× Cookies are disabled! This site requires cookies to be enabled to work properly
SHA256: 3aa033568b1cc245622ebe7bc83df5a575435237049886857ea7eb153e932909
File name: opzfylyp.exe
Detection ratio: 11 / 56
Analysis date: 2016-10-05 05:26:40 UTC ( 2 years, 6 months ago ) View latest
Antivirus Result Update
AVware Trojan.Win32.Generic.pak!cobra 20161005
Baidu Win32.Trojan.WisdomEyes.151026.9950.9959 20161001
CrowdStrike Falcon (ML) malicious_confidence_100% (D) 20160725
DrWeb Trojan.PWS.Siggen1.57800 20161005
ESET-NOD32 Win32/Filecoder.TorrentLocker.A 20161005
Sophos ML trojandropper.win32.gepys.a 20160928
Kaspersky UDS:DangerousObject.Multi.Generic 20161005
Qihoo-360 HEUR/QVM20.1.0000.Malware.Gen 20161005
Rising Malware.Generic!1ZsDj38cruM@3 (thunder) 20161005
Symantec Heur.AdvML.B 20161005
VIPRE Trojan.Win32.Generic.pak!cobra 20161005
Ad-Aware 20161005
AegisLab 20161005
AhnLab-V3 20161004
Alibaba 20161003
ALYac 20160930
Antiy-AVL 20161005
Arcabit 20161005
Avast 20161005
AVG 20161005
Avira (no cloud) 20161005
BitDefender 20161005
Bkav 20161004
CAT-QuickHeal 20161004
ClamAV 20161005
CMC 20161003
Comodo 20161005
Cyren 20161005
Emsisoft 20161005
F-Prot 20161005
F-Secure 20161005
Fortinet 20161005
GData 20161005
Ikarus 20161004
Jiangmin 20161005
K7AntiVirus 20161004
K7GW 20161005
Kingsoft 20161005
Malwarebytes 20161005
McAfee 20161005
McAfee-GW-Edition 20161005
Microsoft 20161005
eScan 20161005
NANO-Antivirus 20161005
nProtect 20161005
Panda 20161004
Sophos AV 20161005
SUPERAntiSpyware 20161004
Tencent 20161005
TheHacker 20161005
TrendMicro 20161005
TrendMicro-HouseCall 20161005
VBA32 20161004
ViRobot 20161005
Yandex 20161004
Zillya 20161003
Zoner 20161005
The file being studied is a Portable Executable file! More specifically, it is a Win32 EXE file for the Windows GUI subsystem.
PE header basic information
Target machine Intel 386 or later processors and compatible processors
Compilation timestamp 2016-10-06 04:01:03
Entry Point 0x00001200
Number of sections 12
PE sections
PE imports
RegQueryValueExA
RegOpenKeyW
GetOpenFileNameA
GetSaveFileNameW
GetSaveFileNameA
GetOpenFileNameW
DeleteEnhMetaFile
CreateHalftonePalette
AddFontResourceW
CreateMetaFileW
DeleteDC
EndDoc
FillPath
CreateMetaFileA
SetTextColor
CreatePatternBrush
DeleteColorSpace
CreateCompatibleDC
CloseEnhMetaFile
EndPage
CloseFigure
CloseMetaFile
CancelDC
CreateSolidBrush
BeginPath
DeleteObject
DeleteMetaFile
EndPath
ImmSetCompositionFontA
ImmSetCompositionWindow
ImmNotifyIME
ImmGetCompositionStringA
ImmGetContext
ImmSetCompositionFontW
ImmSetCandidateWindow
ImmReleaseContext
ImmGetCompositionStringW
ImmAssociateContext
GetDriveTypeW
FileTimeToSystemTime
GetFileAttributesA
GetDriveTypeA
FindNextFileA
GetFileAttributesW
GetLocalTime
GetCurrentProcess
GetLocaleInfoA
LocalAlloc
SetErrorMode
GetLogicalDrives
GetFileInformationByHandle
GetLocaleInfoW
GetFullPathNameA
WideCharToMultiByte
InterlockedExchange
WriteFile
MoveFileA
GetSystemTimeAsFileTime
HeapReAlloc
SetFileAttributesA
FreeLibrary
