× Cookies are disabled! This site requires cookies to be enabled to work properly
SHA256: 39a9655c4ab3e90dc79f5a3d00add4a2f3a37baabead877d5d3c029f8e4047fc
File name: CooperativeRains+
Detection ratio: 46 / 56
Analysis date: 2014-12-19 12:00:34 UTC ( 3 months, 1 week ago )
Antivirus Result Update
ALYac Gen:Variant.Kazy.79782 20141219
AVG Generic29.FLD 20141219
AVware Trojan.Win32.Generic.pak!cobra 20141219
Ad-Aware Gen:Variant.Kazy.79782 20141219
Agnitum Trojan.Birele!TnW/HSIn6LE 20141217
AhnLab-V3 Trojan/Win32.Jorik 20141218
Antiy-AVL Trojan[Ransom]/Win32.Birele 20141219
Avast Win32:Malware-gen 20141219
Avira TR/Crypt.ZPACK.Gen 20141219
Baidu-International Trojan.Win32.Ransom.alRB 20141219
BitDefender Gen:Variant.Kazy.79782 20141219
CMC Trojan-Ransom.Win32.Birele!O 20141218
Comodo UnclassifiedMalware 20141219
Cyren W32/Falab.G.gen!Eldorado 20141219
DrWeb Trojan.PWS.Siggen.37539 20141219
ESET-NOD32 a variant of Win32/Kryptik.AHSH 20141219
Emsisoft Gen:Variant.Kazy.79782 (B) 20141219
F-Prot W32/Falab.G.gen!Eldorado 20141219
F-Secure Gen:Variant.Kazy.79782 20141219
Fortinet W32/Kryptik.AHSH!tr 20141219
GData Gen:Variant.Kazy.79782 20141219
Ikarus Trojan-PSW.Win32.Tepfer 20141219
Jiangmin Trojan/Birele.brt 20141218
K7AntiVirus Backdoor ( 04c4bc7c1 ) 20141218
K7GW Backdoor ( 04c4bc7c1 ) 20141219
Kaspersky Trojan-Ransom.Win32.Birele.vjr 20141219
Kingsoft Win32.Troj.Undef.(kcloud) 20141219
Malwarebytes Trojan.Phex.THAGen3 20141219
McAfee Generic PWS.aaf 20141219
McAfee-GW-Edition BehavesLike.Win32.PWSZbot.mh 20141218
MicroWorld-eScan Gen:Variant.Kazy.79782 20141219
Microsoft PWS:Win32/Fareit 20141219
Norman Troj_Generic.CRYTK 20141219
Panda Trj/Genetic.gen 20141219
Qihoo-360 HEUR/QVM20.1.Malware.Gen 20141219
Sophos Mal/NecursDrp-A 20141219
Symantec Trojan.Gen 20141219
Tencent Win32.Trojan.Birele.Afhs 20141219
TheHacker Trojan/Kryptik.ahsh 20141219
TrendMicro TROJ_RANSOM.JIR 20141219
TrendMicro-HouseCall TROJ_RANSOM.JIR 20141219
VBA32 Hoax.Birele 20141219
VIPRE Trojan.Win32.Generic.pak!cobra 20141219
ViRobot Trojan.Win32.A.Birele.88576.A[h] 20141219
Zillya Trojan.Birele.Win32.1508 20141219
nProtect Trojan/W32.Agent.88576.PO 20141219
AegisLab 20141219
Bkav 20141219
ByteHero 20141219
CAT-QuickHeal 20141219
ClamAV 20141219
NANO-Antivirus 20141219
Rising 20141218
SUPERAntiSpyware 20141219
TotalDefense 20141219
Zoner 20141219
The file being studied is a Portable Executable file! More specifically, it is a Win32 EXE file for the Windows GUI subsystem.
Developer metadata
Copyright
Mandatory Fractions

