× Cookies are disabled! This site requires cookies to be enabled to work properly
SHA256: 4393d6c64d9598b1acc2788b5804c3835f17d34017642f39b5f7015f6a926372
File name: 91.exe
Detection ratio: 4 / 55
Analysis date: 2015-12-14 16:44:59 UTC ( 3 years, 5 months ago ) View latest
Antivirus Result Update
Kaspersky UDS:DangerousObject.Multi.Generic 20151214
McAfee-GW-Edition BehavesLike.Win32.Benjamin.fh 20151214
Rising PE:Trojan.Kryptik!1.A31F [F] 20151212
ViRobot Trojan.Win32.R.Agent.353280.J[h] 20151214
Ad-Aware 20151214
AegisLab 20151214
Yandex 20151213
AhnLab-V3 20151214
Alibaba 20151208
ALYac 20151214
Antiy-AVL 20151214
Arcabit 20151214
Avast 20151214
AVG 20151214
Avira (no cloud) 20151214
AVware 20151214
Baidu-International 20151214
BitDefender 20151214
Bkav 20151214
ByteHero 20151214
CAT-QuickHeal 20151214
ClamAV 20151214
CMC 20151214
Comodo 20151214
Cyren 20151214
DrWeb 20151214
Emsisoft 20151214
ESET-NOD32 20151214
F-Prot 20151214
F-Secure 20151214
Fortinet 20151214
GData 20151214
Ikarus 20151214
Jiangmin 20151213
K7AntiVirus 20151214
K7GW 20151214
Malwarebytes 20151214
McAfee 20151214
Microsoft 20151214
eScan 20151214
NANO-Antivirus 20151214
nProtect 20151214
Panda 20151213
Qihoo-360 20151214
Sophos AV 20151214
SUPERAntiSpyware 20151214
Symantec 20151214
Tencent 20151214
TheHacker 20151214
TrendMicro 20151214
TrendMicro-HouseCall 20151214
VBA32 20151214
VIPRE 20151214
Zillya 20151213
Zoner 20151214
The file being studied is a Portable Executable file! More specifically, it is a Win32 EXE file for the Windows GUI subsystem.
PE header basic information
Target machine Intel 386 or later processors and compatible processors
Compilation timestamp 2015-12-14 12:45:53
Entry Point 0x00017FB4
Number of sections 4
PE sections
PE imports
RegDeleteKeyA
RegDeleteValueW
RegOpenKeyA
RegCloseKey
AdjustTokenPrivileges
OpenProcessToken
RegSetValueExW
RegQueryValueA
GetUserNameW
LookupPrivilegeValueA
RegSetValueA
RegCreateKeyW
RegSetValueExA
RegQueryValueExA
RegDeleteKeyW
RegOpenKeyExA
RegCreateKeyA
RegSetValueW
RegQueryValueExW
RegQueryValueW
SetThreadLocale
GetStdHandle
FileTimeToDosDateTime
GetConsoleOutputCP
WaitForSingleObject
GetLocalTime
FreeEnvironmentStringsA
DeleteCriticalSection
GetCurrentProcess
GetConsoleMode
GetLocaleInfoA
LocalAlloc
SetErrorMode
FreeEnvironmentStringsW
SetStdHandle
GetCPInfo
GetStringTypeA
WriteFile
GetSystemTimeAsFileTime
GetDiskFreeSpaceA
GetStringTypeW
GetFullPathNameA
FreeLibrary
LocalFree
InitializeCriticalSection
LoadResource
GlobalHandle
FindClose
TlsGetValue
FormatMessageA
GetStringTypeExA
SetLastError
GetSystemTime
FindNextVolumeA
GlobalFindAtomA
ExitProcess
FlushFileBuffers
GetModuleFileNameA
EnumCalendarInfoA
LoadLibraryExA
UnhandledExceptionFilter
InterlockedDecrement
MultiByteToWideChar
SetFilePointerEx
GetModuleHandleA
CreateThread
GlobalAddAtomA
SetUnhandledExceptionFilter
MulDiv
SetEnvironmentVariableA
TerminateProcess
WriteConsoleA
GlobalAlloc
SetEndOfFile
GetVersion
InterlockedIncrement
WriteConsoleW
InitializeCriticalSectionAndSpinCount
HeapFree
EnterCriticalSection
SetHandleCount
SetEvent
QueryPerformanceCounter
GetTickCount
TlsAlloc
GetVersionExA
LoadLibraryA
RtlUnwind
GetStartupInfoA
GetDateFormatA
GetEnvironmentStrings
GetFileSize
GlobalDeleteAtom
DeleteFileA
GlobalLock
CompareStringW
GetFileSizeEx
GlobalReAlloc
lstrcmpA
FindFirstFileA
lstrcpyA
CompareStringA
GetProcAddress
GetTimeZoneInformation
FindFirstVolumeA
CreateEventA
IsDebuggerPresent
GetFileType
TlsSetValue
CreateFileA
HeapAlloc
LeaveCriticalSection
GetLastError
LCMapStringW
GetSystemInfo
lstrlenA
GlobalFree
GetConsoleCP
LCMapStringA
HeapReAlloc
GetThreadLocale
GetEnvironmentStringsW
GlobalUnlock
VirtualQuery
FileTimeToLocalFileTime
SizeofResource
GetCurrentProcessId
LockResource
WideCharToMultiByte
GetCPInfoExA
HeapSize
GetCommandLineA
RaiseException
TlsFree
SetFilePointer
ReadFile
CloseHandle
GetTimeFormatA
lstrcpynA
GetACP
GetModuleHandleW
GetCurrentThreadId
FreeResource
GetLongPathNameW
IsValidCodePage
HeapCreate
VirtualFree
GetLongPathNameA
Sleep
FindResourceA
VirtualAlloc
GetOEMCP
ResetEvent
SHGetFileInfoA
ExtractIconA
DragFinish
DragQueryFileW
DragAcceptFiles
ShellExecuteW
DragQueryPoint
SHGetFileInfoW
ExtractIconW
ExtractAssociatedIconA
SHGetFolderPathW
ShellExecuteA
SetWindowLongW
GetParent
LoadStringA
CharNextA
MessageBoxA
GetWindowLongW
IsIconic
GetKeyboardType
Number of PE resources by type
AVI 1
Number of PE resources by language
KONKANI DEFAULT 1
PE resources
ExifTool file metadata
MIMEType
application/octet-stream

