× Cookies are disabled! This site requires cookies to be enabled to work properly
SHA256: 46f1d2d0f64f5b3429216ee3bd330cc8311da98a0189ae899bb0c33938d42a0a
File name: a3229f94648cdfa2389042fd4b1437d9.virus
Detection ratio: 33 / 58
Analysis date: 2016-09-01 00:43:28 UTC ( 2 years, 5 months ago )
Antivirus Result Update
Ad-Aware Trojan.Generic.17946951 20160901
AegisLab Dangerousobject.Multi.Generic!c 20160831
AhnLab-V3 Trojan/Win32.Upbot.C1538074 20160831
ALYac Gen:Variant.Coantor.34 20160901
Arcabit Trojan.Generic.D111D947 20160901
AVG Generic_r.MWN 20160831
Avira (no cloud) TR/Crypt.ZPACK.exo 20160831
AVware LooksLike.Win32.Crowti.b (v) 20160901
Baidu Win32.Trojan.Kryptik.akc 20160831
BitDefender Trojan.Generic.17946951 20160901
Bkav W32.FamVT.RazyNHmA.Trojan 20160831
CrowdStrike Falcon (ML) malicious_confidence_100% (D) 20160725
Cyren W32/S-e2e07e9d!Eldorado 20160901
Emsisoft Trojan.Generic.17946951 (B) 20160901
ESET-NOD32 a variant of Win32/Kryptik.FFIP 20160831
F-Prot W32/S-e2e07e9d!Eldorado 20160901
F-Secure Trojan.Generic.17946951 20160901
GData Trojan.Generic.17946951 20160901
Sophos ML trojan.win32.c2lop.n 20160830
Jiangmin TrojanDropper.Injector.bjur 20160901
Kaspersky UDS:DangerousObject.Multi.Generic 20160831
Malwarebytes Backdoor.BetaBot 20160831
McAfee GenericRXAG-ST!A3229F94648C 20160901
McAfee-GW-Edition BehavesLike.Win32.PWSZbot.dh 20160901
Microsoft Trojan:Win32/Lethic.I 20160831
eScan Trojan.Generic.17946951 20160901
Qihoo-360 HEUR/QVM09.0.78E8.Malware.Gen 20160901
Rising Malware.Generic!74uV2Wnwm1@5 (thunder) 20160901
Sophos AV Mal/Generic-S 20160831
Symantec Heur.AdvML.B 20160831
Tencent Win32.Trojan.Kryptik.Ljjm 20160901
TrendMicro-HouseCall TROJ_GEN.R00XC0DHV16 20160901
VIPRE LooksLike.Win32.Crowti.b (v) 20160831
Alibaba 20160831
Antiy-AVL 20160901
Avast 20160901
CAT-QuickHeal 20160831
ClamAV 20160901
CMC 20160830
Comodo 20160831
DrWeb 20160901
Fortinet 20160831
Ikarus 20160831
K7AntiVirus 20160831
K7GW 20160901
Kingsoft 20160901
NANO-Antivirus 20160831
nProtect 20160901
Panda 20160831
SUPERAntiSpyware 20160831
TheHacker 20160829
TotalDefense 20160831
TrendMicro 20160831
VBA32 20160831
ViRobot 20160831
Yandex 20160831
Zillya 20160831
Zoner 20160831
The file being studied is a Portable Executable file! More specifically, it is a Win32 EXE file for the Windows GUI subsystem.
PE header basic information
Target machine Intel 386 or later processors and compatible processors
Compilation timestamp 2016-08-29 21:05:03
Entry Point 0x0000546D
Number of sections 4
PE sections
PE imports
GetLastError
HeapFree
GetStdHandle
EnterCriticalSection
GetConsoleOutputCP
ReadFile
SetHandleCount
GetConsoleCP
GetDriveTypeA
QueryPerformanceCounter
TlsSetValue
IsDebuggerPresent
HeapAlloc
TlsAlloc
GetVersionExA
GetEnvironmentStringsW
FlushFileBuffers
GetModuleFileNameA
RtlUnwind
LoadLibraryA
FreeEnvironmentStringsA
DeleteCriticalSection
GetCurrentProcess
EnumSystemLocalesA
GetEnvironmentStrings
GetFileType
GetConsoleMode
GetLocaleInfoA
GetCurrentProcessId
LCMapStringW
SetFilePointer
LCMapStringA
GetCPInfo
UnhandledExceptionFilter
TlsGetValue
MultiByteToWideChar
HeapSize
FreeEnvironmentStringsW
GetCommandLineA
GetUserDefaultLCID
GetStringTypeA
GetLocaleInfoW
SetStdHandle
CompareStringW
GetSystemDEPPolicy
RaiseException
CreateFileA
WideCharToMultiByte
TlsFree
GetModuleHandleA
LeaveCriticalSection
SetUnhandledExceptionFilter
WriteFile
GetStartupInfoA
CompareStringA
GetSystemTimeAsFileTime
IsValidLocale
GetACP
HeapReAlloc
GetStringTypeW
GetProcAddress
ExitProcess
SetEnvironmentVariableA
GetOEMCP
TerminateProcess
GetTimeZoneInformation
WriteConsoleA
InitializeCriticalSection
HeapCreate
VirtualFree
InterlockedDecrement
Sleep
WriteConsoleW
SetEndOfFile
HeapDestroy
CloseHandle
GetTickCount
GetCurrentThreadId
GetProcessHeap
VirtualAlloc
SetLastError
InterlockedIncrement
GetLayeredWindowAttributes
Number of PE resources by type
RT_DIALOG 4
RT_MANIFEST 1
Number of PE resources by language
ENGLISH US 4
NEUTRAL 1
PE resources
ExifTool file metadata
MIMEType
application/octet-stream

