× Cookies are disabled! This site requires cookies to be enabled to work properly
SHA256: 4890df394326f5b479efa3f98e35d64dc874baaecf9b595188a706eb96325ff8
File name: 1918320e7c191a4d87f6f5bc3b556610
Detection ratio: 25 / 55
Analysis date: 2016-07-15 21:38:32 UTC ( 2 years, 7 months ago )
Antivirus Result Update
Ad-Aware Trojan.GenericKD.3408029 20160715
AhnLab-V3 Trojan/Win32.Upbot.R184684 20160715
Antiy-AVL Trojan[:HEUR]/Win32.AGeneric 20160715
Arcabit Trojan.Generic.D34009D 20160715
Avast Win32:Trojan-gen 20160715
AVG Generic_r.LHN 20160715
Avira (no cloud) TR/Crypt.Xpack.affk 20160715
AVware Trojan.Win32.Generic!BT 20160715
BitDefender Trojan.GenericKD.3408029 20160715
Cyren W32/S-e2e07e9d!Eldorado 20160715
DrWeb BackDoor.IRC.NgrBot.566 20160715
Emsisoft Trojan.GenericKD.3408029 (B) 20160715
ESET-NOD32 a variant of Win32/Kryptik.FCGM 20160715
F-Prot W32/S-e2e07e9d!Eldorado 20160715
F-Secure Trojan.GenericKD.3408029 20160715
GData Trojan.GenericKD.3408029 20160715
Kaspersky HEUR:Trojan.Win32.Generic 20160715
McAfee Artemis!1918320E7C19 20160715
McAfee-GW-Edition BehavesLike.Win32.SoftPulse.fh 20160715
Microsoft Worm:Win32/Dorkbot 20160715
eScan Trojan.GenericKD.3408029 20160715
Qihoo-360 HEUR/QVM09.0.7761.Malware.Gen 20160715
Sophos AV Mal/Generic-S 20160715
Tencent Win32.Trojan.Bp-generic.Ixrn 20160715
VIPRE Trojan.Win32.Generic!BT 20160715
AegisLab 20160715
Alibaba 20160715
ALYac 20160715
Baidu 20160715
Bkav 20160715
CAT-QuickHeal 20160715
ClamAV 20160715
CMC 20160715
Comodo 20160715
Fortinet 20160715
Ikarus 20160715
Jiangmin 20160715
K7AntiVirus 20160715
K7GW 20160715
Kingsoft 20160715
Malwarebytes 20160715
NANO-Antivirus 20160715
nProtect 20160715
Panda 20160715
SUPERAntiSpyware 20160715
Symantec 20160715
TheHacker 20160714
TotalDefense 20160713
TrendMicro 20160715
TrendMicro-HouseCall 20160715
VBA32 20160715
ViRobot 20160715
Yandex 20160715
Zillya 20160715
Zoner 20160715
The file being studied is a Portable Executable file! More specifically, it is a Win32 EXE file for the Windows GUI subsystem.
PE header basic information
Target machine Intel 386 or later processors and compatible processors
Compilation timestamp 2016-07-15 03:28:08
Entry Point 0x00009BB1
Number of sections 4
PE sections
PE imports
RegCreateKeyExW
RegDeleteValueW
RegCloseKey
RegSetValueExW
RegEnumValueW
RegOpenKeyExW
RegEnumKeyW
RegDeleteKeyW
RegQueryValueExW
GetStdHandle
GetConsoleOutputCP
GetFileAttributesA
WaitForSingleObject
FindFirstFileW
HeapDestroy
GetExitCodeProcess
FreeEnvironmentStringsA
DeleteCriticalSection
GetCurrentProcess
GetConsoleMode
GetLocaleInfoA
LocalAlloc
UnhandledExceptionFilter
SetErrorMode
FreeEnvironmentStringsW
GetLocaleInfoW
SetStdHandle
GetTempPathA
GetCPInfo
GetStringTypeA
WriteFile
FormatMessageW
GetSystemTimeAsFileTime
HeapReAlloc
GetStringTypeW
SetFileAttributesA
SetEvent
LocalFree
MoveFileA
GetLogicalDriveStringsA
InitializeCriticalSection
LoadResource
GetLogicalDriveStringsW
FindClose
InterlockedDecrement
MoveFileW
GetFullPathNameW
SetLastError
GetSystemTime
GetEnvironmentVariableA
GetUserDefaultLangID
RemoveDirectoryW
IsDebuggerPresent
ExitProcess
GetVersionExA
RemoveDirectoryA
EnumSystemLocalesA
LoadLibraryExA
SetConsoleCtrlHandler
GetSystemDefaultLCID
TlsGetValue
MultiByteToWideChar
FatalAppExitA
FormatMessageA
LeaveCriticalSection
SetFilePointer
SetFileAttributesW
CreateThread
GetSystemDirectoryW
SetUnhandledExceptionFilter
GetSystemDirectoryA
SetEnvironmentVariableA
TerminateProcess
FindCloseChangeNotification
SearchPathW
WriteConsoleA
SetCurrentDirectoryW
VirtualQuery
SearchPathA
SetEndOfFile
GetCurrentThreadId
GetProcAddress
SetCurrentDirectoryA
WriteConsoleW
AreFileApisANSI
HeapFree
EnterCriticalSection
SetHandleCount
LoadLibraryW
GetOEMCP
QueryPerformanceCounter
GetTickCount
TlsAlloc
VirtualProtect
FlushFileBuffers
LoadLibraryA
RtlUnwind
FreeLibrary
GetStartupInfoA
GetDateFormatA
GetWindowsDirectoryW
GetFileSize
CreateDirectoryA
DeleteFileA
GetWindowsDirectoryA
CreateDirectoryW
GetFullPathNameA
GetUserDefaultLCID
GetProcessHeap
GetTempFileNameW
CompareStringW
GetModuleFileNameW
GetFileInformationByHandle
FindNextFileW
CompareStringA
GetTempFileNameA
DeleteFileW
FindNextFileA
IsValidLocale
WaitForMultipleObjects
GetCurrentDirectoryW
GetTimeZoneInformation
CreateFileW
CreateEventA
GetFileType
TlsSetValue
CreateFileA
HeapAlloc
InterlockedIncrement
GetLastError
LoadLibraryExW
LCMapStringW
FindFirstChangeNotificationA
GetSystemInfo
lstrlenA
GetConsoleCP
LCMapStringA
GetEnvironmentStringsW
IsDBCSLeadByte
GetModuleFileNameA
GetShortPathNameA
FindFirstChangeNotificationW
GetEnvironmentStrings
CompareFileTime
GetCurrentProcessId
LockResource
SetFileTime
GetCommandLineW
GetCurrentDirectoryA
HeapSize
GetCommandLineA
GetCurrentThread
RaiseException
TlsFree
GetModuleHandleA
ReadFile
FindFirstFileA
CloseHandle
GetTimeFormatA
GetACP
SizeofResource
CreateProcessA
WideCharToMultiByte
IsValidCodePage
HeapCreate
GetTempPathW
VirtualFree
Sleep
FindResourceA
VirtualAlloc
ResetEvent
CharPrevA
EndDialog
CharUpperW
GetCapture
KillTimer
ShowWindow
CharLowerA
MessageBoxW
DispatchMessageA
PostMessageA
ExcludeUpdateRgn
DialogBoxParamW
DdeGetData
MessageBoxA
PeekMessageA
CharLowerW
SetWindowLongA
TranslateMessage
DialogBoxParamA
CharUpperA
CreateDialogParamW
SetWindowTextA
LoadStringA
RegisterClassW
SendMessageA
LoadStringW
SetWindowTextW
CreateWindowExA
GetDlgItem
CreateDialogParamA
IsHungAppWindow
RegisterClassA
CharPrevExA
GetWindowLongA
GetWindowTextLengthA
SetTimer
CharNextA
GetWindowTextW
EnumClipboardFormats
CallWindowProcA
IsMenu
GetWindowTextLengthW
CreateWindowExW
MsgWaitForMultipleObjects
GetWindowTextA
DestroyWindow
ExitWindowsEx
CharToOemA
Number of PE resources by type
RT_DIALOG 17
RT_MANIFEST 1
Number of PE resources by language
ENGLISH US 2
SWEDISH 1
TURKISH DEFAULT 1
UKRAINIAN DEFAULT 1
NORWEGIAN BOKMAL 1
FINNISH DEFAULT 1
GERMAN 1
CHINESE TRADITIONAL 1
SPANISH 1
FRENCH 1
PORTUGUESE BRAZILIAN 1
JAPANESE DEFAULT 1
POLISH DEFAULT 1
DANISH DEFAULT 1
DUTCH 1
RUSSIAN 1
ITALIAN 1
PE resources
ExifTool file metadata
MIMEType
application/octet-stream

