× Cookies are disabled! This site requires cookies to be enabled to work properly
SHA256: 46aeb5594726ae916be3971acfa5b711f7540999036f959fd54918c74c036a90
File name: b5594726ae916be3971acfa5b711f7540999036f959fd54918c74c036a90.bin
Detection ratio: 46 / 58
Analysis date: 2016-09-19 07:11:21 UTC ( 2 years, 5 months ago )
Antivirus Result Update
Ad-Aware Trojan.Agent.BXRQ 20160919
AegisLab Troj.Proxy.W32.Lethic!c 20160919
AhnLab-V3 Trojan/Win32.Lethic.N2084484085 20160918
ALYac Trojan.Agent.BXRQ 20160919
Antiy-AVL Trojan[Proxy]/Win32.Lethic 20160919
Arcabit Trojan.Agent.BXRQ 20160917
Avast Win32:Malware-gen 20160919
AVG Generic_r.MNX 20160919
Avira (no cloud) TR/Crypt.ZPACK.ljho 20160919
AVware Trojan.Win32.Generic!BT 20160919
BitDefender Trojan.Agent.BXRQ 20160919
Bkav W32.FamVT.RazyNHmA.Trojan 20160917
CAT-QuickHeal TrojanProxy.Lethic 20160919
CrowdStrike Falcon (ML) malicious_confidence_100% (W) 20160725
Cyren W32/S-178758b5!Eldorado 20160919
DrWeb BackDoor.Siggen2.921 20160919
Emsisoft Trojan.Agent.BXRQ (B) 20160919
ESET-NOD32 a variant of Win32/Kryptik.FEUT 20160919
F-Prot W32/S-178758b5!Eldorado 20160919
F-Secure Trojan.Agent.BXRQ 20160919
Fortinet W32/Kryptik.FEUT!tr 20160919
GData Trojan.Agent.BXRQ 20160919
Ikarus Trojan.Win32.Crypt 20160918
Sophos ML virus.win32.virut.bn 20160917
Jiangmin Trojan.Generic.ahqoy 20160918
K7AntiVirus Trojan ( 004f68241 ) 20160918
K7GW Trojan ( 004f68241 ) 20160919
Kaspersky Trojan-Proxy.Win32.Lethic.zyp 20160919
Malwarebytes Backdoor.Andromeda 20160919
McAfee RDN/Generic.grp 20160919
McAfee-GW-Edition RDN/Generic.grp 20160918
Microsoft Trojan:Win32/Lethic.B 20160919
eScan Trojan.Agent.BXRQ 20160919
Panda Trj/GdSda.A 20160918
Qihoo-360 Win32/Trojan.97a 20160919
Rising Malware.Generic!J2hw9N06LxK@5 (thunder) 20160919
Sophos AV Mal/Lethic-I 20160919
SUPERAntiSpyware Trojan.Agent/Gen-Multi 20160919
Symantec Trojan Horse 20160919
Tencent Win32.Trojan-proxy.Lethic.Wurf 20160919
TrendMicro TROJ_GEN.R023C0CHN16 20160919
TrendMicro-HouseCall TROJ_GEN.R023C0CHN16 20160919
VBA32 TrojanProxy.Lethic 20160917
VIPRE Trojan.Win32.Generic!BT 20160919
Yandex Trojan.PR.Lethic!xl46bq4sEL8 20160918
Zillya Trojan.Lethic.Win32.2968 20160915
Alibaba 20160919
Baidu 20160914
ClamAV 20160916
CMC 20160916
Comodo 20160916
Kingsoft 20160919
NANO-Antivirus 20160919
nProtect 20160919
TheHacker 20160918
TotalDefense 20160918
ViRobot 20160919
Zoner 20160919
The file being studied is a Portable Executable file! More specifically, it is a Win32 EXE file for the Windows GUI subsystem.
PE header basic information
Target machine Intel 386 or later processors and compatible processors
Compilation timestamp 2016-08-19 19:00:00
Entry Point 0x000043B4
Number of sections 4
PE sections
PE imports
RegOpenKeyExA
LookupPrivilegeValueA
RegQueryValueExA
RegCloseKey
OpenProcessToken
GetLastError
TlsGetValue
HeapFree
GetStdHandle
EnterCriticalSection
LCMapStringW
SetHandleCount
GetConsoleCP
GetOEMCP
QueryPerformanceCounter
IsDebuggerPresent
HeapAlloc
TlsAlloc
FlushFileBuffers
GetEnvironmentStringsW
GetVersionExA
GetModuleFileNameA
RtlUnwind
LoadLibraryA
FreeEnvironmentStringsA
DeleteCriticalSection
GetCurrentProcess
GetEnvironmentStrings
GetConsoleMode
GetLocaleInfoA
GetCurrentProcessId
GetConsoleOutputCP
WriteConsoleW
DeleteFileA
GetCPInfo
UnhandledExceptionFilter
InterlockedDecrement
MultiByteToWideChar
HeapSize
GetTickCount
FreeEnvironmentStringsW
GetCommandLineA
GlobalLock
TlsFree
GetProcessHeap
SetStdHandle
SetFilePointer
WideCharToMultiByte
GetStringTypeA
GetModuleHandleA
ReadFile
SetUnhandledExceptionFilter
WriteFile
GetStartupInfoA
CloseHandle
GetSystemTimeAsFileTime
GetACP
HeapReAlloc
GetStringTypeW
GetProcAddress
TerminateProcess
LCMapStringA
WriteConsoleA
InitializeCriticalSection
HeapCreate
VirtualFree
FindClose
HeapDestroy
Sleep
GetFileType
SetEndOfFile
TlsSetValue
CreateFileA
ExitProcess
GetCurrentThreadId
InterlockedIncrement
VirtualAlloc
SetLastError
LeaveCriticalSection
GetWindowLongA
GetSystemMetrics
ReleaseDC
DispatchMessageA
PeekMessageA
TranslateMessage
ExifTool file metadata
MIMEType
application/octet-stream