Subsystem
Windows GUI

MachineType
Intel 386 or later, and compatibles

TimeStamp
2016:08:29 22:05:03+01:00

FileType
Win32 EXE

PEType
PE32

CodeSize
80384

LinkerVersion
9.0

FileTypeExtension
exe

InitializedDataSize
130048

SubsystemVersion
5.0

EntryPoint
0x546d

OSVersion
5.0

ImageVersion
0.0

UninitializedDataSize
0

File identification
MD5 a3229f94648cdfa2389042fd4b1437d9
SHA1 e72c73477c55bdb2a0bccb12379d8a68b689504a
SHA256 46f1d2d0f64f5b3429216ee3bd330cc8311da98a0189ae899bb0c33938d42a0a
ssdeep
3072:Tbz5M40u2HdLNtPny+J9lBNrsrZQ+57tbzzI3Q8ErAyGMM3iFMTEOxSgKOjEMVFK:Tbz5j0dWINKXzI3QrAV3iOLxtY

authentihash 58c27e8756b5da6ea5c8943be2bce88e49e0af627d5e3f28b8f2e371a8e835bd
imphash 40041fc890bbfde597a0961324ff3fe8
File size 206.5 KB ( 211456 bytes )
File type Win32 EXE
Magic literal
PE32 executable for MS Windows (GUI) Intel 80386 32-bit

TrID Win32 Executable MS Visual C++ (generic) (42.2%)
Win64 Executable (generic) (37.3%)
Win32 Dynamic Link Library (generic) (8.8%)
Win32 Executable (generic) (6.0%)
Generic Win/DOS Executable (2.7%)
Tags
peexe

VirusTotal metadata
First submission 2016-09-01 00:43:28 UTC ( 2 years, 5 months ago )
Last submission 2016-09-01 00:43:28 UTC ( 2 years, 5 months ago )
File names a3229f94648cdfa2389042fd4b1437d9.virus
No comments. No VirusTotal Community member has commented on this item yet, be the first one to do so!

Leave your comment...

?
Post comment

You have not signed in. Only registered users can leave comments, sign in and have a voice!

No votes. No one has voted on this item yet, be the first one to do so!
Condensed report! The following is a condensed report of the behaviour of the file when executed in a controlled environment. The actions and events described were either performed by the file itself or by any other process launched by the executed file or subjected to code injection by the executed file.
Created processes
Opened mutexes
Runtime DLLs
UDP communications