× Cookies are disabled! This site requires cookies to be enabled to work properly
SHA256: 3ffa3675640cfa071bb1cb1e792c7ea4ce7254bc9b9ce55cebb1d7ea403c07bb
File name: rysxtbciqycmxeedc.exe
Detection ratio: 10 / 46
Analysis date: 2013-08-01 09:20:39 UTC ( 4 years, 8 months ago ) View latest
Antivirus Result Update
AhnLab-V3 Backdoor/Win32.Androm 20130801
DrWeb Trojan.DownLoader9.57128 20130801
ESET-NOD32 a variant of Win32/Kryptik.BHBJ 20130801
Fortinet W32/Krap.JI!tr 20130801
Kaspersky Backdoor.Win32.Androm.ahky 20130801
Panda Trj/dtcontx.G 20130801
TheHacker Posible_Worm32 20130731
TrendMicro PAK_Generic.001 20130801
TrendMicro-HouseCall PAK_Generic.001 20130801
VIPRE Trojan.Win32.Generic.pak!cobra 20130801
Yandex 20130731
AntiVir 20130801
Antiy-AVL 20130801
Avast 20130801
AVG 20130731
BitDefender 20130801
ByteHero 20130724
CAT-QuickHeal 20130801
ClamAV 20130801
Commtouch 20130801
Comodo 20130801
Emsisoft 20130801
F-Prot 20130801
F-Secure 20130801
GData 20130801
Ikarus 20130801
Jiangmin 20130801
K7AntiVirus 20130731
K7GW 20130731
Kingsoft 20130723
Malwarebytes 20130801
McAfee 20130801
McAfee-GW-Edition 20130801
Microsoft 20130801
eScan 20130801
NANO-Antivirus 20130801
Norman 20130731
nProtect 20130801
PCTools 20130801
Rising 20130801
Sophos AV 20130801
SUPERAntiSpyware 20130801
Symantec 20130801
TotalDefense 20130801
VBA32 20130801
ViRobot 20130801
The file being studied is a Portable Executable file! More specifically, it is a Win32 EXE file for the Windows GUI subsystem.
Packers identified
F-PROT UPX
PE header basic information
Target machine Intel 386 or later processors and compatible processors
Entry Point 0x00024020
Number of sections 3
PE sections
PE imports
ImmUnlockIMCC
VirtualFree
ExitProcess
VirtualProtect
LoadLibraryA
VirtualAlloc
GetProcAddress
BSTR_UserMarshal
NdrStubCall2
CoGetMalloc
Number of PE resources by type
RT_ACCELERATOR 11
RT_ICON 2
RT_CURSOR 2
RT_GROUP_ICON 2
RT_STRING 1
AVI 1
DATA 1
PNG 1
Number of PE resources by language
NEUTRAL DEFAULT 16
ITALIAN 2
ARABIC SAUDI ARABIA 1
NEUTRAL 1
CHINESE TRADITIONAL 1
PE resources
ExifTool file metadata
MIMEType
application/octet-stream

Subsystem
Windows GUI

MachineType
Intel 386 or later, and compatibles

FileTypeExtension
exe

TimeStamp
0000:00:00 00:00:00

FileType
Win32 EXE

PEType
PE32

CodeSize
65536

LinkerVersion
5.0

EntryPoint
0x24020

InitializedDataSize
8192

SubsystemVersion
4.0

ImageVersion
0.0

OSVersion
5.0

UninitializedDataSize
81920

File identification
MD5 a516e257177d6aa3d7edf3ff80c88304
SHA1 da99261d5ab94f3aada0cc385bf5421b34996179
SHA256 3ffa3675640cfa071bb1cb1e792c7ea4ce7254bc9b9ce55cebb1d7ea403c07bb
ssdeep
1536:x89S87ZkhqOhHGcj5b/+RupqrRC3DYT51DmWq:xwL7ZkhhhHGcR+EgF68PTq

authentihash cccd7341e07396a66f6a253c458b3489c4db2c9564f4c8ed8fdc820925fa09a2
imphash 953d64337654d2b2c5fc3d69d311f0ea
File size 67.0 KB ( 68608 bytes )
File type Win32 EXE
Magic literal
PE32 executable for MS Windows (GUI) Intel 80386 32-bit

TrID Win32 Executable (generic) (52.9%)
Generic Win/DOS Executable (23.5%)
DOS Executable Generic (23.5%)
Tags
peexe upx

VirusTotal metadata
First submission 2013-08-01 03:07:01 UTC ( 4 years, 8 months ago )
Last submission 2017-12-06 17:39:38 UTC ( 4 months, 2 weeks ago )
File names file-5985620_exe
3ffa3675640cfa071bb1cb1e792c7ea4ce7254bc9b9ce55cebb1d7ea403c07bb.exe
rysxtbciqycmxeedc.exe
vti-rescan
xuutmapckhdmauyoj.exe
malekal_a516e257177d6aa3d7edf3ff80c88304
da99261d5ab94f3aada0cc385bf5421b34996179
Advanced heuristic and reputation engines
ClamAV
Possibly Unwanted Application. While not necessarily malicious, the scanned file presents certain characteristics which depending on the user policies and environment may or may not represent a threat. For full details see: https://www.clamav.net/documents/potentially-unwanted-applications-pua .

No comments. No VirusTotal Community member has commented on this item yet, be the first one to do so!

Leave your comment...

?
Post comment

You have not signed in. Only registered users can leave comments, sign in and have a voice!

No votes. No one has voted on this item yet, be the first one to do so!