Subsystem
Windows GUI

MachineType
Intel 386 or later, and compatibles

TimeStamp
2016:07:15 04:28:08+01:00

FileType
Win32 EXE

PEType
PE32

CodeSize
84992

LinkerVersion
9.0

FileTypeExtension
exe

InitializedDataSize
222208

SubsystemVersion
5.0

EntryPoint
0x9bb1

OSVersion
5.0

ImageVersion
0.0

UninitializedDataSize
0

File identification
MD5 1918320e7c191a4d87f6f5bc3b556610
SHA1 6947c25f715623df7f05355db88f30484c9c2e5f
SHA256 4890df394326f5b479efa3f98e35d64dc874baaecf9b595188a706eb96325ff8
ssdeep
6144:p9hLpoL+dLJT1BMb3BRvqDwFlYMEauHLAwRE1QHBbG6ZHW05Ig:BLpoL+3Jyb7Gw3dpuHLr4EK6mg

authentihash 571f506429b8d969c597d136b812051ad8d52fd98903af7cb1ec27594b71d531
imphash 492f6edbbb36724a279507b0e02fe3e9
File size 301.0 KB ( 308224 bytes )
File type Win32 EXE
Magic literal
PE32 executable for MS Windows (GUI) Intel 80386 32-bit

TrID Win32 Executable MS Visual C++ (generic) (42.2%)
Win64 Executable (generic) (37.3%)
Win32 Dynamic Link Library (generic) (8.8%)
Win32 Executable (generic) (6.0%)
Generic Win/DOS Executable (2.7%)
Tags
peexe

VirusTotal metadata
First submission 2016-07-15 21:38:32 UTC ( 2 years, 7 months ago )
Last submission 2016-07-15 21:38:32 UTC ( 2 years, 7 months ago )
File names Updater.exe
4890df394326f5b479efa3f98e35d64dc874baaecf9b595188a706eb96325ff8
No comments. No VirusTotal Community member has commented on this item yet, be the first one to do so!

Leave your comment...

?
Post comment

You have not signed in. Only registered users can leave comments, sign in and have a voice!

No votes. No one has voted on this item yet, be the first one to do so!
Condensed report! The following is a condensed report of the behaviour of the file when executed in a controlled environment. The actions and events described were either performed by the file itself or by any other process launched by the executed file or subjected to code injection by the executed file.
Opened files
Created processes
Code injections in the following processes
Created mutexes
Opened mutexes
Runtime DLLs
UDP communications