× Cookies are disabled! This site requires cookies to be enabled to work properly
SHA256: 46e4b2e57cfd29b35f11a4ee64bd04a47fa2048ce8f360274ba65c744ffeea18
File name: Temp.exe.vir
Detection ratio: 45 / 67
Analysis date: 2017-12-18 10:38:27 UTC ( 1 year, 4 months ago ) View latest
Antivirus Result Update
Ad-Aware Trojan.GenericKD.6295430 20171218
AegisLab Troj.Spy.W32.Zbot!c 20171218
AhnLab-V3 Win-Trojan/Sagecrypt.Gen 20171218
ALYac Spyware.Banker.panda 20171218
Arcabit Trojan.Generic.D600F86 20171218
Avast Other:Malware-gen [Trj] 20171218
AVG Other:Malware-gen [Trj] 20171218
Avira (no cloud) TR/Crypt.ZPACK.xhblx 20171218
AVware Trojan.Win32.Generic!BT 20171218
Baidu Win32.Trojan.WisdomEyes.16070401.9500.9999 20171218
BitDefender Trojan.GenericKD.6295430 20171218
CAT-QuickHeal TrojanSpy.Zbot 20171218
CrowdStrike Falcon (ML) malicious_confidence_100% (W) 20171016
Cybereason malicious.3590f1 20171103
Cylance Unsafe 20171218
DrWeb Trojan.MulDrop7.53487 20171218
Emsisoft Trojan.GenericKD.6295430 (B) 20171218
Endgame malicious (high confidence) 20171130
ESET-NOD32 Win32/Spy.Zbot.ADC 20171218
F-Secure Trojan.GenericKD.6295430 20171218
Fortinet W32/Kryptik.EKSX!tr 20171218
GData Trojan.GenericKD.6295430 20171218
Ikarus Trojan.Inject 20171218
Sophos ML heuristic 20170914
K7AntiVirus Riskware ( 0040eff71 ) 20171217
K7GW Riskware ( 0040eff71 ) 20171218
Kaspersky Trojan-Spy.Win32.Zbot.ytzo 20171218
Malwarebytes Trojan.Dropper 20171218
MAX malware (ai score=99) 20171218
McAfee RDN/Generic.hbg 20171218
McAfee-GW-Edition BehavesLike.Win32.Ransom.fc 20171218
Microsoft Trojan:Win32/Tiggre!rfn 20171218
eScan Trojan.GenericKD.6295430 20171218
NANO-Antivirus Trojan.Win32.Zbot.evysbc 20171218
Palo Alto Networks (Known Signatures) generic.ml 20171218
Panda Trj/CI.A 20171217
Sophos AV Troj/Wonton-ACY 20171218
Symantec Trojan Horse 20171218
Tencent Suspicious.Heuristic.Gen.b.0 20171218
TrendMicro TSPY_FAREIT.AUSREON 20171218
TrendMicro-HouseCall TSPY_FAREIT.AUSREON 20171218
VIPRE Trojan.Win32.Generic!BT 20171218
ViRobot Trojan.Win32.Agent.331264.H 20171218
Webroot W32.Malware.Gen 20171218
ZoneAlarm by Check Point Trojan-Spy.Win32.Zbot.ytzo 20171218
Alibaba 20171218
Antiy-AVL 20171218
Avast-Mobile 20171217
Bkav 20171216
ClamAV 20171218
CMC 20171218
Comodo 20171218
Cyren 20171218
eGambit 20171218
F-Prot 20171218
Jiangmin 20171218
Kingsoft 20171218
nProtect 20171218
Qihoo-360 20171218
Rising 20171218
SentinelOne (Static ML) 20171207
SUPERAntiSpyware 20171218
Symantec Mobile Insight 20171215
TheHacker 20171210
Trustlook 20171218
VBA32 20171215
WhiteArmor 20171204
Yandex 20171216
Zillya 20171217
Zoner 20171218
The file being studied is a Portable Executable file! More specifically, it is a Win32 EXE file for the Windows GUI subsystem.
FileVersionInfo properties
Copyright
Copyright (c) GranderSoft Development

