× Cookies are disabled! This site requires cookies to be enabled to work properly
SHA256: 4746e64da623072f5b010380b47c89591954a2f89e4c5402e992b6055f46f81f
File name: ad0356c16767db23f635ac98238314c7
Detection ratio: 30 / 54
Analysis date: 2016-07-11 11:30:50 UTC ( 2 years, 9 months ago ) View latest
Antivirus Result Update
Ad-Aware Trojan.GenericKD.3376382 20160711
AhnLab-V3 Trojan/Win32.MDA.N2039715653 20160711
ALYac Trojan.GenericKD.3376382 20160711
Antiy-AVL Trojan/Win32.Inject 20160711
Arcabit Trojan.Generic.D3384FE 20160711
Avast Win32:Malware-gen 20160711
AVG Downloader.VB.AIZE 20160711
AVware Trojan.Win32.Generic!BT 20160711
BitDefender Trojan.GenericKD.3376382 20160711
DrWeb Trojan.DownLoader22.2700 20160711
Emsisoft Trojan.GenericKD.3376382 (B) 20160711
ESET-NOD32 Win32/TrojanDownloader.VB.QZA 20160711
F-Secure Trojan.GenericKD.3376382 20160711
Fortinet W32/VB.QZA!tr.dldr 20160711
GData Trojan.GenericKD.3376382 20160711
K7AntiVirus Trojan-Downloader ( 004dbcb61 ) 20160711
K7GW Trojan-Downloader ( 004dbcb61 ) 20160711
Kaspersky Trojan.Win32.Inject.aakpd 20160711
McAfee GenericR-IAR!AD0356C16767 20160711
McAfee-GW-Edition BehavesLike.Win32.Dropper.dh 20160711
Microsoft Trojan:Win32/Dynamer!ac 20160711
eScan Trojan.GenericKD.3376382 20160711
nProtect Trojan.GenericKD.3376382 20160711
Panda Trj/CI.A 20160710
Qihoo-360 HEUR/QVM07.1.0000.Malware.Gen 20160711
Sophos AV Mal/Generic-S 20160711
Symantec Trojan.Gen.2 20160711
Tencent Win32.Trojan.Inject.Lmkh 20160711
TrendMicro TROJ_GEN.R021C0DG716 20160711
VIPRE Trojan.Win32.Generic!BT 20160711
AegisLab 20160711
Alibaba 20160711
Avira (no cloud) 20160711
Baidu 20160711
Bkav 20160711
CAT-QuickHeal 20160711
ClamAV 20160711
CMC 20160704
Comodo 20160711
Cyren 20160711
F-Prot 20160711
Ikarus 20160711
Jiangmin 20160711
Kingsoft 20160711
Malwarebytes 20160711
NANO-Antivirus 20160711
SUPERAntiSpyware 20160711
TheHacker 20160709
TotalDefense 20160711
TrendMicro-HouseCall 20160711
VBA32 20160711
ViRobot 20160711
Zillya 20160709
Zoner 20160711
The file being studied is a Portable Executable file! More specifically, it is a Win32 EXE file for the Windows GUI subsystem.
PE header basic information
Target machine Intel 386 or later processors and compatible processors
Compilation timestamp 2016-07-02 20:48:37
Entry Point 0x000062A5
Number of sections 4
PE sections
PE imports
RegCloseKey
RegQueryValueExA
RegSetValueExA
GetFileSecurityA
RegCreateKeyExA
RegOpenKeyExA
SetFileSecurityA
Ord(17)
ImageList_Destroy
GetWindowExtEx
SetMapMode
GetWindowOrgEx
PatBlt
SetStretchBltMode
CreatePen
GetCurrentPositionEx
SaveDC
TextOutA
CreateFontIndirectA
GetTextMetricsA
CreateRectRgnIndirect
LPtoDP
PtVisible
GetClipBox
GetROP2
CombineRgn
GetViewportOrgEx
Rectangle
GetDeviceCaps
ExcludeClipRect
OffsetViewportOrgEx
DeleteDC
RestoreDC
SetBkMode
GetTextExtentPoint32A
EndDoc
CreateSolidBrush
StartPage
DeleteObject
IntersectClipRect
CreateBitmap
GetBkMode
GetStretchBltMode
StretchDIBits
SetTextColor
CreatePatternBrush
GetObjectA
SelectObject
RectVisible
BitBlt
SetAbortProc
CreateDCA
GetNearestColor
MoveToEx
GetStockObject
SetViewportOrgEx
ScaleWindowExtEx
GetCharWidthA
ExtTextOutA
LineTo
SetTextAlign
ScaleViewportExtEx
SelectClipRgn
GetPolyFillMode
GetTextAlign
GetTextFaceA
GetBkColor
SetROP2
EndPage
CreateRectRgn
AbortDoc
StartDocA
SetPolyFillMode
CreateCompatibleDC
CreateCompatibleBitmap
SetWindowExtEx
GetTextColor
SetWindowOrgEx
DPtoLP
Escape
GetViewportExtEx
SetBkColor
SetViewportExtEx
SetRectRgn
CreateFontA
GetStdHandle
FileTimeToSystemTime
GetFileAttributesA
HeapDestroy
IsBadCodePtr
FreeEnvironmentStringsA
DeleteCriticalSection
GetCurrentProcess
LocalAlloc
lstrcatA
SetErrorMode
FreeEnvironmentStringsW
SetStdHandle
GetFileTime
GetCPInfo
GetStringTypeA
WriteFile
GetSystemTimeAsFileTime
HeapReAlloc
GetStringTypeW
GetFullPathNameA
FreeLibrary
LocalFree
MoveFileA
InitializeCriticalSection
