× Cookies are disabled! This site requires cookies to be enabled to work properly
SHA256: 3a9283ab360dc54977102a2b6103c115b064ded8d5631e3feab3d5ce482a4550
File name: vpn.exe
Detection ratio: 34 / 56
Analysis date: 2016-10-27 13:48:25 UTC ( 2 years, 1 month ago ) View latest
Antivirus Result Update
AegisLab Troj.Spy.W32!c 20161027
AhnLab-V3 Spyware/Win32.Generic.C975764 20161027
Avast Win32:Malware-gen 20161027
Avira (no cloud) TR/Spy.Agent.150573 20161027
AVware Trojan.Win32.Generic!BT 20161027
Bkav W32.Clodb7a.Trojan.f86e 20161027
CAT-QuickHeal Trojan.Skeeyah 20161027
Comodo UnclassifiedMalware 20161027
CrowdStrike Falcon (ML) malicious_confidence_98% (W) 20160725
Cyren W32/Trojan.RLLE-1605 20161027
DrWeb Trojan.DownLoader14.59155 20161027
ESET-NOD32 Win32/TrojanDropper.Agent.RDN 20161027
F-Prot W32/Trojan5.MTP 20161027
Fortinet W32/Teamspy.AA!tr 20161027
Ikarus Trojan-Spy.Win32.Teamspy 20161027
Sophos ML virus.win32.sality.at 20161018
Jiangmin TrojanSpy.Teamspy.h 20161027
K7AntiVirus Riskware ( 0040eff71 ) 20161025
K7GW Riskware ( 0040eff71 ) 20161027
Kaspersky Trojan-Spy.Win32.Teamspy.aa 20161027
Malwarebytes Backdoor.Agent 20161027
McAfee Artemis!694F241B7BEA 20161027
McAfee-GW-Edition BehavesLike.Win32.MPlug.cc 20161027
Microsoft Trojan:Win32/Skeeyah.A!bit 20161027
NANO-Antivirus Trojan.Win32.Teamspy.dvikri 20161027
Panda Trj/CI.A 20161026
Qihoo-360 HEUR/QVM41.2.Malware.Gen 20161027
Sophos AV Mal/Generic-S 20161027
Symantec Heur.AdvML.B 20161027
Tencent Win32.Trojan-spy.Teamspy.Woqh 20161027
TrendMicro-HouseCall TROJ_GEN.R047H0CJ716 20161027
VBA32 Trojan.Backdoor.1481A 20161027
VIPRE Trojan.Win32.Generic!BT 20161027
Yandex TrojanSpy.Teamspy!WfvEnYo5VNQ 20161026
Ad-Aware 20161027
Alibaba 20161027
ALYac 20161027
Antiy-AVL 20161027
Arcabit 20161027
AVG 20161027
Baidu 20161027
BitDefender 20161027
ClamAV 20161027
CMC 20161027
Emsisoft 20161027
F-Secure 20161027
GData 20161027
Kingsoft 20161027
eScan 20161027
nProtect 20161027
Rising 20161027
SUPERAntiSpyware 20161027
TheHacker 20161025
TotalDefense 20161027
TrendMicro 20161027
ViRobot 20161027
Zillya 20161027
Zoner 20161027
The file being studied is a Portable Executable file! More specifically, it is a Win32 EXE file for the Windows GUI subsystem.
Packers identified
F-PROT ZIP
PE header basic information
Target machine Intel 386 or later processors and compatible processors
Compilation timestamp 2015-07-07 07:55:50
Entry Point 0x000059E8
Number of sections 4
PE sections
Overlays
MD5 0b739d54f45e2de64760fc0d6631068e
File type data
Offset 61952
Size 88621
Entropy 7.99
PE imports
GetLastError
IsValidCodePage
HeapFree
GetStdHandle
SystemTimeToFileTime
LCMapStringW
HeapCreate
GetModuleFileNameW
WaitForSingleObject
GetOEMCP
QueryPerformanceCounter
IsDebuggerPresent
GetTickCount
TlsAlloc
GetEnvironmentStringsW
GetFileAttributesW
RtlUnwind
GetModuleFileNameA
IsProcessorFeaturePresent
HeapSetInformation
GetCurrentProcess
EnterCriticalSection
GetCurrentDirectoryW
RtlZeroMemory
DecodePointer
GetFileSize
SetHandleCount
UnhandledExceptionFilter
SetFileTime
GetCPInfo
ExitProcess
TlsGetValue
MultiByteToWideChar
GetStartupInfoW
FreeEnvironmentStringsW
CreateDirectoryW
DeleteFileW
GetProcAddress
EncodePointer
HeapSize
GetTempFileNameW
CreateFileMappingW
ExpandEnvironmentStringsW
RaiseException
WideCharToMultiByte
MapViewOfFile
TlsFree
SetFilePointer
DeleteCriticalSection
ReadFile
GetCurrentProcessId
SetUnhandledExceptionFilter
WriteFile
CloseHandle
GetSystemTimeAsFileTime
GetCommandLineA
GetACP
HeapReAlloc
GetStringTypeW
GetModuleHandleW
TerminateProcess
LoadLibraryW
SetCurrentDirectoryW
UnmapViewOfFile
GetTempPathW
CreateFileW
CreateProcessW
LocalFileTimeToFileTime
InterlockedDecrement
Sleep
GetFileType
SetFileAttributesW
TlsSetValue
HeapAlloc
GetCurrentThreadId
LeaveCriticalSection
InitializeCriticalSectionAndSpinCount
SetLastError
InterlockedIncrement
Ord(165)
PathAddBackslashW
wsprintfW
Number of PE resources by type
RT_MANIFEST 1
Number of PE resources by language
NEUTRAL 1
PE resources
ExifTool file metadata
MIMEType
application/octet-stream

