× Cookies are disabled! This site requires cookies to be enabled to work properly
SHA256: 3c031af5772cf5e277ec8485f106bc9b666171c3d63f0b010f6dfe313e9f51cf
File name: 3c031af5772cf5e277ec8485f106bc9b666171c3d63f0b010f6dfe313e9f51cf.exe
Detection ratio: 5 / 55
Analysis date: 2015-12-14 16:32:32 UTC ( 1 year, 10 months ago ) View latest
Antivirus Result Update
Bkav HW32.Packed.CBE0 20151214
McAfee-GW-Edition BehavesLike.Win32.Backdoor.cc 20151214
Qihoo-360 QVM19.1.Malware.Gen 20151214
TrendMicro PAK_Generic.001 20151214
TrendMicro-HouseCall PAK_Generic.001 20151214
Ad-Aware 20151214
AegisLab 20151214
Yandex 20151213
AhnLab-V3 20151214
Alibaba 20151208
ALYac 20151214
Antiy-AVL 20151214
Arcabit 20151214
Avast 20151214
AVG 20151214
Avira (no cloud) 20151214
AVware 20151214
Baidu-International 20151214
BitDefender 20151214
ByteHero 20151214
CAT-QuickHeal 20151214
ClamAV 20151214
CMC 20151214
Comodo 20151214
Cyren 20151214
DrWeb 20151214
Emsisoft 20151214
ESET-NOD32 20151214
F-Prot 20151214
F-Secure 20151214
Fortinet 20151214
GData 20151214
Ikarus 20151214
Jiangmin 20151213
K7AntiVirus 20151214
K7GW 20151214
Kaspersky 20151214
Malwarebytes 20151214
McAfee 20151214
Microsoft 20151214
eScan 20151214
NANO-Antivirus 20151214
nProtect 20151214
Panda 20151213
Rising 20151212
Sophos AV 20151214
SUPERAntiSpyware 20151214
Symantec 20151214
Tencent 20151214
TheHacker 20151214
VBA32 20151214
VIPRE 20151214
ViRobot 20151214
Zillya 20151213
Zoner 20151214
The file being studied is a Portable Executable file! More specifically, it is a Win32 EXE file for the Windows GUI subsystem.
Packers identified
F-PROT PecBundle
PE header basic information
Target machine Intel 386 or later processors and compatible processors
Compilation timestamp 2015-12-06 11:13:16
Entry Point 0x00001640
Number of sections 2
PE sections
Overlays
MD5 1a92c49666802c05ef1bca8a38b0ea03
File type data
Offset 28160
Size 93992
Entropy 7.23
PE imports
VirtualFree
LoadLibraryA
VirtualAlloc
GetProcAddress
Number of PE resources by type
RT_STRING 14
RT_BITMAP 6
Struct(144) 1
RT_GROUP_ICON 1
RT_ICON 1
Number of PE resources by language
ENGLISH US 9
NEUTRAL *unknown* 2
ASSAMESE DEFAULT 2
URDU INDIA 2
MANIPURI DEFAULT 2
ORIYA DEFAULT 2
LITHUANIAN CLASSIC 2
KASHMIRI *unknown* 1
KASHMIRI SASIA 1
PE resources
ExifTool file metadata
MIMEType
application/octet-stream

Subsystem
Windows GUI

MachineType
Intel 386 or later, and compatibles

FileTypeExtension
exe

TimeStamp
2015:12:06 12:13:16+01:00

FileType
Win32 EXE

PEType
PE32

CodeSize
57344

LinkerVersion
6.0

EntryPoint
0x1640

InitializedDataSize
20480

SubsystemVersion
4.0

ImageVersion
11.0

OSVersion
4.0

UninitializedDataSize
0

CarbonBlack CarbonBlack acts as a surveillance camera for computers
While monitoring an end-user machine in-the-wild, CarbonBlack noticed the following files in execution wrote this sample to disk.
File identification
MD5 a81a19478dbe13778f06191cf39c8143
SHA1 1c2bb410fb71d618c58f9def35e5eea856c579e1
SHA256 3c031af5772cf5e277ec8485f106bc9b666171c3d63f0b010f6dfe313e9f51cf
ssdeep
3072:m4qbfTjBr5qZ9+jUiMWTmwVuCImySdOG4EzIgP8m:SdrYFWywDnndOXEE8

authentihash ddfd5e6d2e968fd26a051248994afd677538f620fa6ad5816a63efb25b146563
imphash 09d0478591d4f788cb3e5ea416c25237
File size 119.3 KB ( 122152 bytes )
File type Win32 EXE
Magic literal
PE32 executable for MS Windows (GUI) Intel 80386 32-bit

TrID Win32 Dynamic Link Library (generic) (43.5%)
Win32 Executable (generic) (29.8%)
Generic Win/DOS Executable (13.2%)
DOS Executable Generic (13.2%)
Tags
peexe overlay

VirusTotal metadata
First submission 2015-12-14 16:32:32 UTC ( 1 year, 10 months ago )
Last submission 2015-12-19 05:18:34 UTC ( 1 year, 10 months ago )
File names juniorgong.exe
041e0000.$$$
0a33cc708f2bad5de8d01398ffaf818cf421e354
3c031af5772cf5e277ec8485f106bc9b666171c3d63f0b010f6dfe313e9f51cf.exe
qqqew.exe
Advanced heuristic and reputation engines
No comments. No VirusTotal Community member has commented on this item yet, be the first one to do so!

Leave your comment...

?
Post comment

You have not signed in. Only registered users can leave comments, sign in and have a voice!

No votes. No one has voted on this item yet, be the first one to do so!
Condensed report! The following is a condensed report of the behaviour of the file when executed in a controlled environment. The actions and events described were either performed by the file itself or by any other process launched by the executed file or subjected to code injection by the executed file.
Opened files
Hooking activity
Runtime DLLs
Additional details
The file installs an application-defined hook procedure into a hook chain. You would install a hook procedure to monitor the system for certain types of events. These events are associated either with a specific thread or with all threads in the same desktop as the calling thread. This is done making use of the SetWindowsHook Windows API function.