Product Maintaining
File version 6.8.7.4
Description Nonaka Advisries
PE header basic information
Target machine Intel 386 or later processors and compatible processors
Compilation timestamp 2015-01-19 09:12:39
Entry Point 0x00016DC2
Number of sections 4
PE sections
PE imports
GetSidSubAuthorityCount
GetSidSubAuthority
GetSidIdentifierAuthority
AVISaveOptions
FlatSB_SetScrollProp
FlatSB_SetScrollRange
SelectObject
GetCurrentObject
CreateSolidBrush
GetPixel
SetBkMode
GetLastError
InitializeCriticalSectionAndSpinCount
HeapFree
GetStdHandle
EnterCriticalSection
LCMapStringW
SetHandleCount
LoadLibraryW
GetConsoleCP
GetOEMCP
QueryPerformanceCounter
IsDebuggerPresent
HeapAlloc
TlsAlloc
GetEnvironmentStringsW
FlushFileBuffers
LoadLibraryA
RtlUnwind
GetModuleFileNameA
IsProcessorFeaturePresent
DeleteCriticalSection
GetCurrentProcess
GetStartupInfoW
GetConsoleMode
DecodePointer
GetCurrentProcessId
OpenProcess
MapUserPhysicalPages
GetCPInfo
UnhandledExceptionFilter
InterlockedDecrement
MultiByteToWideChar
HeapSize
FreeEnvironmentStringsW
GetCommandLineA
GetProcAddress
EncodePointer
FormatMessageA
SetStdHandle
GetModuleHandleA
RaiseException
GlobalReAlloc
GetModuleFileNameW
TlsFree
SetFilePointer
HeapSetInformation
ReadFile
SetNamedPipeHandleState
WaitNamedPipeA
WriteFile
GetStartupInfoA
CloseHandle
GetSystemTimeAsFileTime
GetProcessWorkingSetSize
GetACP
HeapReAlloc
GetStringTypeW
GetModuleHandleW
LocalFree
TerminateProcess
SetUnhandledExceptionFilter
WideCharToMultiByte
IsValidCodePage
HeapCreate
SetLastError
CreateFileW
GlobalAlloc
TlsGetValue
Sleep
GetFileType
EnumDateFormatsA
TlsSetValue
CreateFileA
GetTickCount
GetCurrentThreadId
InterlockedIncrement
ExitProcess
WriteConsoleW
LeaveCriticalSection
acmDriverDetailsA
NetShareGetInfo
NetApiBufferFree
GetErrorInfo
EnumProcesses
GetModuleFileNameExW
RpcStringFreeA
UuidToStringA
UuidCreate
SHGetSpecialFolderLocation
SHBrowseForFolderA
GetMessageA
GetForegroundWindow
GetParent
UpdateWindow
IsDlgButtonChecked
EndDialog
PostQuitMessage
ShowWindow
GetClipboardData
GetWindowThreadProcessId
DispatchMessageA
MessageBoxA
TranslateMessage
DialogBoxParamA
GetScrollInfo
SetScrollInfo
RegisterClassExA
CreateDialogParamW
SystemParametersInfoA
SetWindowTextA
CheckMenuItem
LoadStringA
ScrollWindow
DrawIconEx
SendMessageA
GetWindowTextA
GetClientRect
GetDlgItem
GetMenuCheckMarkDimensions
LoadAcceleratorsA
GetWindowLongA
GetWindowTextLengthA
LoadCursorA
LoadIconA
TranslateAcceleratorA
ShowCursor
AttachThreadInput
wsprintfW
CloseClipboard
DestroyWindow
GetAncestor
OpenClipboard
WSAGetLastError
WSAEventSelect
EnumerateLoadedModules
GdipAlloc
GdipDisposeImage
GdipLoadImageFromFile
GdipLoadImageFromFileICM
GdipFree
GdipCloneImage
GdipSaveImageToFile
OleUninitialize
CoInitialize
OleInitialize
StgOpenStorage
StgIsStorageFile
CopyBindInfo
Number of PE resources by type
RT_ICON 5
BINARY 3
RT_GROUP_ICON 1
RT_VERSION 1
RT_MANIFEST 1
Number of PE resources by language
ENGLISH US 11
PE resources
ExifTool file metadata
CodeSize
140800