Subsystem
Windows GUI

MachineType
Intel 386 or later, and compatibles

FileTypeExtension
exe

TimeStamp
2015:07:07 08:55:50+01:00

FileType
Win32 EXE

PEType
PE32

CodeSize
36864

LinkerVersion
10.0

ImageFileCharacteristics
No relocs, Executable, 32-bit

EntryPoint
0x59e8

InitializedDataSize
27648

SubsystemVersion
5.0

ImageVersion
0.0

OSVersion
5.0

UninitializedDataSize
0

File identification
MD5 694f241b7beaf7c8c7524fb80e442d41
SHA1 69a987bfcad3143c03f2d11f6e5833627f76b094
SHA256 3a9283ab360dc54977102a2b6103c115b064ded8d5631e3feab3d5ce482a4550
ssdeep
3072:OijxWoq7ZwuKuuirlk3ydB92xKituRjNsgzNjdDebWsHA:Oicoq7Z8uuNaB92uRjNsQbebWsHA

authentihash 6c19575d78095ababe65860907463724a0250541289894b873f4c5ae23fb75b7
imphash be7e6bb41981a44f33f2992b581cea0b
File size 147.0 KB ( 150573 bytes )
File type Win32 EXE
Magic literal
PE32 executable for MS Windows (GUI) Intel 80386 32-bit

TrID Win32 Executable MS Visual C++ (generic) (41.0%)
Win64 Executable (generic) (36.3%)
Win32 Dynamic Link Library (generic) (8.6%)
Win32 Executable (generic) (5.9%)
OS/2 Executable (generic) (2.6%)
Tags
peexe overlay

VirusTotal metadata
First submission 2015-08-04 13:58:00 UTC ( 3 years, 4 months ago )
Last submission 2018-10-04 02:12:15 UTC ( 2 months, 1 week ago )
File names HTTP-Fs964H2F7Dpb8KAY06.exe
vpn.exe
vpn.exe
vpn_1.exe
vpn.exe
vpn.exe
vpn.exe
3a9283ab360dc54977102a2b6103c115b064ded8d5631e3feab3d5ce482a4550
vpn.exe
vpn.ex
Advanced heuristic and reputation engines
TrendMicro-HouseCall
TrendMicro's heuristic engine has flagged this file as: TROJ_GEN.R011C0PHL15.

Symantec reputation Suspicious.Insight
No comments. No VirusTotal Community member has commented on this item yet, be the first one to do so!

Leave your comment...

?
Post comment

You have not signed in. Only registered users can leave comments, sign in and have a voice!

No votes. No one has voted on this item yet, be the first one to do so!
Condensed report! The following is a condensed report of the behaviour of the file when executed in a controlled environment. The actions and events described were either performed by the file itself or by any other process launched by the executed file or subjected to code injection by the executed file.
Opened files
Read files
Written files
Copied files
Moved files
Deleted files
Created processes
Created mutexes
Opened mutexes
Opened service managers
Opened services
Runtime DLLs