× Cookies are disabled! This site requires cookies to be enabled to work properly
SHA256: 3b15783dc5969eea07ddbe36b80bd3fd0a6e11ac1f88ad7a06194e6d8e52bab3
File name: 76j5h4g.exe
Detection ratio: 3 / 55
Analysis date: 2015-11-23 11:47:47 UTC ( 2 years, 8 months ago ) View latest
Antivirus Result Update
Cyren W32/Agent.XL.gen!Eldorado 20151123
F-Prot W32/Agent.XL.gen!Eldorado 20151123
Qihoo-360 HEUR/QVM10.1.Malware.Gen 20151123
Ad-Aware 20151123
AegisLab 20151123
Yandex 20151122
AhnLab-V3 20151122
Alibaba 20151123
ALYac 20151123
Antiy-AVL 20151123
Arcabit 20151123
Avast 20151123
AVG 20151123
Avira (no cloud) 20151123
AVware 20151123
Baidu-International 20151123
BitDefender 20151123
Bkav 20151123
ByteHero 20151123
CAT-QuickHeal 20151123
ClamAV 20151123
CMC 20151118
Comodo 20151123
DrWeb 20151123
Emsisoft 20151123
ESET-NOD32 20151123
F-Secure 20151123
Fortinet 20151123
GData 20151123
Ikarus 20151123
Jiangmin 20151122
K7AntiVirus 20151123
K7GW 20151123
Kaspersky 20151123
Malwarebytes 20151123
McAfee 20151123
McAfee-GW-Edition 20151123
Microsoft 20151123
eScan 20151123
NANO-Antivirus 20151123
nProtect 20151120
Panda 20151122
Rising 20151122
Sophos AV 20151123
SUPERAntiSpyware 20151123
Symantec 20151122
Tencent 20151123
TheHacker 20151121
TrendMicro 20151123
TrendMicro-HouseCall 20151123
VBA32 20151120
VIPRE 20151123
ViRobot 20151123
Zillya 20151123
Zoner 20151123
The file being studied is a Portable Executable file! More specifically, it is a Win32 EXE file for the Windows GUI subsystem.
PE header basic information
Target machine Intel 386 or later processors and compatible processors
Compilation timestamp 2015-11-23 11:28:20
Entry Point 0x00016F66
Number of sections 4
PE sections
PE imports
RegCloseKey
RegOpenKeyA
RegQueryValueExA
SetMapMode
SaveDC
TextOutA
CreateFontIndirectA
CombineRgn
GetClipBox
GetObjectA
OffsetViewportOrgEx
DeleteDC
RestoreDC
SetBkMode
SelectObject
BitBlt
SetTextColor
GetDeviceCaps
CreateBitmap
RectVisible
GetStockObject
SetViewportOrgEx
ScaleWindowExtEx
ExtTextOutA
PtVisible
GetDIBits
CreateCompatibleDC
StretchBlt
GetBkColor
ScaleViewportExtEx
CreateRectRgn
SetViewportExtEx
SetWindowExtEx
Escape
SetBkColor
DeleteObject
CreateCompatibleBitmap
GetStdHandle
GetConsoleOutputCP
GetFileAttributesA
WaitForSingleObject
FreeEnvironmentStringsA
DeleteCriticalSection
GetCurrentProcess
GetConsoleMode
GetLocaleInfoA
FreeEnvironmentStringsW
GetLocaleInfoW
SetStdHandle
WideCharToMultiByte
GetStringTypeA
WriteFile
GetSystemTimeAsFileTime
HeapReAlloc
GetStringTypeW
FreeLibrary
LocalFree
LoadResource
FindClose
TlsGetValue
FormatMessageA
SetLastError
GetModuleFileNameW
IsDebuggerPresent
ExitProcess
FlushFileBuffers
GetModuleFileNameA
EnumSystemLocalesA
UnhandledExceptionFilter
InterlockedDecrement
MultiByteToWideChar
GetModuleHandleA
SetUnhandledExceptionFilter
MulDiv
GetSystemDirectoryA
SetEnvironmentVariableA
TerminateProcess
WriteConsoleA
GetVersion
LeaveCriticalSection
WriteConsoleW
InitializeCriticalSectionAndSpinCount
HeapFree
EnterCriticalSection
SetHandleCount
GetExitCodeProcess
QueryPerformanceCounter
GetTickCount
TlsAlloc
GetVersionExA
LoadLibraryA
RtlUnwind
GetStartupInfoA
GetDateFormatA
GlobalDeleteAtom
OpenProcess
GetModuleHandleW
GetUserDefaultLCID
CompareStringW
FindFirstFileA
lstrcpyA
CompareStringA
GetTempFileNameA
IsValidLocale
lstrcmpW
GetProcAddress
GetTimeZoneInformation
GetFileType
TlsSetValue
CreateFileA
HeapAlloc
InterlockedIncrement
GetLastError
LCMapStringW
VirtualAllocEx
lstrlenA
GetConsoleCP
LCMapStringA
GetEnvironmentStringsW
GlobalUnlock
GetEnvironmentStrings
GetCurrentProcessId
LockResource
GetCPInfo
HeapSize
GetCommandLineA
RaiseException
TlsFree
SetFilePointer
ReadFile
CloseHandle
lstrcpynA
GetPriorityClass
GetACP
GlobalLock
GetCurrentThreadId
SizeofResource
CreateProcessA
IsValidCodePage
HeapCreate
VirtualFree
Sleep
FindResourceA
VirtualAlloc
GetOEMCP
GetTimeFormatA
SHGetFileInfoA
DragFinish
DragAcceptFiles
ShellExecuteA
SHBrowseForFolderA
DragQueryFileA
SHGetPathFromIDListA
SHGetMalloc
CommandLineToArgvW
SetFocus
MapWindowPoints
GetParent
SystemParametersInfoA
EndDialog
KillTimer
ShowWindow
MessageBeep
LoadMenuW
SetWindowPos
SendDlgItemMessageA
SetWindowLongA
GetWindowRect
DispatchMessageA
EnableWindow
SetDlgItemTextA
PostMessageA
GetDlgItemTextA
MessageBoxA
PeekMessageA
IsCharAlphaA
TranslateMessage
DialogBoxParamA
GetWindow
GetSysColor
LoadStringA
RegisterShellHookWindow
ReleaseDC
CharNextExA
SetWindowTextA
GetWindowLongA
SendMessageA
GetClientRect
CreateWindowExA
GetDlgItem
CreateDialogParamA
ScreenToClient
wsprintfA
SetTimer
CharNextA
WaitForInputIdle
GetDesktopWindow
GetClassNameA
GetDC
GetWindowTextA
DestroyWindow
Number of PE resources by type
RT_STRING 6
RT_MANIFEST 1
Number of PE resources by language
NEUTRAL 6
SERBIAN ARABIC ALGERIA 1
PE resources
ExifTool file metadata
MIMEType
application/octet-stream

