× Cookies are disabled! This site requires cookies to be enabled to work properly
SHA256: 39a9655c4ab3e90dc79f5a3d00add4a2f3a37baabead877d5d3c029f8e4047fc
File name: CooperativeRains+
Detection ratio: 46 / 55
Analysis date: 2016-02-19 06:46:24 UTC ( 5 months ago )
Antivirus Result Update
AVG Generic29.FLD 20160219
AVware Trojan.Win32.Generic.pak!cobra 20160219
Ad-Aware Gen:Variant.Kazy.79782 20160219
AegisLab Troj.Ransom.W32.Birele.vjr!c 20160219
Yandex Trojan.Birele!TnW/HSIn6LE 20160217
AhnLab-V3 Trojan/Win32.Jorik 20160218
Antiy-AVL Trojan[Ransom]/Win32.Birele 20160219
Arcabit Trojan.Kazy.D137A6 20160219
Avira (no cloud) TR/Crypt.ZPACK.Gen 20160219
Baidu-International Trojan.Win32.Ransom.vjr 20160218
BitDefender Gen:Variant.Kazy.79782 20160219
CMC Trojan-Ransom.Win32.Birele!O 20160216
Comodo UnclassifiedMalware 20160219
Cyren W32/Falab.G.gen!Eldorado 20160219
DrWeb Trojan.PWS.Siggen.37539 20160219
ESET-NOD32 a variant of Win32/Kryptik.AHSH 20160219
Emsisoft Gen:Variant.Kazy.79782 (B) 20160219
F-Prot W32/Falab.G.gen!Eldorado 20160219
F-Secure Gen:Variant.Kazy.79782 20160219
Fortinet W32/Kryptik.AHSH!tr 20160218
GData Gen:Variant.Kazy.79782 20160219
Ikarus Trojan-Dropper.Win32.Injector 20160219
Jiangmin Trojan/Birele.bip 20160219
K7AntiVirus Backdoor ( 04c4bc7c1 ) 20160219
K7GW Backdoor ( 04c4bc7c1 ) 20160219
Kaspersky Trojan-Ransom.Win32.Birele.vjr 20160218
Malwarebytes Trojan.Agent.PHEX.Generic 20160219
McAfee Generic PWS.aaf 20160219
McAfee-GW-Edition BehavesLike.Win32.PWSZbot.mh 20160219
eScan Gen:Variant.Kazy.79782 20160219
Microsoft Trojan:Win32/Bulta!rfn 20160219
NANO-Antivirus Trojan.Win32.Birele.dxmczq 20160219
Panda Trj/Genetic.gen 20160218
Qihoo-360 HEUR/QVM20.1.Malware.Gen 20160219
Rising PE:Malware.Generic(Thunder)!1.A1C4 [F] 20160218
Sophos Mal/NecursDrp-A 20160219
Symantec Trojan.Gen 20160218
Tencent Win32.Trojan.Birele.Afhs 20160219
TheHacker Trojan/Kryptik.ahsh 20160217
TrendMicro TROJ_RANSOM.JIR 20160219
TrendMicro-HouseCall TROJ_RANSOM.JIR 20160219
VBA32 Hoax.Birele 20160218
VIPRE Trojan.Win32.Generic.pak!cobra 20160219
ViRobot Trojan.Win32.A.Birele.88576.A[h] 20160219
Zillya Trojan.Birele.Win32.1508 20160218
nProtect Trojan/W32.Agent.88576.PO 20160218
Alibaba 20160219
Avast 20160219
Bkav 20160218
ByteHero 20160219
CAT-QuickHeal 20160219
ClamAV 20160219
SUPERAntiSpyware 20160219
TotalDefense 20160218
Zoner 20160219
The file being studied is a Portable Executable file! More specifically, it is a Win32 EXE file for the Windows GUI subsystem.
FileVersionInfo properties
Copyright
Mandatory Fractions

