× Cookies are disabled! This site requires cookies to be enabled to work properly
SHA256: 3a668522a5c0433f450b2db8debf5b1aa5b9c61e4b8c5f2545f899833f537f39
File name: mscngp.exe
Detection ratio: 48 / 57
Analysis date: 2017-02-09 06:02:02 UTC ( 2 years ago ) View latest
Antivirus Result Update
Ad-Aware Trojan.GenericKD.4077171 20170209
AegisLab Backdoor.W32.Androm!c 20170209
AhnLab-V3 Trojan/Win32.Upbot.C1728532 20170208
ALYac Trojan.GenericKD.4077171 20170209
Arcabit Trojan.Generic.D3E3673 20170209
Avast Win32:Malware-gen 20170209
AVG Generic_r.QNR 20170209
Avira (no cloud) TR/AD.Gamarue.uiehn 20170208
AVware LooksLike.Win32.Crowti.b (v) 20170209
Baidu Win32.Trojan.Kryptik.bck 20170209
BitDefender Trojan.GenericKD.4077171 20170209
Bkav W32.FamVT.RazyNHmA.Trojan 20170208
CAT-QuickHeal Ransom.Blocker.A4 20170209
Comodo TrojWare.Win32.Agent.FJSO 20170209
CrowdStrike Falcon (ML) malicious_confidence_89% (W) 20170130
Cyren W32/S-e2e07e9d!Eldorado 20170209
DrWeb Trojan.Inject1.56622 20170209
Emsisoft Trojan.GenericKD.4077171 (B) 20170209
ESET-NOD32 a variant of Win32/Kryptik.FMHF 20170209
F-Prot W32/S-e2e07e9d!Eldorado 20170209
F-Secure Trojan.GenericKD.4077171 20170209
Fortinet W32/Kryptik.FMHF!tr 20170209
GData Trojan.GenericKD.4077171 20170209
Ikarus Worm.Win32.Kasidet 20170208
Sophos ML trojan.win32.skeeyah.a!rfn 20170203
Jiangmin Backdoor.Androm.mpr 20170209
K7AntiVirus Trojan ( 005017d01 ) 20170208
K7GW Trojan ( 005017d01 ) 20170208
Kaspersky HEUR:Trojan.Win32.Generic 20170209
Malwarebytes Trojan.SelfDelete 20170209
McAfee Trojan-FKQX!1398C1CEE693 20170209
McAfee-GW-Edition Trojan-FKQX!1398C1CEE693 20170209
Microsoft Trojan:MSIL/Upadter.A 20170209
eScan Trojan.GenericKD.4077171 20170209
NANO-Antivirus Trojan.Win32.Androm.ekfcfl 20170208
Panda Trj/GdSda.A 20170208
Qihoo-360 HEUR/QVM09.0.2010.Malware.Gen 20170209
Rising Malware.Obscure/Heur!1.A121-9DcjX1p5jaF (cloud) 20170209
Sophos AV Mal/Generic-S 20170209
SUPERAntiSpyware Trojan.Agent/Gen-Crowti 20170209
Symantec Trojan.Gen 20170208
Tencent Win32.Backdoor.Androm.Dxnc 20170209
TrendMicro TROJ_GEN.R0EAC0DLU16 20170209
TrendMicro-HouseCall TSPY_HPZBOT.SM1 20170209
VIPRE LooksLike.Win32.Crowti.b (v) 20170209
ViRobot Trojan.Win32.Z.Kryptik.203264.BR[h] 20170209
Yandex Backdoor.Androm!wTHgzvSsDuw 20170208
Zillya Backdoor.Androm.Win32.39059 20170208
Alibaba 20170122
Antiy-AVL 20170209
ClamAV 20170209
CMC 20170209
Kingsoft 20170209
nProtect 20170209
TheHacker 20170205
TotalDefense 20170209
Trustlook 20170209
VBA32 20170208
WhiteArmor 20170202
Zoner 20170209
The file being studied is a Portable Executable file! More specifically, it is a Win32 EXE file for the Windows GUI subsystem.
FileVersionInfo properties
Copyright
Copyright (C) 2001 - 2014 Intelligence Agency

