× Cookies are disabled! This site requires cookies to be enabled to work properly
SHA256: 42d3e802bc329829c00bc88f0441d8777d9002bbe063b7f5a947adae1c9ba8a2
File name: 089d794b921fb1c68ae8bcf693a365b8.virus
Detection ratio: 36 / 57
Analysis date: 2016-04-18 07:07:17 UTC ( 2 years, 11 months ago )
Antivirus Result Update
Ad-Aware Gen:Variant.Kazy.379514 20160418
AegisLab Troj.Downloader.W32.Upatre.mBgN 20160418
AhnLab-V3 Backdoor/Win32.Caphaw 20160418
ALYac Gen:Variant.Kazy.379514 20160418
Antiy-AVL Trojan/Win32.SGeneric 20160418
Arcabit Trojan.Kazy.D5CA7A 20160418
Avast Win32:Malware-gen 20160418
AVG Crypt3.AAVV 20160418
Avira (no cloud) TR/Crypt.Xpack.upmh 20160418
AVware Trojan.Win32.Caphaw.af (v) 20160418
Baidu Win32.Trojan.WisdomEyes.151026.9950.9998 20160418
BitDefender Gen:Variant.Kazy.379514 20160418
Cyren W32/Trojan.IZNN-6331 20160418
Emsisoft Gen:Variant.Kazy.379514 (B) 20160418
ESET-NOD32 a variant of Win32/Kryptik.CBCP 20160418
F-Secure Gen:Variant.Kazy.379514 20160418
Fortinet W32/Generic.CBCP!tr 20160418
GData Gen:Variant.Kazy.379514 20160418
Ikarus Trojan.SuspectCRC 20160417
Jiangmin Trojan/Generic.bfhlg 20160418
K7AntiVirus Trojan ( 00499d0f1 ) 20160418
K7GW Trojan ( 00499d0f1 ) 20160418
Kaspersky HEUR:Trojan.Win32.Generic 20160418
Kingsoft Win32.Troj.Undef.(kcloud) 20160418
Malwarebytes Trojan.Agent.ED 20160418
McAfee GenericATG-FYP!089D794B921F 20160417
McAfee-GW-Edition BehavesLike.Win32.Backdoor.jz 20160418
Microsoft Trojan:Win32/Toga!rfn 20160418
eScan Gen:Variant.Kazy.379514 20160418
NANO-Antivirus Trojan.Win32.Kryptik.dblhoz 20160418
Panda Generic Malware 20160417
Qihoo-360 QVM20.1.Malware.Gen 20160418
SUPERAntiSpyware Questionable.Resource 20160418
TrendMicro TROJ_GEN.R00JC0DDC16 20160418
VIPRE Trojan.Win32.Caphaw.af (v) 20160418
Yandex Trojan.Agent!FBTR1moi44g 20160416
Alibaba 20160418
Baidu-International 20160417
Bkav 20160415
CAT-QuickHeal 20160418
ClamAV 20160418
CMC 20160415
Comodo 20160418
DrWeb 20160418
F-Prot 20160418
nProtect 20160415
Rising 20160418
Sophos AV 20160418
Symantec 20160418
Tencent 20160418
TheHacker 20160417
TotalDefense 20160418
TrendMicro-HouseCall 20160418
VBA32 20160415
ViRobot 20160418
Zillya 20160417
Zoner 20160418
The file being studied is a Portable Executable file! More specifically, it is a Win32 EXE file for the Windows GUI subsystem.
PE header basic information
Target machine Intel 386 or later processors and compatible processors
Compilation timestamp 2014-04-28 08:35:05
Entry Point 0x00006B10
Number of sections 4
PE sections
PE imports
GetCurrentProcess
TerminateProcess
FindCloseChangeNotification
UnregisterWait
RtlUnwind
GetModuleHandleA
UnhandledExceptionFilter
WaitForSingleObject
SetUnhandledExceptionFilter
ExitProcess
LoadLibraryExW
HeapAlloc
CloseHandle
GetTickCount
IsDebuggerPresent
Sleep
GetProcAddress
VirtualAlloc
lstrlenW
ICSendMessage
Number of PE resources by type
RT_BITMAP 5
RT_STRING 1
RT_VERSION 1
RT_MANIFEST 1
Number of PE resources by language
RUSSIAN 7
ENGLISH US 1
PE resources
ExifTool file metadata
UninitializedDataSize
0

LinkerVersion
8.0

ImageVersion
0.0

FileVersionNumber
1.0.0.1

LanguageCode
Russian

FileFlagsMask
0x0017

CharacterSet
Unicode

InitializedDataSize
606208

EntryPoint
0x6b10

MIMEType
application/octet-stream

TimeStamp
2014:04:28 09:35:05+01:00

FileType
Win32 EXE

PEType
PE32

SubsystemVersion
4.0

OSVersion
4.0

FileOS
Win32

Subsystem
Windows GUI

MachineType
Intel 386 or later, and compatibles

CodeSize
28672

FileSubtype
0

ProductVersionNumber
1.0.0.1

FileTypeExtension
exe

ObjectFileType
Executable application

File identification
MD5 089d794b921fb1c68ae8bcf693a365b8
SHA1 61e0df4ae0217757f8113b6d4537313edcdb19ad
SHA256 42d3e802bc329829c00bc88f0441d8777d9002bbe063b7f5a947adae1c9ba8a2
ssdeep
3072:8EuLFIbJPSS/ZfKr4ULhVXAah0W6WvcbbWURZiGuRfCtk+h7Dqt56D:8rcrxf04ULfAPvWouRPM7U56

authentihash 44f0188c64914fc1ab5497087433af2a1652480185101d617e9cb6990749057a
imphash da38bf40b5e8887db5699481f4a57633
File size 624.0 KB ( 638976 bytes )
File type Win32 EXE
Magic literal
PE32 executable for MS Windows (GUI) Intel 80386 32-bit

TrID Win32 Dynamic Link Library (generic) (43.5%)
Win32 Executable (generic) (29.8%)
Generic Win/DOS Executable (13.2%)
DOS Executable Generic (13.2%)
Tags
peexe suspicious-dns

VirusTotal metadata
First submission 2016-04-18 07:07:17 UTC ( 2 years, 11 months ago )
Last submission 2016-04-18 07:07:17 UTC ( 2 years, 11 months ago )
File names 089d794b921fb1c68ae8bcf693a365b8.virus
No comments. No VirusTotal Community member has commented on this item yet, be the first one to do so!

Leave your comment...

?
Post comment

You have not signed in. Only registered users can leave comments, sign in and have a voice!

No votes. No one has voted on this item yet, be the first one to do so!
Condensed report! The following is a condensed report of the behaviour of the file when executed in a controlled environment. The actions and events described were either performed by the file itself or by any other process launched by the executed file or subjected to code injection by the executed file.
Opened files
Read files
Written files
Deleted files
Created mutexes
Opened mutexes
Opened service managers
Opened services
Runtime DLLs
HTTP requests
DNS requests
TCP connections
UDP communications