Product CooperativeRains+
Original name cooperativerains+.exe
Internal name CooperativeRains+
File version 2.3.0
Description CooperativeRains+
PE header basic information
Target machine Intel 386 or later processors and compatible processors
Compilation timestamp 2012-07-01 15:32:08
Entry Point 0x0000CB6B
Number of sections 5
PE sections
PE imports
CreateFontIndirectA
GetTextColor
DeleteObject
SetRectRgn
GetStockObject
HeapAlloc
GetLastError
GetStartupInfoA
GetDateFormatA
GetEnvironmentStrings
EnterCriticalSection
GetPrivateProfileStringA
CompareStringA
InitializeCriticalSection
HeapCreate
DeleteCriticalSection
FreeLibrary
HeapDestroy
GetTickCount
GetThreadLocale
HeapFree
LoadLibraryA
GetProcAddress
LeaveCriticalSection
GetMessageA
CreateWindowExA
LoadCursorA
LoadIconA
UpdateWindow
DispatchMessageA
RegisterClassExW
TranslateMessage
IsWindowVisible
SetWindowTextA
ShowWindow
BeginPaint
IsWindow
EndPaint
Number of PE resources by type
RT_ICON 2
RT_VERSION 1
RT_GROUP_ICON 1
Number of PE resources by language
ENGLISH US 4
ExifTool file metadata
SubsystemVersion
5.1

LinkerVersion
10.0

ImageVersion
0.0

FileSubtype
0

FileVersionNumber
2.3.0.16176

UninitializedDataSize
0

LanguageCode
English (British)

FileFlagsMask
0x0000

CharacterSet
Unicode

InitializedDataSize
75776

EntryPoint
0xcb6b

OriginalFileName
cooperativerains+.exe

MIMEType
application/octet-stream

LegalCopyright
Mandatory Fractions

FileVersion
2.3.0

TimeStamp
2012:07:01 16:32:08+01:00

FileType
Win32 EXE

PEType
PE32

InternalName
CooperativeRains+

ProductVersion
2.3.0

FileDescription
CooperativeRains+

OSVersion
5.1

FileOS
Win32

Subsystem
Windows GUI

MachineType
Intel 386 or later, and compatibles

CompanyName
Mandatory Fractions

CodeSize
67072

ProductName
CooperativeRains+

ProductVersionNumber
2.3.0.0

FileTypeExtension
exe

ObjectFileType
Executable application

PCAP parents
File identification
MD5 770cc2e2a184eaad0d79716f0baf9e48
SHA1 d7b1a9c7a0b2cd40f3ffedbb17e91827a410593d
SHA256 39a9655c4ab3e90dc79f5a3d00add4a2f3a37baabead877d5d3c029f8e4047fc
ssdeep
1536:DVIWGnI8/Szlh7pR8DkiYVEgk0il7Qs1inQrfNFG8bGq:D/G3qzlhVR8DkR6l3fNFVGq

authentihash 49b17fbc67eb7d48417f1aa82e0d6db3c8a2c8f4f3d9d9f74d030741228ac526
imphash 55629ab8d56d48a0f590ed25ce3e2910
File size 86.5 KB ( 88576 bytes )
File type Win32 EXE
Magic literal
PE32 executable for MS Windows (GUI) Intel 80386 32-bit

TrID Win32 Dynamic Link Library (generic) (43.5%)
Win32 Executable (generic) (29.8%)
Generic Win/DOS Executable (13.2%)
DOS Executable Generic (13.2%)
Tags
peexe

VirusTotal metadata
First submission 2012-07-01 21:45:17 UTC ( 4 years ago )
Last submission 2015-10-01 14:05:37 UTC ( 9 months, 3 weeks ago )
File names about.exe
d7b1a9c7a0b2cd40f3ffedbb17e91827a410593d.exe
cooperativerains+.exe
w.php
"calc.exe"
efaf1ffd591478732401c52d8c87b4b2
CooperativeRains+
770cc2e2a184eaad0d79716f0baf9e48.exe
"readme.exe"
"info.exe"
"about.exe"
39a9655c4ab3e90dc79f5a3d00add4a2f3a37baabead877d5d3c029f8e4047fc.bin
5264 02.07.2012 00.13.35.207
cooperativerains_.exe
770cc2e2a184eaad0d79716f0baf9e48
calc[1].exe
CooperativeRains_
39a9655c4ab3e90dc79f5a3d00add4a2f3a37baabead877d5d3c029f8e4047fc
2c5819f.exe
Advanced heuristic and reputation engines
Symantec reputation Suspicious.Insight
No comments. No VirusTotal Community member has commented on this item yet, be the first one to do so!

Leave your comment...

?
Post comment

You have not signed in. Only registered users can leave comments, sign in and have a voice!

No votes. No one has voted on this item yet, be the first one to do so!