× Cookies are disabled! This site requires cookies to be enabled to work properly
SHA256: 467a9d98c903cf5cc90bc8ea6f8c56a46e151a44c3734c6ae9a08a1811ef9e6e
File name: 1a90c56abd829483d6806ea4f972027c
Detection ratio: 29 / 57
Analysis date: 2016-03-16 20:40:45 UTC ( 2 years, 11 months ago ) View latest
Antivirus Result Update
Ad-Aware Gen:Variant.Razy.29562 20160316
AhnLab-V3 Malware/Win32.Generic 20160316
ALYac Gen:Variant.Razy.29562 20160316
Antiy-AVL Trojan/Win32.TSGeneric 20160316
Arcabit Trojan.Razy.D737A 20160316
Avast Win32:Trojan-gen 20160316
Avira (no cloud) TR/Taranis.2635 20160316
BitDefender Gen:Variant.Razy.29562 20160316
Bkav HW32.Packed.FE08 20160316
Emsisoft Gen:Variant.Razy.29562 (B) 20160316
ESET-NOD32 a variant of Win32/Kryptik.EQRJ 20160316
F-Secure Gen:Variant.Razy.29562 20160316
Fortinet W32/Kryptik.EQOX!tr 20160316
GData Gen:Variant.Razy.29562 20160316
Jiangmin Trojan.Generic.qmfw 20160316
K7GW Hacktool ( 655367771 ) 20160316
Kaspersky HEUR:Trojan.Win32.Generic 20160316
Malwarebytes Trojan.Qakbot 20160316
McAfee W32/PinkSbot-BL!1A90C56ABD82 20160316
McAfee-GW-Edition BehavesLike.Win32.PWSZbot.cc 20160316
Microsoft Backdoor:Win32/Qakbot!rfn 20160316
eScan Gen:Variant.Razy.29562 20160316
NANO-Antivirus Trojan.Win32.Inject2.eaxuoj 20160316
Panda Trj/Genetic.gen 20160316
Qihoo-360 HEUR/QVM20.1.0000.Malware.Gen 20160316
Rising PE:Malware.Generic(Thunder)!1.A1C4 [F] 20160316
Sophos AV Mal/Qbot-N 20160316
TrendMicro TROJ_GEN.R00XC0DCG16 20160316
Zillya Trojan.Bublik.Win32.19955 20160316
AegisLab 20160316
Yandex 20160316
Alibaba 20160316
AVG 20160316
AVware 20160316
Baidu 20160315
Baidu-International 20160316
ByteHero 20160316
CAT-QuickHeal 20160316
ClamAV 20160311
CMC 20160316
Comodo 20160316
Cyren 20160316
DrWeb 20160316
F-Prot 20160316
Ikarus 20160316
K7AntiVirus 20160316
nProtect 20160316
SUPERAntiSpyware 20160316
Symantec 20160316
Tencent 20160316
TheHacker 20160315
TotalDefense 20160316
TrendMicro-HouseCall 20160316
VBA32 20160316
VIPRE 20160316
ViRobot 20160316
Zoner 20160316
The file being studied is a Portable Executable file! More specifically, it is a Win32 EXE file for the Windows command line subsystem.
PE header basic information
Target machine Intel 386 or later processors and compatible processors
Compilation timestamp 2016-03-10 12:48:27
Entry Point 0x00030CF0
Number of sections 2
PE sections
PE imports
PlayEnhMetaFileRecord
GetDeviceCaps
PlayMetaFileRecord
CreateEnhMetaFileW
PolyPolygon
GetGlyphIndicesA
ArcTo
SetDCPenColor
SelectClipPath
GetTextExtentPoint32A
CreatePalette
EnumFontFamiliesExW
SaveDC
GetTextExtentExPointW
SetICMMode
Polyline
GetEnhMetaFileW
AngleArc
GetCharWidth32A
GetCurrentProcessId
FreeConsole
MprInfoBlockRemove
MprInfoBlockQuerySize
MprConfigInterfaceTransportRemove
MprAdminMIBServerDisconnect
MprAdminInterfaceGetHandle
MprAdminConnectionClearStats
MprConfigServerRestore
MprConfigServerInstall
MprAdminMIBEntryDelete
I_RpcGetBufferWithObject
RpcMgmtStopServerListening
NdrOleFree
NdrRpcSmSetClientToOsf
NdrComplexArrayMemorySize
NdrNonConformantStringUnmarshall
I_RpcIfInqTransferSyntaxes
RpcMgmtEpUnregister
NdrNonEncapsulatedUnionMemorySize
I_RpcServerUseProtseqEp2A
NdrComplexStructFree
NdrFixedArrayMemorySize
I_RpcSend
NdrClientContextUnmarshall
I_RpcPauseExecution
RpcObjectSetInqFn
I_RpcNsBindingSetEntryNameA
I_RpcBindingInqDynamicEndpointW
NdrInterfacePointerBufferSize
NdrNonEncapsulatedUnionBufferSize
SetupDiOpenDeviceInfoA
InstallHinfSectionW
SetupGetIntField
SetupGetSourceInfoW
SetupGetInfInformationW
SetupFindNextMatchLineW
SetupGetTargetPathA
SetupQueueCopySectionW
SetupDiGetHwProfileFriendlyNameExA
SetupInitializeFileLogA
SetupInstallServicesFromInfSectionExW
SetupScanFileQueueA
SetupDiSetDeviceInstallParamsA
SetupDiCreateDeviceInfoW
SetupDiCreateDevRegKeyW
SetupDiClassNameFromGuidExA
SetupDiGetDeviceInstallParamsW
SetupRenameErrorW
SetupSetPlatformPathOverrideA
SetupSetFileQueueAlternatePlatformA
SetupDiGetClassDevsW
SetupDiCreateDevRegKeyA
SetupQueryDrivesInDiskSpaceListA
SetupInstallFileA
PathFindFileNameA
TrackPopupMenu
IsDialogMessageW
FlashWindow
DestroyAcceleratorTable
SetLastErrorEx
GetKBCodePage
FindWindowA
PostThreadMessageA
GetFileTitleW
PrintDlgA
ReplaceTextA
CommDlgExtendedError
GetOpenFileNameW
ChooseColorW
ChooseFontW
GetSaveFileNameW
ChooseColorA
FindTextW
ReplaceTextW
PrintDlgW
GetSaveFileNameA
ChooseFontA
SetColorProfileElementReference
EnumColorProfilesA
CreateProfileFromLogColorSpaceA
CheckColors
SetColorProfileElement
SetStandardColorSpaceProfileA
CreateColorTransformA
InstallColorProfileA
ConvertIndexToColorName
GetColorProfileElementTag
CloseColorProfile
CreateDeviceLinkProfile
GetStandardColorSpaceProfileW
GetNamedProfileInfo
CreateProfileFromLogColorSpaceW
SetStandardColorSpaceProfileW
GetPS2ColorRenderingIntent
UninstallColorProfileA
SetColorProfileHeader
GetStandardColorSpaceProfileA
RtlxOemStringToUnicodeSize
NtSetSecurityObject
NtReadVirtualMemory
NtClearEvent
ZwOpenProcess
RtlAppendUnicodeStringToString
NtQueryVolumeInformationFile
NtOpenSection
RtlNtStatusToDosError
NtFlushBuffersFile
NtQueryInformationFile
OleSetAutoConvert
CoQueryProxyBlanket
SetConvertStg
ReadFmtUserTypeStg
HBITMAP_UserUnmarshal
CoTaskMemFree
CreateOleAdviseHolder
PdhGetRawCounterValue
PdhCloseQuery
PdhBrowseCountersA
PdhValidatePathA
PdhGetDefaultPerfObjectW
PdhOpenQueryW
PdhGetFormattedCounterArrayW
PdhOpenLogW
PdhGetDataSourceTimeRangeW
PdhSelectDataSourceW
PdhParseCounterPathW
ExifTool file metadata
MIMEType
application/octet-stream

