× Cookies are disabled! This site requires cookies to be enabled to work properly
SHA256: 41e027ba9dd0169405cc6e1b08dda9e5bea9293186d857f5c1f6b05a8f11ad5d
File name: VirusShare_c2806a8732b0a09a262e0311f6970baa
Detection ratio: 56 / 67
Analysis date: 2018-07-27 02:55:56 UTC ( 2 months, 4 weeks ago )
Antivirus Result Update
Ad-Aware Gen:Variant.FakeAlert.88 20180727
AegisLab Troj.W32.Gen.lnb3 20180727
AhnLab-V3 Trojan/Win32.FakeAV.R8032 20180726
ALYac Gen:Variant.FakeAlert.88 20180727
Antiy-AVL HackTool[Hoax]/Win32.SMWnd 20180727
Arcabit Trojan.FakeAlert.88 20180727
Avast Win32:FakeAlert-CKV [Trj] 20180727
AVG Win32:FakeAlert-CKV [Trj] 20180727
Avira (no cloud) TR/Fakealert.dgfs 20180726
AVware FraudTool.Win32.Winwebsec.f (v) 20180727
Baidu Win32.Trojan.Kryptik.ki 20180726
BitDefender Gen:Variant.FakeAlert.88 20180727
Bkav W32.eHeur.Malware03 20180726
CrowdStrike Falcon (ML) malicious_confidence_90% (D) 20180723
Cybereason malicious.732b0a 20180225
Cylance Unsafe 20180727
Cyren W32/FakeAlert.OK.gen!Eldorado 20180727
DrWeb Trojan.Fakealert.21226 20180727
Emsisoft Gen:Variant.FakeAlert.88 (B) 20180727
Endgame malicious (high confidence) 20180711
ESET-NOD32 a variant of Win32/Kryptik.OUM 20180727
F-Prot W32/FakeAlert.OK.gen!Eldorado 20180727
F-Secure Gen:Variant.FakeAlert.88 20180727
Fortinet W32/PackFakeAV.KT!tr 20180727
GData Win32.Trojan.FakeAV.M 20180727
Ikarus Trojan.Crypt 20180726
Sophos ML heuristic 20180717
Jiangmin Hoax.SMWnd.dv 20180727
K7AntiVirus Trojan ( 0027d7c71 ) 20180726
K7GW Trojan ( 0027d7c71 ) 20180727
Kaspersky HEUR:Hoax.Win32.SMWnd.a 20180727
MAX malware (ai score=95) 20180727
McAfee FakeAlert-SecurityTool.bt 20180727
Microsoft Rogue:Win32/Winwebsec 20180727
eScan Gen:Variant.FakeAlert.88 20180727
NANO-Antivirus Trojan.Win32.SMWnd.cjvua 20180727
Palo Alto Networks (Known Signatures) generic.ml 20180727
Panda Trj/Resdec.c 20180726
Qihoo-360 Win32/Trojan.b62 20180727
Rising Trojan.Win32.Generic.12A42E12 (C64:YzY0Oithr54NTuJL) 20180727
SentinelOne (Static ML) static engine - malicious 20180701
Sophos AV Troj/FakeAV-DYL 20180726
SUPERAntiSpyware Trojan.Agent/Gen-Winwebsec 20180727
Symantec Trojan.FakeAV!gen57 20180726
TACHYON Joke/W32.SMWnd.417792.D 20180727
Tencent Win32.Trojan.Generic.Sxdw 20180727
TheHacker Trojan/SMWnd.dft 20180726
TotalDefense Win32/Renos.J!generic 20180726
TrendMicro TROJ_FAKEAV.SMWJ 20180727
TrendMicro-HouseCall TROJ_FAKEAV.SMWJ 20180727
VBA32 BScope.Trojan.FakeAV 20180726
VIPRE FraudTool.Win32.Winwebsec.f (v) 20180727
Webroot W32.Trojan.Gen 20180727
Yandex Trojan.FakeAV.Gen!Pac.11 20180725
Zillya Trojan.FakeAV.Win32.120320 20180726
ZoneAlarm by Check Point HEUR:Hoax.Win32.SMWnd.a 20180726
Alibaba 20180713
Avast-Mobile 20180726
Babable 20180725
CAT-QuickHeal 20180725
ClamAV 20180727
CMC 20180726
Comodo 20180727
eGambit 20180727
Kingsoft 20180727
Malwarebytes 20180727
Trustlook 20180727
ViRobot 20180726
Zoner 20180726
The file being studied is a Portable Executable file! More specifically, it is a Win32 EXE file for the Windows GUI subsystem.
Packers identified
PEiD Armadillo v1.71
PE header basic information
Target machine Intel 386 or later processors and compatible processors
Compilation timestamp 2011-06-06 17:25:20
Entry Point 0x0002B592
Number of sections 6
PE sections
Overlays
MD5 d2a70550489de356a2cd6bfc40711204
File type ASCII text
Offset 414720
Size 3072
Entropy 0.00
PE imports
GetObjectA
CreateDCA
SelectObject
EnumObjects
CreatePen
GetDeviceCaps
CreateSolidBrush
GetDIBits
DeleteObject
CreateCompatibleBitmap
Rectangle
GetSystemTime
GetLastError
HeapFree
GetStdHandle
SystemTimeToFileTime
LCMapStringW
SetHandleCount
LoadLibraryW
GlobalFree
SetCurrentDirectoryA
FreeLibrary
LCMapStringA
HeapDestroy
GetTickCount
VirtualProtect
FlushFileBuffers
LoadLibraryA
LockFile
RtlUnwind
GetModuleFileNameA
UpdateResourceA
VirtualAllocEx
FreeEnvironmentStringsA
GetSystemDirectoryA
EndUpdateResourceA
UnlockFile
HeapCreate
SizeofResource
GetEnvironmentStringsW
VirtualFreeEx
LocalAlloc
LockResource
GetTempPathA
WideCharToMultiByte
UnhandledExceptionFilter
MultiByteToWideChar
FreeEnvironmentStringsW
GetCommandLineA
GetProcAddress
GetStartupInfoA
SetStdHandle
CreateMutexA
SetFilePointer
FindResourceExA
LockFileEx
CreateSemaphoreA
GetCPInfo
GetStringTypeA
GetModuleHandleA
ReadFile
DeleteFileA
WriteFile
GetCurrentProcess
CloseHandle
ExitProcess
FindNextFileA
UnlockFileEx
GetACP
HeapReAlloc
GetStringTypeW
GetModuleHandleW
FreeResource
GetOEMCP
TerminateProcess
GetEnvironmentStrings
LoadResource
GlobalAlloc
VirtualFree
CreateEventA
FindClose
CopyFileA
Sleep
GetFileType
CreateFileA
HeapAlloc
GetVersion
GetCurrentDirectoryA
VirtualAlloc
BeginUpdateResourceA
SetLastError
StrStrIA
GetMessageA
SetWindowRgn
DrawTextA
EndDialog
BeginPaint
HideCaret
CreateIconIndirect
PostQuitMessage
DefWindowProcA
ShowWindow
IsWindow
DispatchMessageA
EndPaint
UpdateWindow
DrawIcon
TranslateMessage
DialogBoxParamA
GetDC
CopyImage
ReleaseDC
ShowCaret
DestroyIcon
LoadStringA
IsWindowVisible
GetClientRect
LoadAcceleratorsA
CreateWindowExA
LoadCursorA
LoadIconA
TranslateAcceleratorA
GetDesktopWindow
RegisterClassExA
DestroyWindow
CoUninitialize
CoInitialize
Number of PE resources by type
RT_ICON 3
RT_GROUP_ICON 1
Number of PE resources by language
ENGLISH US 4
PE resources
ExifTool file metadata
MIMEType
application/octet-stream