LoadResource
GlobalHandle
FindClose
TlsGetValue
SetLastError
GetEnvironmentVariableA
GlobalFindAtomA
HeapAlloc
GetVersionExA
GetModuleFileNameA
GetVolumeInformationA
UnhandledExceptionFilter
InterlockedDecrement
MultiByteToWideChar
GetModuleHandleA
GlobalAddAtomA
SetUnhandledExceptionFilter
MulDiv
SetEnvironmentVariableA
TerminateProcess
GlobalAlloc
LocalFileTimeToFileTime
VirtualQueryEx
SetEndOfFile
GetCurrentThreadId
InterlockedIncrement
HeapFree
EnterCriticalSection
SetHandleCount
lstrcmpiA
GetOEMCP
IsBadWritePtr
TlsAlloc
FlushFileBuffers
LoadLibraryA
RtlUnwind
GetStartupInfoA
UnlockFile
GetFileSize
GlobalDeleteAtom
DeleteFileA
GlobalLock
VirtualProtectEx
CompareStringW
GlobalReAlloc
lstrcmpA
FindFirstFileA
GetDiskFreeSpaceA
CompareStringA
GetTempFileNameA
DuplicateHandle
GetProcAddress
GetTimeZoneInformation
GetFileType
TlsSetValue
CreateFileA
ExitProcess
LeaveCriticalSection
GetLastError
LocalReAlloc
SystemTimeToFileTime
LCMapStringW
lstrlenA
GlobalFree
LCMapStringA
GlobalGetAtomNameA
GetEnvironmentStringsW
GlobalUnlock
LockFile
FileTimeToLocalFileTime
GetEnvironmentStrings
WritePrivateProfileStringA
LockResource
SetFileTime
WideCharToMultiByte
HeapSize
GetCommandLineA
GetCurrentThread
RaiseException
TlsFree
SetFilePointer
ReadFile
GlobalFlags
CloseHandle
lstrcpynA
GetACP
GetVersion
SizeofResource
HeapCreate
lstrcpyA
VirtualFree
IsBadReadPtr
GetProcessVersion
FindResourceA
VirtualAlloc
DragFinish
DragQueryFileA
SetFocus
GetForegroundWindow
RedrawWindow
SetMenuItemBitmaps
SetRectEmpty
DestroyMenu
PostQuitMessage
GetMessagePos
LoadBitmapA
SetWindowPos
SetScrollPos
IsWindow
DispatchMessageA
EndPaint
GrayStringA
WindowFromPoint
GetMessageTime
SetActiveWindow
GetMenuItemID
GetCursorPos
DrawTextA
GetDlgCtrlID
GetClassInfoA
GetMenu
CreateWindowExA
DefFrameProcA
GetClientRect
GetNextDlgTabItem
CallNextHookEx
LoadAcceleratorsA
GetWindowTextLengthA
GetTopWindow
LockWindowUpdate
ScrollWindow
GetWindowTextA
DestroyWindow
GetMessageA
GetParent
UpdateWindow
SetPropA
EqualRect
DefWindowProcA
ShowWindow
GetPropA
GetMenuState
TranslateMDISysAccel
GetTabbedTextExtentA
EnableWindow
PeekMessageA
TranslateMessage
IsWindowEnabled
GetWindow
CharUpperA
LoadStringA
SetParent
IsZoomed
GetWindowPlacement
DrawMenuBar
IsIconic
InvertRect
TabbedTextOutA
GetSubMenu
GetDCEx
GetActiveWindow
ShowOwnedPopups
FillRect
CopyRect
DeferWindowPos
UnregisterClassA
PtInRect
IsChild
IsDialogMessageA
MapWindowPoints
SetCapture
BeginPaint
OffsetRect
GetScrollPos
KillTimer
RegisterWindowMessageA
DefMDIChildProcA
SendDlgItemMessageA
GetSystemMetrics
EnableMenuItem
SetScrollRange
GetWindowRect
InflateRect
RegisterClassA
PostMessageA
ReleaseCapture
IntersectRect
SetWindowLongA
GetScrollInfo
RemovePropA
SetWindowTextA
CheckMenuItem
GetWindowLongA
GetLastActivePopup
SetTimer
GetDlgItem
GetMenuCheckMarkDimensions
BringWindowToTop
ClientToScreen
GetClassLongA
GetCapture
LoadCursorA
LoadIconA
SetWindowsHookExA
SendMessageA
GetMenuItemCount
ValidateRect
GetSystemMenu
ReuseDDElParam
GetDC
SetForegroundWindow
GetAsyncKeyState
ReleaseDC
GetScrollRange
EndDialog
LoadMenuA
CreateDialogIndirectParamA
ScreenToClient
FindWindowA
GetSysColorBrush
BeginDeferWindowPos
AppendMenuA
UnhookWindowsHookEx
SetDlgItemTextA
MoveWindow
CallWindowProcA
MessageBoxA
GetWindowDC
DestroyCursor
AdjustWindowRectEx
GetSysColor
SetScrollInfo
GetKeyState
EndDeferWindowPos
SystemParametersInfoA
ShowScrollBar
GetDesktopWindow
UnpackDDElParam
WinHelpA
FrameRect
SetRect
DeleteMenu
InvalidateRect
wsprintfA
TranslateAcceleratorA
IsRectEmpty
GetClassNameA
GetFocus
IsWindowVisible
ModifyMenuA
SetMenu
SetCursor
OpenPrinterA
DocumentPropertiesA
ClosePrinter
GetFileTitleA
PrintDlgA
GetSaveFileNameA
CommDlgExtendedError
GetOpenFileNameA
Number of PE resources by type
EDG 2
Number of PE resources by language
NEUTRAL 2
PE resources
ExifTool file metadata
MIMEType
application/octet-stream

