× Cookies are disabled! This site requires cookies to be enabled to work properly
SHA256: 39a9655c4ab3e90dc79f5a3d00add4a2f3a37baabead877d5d3c029f8e4047fc
File name: CooperativeRains+
Detection ratio: 44 / 53
Analysis date: 2016-01-01 12:21:35 UTC ( 1 month, 1 week ago )
Antivirus Result Update
AVG Generic29.FLD 20160101
AVware Trojan.Win32.Generic.pak!cobra 20160101
Ad-Aware Gen:Variant.Kazy.79782 20151224
Agnitum Trojan.Birele!TnW/HSIn6LE 20151231
AhnLab-V3 Trojan/Win32.Jorik 20160101
Antiy-AVL Trojan[Ransom]/Win32.Birele 20160101
Arcabit Trojan.Kazy.D137A6 20160101
Avast Win32:Malware-gen 20160101
Baidu-International Trojan.Win32.Ransom.vjr 20160101
BitDefender Gen:Variant.Kazy.79782 20160101
CMC Trojan-Ransom.Win32.Birele!O 20151231
Comodo UnclassifiedMalware 20160101
Cyren W32/Falab.G.gen!Eldorado 20160101
DrWeb Trojan.PWS.Siggen.37539 20160101
ESET-NOD32 a variant of Win32/Kryptik.AHSH 20151231
Emsisoft Gen:Variant.Kazy.79782 (B) 20160101
F-Prot W32/Falab.G.gen!Eldorado 20160101
F-Secure Gen:Variant.Kazy.79782 20160101
Fortinet W32/Kryptik.AHSH!tr 20160101
GData Gen:Variant.Kazy.79782 20160101
Ikarus Trojan-PSW.Win32.Tepfer 20151231
Jiangmin Trojan/Birele.bip 20160101
K7AntiVirus Backdoor ( 04c4bc7c1 ) 20160101
K7GW Backdoor ( 04c4bc7c1 ) 20160101
Kaspersky Trojan-Ransom.Win32.Birele.vjr 20160101
Malwarebytes Trojan.Phex.THAGen3 20160101
McAfee Generic PWS.aaf 20160101
McAfee-GW-Edition BehavesLike.Win32.PWSZbot.mh 20160101
MicroWorld-eScan Gen:Variant.Kazy.79782 20160101
Microsoft Trojan:Win32/Bulta!rfn 20160101
NANO-Antivirus Trojan.Win32.Birele.dxmczq 20160101
Panda Trj/Genetic.gen 20160101
Rising PE:Malware.Generic(Thunder)!1.A1C4 [F] 20160101
Sophos Mal/NecursDrp-A 20160101
Symantec Trojan.Gen 20151231
Tencent Win32.Trojan.Birele.Afhs 20160101
TheHacker Trojan/Kryptik.ahsh 20151231
TrendMicro TROJ_RANSOM.JIR 20160101
TrendMicro-HouseCall TROJ_RANSOM.JIR 20160101
VBA32 Hoax.Birele 20151231
VIPRE Trojan.Win32.Generic.pak!cobra 20160101
ViRobot Trojan.Win32.A.Birele.88576.A[h] 20160101
Zillya Trojan.Birele.Win32.1508 20151231
nProtect Trojan/W32.Agent.88576.PO 20151231
AegisLab 20160101
Alibaba 20151208
Bkav 20151231
ByteHero 20160101
CAT-QuickHeal 20160101
ClamAV 20160101
SUPERAntiSpyware 20160101
TotalDefense 20160101
Zoner 20160101
The file being studied is a Portable Executable file! More specifically, it is a Win32 EXE file for the Windows GUI subsystem.
FileVersionInfo properties
Copyright
Mandatory Fractions