Publisher Mandatory Fractions
Product CooperativeRains+
Original name cooperativerains+.exe
Internal name CooperativeRains+
File version 2.3.0
Description CooperativeRains+
PE header basic information
Target machine Intel 386 or later processors and compatible processors
Compilation timestamp 2012-07-01 15:32:08
Link date 4:32 PM 7/1/2012
Entry Point 0x0000CB6B
Number of sections 5
PE sections
PE imports
CreateFontIndirectA
GetTextColor
DeleteObject
SetRectRgn
GetStockObject
HeapAlloc
GetLastError
GetStartupInfoA
GetDateFormatA
GetEnvironmentStrings
EnterCriticalSection
GetPrivateProfileStringA
CompareStringA
InitializeCriticalSection
HeapCreate
DeleteCriticalSection
FreeLibrary
HeapDestroy
GetTickCount
GetThreadLocale
HeapFree
LoadLibraryA
GetProcAddress
LeaveCriticalSection
GetMessageA
CreateWindowExA
LoadCursorA
LoadIconA
UpdateWindow
DispatchMessageA
RegisterClassExW
TranslateMessage
IsWindowVisible
SetWindowTextA
ShowWindow
BeginPaint
IsWindow
EndPaint
Number of PE resources by type
RT_ICON 2
RT_VERSION 1
RT_GROUP_ICON 1
Number of PE resources by language
ENGLISH US 4
ExifTool file metadata
SubsystemVersion
5.1

LinkerVersion
10.0

ImageVersion
0.0

FileSubtype
0

FileVersionNumber
2.3.0.16176

UninitializedDataSize
0

LanguageCode
English (British)

FileFlagsMask
0x0000

CharacterSet
Unicode

InitializedDataSize
75776

FileOS
Win32

MIMEType
application/octet-stream

LegalCopyright
Mandatory Fractions

FileVersion
2.3.0

TimeStamp
2012:07:01 16:32:08+01:00

FileType
Win32 EXE

PEType
PE32

InternalName
CooperativeRains+

FileAccessDate
2014:12:19 13:15:42+01:00

ProductVersion
2.3.0

FileDescription
CooperativeRains+

OSVersion
5.1

FileCreateDate
2014:12:19 13:15:42+01:00

OriginalFilename
cooperativerains+.exe

Subsystem
Windows GUI

MachineType
Intel 386 or later, and compatibles

CompanyName
Mandatory Fractions

CodeSize
67072

ProductName
CooperativeRains+

ProductVersionNumber
2.3.0.0

EntryPoint
0xcb6b

ObjectFileType
Executable application

PCAP parents
File identification
MD5 770cc2e2a184eaad0d79716f0baf9e48
SHA1 d7b1a9c7a0b2cd40f3ffedbb17e91827a410593d
SHA256 39a9655c4ab3e90dc79f5a3d00add4a2f3a37baabead877d5d3c029f8e4047fc
ssdeep
1536:DVIWGnI8/Szlh7pR8DkiYVEgk0il7Qs1inQrfNFG8bGq:D/G3qzlhVR8DkR6l3fNFVGq

authentihash 49b17fbc67eb7d48417f1aa82e0d6db3c8a2c8f4f3d9d9f74d030741228ac526
imphash 55629ab8d56d48a0f590ed25ce3e2910
File size 86.5 KB ( 88576 bytes )
File type Win32 EXE
Magic literal
PE32 executable for MS Windows (GUI) Intel 80386 32-bit

TrID Win32 Dynamic Link Library (generic) (43.5%)
Win32 Executable (generic) (29.8%)
Generic Win/DOS Executable (13.2%)
DOS Executable Generic (13.2%)
Autodesk FLIC Image File (extensions: flc, fli, cel) (0.0%)
Tags
peexe

VirusTotal metadata
First submission 2012-07-01 21:45:17 UTC ( 2 years, 9 months ago )
Last submission 2013-10-30 20:01:32 UTC ( 1 year, 5 months ago )
File names about.exe
d7b1a9c7a0b2cd40f3ffedbb17e91827a410593d.exe
cooperativerains+.exe
w.php
"calc.exe"
efaf1ffd591478732401c52d8c87b4b2
CooperativeRains+
770cc2e2a184eaad0d79716f0baf9e48.exe
"readme.exe"
"info.exe"
"about.exe"
39a9655c4ab3e90dc79f5a3d00add4a2f3a37baabead877d5d3c029f8e4047fc.bin
5264 02.07.2012 00.13.35.207
cooperativerains_.exe
770cc2e2a184eaad0d79716f0baf9e48
calc[1].exe
CooperativeRains_
39a9655c4ab3e90dc79f5a3d00add4a2f3a37baabead877d5d3c029f8e4047fc
2c5819f.exe
Advanced heuristic and reputation engines
Symantec reputation Suspicious.Insight
No comments. No VirusTotal Community member has commented on this item yet, be the first one to do so!

Leave your comment...

?
Post comment

You have not signed in. Only registered users can leave comments, sign in and have a voice!

No votes. No one has voted on this item yet, be the first one to do so!