Product Intelligence Agency
Original name spy.exe
Internal name Intelligence Agency
File version Intelligence Agency
Description Intelligence Agency
PE header basic information
Target machine Intel 386 or later processors and compatible processors
Compilation timestamp 2016-12-28 10:26:41
Entry Point 0x00003453
Number of sections 4
PE sections
PE imports
RegOpenKeyExA
RegQueryValueExA
RegCloseKey
PropertySheetA
ImageList_Draw
ImageList_GetImageInfo
ImageList_DragEnter
_TrackMouseEvent
GetObjectA
SetBkMode
DeleteObject
DeleteDC
SelectObject
GetStdHandle
GetConsoleOutputCP
GetFileAttributesA
WaitForSingleObject
GetDriveTypeA
HeapDestroy
FreeEnvironmentStringsA
DeleteCriticalSection
GetCurrentProcess
GetConsoleMode
GetLocaleInfoA
lstrcatA
UnhandledExceptionFilter
FreeEnvironmentStringsW
GetLocaleInfoW
SetStdHandle
GetTempPathA
GetCPInfo
GetStringTypeA
WriteFile
GetSystemTimeAsFileTime
HeapReAlloc
GetStringTypeW
SetFileAttributesA
GetExitCodeProcess
MoveFileA
ResumeThread
GetEnvironmentVariableA
LoadResource
FindClose
TlsGetValue
FormatMessageA
OutputDebugStringA
SetLastError
InitializeCriticalSection
IsDebuggerPresent
HeapAlloc
FlushFileBuffers
GetModuleFileNameA
GetPriorityClass
GetSystemDefaultLCID
InterlockedDecrement
MultiByteToWideChar
WritePrivateProfileSectionA
SetFilePointer
CreateThread
TlsSetValue
GetExitCodeThread
SetUnhandledExceptionFilter
MulDiv
GetSystemDirectoryA
MoveFileExA
SetEnvironmentVariableA
TerminateProcess
WriteConsoleA
GlobalAlloc
SetEndOfFile
GetVersion
GetProcAddress
WriteConsoleW
HeapFree
EnterCriticalSection
SetHandleCount
lstrcmpiA
GetOEMCP
QueryPerformanceCounter
GetTickCount
IsBadWritePtr
TlsAlloc
GetVersionExA
LoadLibraryA
RtlUnwind
FreeLibrary
GetStartupInfoA
GetFileSize
CreateDirectoryA
DeleteFileA
GetWindowsDirectoryA
ReadProcessMemory
GlobalLock
VirtualProtectEx
GetProcessHeap
CompareStringW
lstrcmpA
FindFirstFileA
lstrcpyA
InterlockedIncrement
CompareStringA
GetTempFileNameA
FindNextFileA
IsValidLocale
GetUserDefaultLCID
GetTimeZoneInformation
CopyFileA
GetFileType
GetPrivateProfileSectionA
CreateFileA
ExitProcess
LeaveCriticalSection
GetLastError
LCMapStringW
lstrlenA
GlobalFree
GetConsoleCP
LCMapStringA
GetEnvironmentStringsW
GlobalUnlock
IsDBCSLeadByte
RemoveDirectoryA
GetShortPathNameA
GetEnvironmentStrings
WritePrivateProfileStringA
GetCurrentProcessId
LockResource
SetFileTime
GetCurrentDirectoryA
HeapSize
GetCommandLineA
RaiseException
TlsFree
GetModuleHandleA
ReadFile
CloseHandle
lstrcpynA
EnumSystemLocalesA
GetACP
GetCurrentThreadId
GetDiskFreeSpaceA
CreateProcessA
WideCharToMultiByte
IsValidCodePage
HeapCreate
VirtualFree
Sleep
VirtualAlloc
SHGetPathFromIDListA
SHBrowseForFolderA
ShellExecuteA
Number of PE resources by type
RT_STRING 6
RT_RCDATA 1
RT_VERSION 1
RT_MANIFEST 1
Number of PE resources by language
NEUTRAL 8
ENGLISH ARABIC QATAR 1
PE resources
ExifTool file metadata
UninitializedDataSize
0

InitializedDataSize
163328

ImageVersion
0.0

ProductName
Intelligence Agency

FileVersionNumber
6.3.8065.0

LanguageCode
Russian

FileFlagsMask
0x003f

FileDescription
Intelligence Agency

CharacterSet
Unicode

LinkerVersion
9.0

FileTypeExtension
exe

OriginalFileName
spy.exe

MIMEType
application/octet-stream

Subsystem
Windows GUI

FileVersion
Intelligence Agency

TimeStamp
2016:12:28 11:26:41+01:00

FileType
Win32 EXE

PEType
PE32

InternalName
Intelligence Agency

ProductVersion
15, 1, 8, 0

SubsystemVersion
5.0

OSVersion
5.0

FileOS
Win32

LegalCopyright
Copyright (C) 2001 - 2014 Intelligence Agency

MachineType
Intel 386 or later, and compatibles

CompanyName
Intelligence Agency

CodeSize
67072

FileSubtype
0

ProductVersionNumber
6.3.8065.0

EntryPoint
0x3453

ObjectFileType
Executable application

File identification
MD5 1398c1cee693b882e07690b900d0b6ea
SHA1 20bb65cb37275bf43bba5d9ee10c6ec1d15f03fc
SHA256 3a668522a5c0433f450b2db8debf5b1aa5b9c61e4b8c5f2545f899833f537f39
ssdeep
3072:/cKkE4pwPGhK+VnV+7fycGZjTR/sGs4JOBNM4Mqy2gv9PqerBQoefFlZ+ny:UKkNns7fo11st4JaU2gv9PJqo

authentihash a34132c693e15e60ee5acd72c81a04818e0ae3b43dceb5da5f4d807c2463ffe3
imphash 94a170ccc188dd434d99368a9dd39b9d
File size 198.5 KB ( 203264 bytes )
File type Win32 EXE
Magic literal
PE32 executable for MS Windows (GUI) Intel 80386 32-bit

TrID Win32 Executable MS Visual C++ (generic) (41.0%)
Win64 Executable (generic) (36.3%)
Win32 Dynamic Link Library (generic) (8.6%)
Win32 Executable (generic) (5.9%)
OS/2 Executable (generic) (2.6%)
Tags
peexe

VirusTotal metadata
First submission 2017-01-02 01:01:22 UTC ( 2 years, 1 month ago )
Last submission 2018-05-23 14:27:14 UTC ( 9 months ago )
File names msvgbtrdc.exe
msourdt.exe
msozse.exe
spy.exe
mscsemucd.exe
mskmx.exe
mscngp.exe
Intelligence Agency
msrfzjj.exe
No comments. No VirusTotal Community member has commented on this item yet, be the first one to do so!

Leave your comment...

?
Post comment

You have not signed in. Only registered users can leave comments, sign in and have a voice!

No votes. No one has voted on this item yet, be the first one to do so!
Condensed report! The following is a condensed report of the behaviour of the file when executed in a controlled environment. The actions and events described were either performed by the file itself or by any other process launched by the executed file or subjected to code injection by the executed file.
Runtime DLLs