Subsystem
Windows GUI

MachineType
Intel 386 or later, and compatibles

FileTypeExtension
exe

TimeStamp
2016:08:19 20:00:00+01:00

FileType
Win32 EXE

PEType
PE32

CodeSize
69120

LinkerVersion
9.0

EntryPoint
0x43b4

InitializedDataSize
57856

SubsystemVersion
5.0

ImageVersion
0.0

OSVersion
5.0

UninitializedDataSize
0

File identification
MD5 dacfcb37ca0d83b44609fd6f4dcb9fdb
SHA1 9e483444e109ad6907a3c732cb9a9715af6cc9a9
SHA256 46aeb5594726ae916be3971acfa5b711f7540999036f959fd54918c74c036a90
ssdeep
3072:Soobe26KKvbLahqdd5HNkul2tQ+cg/sd9cfighX:dW6KKvbLaIddRNrl2R0TcKO

authentihash 934557e910c2e6780b95c99c94fed3a9f64f46df804140521aa480c4925bd1b4
imphash deec40f3454707df4884b15ec84e7de9
File size 125.0 KB ( 128000 bytes )
File type Win32 EXE
Magic literal
PE32 executable for MS Windows (GUI) Intel 80386 32-bit

TrID Win32 Executable MS Visual C++ (generic) (42.2%)
Win64 Executable (generic) (37.3%)
Win32 Dynamic Link Library (generic) (8.8%)
Win32 Executable (generic) (6.0%)
Generic Win/DOS Executable (2.7%)
Tags
peexe

VirusTotal metadata
First submission 2016-08-19 19:10:10 UTC ( 2 years, 6 months ago )
Last submission 2016-08-19 19:10:10 UTC ( 2 years, 6 months ago )
File names svckost3101123.exe
b5594726ae916be3971acfa5b711f7540999036f959fd54918c74c036a90.bin
No comments. No VirusTotal Community member has commented on this item yet, be the first one to do so!

Leave your comment...

?
Post comment

You have not signed in. Only registered users can leave comments, sign in and have a voice!

No votes. No one has voted on this item yet, be the first one to do so!
Condensed report! The following is a condensed report of the behaviour of the file when executed in a controlled environment. The actions and events described were either performed by the file itself or by any other process launched by the executed file or subjected to code injection by the executed file.
Opened files
Code injections in the following processes
Runtime DLLs
TCP connections
UDP communications