Subsystem
Windows GUI

MachineType
Intel 386 or later, and compatibles

TimeStamp
2015:12:14 13:45:53+01:00

FileType
Win32 EXE

PEType
PE32

CodeSize
512

LinkerVersion
9.0

ImageFileCharacteristics
No relocs, Executable, 32-bit

FileTypeExtension
exe

InitializedDataSize
351744

SubsystemVersion
5.0

EntryPoint
0x17fb4

OSVersion
5.0

ImageVersion
0.0

UninitializedDataSize
0

Compressed bundles
File identification
MD5 aad51084114e03b39cff54de292d6d93
SHA1 555976e8b950633f7b985b1547c71ec746386f99
SHA256 4393d6c64d9598b1acc2788b5804c3835f17d34017642f39b5f7015f6a926372
ssdeep
6144:odWC6cVHPfSgEq6+pg+1Ptlc2q16SCJWAPGYDpR7XSx:oMbDAg+1PPRq16SCPGYDpR7ix

authentihash 1b15407faa5152f2f0761c72b55a9258e9d61ae7f9545e526d58ff659afa0741
imphash af2ab1b3770c01a0a713e8a2b5917a1f
File size 345.0 KB ( 353280 bytes )
File type Win32 EXE
Magic literal
PE32 executable for MS Windows (GUI) Intel 80386 32-bit

TrID Win64 Executable (generic) (72.3%)
Win32 Executable (generic) (11.8%)
OS/2 Executable (generic) (5.3%)
Generic Win/DOS Executable (5.2%)
DOS Executable Generic (5.2%)
Tags
peexe

VirusTotal metadata
First submission 2015-12-14 16:42:41 UTC ( 3 years, 5 months ago )
Last submission 2018-10-09 18:36:34 UTC ( 7 months, 2 weeks ago )
File names 91.exe_
91.exe
aad51084114e03b39cff54de292d6d93
Advanced heuristic and reputation engines
TrendMicro-HouseCall
TrendMicro's heuristic engine has flagged this file as: Suspicious_GEN.F47V1215.

No comments. No VirusTotal Community member has commented on this item yet, be the first one to do so!

Leave your comment...

?
Post comment

You have not signed in. Only registered users can leave comments, sign in and have a voice!

No votes. No one has voted on this item yet, be the first one to do so!
Condensed report! The following is a condensed report of the behaviour of the file when executed in a controlled environment. The actions and events described were either performed by the file itself or by any other process launched by the executed file or subjected to code injection by the executed file.
Opened files
Read files
Written files
Moved files
Deleted files
Created processes
Shell commands
Created mutexes
Opened mutexes
Opened service managers
Opened services
Runtime DLLs
HTTP requests
DNS requests
TCP connections