

InitializedDataSize
75776

ImageVersion
0.0

ProductName
CooperativeRains+

FileVersionNumber
2.3.0.16176

UninitializedDataSize
0

LanguageCode
English (British)

FileFlagsMask
0x0000

CharacterSet
Unicode

LinkerVersion
10.0

FileOS
Win32

MIMEType
application/octet-stream

Subsystem
Windows GUI

FileVersion
2.3.0

TimeStamp
2012:07:01 16:32:08+01:00

FileType
Win32 EXE

PEType
PE32

InternalName
CooperativeRains+

ProductVersion
2.3.0

FileDescription
CooperativeRains+

OSVersion
5.1

OriginalFilename
cooperativerains+.exe

LegalCopyright
Mandatory Fractions

MachineType
Intel 386 or later, and compatibles

CompanyName
Mandatory Fractions

CodeSize
67072

FileSubtype
0

ProductVersionNumber
2.3.0.0

EntryPoint
0xcb6b

ObjectFileType
Executable application

PCAP parents
File identification
MD5 770cc2e2a184eaad0d79716f0baf9e48
SHA1 d7b1a9c7a0b2cd40f3ffedbb17e91827a410593d
SHA256 39a9655c4ab3e90dc79f5a3d00add4a2f3a37baabead877d5d3c029f8e4047fc
ssdeep
1536:DVIWGnI8/Szlh7pR8DkiYVEgk0il7Qs1inQrfNFG8bGq:D/G3qzlhVR8DkR6l3fNFVGq

File size 86.5 KB ( 88576 bytes )
File type Win32 EXE
Magic literal
PE32 executable for MS Windows (GUI) Intel 80386 32-bit

TrID Win32 Dynamic Link Library (generic) (43.5%)
Win32 Executable (generic) (29.8%)
Generic Win/DOS Executable (13.2%)
DOS Executable Generic (13.2%)
Autodesk FLIC Image File (extensions: flc, fli, cel) (0.0%)
Tags
peexe

VirusTotal metadata
First submission 2012-07-01 21:45:17 UTC ( 1 year, 9 months ago )
Last submission 2013-10-30 20:01:32 UTC ( 5 months, 3 weeks ago )
File names about.exe
d7b1a9c7a0b2cd40f3ffedbb17e91827a410593d.exe
cooperativerains+.exe
w.php
"calc.exe"
efaf1ffd591478732401c52d8c87b4b2
CooperativeRains+
770cc2e2a184eaad0d79716f0baf9e48.exe
"readme.exe"
"info.exe"
"about.exe"
39a9655c4ab3e90dc79f5a3d00add4a2f3a37baabead877d5d3c029f8e4047fc.bin
5264 02.07.2012 00.13.35.207
cooperativerains_.exe
770cc2e2a184eaad0d79716f0baf9e48
calc[1].exe
CooperativeRains_
39a9655c4ab3e90dc79f5a3d00add4a2f3a37baabead877d5d3c029f8e4047fc
2c5819f.exe
Advanced heuristic and reputation engines
Symantec reputation Suspicious.Insight
No comments. No VirusTotal Community member has commented on this item yet, be the first one to do so!

Leave your comment...

?
Post comment

You have not signed in. Only registered users can leave comments, sign in and have a voice!

No votes. No one has voted on this item yet, be the first one to do so!