Subsystem
Windows GUI

MachineType
Intel 386 or later, and compatibles

FileTypeExtension
exe

TimeStamp
2015:11:23 12:28:20+01:00

FileType
Win32 EXE

PEType
PE32

CodeSize
174080

LinkerVersion
9.0

EntryPoint
0x16f66

InitializedDataSize
164352

SubsystemVersion
5.0

ImageVersion
0.0

OSVersion
5.0

UninitializedDataSize
0

File identification
MD5 7e6cfd542440e913e661a94f6a711ab4
SHA1 56b6dd3a03531f46d10bf681a65fa1a26aec4c37
SHA256 3b15783dc5969eea07ddbe36b80bd3fd0a6e11ac1f88ad7a06194e6d8e52bab3
ssdeep
6144:nkOAGvL0U8erwJHanQ7XY9M8E7mTgvzVEo:nkOAy2UwRanKXY9SOgvzVv

authentihash ca46495c2bb768a3752d3ceadf0738a5cbf0c11dcb0cc1f8e856e6a811ab4cb2
imphash b740ae292c1172ab56982e71734b07f7
File size 331.5 KB ( 339456 bytes )
File type Win32 EXE
Magic literal
PE32 executable for MS Windows (GUI) Intel 80386 32-bit

TrID Win32 Executable MS Visual C++ (generic) (67.4%)
Win32 Dynamic Link Library (generic) (14.2%)
Win32 Executable (generic) (9.7%)
Generic Win/DOS Executable (4.3%)
DOS Executable Generic (4.3%)
Tags
peexe

VirusTotal metadata
First submission 2015-11-23 11:42:17 UTC ( 2 years, 8 months ago )
Last submission 2016-12-16 05:28:56 UTC ( 1 year, 7 months ago )
File names 3b15783dc5969eea_fracmo.exe
76j5h4g.exe
3b15783dc5969eea07ddbe36b80bd3fd0a6e11ac1f88ad7a06194e6d8e52bab3.exe.000
No comments. No VirusTotal Community member has commented on this item yet, be the first one to do so!

Leave your comment...

?
Post comment

You have not signed in. Only registered users can leave comments, sign in and have a voice!

No votes. No one has voted on this item yet, be the first one to do so!
Condensed report! The following is a condensed report of the behaviour of the file when executed in a controlled environment. The actions and events described were either performed by the file itself or by any other process launched by the executed file or subjected to code injection by the executed file.
Opened files
Read files
Written files
Deleted files
Code injections in the following processes
Created mutexes
Opened mutexes
Opened service managers
Opened services
Runtime DLLs
HTTP requests
DNS requests
TCP connections