FormatMessageW
ResumeThread
FindClose
InterlockedDecrement
FormatMessageA
GetFullPathNameW
OutputDebugStringA
GetSystemTime
GetModuleFileNameW
HeapAlloc
GetModuleFileNameA
QueryPerformanceFrequency
GetVolumeInformationA
GetPrivateProfileStringA
GetVolumeInformationW
MultiByteToWideChar
MoveFileW
GetModuleHandleA
SetEnvironmentVariableW
ExitThread
SetEnvironmentVariableA
GetDiskFreeSpaceExA
SetCurrentDirectoryW
GlobalAlloc
GetDiskFreeSpaceExW
GetCurrentThreadId
SetCurrentDirectoryA
CloseHandle
HeapFree
PeekNamedPipe
SetEvent
QueryPerformanceCounter
GetVersionExA
LoadLibraryA
RtlUnwind
GetSystemDirectoryA
GlobalSize
GetStartupInfoA
GetDateFormatA
GetFileSize
CreateDirectoryA
DeleteFileA
GetDateFormatW
CreateDirectoryW
DeleteFileW
GlobalLock
GetTimeFormatW
RemoveDirectoryW
FindFirstFileA
GetTimeFormatA
FindFirstFileW
IsValidLocale
GetProcAddress
CreateEventA
GetFileType
CreateFileA
ExitProcess
InterlockedIncrement
GetLastError
CompareStringW
GlobalUnlock
RemoveDirectoryA
FileTimeToLocalFileTime
GetCurrentDirectoryW
WritePrivateProfileStringA
GetCurrentDirectoryA
GetCommandLineA
GetCurrentThread
RaiseException
SetFilePointer
ReadFile
FindNextFileW
GetModuleHandleW
Sleep
VirtualAlloc
CompareStringA
SetWindowRgn
SetWindowPos
DispatchMessageA
EndPaint
ScrollWindowEx
WindowFromPoint
GetDC
ChangeClipboardChain
GetCursorPos
ReleaseDC
SendMessageW
UnregisterClassA
SendMessageA
UnregisterClassW
GetClientRect
DefWindowProcW
CallNextHookEx
ClientToScreen
GetActiveWindow
GetUpdateRgn
EnumClipboardFormats
MsgWaitForMultipleObjects
DestroyWindow
GetMessageA
GetParent
UpdateWindow
CreateCaret
GetMessageW
ShowWindow
GetDesktopWindow
ValidateRgn
PeekMessageW
PeekMessageA
GetClipboardData
TranslateMessage
RegisterClassW
CreateCursor
SystemParametersInfoA
SetParent
SetClipboardData
IsZoomed
IsIconic
RegisterClassA
TrackPopupMenuEx
GetWindowLongA
SetTimer
CreateWindowExW
GetUpdateRect
IsChild
SetFocus
RegisterWindowMessageW
MapVirtualKeyA
PostMessageA
BeginPaint
SetCaretPos
KillTimer
MapVirtualKeyW
RegisterWindowMessageA
DefWindowProcA
SetClipboardViewer
GetSystemMetrics
EnableMenuItem
GetWindowRect
SetCapture
ReleaseCapture
SetWindowLongA
PostMessageW
SetWindowTextA
DrawFocusRect
DrawIconEx
SetWindowTextW
CreateWindowExA
ScreenToClient
LoadCursorA
LoadIconA
SetWindowsHookExA
PostThreadMessageW
ValidateRect
LoadCursorW
GetSystemMenu
DispatchMessageW
SetForegroundWindow
ExitWindowsEx
PostThreadMessageA
OpenClipboard
EmptyClipboard
GetCaretBlinkTime
HideCaret
CreateIconIndirect
MessageBeep
UnhookWindowsHookEx
RegisterClipboardFormatA
MoveWindow
MessageBoxA
GetWindowDC
DestroyCursor
GetSysColor
GetKeyState
GetWindowRgn
GetDoubleClickTime
DestroyIcon
IsWindowVisible
SystemParametersInfoW
LoadIconW
SetRect
InvalidateRect
wsprintfA
IsRectEmpty
GetFocus
CloseClipboard
SetCursor
Number of PE resources by type
RT_ICON 9
RT_GROUP_ICON 1
RT_VERSION 1
RT_MANIFEST 1
Number of PE resources by language
ENGLISH US 11
LITHUANIAN 1
PE resources
ExifTool file metadata
UninitializedDataSize
0