SubsystemVersion
5.1

LinkerVersion
10.0

ImageVersion
0.0

FileSubtype
0

FileVersionNumber
6.8.7.4

LanguageCode
English (U.S.)

FileFlagsMask
0x003f

FileDescription
Nonaka Advisries

ImageFileCharacteristics
No relocs, Executable, 32-bit

CharacterSet
Unicode

InitializedDataSize
189440

EntryPoint
0x16dc2

MIMEType
application/octet-stream

LegalCopyright
Copyright (c) GranderSoft Development

FileVersion
6.8.7.4

TimeStamp
2015:01:19 10:12:39+01:00

FileType
Win32 EXE

PEType
PE32

ProductVersion
6.8.7.4

UninitializedDataSize
0

OSVersion
5.1

FileOS
Windows NT 32-bit

Subsystem
Windows GUI

MachineType
Intel 386 or later, and compatibles

CompanyName
GranderSoft Development

LegalTrademarks
Copyright (c) GranderSoft Development

ProductName
Maintaining

ProductVersionNumber
6.8.7.4

FileTypeExtension
exe

ObjectFileType
Executable application

Execution parents
Compressed bundles
File identification
MD5 0d1150d89f94701b54c7feb81d83a8fd
SHA1 9f06c683590f1cba734b36ea4c5a02a7d4ea59bc
SHA256 46e4b2e57cfd29b35f11a4ee64bd04a47fa2048ce8f360274ba65c744ffeea18
ssdeep
6144:/+iIfNvG6J2hIlDtbxT5lSZ5BxXioU1xzHIUPLPDRrG/Zrm1GYt92lYdu:/+RfOuRbxT5lSZ5yLzZPHRrAZZy92lYo

authentihash 73da264723e55a106bb11ed9f6b8b4d6288a7b167212c110a9c8a468a2dfe9b4
imphash bdf04ca7ff10d44ecb27d34c56f64073
File size 323.5 KB ( 331264 bytes )
File type Win32 EXE
Magic literal
PE32 executable for MS Windows (GUI) Intel 80386 32-bit

TrID Win32 Executable MS Visual C++ (generic) (41.0%)
Win64 Executable (generic) (36.3%)
Win32 Dynamic Link Library (generic) (8.6%)
Win32 Executable (generic) (5.9%)
OS/2 Executable (generic) (2.6%)
Tags
peexe

VirusTotal metadata
First submission 2017-12-12 08:50:57 UTC ( 1 year, 4 months ago )
Last submission 2017-12-13 11:54:48 UTC ( 1 year, 4 months ago )
File names Temp.exe.vir
trasmetto
1024-9f06c683590f1cba734b36ea4c5a02a7d4ea59bc
Local.exe.53567796.DROPPED
cookies.exe
0d1150d89f94701b54c7feb81d83a8fd.sample
trasmetto2
EMPTY.EXE
No comments. No VirusTotal Community member has commented on this item yet, be the first one to do so!

Leave your comment...

?
Post comment

You have not signed in. Only registered users can leave comments, sign in and have a voice!

No votes. No one has voted on this item yet, be the first one to do so!
Condensed report! The following is a condensed report of the behaviour of the file when executed in a controlled environment. The actions and events described were either performed by the file itself or by any other process launched by the executed file or subjected to code injection by the executed file.
Opened files
Read files
Written files
Deleted files
Created processes
Created mutexes
Opened mutexes
Runtime DLLs
UDP communications