Subsystem
Windows command line

MachineType
Intel 386 or later, and compatibles

FileTypeExtension
exe

TimeStamp
2016:03:10 13:48:27+01:00

FileType
Win32 EXE

PEType
PE32

CodeSize
201216

LinkerVersion
6.0

EntryPoint
0x30cf0

InitializedDataSize
2048

SubsystemVersion
4.0

ImageVersion
0.0

OSVersion
4.0

UninitializedDataSize
0

File identification
MD5 1a90c56abd829483d6806ea4f972027c
SHA1 6aadf1752ca5b5a1de037914c71d3c417125a5ab
SHA256 467a9d98c903cf5cc90bc8ea6f8c56a46e151a44c3734c6ae9a08a1811ef9e6e
ssdeep
6144:JcDN4jbqjOIZUDOcZ1xydHm7eqKSAUlt43LHy0:xbAONDjgdGKqVuLn

authentihash 46148ed95ad2777be8628397b31d8f2675fbece1f94b9b717224e4c428beaca3
imphash 0236f0ee81458b6dc276a21955b30513
File size 199.0 KB ( 203776 bytes )
File type Win32 EXE
Magic literal
PE32 executable for MS Windows (console) Intel 80386 32-bit

TrID Win32 Dynamic Link Library (generic) (43.5%)
Win32 Executable (generic) (29.8%)
Generic Win/DOS Executable (13.2%)
DOS Executable Generic (13.2%)
Tags
peexe

VirusTotal metadata
First submission 2016-03-16 20:40:45 UTC ( 2 years, 11 months ago )
Last submission 2016-07-31 15:31:39 UTC ( 2 years, 6 months ago )
No comments. No VirusTotal Community member has commented on this item yet, be the first one to do so!

Leave your comment...

?
Post comment

You have not signed in. Only registered users can leave comments, sign in and have a voice!

No votes. No one has voted on this item yet, be the first one to do so!
Condensed report! The following is a condensed report of the behaviour of the file when executed in a controlled environment. The actions and events described were either performed by the file itself or by any other process launched by the executed file or subjected to code injection by the executed file.
Opened files
Read files
Written files
Copied files
Deleted files
Created processes
Shell commands
Created mutexes
Opened mutexes
Runtime DLLs
UDP communications