× Cookies are disabled! This site requires cookies to be enabled to work properly
SHA256: 3ab0d0dcea0b700afe93d1cb0b4bd931d36fa36ca41c9b07f597c41b7a20dcd5
File name: 9E8F.tmp
Detection ratio: 10 / 57
Analysis date: 2016-10-22 03:53:13 UTC ( 2 years, 6 months ago ) View latest
Antivirus Result Update
Avast Win32:Malware-gen 20161022
AVG Atros4.AIQL 20161022
Avira (no cloud) TR/Crypt.ZPACK.vlvaz 20161022
Baidu Win32.Trojan.WisdomEyes.16070401.9500.9997 20161021
CrowdStrike Falcon (ML) malicious_confidence_100% (D) 20160725
ESET-NOD32 a variant of Win32/GenKryptik.HTZ 20161021
Sophos ML generic.a 20161018
Malwarebytes Trojan.Injector 20161022
Qihoo-360 HEUR/QVM10.1.0000.Malware.Gen 20161022
Rising Malware.XPACK-HIE/Heur!1.9C48 (classic) 20161022
Ad-Aware 20161022
AegisLab 20161022
AhnLab-V3 20161021
Alibaba 20161021
ALYac 20161022
Antiy-AVL 20161022
Arcabit 20161022
AVware 20161022
BitDefender 20161022
Bkav 20161021
CAT-QuickHeal 20161021
ClamAV 20161022
CMC 20161021
Comodo 20161022
Cyren 20161022
DrWeb 20161022
Emsisoft 20161022
F-Prot 20161022
F-Secure 20161021
Fortinet 20161022
GData 20161022
Ikarus 20161021
Jiangmin 20161022
K7AntiVirus 20161021
K7GW 20161022
Kaspersky 20161022
Kingsoft 20161022
McAfee 20161022
McAfee-GW-Edition 20161022
Microsoft 20161022
eScan 20161022
NANO-Antivirus 20161022
nProtect 20161022
Panda 20161021
Sophos AV 20161021
SUPERAntiSpyware 20161022
Symantec 20161022
Tencent 20161022
TheHacker 20161020
TotalDefense 20161021
TrendMicro 20161022
TrendMicro-HouseCall 20161022
VBA32 20161021
VIPRE 20161022
ViRobot 20161022
Yandex 20161021
Zillya 20161021
Zoner 20161022
The file being studied is a Portable Executable file! More specifically, it is a Win32 EXE file for the Windows GUI subsystem.
PE header basic information
Target machine Intel 386 or later processors and compatible processors
Compilation timestamp 2016-10-19 15:47:29
Entry Point 0x000089F4
Number of sections 4
PE sections
PE imports
IsValidAcl
SetSecurityDescriptorDacl
LookupPrivilegeValueA
OpenProcessToken
IsValidSid
FreeSid
DuplicateToken
AddAccessAllowedAce
AllocateAndInitializeSid
InitializeSecurityDescriptor
OpenThreadToken
InitializeAcl
GetTokenInformation
GetLengthSid
DCICreateOverlay
DCICreateOffscreen
DCIBeginAccess
CreateMetaFileA
CreatePen
CombineRgn
SetStretchBltMode
GetBitmapBits
Rectangle
GetDeviceCaps
DeleteDC
CreateSolidBrush
BitBlt
GetObjectA
CreateEllipticRgn
SetDIBitsToDevice
GetStockObject
GetDIBits
CreateCompatibleDC
StretchBlt
SetROP2
CreateRectRgn
SelectObject
CreateCompatibleBitmap
CloseMetaFile
GetStretchBltMode
DeleteObject
Ellipse
gluOrtho2D
GetStdHandle
GetConsoleOutputCP
WaitForSingleObject
FreeEnvironmentStringsA
DeleteCriticalSection
GetCurrentProcess
GetConsoleMode
GetLocaleInfoA
LocalAlloc
lstrcatA
FreeEnvironmentStringsW
SetStdHandle
GetCPInfo
GetStringTypeA
WriteFile
GetSystemTimeAsFileTime
HeapReAlloc
GetStringTypeW
FreeLibrary
LoadResource
TlsGetValue
FormatMessageA
BeginUpdateResourceA
SetLastError
GetSystemTime
IsDebuggerPresent
HeapAlloc
GetModuleFileNameA
UpdateResourceA
UnhandledExceptionFilter
InterlockedDecrement
MultiByteToWideChar
SetFilePointer
EnumSystemLanguageGroupsA
SetUnhandledExceptionFilter
MulDiv
TerminateProcess
WriteConsoleA
GlobalAlloc
GetCurrentThreadId
LeaveCriticalSection
WriteConsoleW
InitializeCriticalSectionAndSpinCount
HeapFree
EnterCriticalSection
SetHandleCount
LoadLibraryW
GetOEMCP
QueryPerformanceCounter
GetTickCount
TlsAlloc
FlushFileBuffers
LoadLibraryA
EndUpdateResourceA
RtlUnwind
GetStartupInfoA
GetFileSize
OpenProcess
GetProcAddress
WTSGetActiveConsoleSessionId
lstrcpyA
FreeConsole
DuplicateHandle
GlobalLock
CreateEventA
GetFileType
TlsSetValue
CreateFileA
ExitProcess
InterlockedIncrement
GetLastError
LCMapStringW
GetConsoleCP
LCMapStringA
GetEnvironmentStringsW
GlobalUnlock
GetEnvironmentStrings
GetCurrentProcessId
LockResource
WideCharToMultiByte
HeapSize
GetCommandLineA
GetCurrentThread
RaiseException
TlsFree
GetModuleHandleA
ReadFile
CloseHandle
lstrcpynA
GetACP
GetModuleHandleW
SizeofResource
IsValidCodePage
HeapCreate
VirtualFree
Sleep
FindResourceA
VirtualAlloc
OleLoadPicture
glClear
glEnable
glClearColor
glMatrixMode
glHint
glLoadIdentity
glAlphaFunc
glBlendFunc
SHGetMalloc
GetUserNameExA
TcAddFilter
TcCloseInterface
GetMessageA
GetForegroundWindow
SetWindowRgn
UpdateWindow
EndDialog
BeginPaint
SetCaretPos
DestroyMenu
DefMDIChildProcA
ShowWindow
FillRect
SetWindowPos
GetParent
DdeCreateStringHandleA
IsWindow
GetWindowRect
DispatchMessageA
EndPaint
MoveWindow
MessageBoxA
TranslateMessage
DialogBoxParamA
GetWindow
GetScrollInfo
SetScrollInfo
GetCursorPos
ReleaseDC
LoadMenuA
SetWindowTextA
LoadStringA
GetTitleBarInfo
SendMessageA
GetClientRect
GetDlgItem
RegisterRawInputDevices
SetScrollRange
SetScrollPos
RegisterClassA
SetRect
InvalidateRect
LoadAcceleratorsA
GetSubMenu
CreateWindowExA
LoadCursorA
LoadIconA
TranslateAcceleratorA
GetDesktopWindow
LoadImageA
wsprintfA
GetDC
DdeFreeStringHandle
DefFrameProcA
waveOutPrepareHeader
waveOutUnprepareHeader
waveOutOpen
waveOutWrite
waveOutClose
WTSQuerySessionInformationA
WICMapSchemaToName
GdipCloneBrush
GdipFillEllipseI
GdipSetPathGradientCenterColor
GdipCreateFromHDC
GdipFree
GdipCreatePath
GdipGetPathGradientPointCount
GdipDeleteBrush
GdipDeleteGraphics
GdipAlloc
GdiplusStartup
GdipSetPathGradientSurroundColorsWithCount
GdipCreatePathGradientFromPath
GdipDeletePath
GdipAddPathEllipseI
CreateStreamOnHGlobal
OleUninitialize
StgIsStorageFile
StgOpenStorage
CLSIDFromString
OleInitialize
Number of PE resources by type
RT_ICON 10
RT_STRING 4
RT_DIALOG 3
RT_MANIFEST 1
RT_MENU 1
RT_BITMAP 1
RT_GROUP_ICON 1
Number of PE resources by language
ENGLISH US 21
PE resources
ExifTool file metadata
MIMEType
application/octet-stream

