× Cookies are disabled! This site requires cookies to be enabled to work properly
SHA256: 47d59a686b019f784a07095b4b589ecda4b08af4daae103b9d05cb9f879d93c6
File name: c0a6f98cd38f020320aae9d5a000ecf3.virus
Detection ratio: 62 / 69
Analysis date: 2018-10-05 00:55:39 UTC ( 7 months, 2 weeks ago ) View latest
Antivirus Result Update
Ad-Aware Backdoor.Generic.711426 20181005
AegisLab Troj.W32.Llac.tnnr 20181004
AhnLab-V3 Win-Trojan/Infostealer.410624 20181004
ALYac Backdoor.Generic.711426 20181004
Antiy-AVL Trojan/Win32.Llac.bdm 20181005
Arcabit Backdoor.Generic.DADB02 20181004
Avast Win32:AutoRun-CIN [Trj] 20181005
AVG Win32:AutoRun-CIN [Trj] 20181005
Avira (no cloud) TR/Agent.598022 20181004
AVware Worm.Win32.Rebhip.A (v) 20180925
Baidu Win32.Trojan.Agent.co 20180930
BitDefender Backdoor.Generic.711426 20181004
Bkav W32.SvchostTN.Trojan 20181003
CAT-QuickHeal Worm.Rebhip.A8 20181004
ClamAV Win.Trojan.Llac-7 20181004
CMC Trojan.Win32.Llac!O 20181004
CrowdStrike Falcon (ML) malicious_confidence_100% (D) 20180723
Cybereason malicious.cd38f0 20180225
Cylance Unsafe 20181005
Cyren W32/Trojan.DNXI-5341 20181005
DrWeb BackDoor.Cybergate.1 20181005
Emsisoft Backdoor.Generic.711426 (B) 20181005
Endgame malicious (high confidence) 20180730
ESET-NOD32 Win32/Spatet.A 20181004
F-Prot W32/Trojan2.JRCA 20181005
F-Secure Backdoor:W32/Spyrat.A 20181004
Fortinet W32/Llac.GFU!tr 20181005
GData Win32.Worm.Autorun.A@gen 20181005
Ikarus Trojan.Win32.Llac 20181004
Sophos ML heuristic 20180717
Jiangmin Trojan/Delf.kux 20181004
K7AntiVirus Trojan ( 000174ea1 ) 20181004
K7GW Trojan ( 000174ea1 ) 20181003
Kaspersky Trojan.Win32.Llac.lgnr 20181005
Kingsoft Win32.Troj.Llac.(kcloud) 20181005
Malwarebytes Backdoor.SpyNet 20181005
MAX malware (ai score=85) 20181005
McAfee Generic PWS.di 20181004
McAfee-GW-Edition BehavesLike.Win32.Backdoor.dc 20181004
Microsoft TrojanSpy:Win32/Rebhip.A!upx 20181004
eScan Backdoor.Generic.711426 20181005
NANO-Antivirus Trojan.Win32.Llac.crkzmz 20181004
Panda Trj/Ransom.AB 20181004
Qihoo-360 HEUR/QVM05.1.4F4B.Malware.Gen 20181005
Rising Worm.Rebhip!1.A338 (CLOUD) 20181004
Sophos AV W32/Rebhip-AR 20181004
SUPERAntiSpyware Trojan.Agent/Gen-Rebhip 20181004
Symantec W32.Spyrat 20181004
TACHYON Trojan/W32.DP-Swisyn.297472 20181004
Tencent Trojan.Win32.Downloader.aat 20181005
TheHacker Trojan/Swisyn.lsd 20181001
TotalDefense Win32/Spyrat!generic 20181004
TrendMicro TSPY_SPATET.SMT 20181004
TrendMicro-HouseCall TSPY_SPATET.SMT 20181005
VBA32 Trojan.Llac 20181004
VIPRE Worm.Win32.Rebhip.A (v) 20181005
ViRobot Trojan.Win32.Llac.297472 20181004
Webroot W32.Malware.gen 20181005
Yandex Worm.DR.Rebhip.Gen 20181004
Zillya Trojan.Llac.Win32.3683 20181003
ZoneAlarm by Check Point Trojan.Win32.Llac.lgnr 20181004
Zoner Trojan.Rebhip 20181004
Alibaba 20180921
Avast-Mobile 20181004
Babable 20180918
Comodo 20181005
eGambit 20181005
Palo Alto Networks (Known Signatures) 20181005
SentinelOne (Static ML) 20180926
Symantec Mobile Insight 20181001
Trustlook 20181005
The file being studied is a Portable Executable file! More specifically, it is a Win32 EXE file for the Windows GUI subsystem.
FileVersionInfo properties
PE header basic information
Target machine Intel 386 or later processors and compatible processors
Compilation timestamp 1992-06-19 22:22:17
Entry Point 0x0000BBF4
Number of sections 8
PE sections
PE imports
RegDeleteKeyA
RegCloseKey
RegQueryValueExA
RegCreateKeyExA
RegCreateKeyA
CryptHashData
ConvertSidToStringSidA
CryptCreateHash
LookupAccountNameA
OpenProcessToken
LsaClose
RegOpenKeyExA
LsaOpenPolicy
CryptReleaseContext
CryptAcquireContextA
IsValidSid
GetUserNameA
CryptDestroyHash
LsaRetrievePrivateData
LsaFreeMemory
CryptGetHashParam
RegSetValueExA
RegEnumValueA
CredEnumerateA
CryptUnprotectData
GetLastError
HeapFree
WriteProcessMemory
VirtualAllocEx
lstrlenA
lstrcmpiA
GlobalFree
WaitForSingleObject
GetPrivateProfileIntA
FreeLibrary
CopyFileA
HeapAlloc
VirtualProtect
GetVersionExA
GetModuleFileNameA
RtlUnwind
LoadLibraryA
CreateRemoteThread
GetCurrentProcess
SizeofResource
GetPrivateProfileStringA
VirtualFreeEx
LocalAlloc
OpenProcess
LockResource
CreateDirectoryA
DeleteFileA
UnhandledExceptionFilter
MultiByteToWideChar
ReadProcessMemory
GetCommandLineA
GetProcAddress
VirtualProtectEx
GetProcessHeap
CreateMutexA
SetFilePointer
RaiseException
WideCharToMultiByte
GetFileAttributesA
GetModuleHandleA
ReadFile
WriteFile
FindFirstFileA
GetExitCodeThread
HeapReAlloc
FreeResource
SetFileAttributesA
CreateProcessA
LoadResource
VirtualFree
FindClose
TlsGetValue
Sleep
GetTickCount
TlsSetValue
CreateFileA
ExitProcess
GetCurrentThreadId
FindResourceA
VirtualAlloc
GetFileSize
CloseHandle
CoTaskMemFree
CoCreateInstance
OleInitialize
StringFromCLSID
SysReAllocStringLen
SysFreeString
SysAllocStringLen
PStoreCreateInstance
RasGetEntryDialParamsA
RasEnumEntriesA
SHGetSpecialFolderPathA
GetWindowThreadProcessId
ToAscii
GetKeyboardState
SetWindowsHookExA
DispatchMessageA
CharLowerA
CharNextA
PeekMessageA
wvsprintfA
TranslateMessage
FindWindowA
CharUpperA
Number of PE resources by type
RT_ICON 3
RT_RCDATA 3
RT_GROUP_ICON 2
Number of PE resources by language
NEUTRAL 8
PE resources
ExifTool file metadata
MIMEType
application/octet-stream