Product CooperativeRains+
Original name cooperativerains+.exe
Internal name CooperativeRains+
File version 2.3.0
Description CooperativeRains+
PE header basic information
Target machine Intel 386 or later processors and compatible processors
Compilation timestamp 2012-07-01 15:32:08
Link date 4:32 PM 7/1/2012
Entry Point 0x0000CB6B
Number of sections 5
PE sections
PE imports
CreateFontIndirectA
GetTextColor
DeleteObject
SetRectRgn
GetStockObject
HeapAlloc
GetLastError
GetStartupInfoA
GetDateFormatA
GetEnvironmentStrings
EnterCriticalSection
GetPrivateProfileStringA
CompareStringA
InitializeCriticalSection
HeapCreate
DeleteCriticalSection
FreeLibrary
HeapDestroy
GetTickCount
GetThreadLocale
HeapFree
LoadLibraryA
GetProcAddress
LeaveCriticalSection
GetMessageA
CreateWindowExA
LoadCursorA
LoadIconA
UpdateWindow
DispatchMessageA
RegisterClassExW
TranslateMessage
IsWindowVisible
SetWindowTextA
ShowWindow
BeginPaint
IsWindow
EndPaint
Number of PE resources by type
RT_ICON 2
RT_VERSION 1
RT_GROUP_ICON 1
Number of PE resources by language
ENGLISH US 4
ExifTool file metadata
SubsystemVersion
5.1

LinkerVersion
10.0

ImageVersion
0.0

FileSubtype
0

FileVersionNumber
2.3.0.16176

UninitializedDataSize
0

LanguageCode
English (British)

FileFlagsMask
0x0000

CharacterSet
Unicode

InitializedDataSize
75776

EntryPoint
0xcb6b

OriginalFileName
cooperativerains+.exe

MIMEType
application/octet-stream

LegalCopyright
Mandatory Fractions

FileVersion
2.3.0

TimeStamp
2012:07:01 16:32:08+01:00

FileType
Win32 EXE

PEType
PE32

InternalName
CooperativeRains+

ProductVersion
2.3.0

FileDescription
CooperativeRains+

OSVersion
5.1

FileOS
Win32

Subsystem
Windows GUI

MachineType
Intel 386 or later, and compatibles

CompanyName
Mandatory Fractions

CodeSize
67072

ProductName
CooperativeRains+

ProductVersionNumber
2.3.0.0

FileTypeExtension
exe

ObjectFileType
Executable application

PCAP parents
File identification
MD5 770cc2e2a184eaad0d79716f0baf9e48
SHA1 d7b1a9c7a0b2cd40f3ffedbb17e91827a410593d
SHA256 39a9655c4ab3e90dc79f5a3d00add4a2f3a37baabead877d5d3c029f8e4047fc
ssdeep
1536:DVIWGnI8/Szlh7pR8DkiYVEgk0il7Qs1inQrfNFG8bGq:D/G3qzlhVR8DkR6l3fNFVGq

authentihash 49b17fbc67eb7d48417f1aa82e0d6db3c8a2c8f4f3d9d9f74d030741228ac526
imphash 55629ab8d56d48a0f590ed25ce3e2910
File size 86.5 KB ( 88576 bytes )
File type Win32 EXE
Magic literal
PE32 executable for MS Windows (GUI) Intel 80386 32-bit

TrID Win32 Dynamic Link Library (generic) (43.5%)
Win32 Executable (generic) (29.8%)
Generic Win/DOS Executable (13.2%)
DOS Executable Generic (13.2%)
Tags
peexe

VirusTotal metadata
First submission 2012-07-01 21:45:17 UTC ( 3 years, 7 months ago )
Last submission 2015-10-01 14:05:37 UTC ( 4 months, 2 weeks ago )
File names about.exe
d7b1a9c7a0b2cd40f3ffedbb17e91827a410593d.exe
cooperativerains+.exe
w.php
"calc.exe"
efaf1ffd591478732401c52d8c87b4b2
CooperativeRains+
770cc2e2a184eaad0d79716f0baf9e48.exe
"readme.exe"
"info.exe"
"about.exe"
39a9655c4ab3e90dc79f5a3d00add4a2f3a37baabead877d5d3c029f8e4047fc.bin
5264 02.07.2012 00.13.35.207
cooperativerains_.exe
770cc2e2a184eaad0d79716f0baf9e48
calc[1].exe
CooperativeRains_
39a9655c4ab3e90dc79f5a3d00add4a2f3a37baabead877d5d3c029f8e4047fc
2c5819f.exe
Advanced heuristic and reputation engines
Symantec reputation Suspicious.Insight
No comments. No VirusTotal Community member has commented on this item yet, be the first one to do so!

Leave your comment...

?
Post comment

You have not signed in. Only registered users can leave comments, sign in and have a voice!

No votes. No one has voted on this item yet, be the first one to do so!