× Cookies are disabled! This site requires cookies to be enabled to work properly
SHA256: 3d555d629dd3bdecdf2fac103c55f62922db5c610a68c39758ad8de8ab38a818
File name: blackhole_payload.exe
Detection ratio: 16 / 54
Analysis date: 2015-12-02 21:19:37 UTC ( 3 years, 1 month ago ) View latest
Antivirus Result Update
Yandex Trojan.Small!rwMZQeI5c5M 20151202
AhnLab-V3 Trojan/Win32.Agent 20151202
Antiy-AVL Trojan/Win32.SGeneric 20151202
Avast Win32:Malware-gen 20151202
AVG Small.GKS 20151130
ByteHero Virus.Win32.Heur.l 20151202
ESET-NOD32 a variant of Win32/Small.NJY 20151202
Jiangmin Trojan.Win32.Small.crb 20151201
K7AntiVirus Trojan ( 00480b2b1 ) 20151202
K7GW Trojan ( 00480b2b1 ) 20151202
McAfee-GW-Edition BehavesLike.Win32.Dropper.nz 20151202
NANO-Antivirus Trojan.Win32.Small.dclhey 20151202
Qihoo-360 QVM20.1.Malware.Gen 20151202
Symantec Suspicious.Cloud.7.F 20151202
TheHacker Trojan/Small.njy 20151202
Zillya Trojan.Agent.Win32.593504 20151201
Ad-Aware 20151130
AegisLab 20151202
Alibaba 20151202
ALYac 20151202
Arcabit 20151202
AVware 20151202
Baidu-International 20151202
BitDefender 20151202
Bkav 20151202
CAT-QuickHeal 20151202
ClamAV 20151202
CMC 20151201
Comodo 20151202
Cyren 20151202
DrWeb 20151202
Emsisoft 20151202
F-Prot 20151202
F-Secure 20151202
Fortinet 20151202
GData 20151202
Ikarus 20151202
Kaspersky 20151202
Malwarebytes 20151202
McAfee 20151202
Microsoft 20151202
eScan 20151202
nProtect 20151202
Panda 20151202
Rising 20151202
Sophos AV 20151202
SUPERAntiSpyware 20151202
Tencent 20151202
TrendMicro 20151202
TrendMicro-HouseCall 20151202
VBA32 20151202
VIPRE 20151202
ViRobot 20151202
Zoner 20151202
The file being studied is a Portable Executable file! More specifically, it is a Win32 EXE file for the Windows GUI subsystem.
PE header basic information
Target machine Intel 386 or later processors and compatible processors
Compilation timestamp 2014-06-03 19:41:30
Entry Point 0x000022C0
Number of sections 4
PE sections
Overlays
MD5 329aa8eaeaf7b759becf91a70cfc1fd7
File type ASCII text
Offset 9728
Size 90272
Entropy 0.00
PE imports
RegSetValueExA
RegOpenKeyA
RegCloseKey
GetLastError
HeapFree
HeapAlloc
GetModuleFileNameA
GetShortPathNameA
GetStartupInfoA
lstrcatA
GetCommandLineA
GetProcessHeap
OpenMutexA
CreateMutexA
GetModuleHandleA
ReadFile
WriteFile
CloseHandle
HeapReAlloc
GetEnvironmentVariableA
lstrcpyA
Sleep
GetTickCount
CreateFileA
ExitProcess
ShellExecuteA
GetMessageA
PostMessageA
wvsprintfA
__WSAFDIsSet
socket
closesocket
inet_addr
send
WSAStartup
gethostbyname
connect
shutdown
htons
recv
select
ExifTool file metadata
MIMEType
application/octet-stream

Subsystem
Windows GUI

MachineType
Intel 386 or later, and compatibles

FileTypeExtension
exe

TimeStamp
2014:06:03 20:41:30+01:00

FileType
Win32 EXE

PEType
PE32

CodeSize
5632

LinkerVersion
10.0

ImageFileCharacteristics
Executable, 32-bit

EntryPoint
0x22c0

InitializedDataSize
69120

SubsystemVersion
5.1

ImageVersion
0.0

OSVersion
5.1

UninitializedDataSize
0

File identification
MD5 5a58395fda49c8f3f4571a007cf02f4d
SHA1 19b554f03ae993b789483dd83abe29e5ec5711fe
SHA256 3d555d629dd3bdecdf2fac103c55f62922db5c610a68c39758ad8de8ab38a818
ssdeep
96:23nJoQeQ6GVwctNI7x/XkWZQHs3/oWo9jQIvFthT41vfUaYJf6QKQYOXL:WnJoAQ7x/lHoi2Tcwf6x5OXL

authentihash b8790832220997771a5b2fcacccea24dc0af892aff9c743468e690910471af28
imphash e46e98321678182e3b8f2d8f37c3ce7a
File size 97.7 KB ( 100000 bytes )
File type Win32 EXE
Magic literal
PE32 executable for MS Windows (GUI) Intel 80386 32-bit

TrID Win64 Executable (generic) (61.7%)
Win32 Dynamic Link Library (generic) (14.7%)
Win32 Executable (generic) (10.0%)
OS/2 Executable (generic) (4.5%)
Generic Win/DOS Executable (4.4%)
Tags
peexe overlay

VirusTotal metadata
First submission 2015-12-02 21:19:37 UTC ( 3 years, 1 month ago )
Last submission 2015-12-02 21:19:37 UTC ( 3 years, 1 month ago )
File names blackhole_payload.exe
No comments. No VirusTotal Community member has commented on this item yet, be the first one to do so!

Leave your comment...

?
Post comment

You have not signed in. Only registered users can leave comments, sign in and have a voice!

No votes. No one has voted on this item yet, be the first one to do so!
Condensed report! The following is a condensed report of the behaviour of the file when executed in a controlled environment. The actions and events described were either performed by the file itself or by any other process launched by the executed file or subjected to code injection by the executed file.
Created mutexes
Opened mutexes
Runtime DLLs