× Cookies are disabled! This site requires cookies to be enabled to work properly
SHA256: 3cb2540736cf35dc66ea8b475cced5248e281317955722dfec6b235c6ce02404
File name: f389bea1c9d21aa22174f398bda90652.virus
Detection ratio: 34 / 55
Analysis date: 2016-07-14 16:33:41 UTC ( 2 years, 7 months ago )
Antivirus Result Update
Ad-Aware Gen:Variant.Razy.77269 20160714
AhnLab-V3 Malware/Win32.Generic.N2043766878 20160714
ALYac Gen:Variant.Razy.77269 20160714
Arcabit Trojan.Razy.D12DD5 20160714
Avast Win32:Malware-gen 20160714
AVG Downloader.Generic14.BBGN 20160714
Avira (no cloud) TR/Crypt.ZPACK.pzzf 20160714
AVware Trojan.Win32.Generic!BT 20160714
Baidu Win32.Trojan.WisdomEyes.151026.9950.9999 20160714
BitDefender Gen:Variant.Razy.77269 20160714
Bkav HW32.Packed.2275 20160714
Cyren W32/Trojan.NUCC-6547 20160714
DrWeb Trojan.Siggen6.58358 20160714
Emsisoft Gen:Variant.Razy.77269 (B) 20160714
ESET-NOD32 Win32/TrojanDownloader.Agent.CFH 20160714
F-Secure Gen:Variant.Razy.77269 20160714
Fortinet W32/Generic.AP.495180 20160714
GData Gen:Variant.Razy.77269 20160714
Ikarus Trojan-Downloader.Win32.Agent 20160714
K7AntiVirus Trojan-Downloader ( 004e141d1 ) 20160714
K7GW Trojan-Downloader ( 004e141d1 ) 20160714
Kaspersky Trojan-Downloader.Win32.JOB.c 20160714
Malwarebytes Trojan.Ursnif 20160714
McAfee RDN/Generic Downloader.x 20160714
McAfee-GW-Edition BehavesLike.Win32.Backdoor.cc 20160714
Microsoft TrojanDownloader:Win32/Talalpek.A 20160714
eScan Gen:Variant.Razy.77269 20160714
Panda Trj/GdSda.A 20160714
Sophos AV Mal/Generic-S 20160714
Symantec Trojan.Gen 20160714
Tencent Win32.Trojan-downloader.Job.Ecjx 20160714
TrendMicro TROJ_GEN.R011C0DGB16 20160714
VIPRE Trojan.Win32.Generic!BT 20160714
Yandex Trojan.DL.JOB! 20160713
AegisLab 20160714
Alibaba 20160714
Antiy-AVL 20160714
CAT-QuickHeal 20160714
ClamAV 20160714
CMC 20160714
Comodo 20160714
F-Prot 20160714
Jiangmin 20160714
Kingsoft 20160714
NANO-Antivirus 20160714
nProtect 20160714
Qihoo-360 20160714
SUPERAntiSpyware 20160714
TheHacker 20160714
TotalDefense 20160713
TrendMicro-HouseCall 20160714
VBA32 20160714
ViRobot 20160714
Zillya 20160714
Zoner 20160714
The file being studied is a Portable Executable file! More specifically, it is a Win32 EXE file for the Windows GUI subsystem.
PE header basic information
Target machine Intel 386 or later processors and compatible processors
Compilation timestamp 2012-07-14 10:54:05
Entry Point 0x00019836
Number of sections 4
PE sections
PE imports
GetFileAttributesA
GetOEMCP
CompareStringW
GetTickCount
RemoveDirectoryA
WaitForSingleObjectEx
GetDiskFreeSpaceA
GetDateFormatA
GetWindowsDirectoryA
CreateDirectoryW
DeleteFileW
lstrcatW
MoveFileExW
GetProcessHeap
OpenMutexA
CreateWaitableTimerW
CreateHardLinkA
GetStringTypeA
GetModuleHandleA
ReadFile
WriteFile
GetStartupInfoA
CreateMutexW
lstrcpynA
FindNextFileA
GetSystemDirectoryA
HeapReAlloc
GetProcAddress
GetBinaryTypeA
QueryDosDeviceA
GetNumberFormatA
GetLogicalDriveStringsW
CreateFileA
WriteConsoleW
InterlockedIncrement
CPEncrypt
CPDeriveKey
CPGenKey
CPCreateHash
CPDecrypt
ExtractIconA
SHFree
DragFinish
DragQueryFileW
SHChangeNotify
DragQueryPoint
StrChrW
ShellAboutA
SHGetNewLinkInfoA
SHGetDiskFreeSpaceA
SHUpdateImageA
FindExecutableW
SHGetDataFromIDListA
ShellMessageBoxA
ExtractAssociatedIconA
SHGetMalloc
SHFileOperationA
IsAppThemed
DrawThemeEdge
GetThemeColor
GetCurrentThemeName
GetThemeBool
OpenThemeData
CloseThemeData
GetThemeSysSize
GetWindowTheme
SetWindowTheme
GetThemeEnumValue
Number of PE resources by type
RT_RCDATA 1
RT_VERSION 1
Number of PE resources by language
NEUTRAL 2
PE resources
Debug information
ExifTool file metadata
MIMEType
application/octet-stream