LinkerVersion
9.0

ImageVersion
0.0

FileVersionNumber
0.0.0.0

LanguageCode
Neutral

FileFlagsMask
0x0000

CharacterSet
Windows, Latin1

InitializedDataSize
291840

EntryPoint
0x1200

MIMEType
application/octet-stream

Subsystem
Windows GUI

FileVersion
12 .0.6606.1000

TimeStamp
2016:10:06 05:01:03+01:00

FileType
Win32 EXE

PEType
PE32

InternalName
off lb.exe

SubsystemVersion
5.0

OSVersion
5.0

FileOS
Unknown (0)

LegalCopyright
2006 Microsoft Corporation. All rights reserved.

MachineType
Intel 386 or later, and compatibles

CodeSize
380928

FileSubtype
0

ProductVersionNumber
0.0.0.0

FileTypeExtension
exe

ObjectFileType
Unknown

File identification
MD5 fc38b33ebd8d08361eb4c0258bc772ce
SHA1 6f8e1d25defd6fc3cb107658673ef070568286a2
SHA256 3aa033568b1cc245622ebe7bc83df5a575435237049886857ea7eb153e932909
ssdeep
12288:81vIMPEc4HvH++p2yL9dH54LvUk8bde1yOa:85IMr4HvH5p2yLvH54g/bdEa

authentihash 2bd9b0951c9c1e41c48825742cf10f5f121a6b5da36d6df14df240ed6ea0e1df
imphash cdfca10296905ddc1bb9a6c2ab01e322
File size 657.5 KB ( 673280 bytes )
File type Win32 EXE
Magic literal
PE32 executable for MS Windows (GUI) Intel 80386 32-bit

TrID Win64 Executable (generic) (61.7%)
Win32 Dynamic Link Library (generic) (14.7%)
Win32 Executable (generic) (10.0%)
OS/2 Executable (generic) (4.5%)
Generic Win/DOS Executable (4.4%)
Tags
peexe

VirusTotal metadata
First submission 2016-10-05 05:26:40 UTC ( 2 years, 6 months ago )
Last submission 2016-11-16 06:22:07 UTC ( 2 years, 5 months ago )
File names dosya
log.exe
aa
usyvtwuj.exe
opzfylyp.exe
VirusShare_fc38b33ebd8d08361eb4c0258bc772ce
GgVEsLT.tif
No comments. No VirusTotal Community member has commented on this item yet, be the first one to do so!

Leave your comment...

?
Post comment

You have not signed in. Only registered users can leave comments, sign in and have a voice!

No votes. No one has voted on this item yet, be the first one to do so!
Condensed report! The following is a condensed report of the behaviour of the file when executed in a controlled environment. The actions and events described were either performed by the file itself or by any other process launched by the executed file or subjected to code injection by the executed file.
Opened files
Read files
Written files
Created processes
Created mutexes
Opened mutexes
Opened service managers
Opened services
Runtime DLLs
HTTP requests
DNS requests
TCP connections
UDP communications