Subsystem
Windows GUI

SubsystemVersion
4.0

MachineType
Intel 386 or later, and compatibles

TimeStamp
1992:06:20 00:22:17+02:00

FileType
Win32 EXE

PEType
PE32

CodeSize
45568

LinkerVersion
2.25

FileTypeExtension
exe

InitializedDataSize
250880

ImageFileCharacteristics
Executable, No line numbers, No symbols, Bytes reversed lo, 32-bit, Bytes reversed hi

EntryPoint
0xbbf4

OSVersion
4.0

ImageVersion
0.0

UninitializedDataSize
0

File identification
MD5 c0a6f98cd38f020320aae9d5a000ecf3
SHA1 9a731f9a2b00a62350bc1662f481f2ca112f9d5e
SHA256 47d59a686b019f784a07095b4b589ecda4b08af4daae103b9d05cb9f879d93c6
ssdeep
6144:wmcD66RRjS5JGmrpQsK3RD2u270jupCJsCxCW:5cD663LZ2zkPaCx/

authentihash 172085eded63652900ba962bfad7a01cdfadf5687a818e629004bc95c22939b1
imphash 078683deeee217bf8224debb163055d6
File size 290.5 KB ( 297472 bytes )
File type Win32 EXE
Magic literal
PE32 executable for MS Windows (GUI) Intel 80386 32-bit

TrID Win32 Executable (generic) (35.7%)
Win16/32 Executable Delphi generic (16.4%)
OS/2 Executable (generic) (16.0%)
Generic Win/DOS Executable (15.8%)
DOS Executable Generic (15.8%)
Tags
peexe

VirusTotal metadata
First submission 2018-10-05 00:55:39 UTC ( 7 months, 2 weeks ago )
Last submission 2018-10-05 00:55:39 UTC ( 7 months, 2 weeks ago )
File names server7.exe
c0a6f98cd38f020320aae9d5a000ecf3.virus
No comments. No VirusTotal Community member has commented on this item yet, be the first one to do so!

Leave your comment...

?
Post comment

You have not signed in. Only registered users can leave comments, sign in and have a voice!

No votes. No one has voted on this item yet, be the first one to do so!