Subsystem
Windows GUI

MachineType
Intel 386 or later, and compatibles

TimeStamp
2012:07:14 11:54:05+01:00

FileType
Win32 EXE

PEType
PE32

CodeSize
107008

LinkerVersion
6.0

Warning
Possibly corrupt Version resource

FileTypeExtension
exe

InitializedDataSize
14848

SubsystemVersion
4.0

EntryPoint
0x19836

OSVersion
4.0

ImageVersion
0.0

UninitializedDataSize
0

File identification
MD5 f389bea1c9d21aa22174f398bda90652
SHA1 5bdf39cd8ab0e08cad12a2d4fc4f293c6c37c9ef
SHA256 3cb2540736cf35dc66ea8b475cced5248e281317955722dfec6b235c6ce02404
ssdeep
3072:aRVO2tKtEKtq8I4mfL6xv5d8InRVHRVHRViY:aRatEeNSeRZRZR

authentihash 8407123ee522a5f8ce4264d973b1045ce97eabf4cdb23368f5fed04d6ed9cf8a
imphash 9b3772cd57b430b21995d1811273bdfb
File size 120.0 KB ( 122880 bytes )
File type Win32 EXE
Magic literal
PE32 executable for MS Windows (GUI) Intel 80386 32-bit

TrID Win32 Dynamic Link Library (generic) (43.5%)
Win32 Executable (generic) (29.8%)
Generic Win/DOS Executable (13.2%)
DOS Executable Generic (13.2%)
Tags
peexe

VirusTotal metadata
First submission 2016-07-14 16:33:41 UTC ( 2 years, 7 months ago )
Last submission 2016-07-14 16:33:41 UTC ( 2 years, 7 months ago )
File names 3cb2540736cf35dc66ea8b475cced5248e281317955722dfec6b235c6ce02404.exe
f389bea1c9d21aa22174f398bda90652.virus
No comments. No VirusTotal Community member has commented on this item yet, be the first one to do so!

Leave your comment...

?
Post comment

You have not signed in. Only registered users can leave comments, sign in and have a voice!

No votes. No one has voted on this item yet, be the first one to do so!
Condensed report! The following is a condensed report of the behaviour of the file when executed in a controlled environment. The actions and events described were either performed by the file itself or by any other process launched by the executed file or subjected to code injection by the executed file.
Opened files
Read files
Written files
Deleted files
Created processes
Code injections in the following processes
Created mutexes
Opened mutexes
Opened service managers
Opened services
Runtime DLLs
HTTP requests
DNS requests
TCP connections
UDP communications