Subsystem
Windows GUI

MachineType
Intel 386 or later, and compatibles

FileTypeExtension
exe

TimeStamp
2016:07:02 21:48:37+01:00

FileType
Win32 EXE

PEType
PE32

CodeSize
176128

LinkerVersion
6.0

EntryPoint
0x62a5

InitializedDataSize
69632

SubsystemVersion
4.0

ImageVersion
0.0

OSVersion
4.0

UninitializedDataSize
0

File identification
MD5 ad0356c16767db23f635ac98238314c7
SHA1 01bd7837ccb358051f76e5c7ebc3b5f297ae7384
SHA256 4746e64da623072f5b010380b47c89591954a2f89e4c5402e992b6055f46f81f
ssdeep
3072:hM++ZVeU4rFJ7BmhXh58ICngjD/L6rEPx+bUheuSYWrZBnJ+EYPZip1SbSDk2duN:hM+Y0BJl7EJmFurWjnJ+EYipEojkB

authentihash fb983fa9e037151d510ca24e05e471b9da27f524c3e5329934f6cf0db86158c5
imphash 0eb16a0a47596667655370480f3390c6
File size 244.0 KB ( 249856 bytes )
File type Win32 EXE
Magic literal
PE32 executable for MS Windows (GUI) Intel 80386 32-bit

TrID Win32 Executable MS Visual C++ (generic) (35.8%)
Win64 Executable (generic) (31.7%)
Windows screen saver (15.0%)
Win32 Dynamic Link Library (generic) (7.5%)
Win32 Executable (generic) (5.1%)
Tags
peexe

VirusTotal metadata
First submission 2016-07-11 11:30:50 UTC ( 2 years, 9 months ago )
Last submission 2016-07-11 11:30:50 UTC ( 2 years, 9 months ago )
File names 4746e64da623072f5b010380b47c89591954a2f89e4c5402e992b6055f46f81f.exe
No comments. No VirusTotal Community member has commented on this item yet, be the first one to do so!

Leave your comment...

?
Post comment

You have not signed in. Only registered users can leave comments, sign in and have a voice!

No votes. No one has voted on this item yet, be the first one to do so!
Condensed report! The following is a condensed report of the behaviour of the file when executed in a controlled environment. The actions and events described were either performed by the file itself or by any other process launched by the executed file or subjected to code injection by the executed file.
Opened files
Read files
Written files
Created processes
Code injections in the following processes
Opened mutexes
Runtime DLLs
UDP communications