× Cookies are disabled! This site requires cookies to be enabled to work properly
SHA256: 40ac72dc6b8cc063ce8f6eae8477a7762b185db25b2b70abd8cbd66b52dad97d
File name: 40ac72dc6b8cc063ce8f6eae8477a7762b185db25b2b70abd8cbd66b52dad97d
Detection ratio: 2 / 56
Analysis date: 2015-11-28 05:05:11 UTC ( 3 years, 2 months ago ) View latest
Antivirus Result Update
Kaspersky UDS:DangerousObject.Multi.Generic 20151128
Qihoo-360 QVM07.1.Malware.Gen 20151128
Ad-Aware 20151128
AegisLab 20151127
Yandex 20151127
AhnLab-V3 20151127
Alibaba 20151127
ALYac 20151128
Antiy-AVL 20151128
Arcabit 20151128
Avast 20151128
AVG 20151128
Avira (no cloud) 20151128
AVware 20151128
Baidu-International 20151127
BitDefender 20151128
Bkav 20151127
ByteHero 20151128
CAT-QuickHeal 20151126
ClamAV 20151128
CMC 20151127
Comodo 20151128
Cyren 20151128
DrWeb 20151128
Emsisoft 20151128
ESET-NOD32 20151128
F-Prot 20151128
F-Secure 20151128
Fortinet 20151128
GData 20151128
Ikarus 20151128
Jiangmin 20151127
K7AntiVirus 20151127
K7GW 20151128
Malwarebytes 20151127
McAfee 20151128
McAfee-GW-Edition 20151128
Microsoft 20151128
eScan 20151128
NANO-Antivirus 20151128
nProtect 20151127
Panda 20151127
Rising 20151127
Sophos AV 20151128
SUPERAntiSpyware 20151128
Symantec 20151127
Tencent 20151128
TheHacker 20151127
TotalDefense 20151128
TrendMicro 20151128
TrendMicro-HouseCall 20151128
VBA32 20151126
VIPRE 20151128
ViRobot 20151128
Zillya 20151127
Zoner 20151128
The file being studied is a Portable Executable file! More specifically, it is a Win32 EXE file for the Windows GUI subsystem.
PE header basic information
Target machine Intel 386 or later processors and compatible processors
Compilation timestamp 2006-11-22 13:13:24
Entry Point 0x0001717C
Number of sections 4
PE sections
Overlays
MD5 f799b49ad41eb63a85ed227cb6ca8159
File type data
Offset 253952
Size 2246
Entropy 6.22
PE imports
GetSidSubAuthority
SetTokenInformation
ImageList_GetImageCount
InitCommonControlsEx
ImageList_DragLeave
ImageList_DragMove
Ord(6)
ImageList_ReplaceIcon
GetLogColorSpaceA
CreateDIBSection
GetRasterizerCaps
ImmRegisterWordA
ImmCreateContext
ImmSetCompositionWindow
ImmGetOpenStatus
GetCommState
HeapCompact
GetStartupInfoA
GetTempPathA
FlushConsoleInputBuffer
GetEnvironmentStrings
GetCPInfo
GetSystemInfo
GetModuleHandleA
GetProcessHeaps
GetOEMCP
AllocConsole
GetTickCount
GetFileType
GetLogicalDrives
GetNumberOfConsoleMouseButtons
FillConsoleOutputCharacterW
GetDefaultCommConfigA
GlobalAddAtomW
_adjust_fdiv
_yn
_acmdln
__p__fmode
wcsncpy
_tell
__p__commode
__setusermatherr
__getmainargs
_initterm
_controlfp
_vsnwprintf
__set_app_type
RasEnumDevicesA
RasEnumEntriesA
SetUserObjectSecurity
GetFileTitleA
ChooseColorA
CommDlgExtendedError
Number of PE resources by type
RT_ICON 3
RT_DIALOG 2
RT_VERSION 1
Struct(111) 1
Number of PE resources by language
ENGLISH US 7
PE resources
ExifTool file metadata
SubsystemVersion
4.0

LinkerVersion
6.0

ImageVersion
0.0

FileVersionNumber
0.230.146.103

UninitializedDataSize
0

LanguageCode
Neutral

FileFlagsMask
0x003f

CharacterSet
Unicode

InitializedDataSize
917504

EntryPoint
0x1717c

OriginalFileName
Complicate.exe

MIMEType
application/octet-stream

LegalCopyright
Brontosaurus (C) 2010

FileVersion
0,133,13,75

TimeStamp
2006:11:22 13:13:24+00:00

FileType
Win32 EXE

PEType
PE32

ProductVersion
0,110,174,146

FileDescription
Enciphering

OSVersion
4.0

FileOS
Windows NT 32-bit

Subsystem
Windows GUI

MachineType
Intel 386 or later, and compatibles

CompanyName
Crofts Software

CodeSize
94208

FileSubtype
0

ProductVersionNumber
0.56.69.119

FileTypeExtension
exe

ObjectFileType
Executable application

File identification
MD5 c81231acd620ebe30cd7f02b6d951e03
SHA1 66a07933cf3eb8db99bae52cd015625b713c2326
SHA256 40ac72dc6b8cc063ce8f6eae8477a7762b185db25b2b70abd8cbd66b52dad97d
ssdeep
3072:NP1CCySABsQT+nKZOXXwqRzT0QeQ/WtTuPvpbFTZTqlkHZlqcPiePsO3MI7ni:0vB7+MOHnT03Q/myvpbbTqlQZDUaMI7i

authentihash 4db315102f0b4f14943935320a60b8e72c2b3859a20810dd2db22d22ef22246a
imphash 24e6827f2d18b42a36890d3c08f6415d
File size 250.2 KB ( 256198 bytes )
File type Win32 EXE
Magic literal
PE32 executable for MS Windows (GUI) Intel 80386 32-bit

TrID Win32 Dynamic Link Library (generic) (43.5%)
Win32 Executable (generic) (29.8%)
Generic Win/DOS Executable (13.2%)
DOS Executable Generic (13.2%)
Tags
peexe overlay

VirusTotal metadata
First submission 2015-11-28 05:05:11 UTC ( 3 years, 2 months ago )
Last submission 2015-12-02 04:40:47 UTC ( 3 years, 2 months ago )
File names 136001262.exe
Advanced heuristic and reputation engines
TrendMicro-HouseCall
TrendMicro's heuristic engine has flagged this file as: TROJ_GEN.R00JC0DL115.

No comments. No VirusTotal Community member has commented on this item yet, be the first one to do so!

Leave your comment...

?
Post comment

You have not signed in. Only registered users can leave comments, sign in and have a voice!

No votes. No one has voted on this item yet, be the first one to do so!
Condensed report! The following is a condensed report of the behaviour of the file when executed in a controlled environment. The actions and events described were either performed by the file itself or by any other process launched by the executed file or subjected to code injection by the executed file.
Opened files
Read files
Written files
Moved files
Deleted files
Created processes
Shell commands
Code injections in the following processes
Created mutexes
Opened mutexes
Opened service managers
Opened services
Runtime DLLs
HTTP requests
DNS requests
TCP connections
UDP communications