Subsystem
Windows GUI

MachineType
Intel 386 or later, and compatibles

FileTypeExtension
exe

TimeStamp
2016:10:19 16:47:29+01:00

FileType
Win32 EXE

PEType
PE32

CodeSize
250880

LinkerVersion
9.0

EntryPoint
0x89f4

InitializedDataSize
112640

SubsystemVersion
5.0

ImageVersion
0.0

OSVersion
5.0

UninitializedDataSize
0

File identification
MD5 6e9e7a4b1ef7d254afeaf707351ff7df
SHA1 2c442fd48f4fc76ff90b3a723ee693ff568d6d40
SHA256 3ab0d0dcea0b700afe93d1cb0b4bd931d36fa36ca41c9b07f597c41b7a20dcd5
ssdeep
6144:q2sO03oEkMlND2Ghw+rGI+RxI5gswJjNLam8:q2lSoEfgGhaI+6

authentihash 61a14bebb4bfcb9a9e28a12aca63d53050017264ec1f9bd6f9f5c2b3dfc325fb
imphash 10eb3eab219a53a595db123b4f7ea6a5
File size 356.0 KB ( 364544 bytes )
File type Win32 EXE
Magic literal
PE32 executable for MS Windows (GUI) Intel 80386 32-bit

TrID Win32 Executable MS Visual C++ (generic) (42.2%)
Win64 Executable (generic) (37.3%)
Win32 Dynamic Link Library (generic) (8.8%)
Win32 Executable (generic) (6.0%)
Generic Win/DOS Executable (2.7%)
Tags
peexe

VirusTotal metadata
First submission 2016-10-22 03:53:13 UTC ( 2 years, 6 months ago )
Last submission 2016-10-22 03:53:13 UTC ( 2 years, 6 months ago )
File names 9E8F.tmp
No comments. No VirusTotal Community member has commented on this item yet, be the first one to do so!

Leave your comment...

?
Post comment

You have not signed in. Only registered users can leave comments, sign in and have a voice!

No votes. No one has voted on this item yet, be the first one to do so!
Condensed report! The following is a condensed report of the behaviour of the file when executed in a controlled environment. The actions and events described were either performed by the file itself or by any other process launched by the executed file or subjected to code injection by the executed file.
Opened files
Written files
Created mutexes
Opened service managers
Opened services
Runtime DLLs
Additional details
The file uses the IsDebuggerPresent Windows API function in order to see whether it is being debugged.
UDP communications