Subsystem
Windows GUI

MachineType
Intel 386 or later, and compatibles

TimeStamp
2011:06:06 18:25:20+01:00

FileType
Win32 EXE

PEType
PE32

CodeSize
188416

LinkerVersion
6.0

FileTypeExtension
exe

InitializedDataSize
45056

SubsystemVersion
4.0

EntryPoint
0x2b592

OSVersion
4.0

ImageVersion
0.0

UninitializedDataSize
0

File identification
MD5 c2806a8732b0a09a262e0311f6970baa
SHA1 41bdf158d35d13286318013120f2fb79428a6149
SHA256 41e027ba9dd0169405cc6e1b08dda9e5bea9293186d857f5c1f6b05a8f11ad5d
ssdeep
12288:YUWX1/fEn6rvbIdSxEtbmmyrVkZPKIA7:L4fEntnmtitKIA

authentihash 285d245396de53d6ad025caefbf065679567190fa82b6a5e8dadf57a9e49ac41
imphash 04766195ce43fbcfb25ebdeabecf97c5
File size 408.0 KB ( 417792 bytes )
File type Win32 EXE
Magic literal
PE32 executable for MS Windows (GUI) Intel 80386 32-bit

TrID Win32 Executable MS Visual C++ (generic) (41.0%)
Win64 Executable (generic) (36.3%)
Win32 Dynamic Link Library (generic) (8.6%)
Win32 Executable (generic) (5.9%)
OS/2 Executable (generic) (2.6%)
Tags
peexe armadillo overlay

VirusTotal metadata
First submission 2011-11-18 08:16:25 UTC ( 6 years, 11 months ago )
Last submission 2018-07-27 02:55:56 UTC ( 2 months, 4 weeks ago )
File names c2806a8732b0a09a262e0311f6970baa
aa
virussign.com_c2806a8732b0a09a262e0311f6970baa
VirusShare_c2806a8732b0a09a262e0311f6970baa
b2yMQ.ini
WstHQwD.odt
No comments. No VirusTotal Community member has commented on this item yet, be the first one to do so!

Leave your comment...

?
Post comment

You have not signed in. Only registered users can leave comments, sign in and have a voice!

No votes. No one has voted on this item yet, be the first one to do so!
Condensed report! The following is a condensed report of the behaviour of the file when executed in a controlled environment. The actions and events described were either performed by the file itself or by any other process launched by the executed file or subjected to code injection by the executed file.
Runtime DLLs