× Cookies are disabled! This site requires cookies to be enabled to work properly
SHA256: 494e4d72d26c6826998b354e4515fd38ed79a8580c511ac73e4d4ab6e8ffd93b
File name: e1b24bdd6dd897a28ac6ac4fb9251204
Detection ratio: 31 / 57
Analysis date: 2016-06-04 10:57:54 UTC ( 2 years, 10 months ago ) View latest
Antivirus Result Update
Ad-Aware Trojan.GenericKD.3272959 20160604
AegisLab Troj.W32.Gen.lt1a 20160604
AhnLab-V3 Malware/Gen.Generic 20160604
ALYac Trojan.GenericKD.3272959 20160604
Antiy-AVL Trojan/Win32.TSGeneric 20160604
Arcabit Trojan.Generic.D31F0FF 20160604
Avast Win32:Trojan-gen 20160604
AVG Crypt5.BNLH 20160604
Avira (no cloud) TR/Crypt.ZPACK.npfu 20160603
AVware Trojan.Win32.Generic!BT 20160604
Baidu Win32.Trojan.WisdomEyes.151026.9950.9976 20160603
BitDefender Trojan.GenericKD.3272959 20160604
Emsisoft Trojan.GenericKD.3272959 (B) 20160604
ESET-NOD32 a variant of Win32/Kryptik.AXXO 20160604
F-Secure Trojan.GenericKD.3272959 20160604
Fortinet W32/Kryptik.AXXO!tr 20160604
GData Trojan.GenericKD.3272959 20160604
Ikarus Trojan.Win32.Crypt 20160604
K7AntiVirus Trojan ( 004e7bd01 ) 20160604
K7GW Trojan ( 004e7bd01 ) 20160604
Kaspersky HEUR:Trojan.Win32.Generic 20160604
McAfee RDN/Generic.hbg 20160604
McAfee-GW-Edition BehavesLike.Win32.Backdoor.ct 20160604
eScan Trojan.GenericKD.3272959 20160604
nProtect Trojan.GenericKD.3272959 20160603
Qihoo-360 HEUR/QVM07.1.0000.Malware.Gen 20160604
Rising Trojan.Kryptik!8.8-8t2mLupWfaE (Cloud) 20160604
Sophos AV Troj/Agent-ARWJ 20160604
Tencent Win32.Trojan.Kryptik.Ajuw 20160604
TrendMicro TROJ_GEN.R00JC0RET16 20160604
VIPRE Trojan.Win32.Generic!BT 20160604
Alibaba 20160603
Baidu-International 20160604
Bkav 20160604
CAT-QuickHeal 20160604
ClamAV 20160604
CMC 20160602
Comodo 20160604
Cyren 20160604
DrWeb 20160604
F-Prot 20160604
Jiangmin 20160604
Kingsoft 20160604
Malwarebytes 20160604
Microsoft 20160604
NANO-Antivirus 20160604
Panda 20160604
SUPERAntiSpyware 20160604
Symantec 20160604
TheHacker 20160604
TotalDefense 20160604
TrendMicro-HouseCall 20160604
VBA32 20160603
ViRobot 20160604
Yandex 20160603
Zillya 20160603
Zoner 20160604
The file being studied is a Portable Executable file! More specifically, it is a Win32 EXE file for the Windows GUI subsystem.
FileVersionInfo properties
Product Fair play
File version 1.1
Description Fair play
PE header basic information
Target machine Intel 386 or later processors and compatible processors
Compilation timestamp 2016-05-26 09:53:53
Entry Point 0x00026C48
Number of sections 3
PE sections
PE imports
GetLastError
HeapFree
GetStdHandle
EnterCriticalSection
SetHandleCount
GetModuleFileNameW
WaitForSingleObject
QueryPerformanceCounter
HeapDestroy
HeapAlloc
IsBadWritePtr
TlsAlloc
GetEnvironmentStringsW
GetVersionExA
LoadLibraryA
WaitForSingleObjectEx
RtlUnwind
GetModuleFileNameA
FreeEnvironmentStringsA
DeleteCriticalSection
GetCurrentProcess
GetEnvironmentStrings
GetCommandLineW
UnhandledExceptionFilter
MultiByteToWideChar
FatalAppExitA
FreeEnvironmentStringsW
GetCommandLineA
GetProcAddress
GetStartupInfoW
TlsFree
GetModuleHandleA
GetCurrentThreadId
WriteFile
GetStartupInfoA
HeapReAlloc
GetModuleHandleW
TerminateProcess
InitializeCriticalSection
HeapCreate
VirtualFree
TlsGetValue
GetFileType
TlsSetValue
ExitProcess
GetVersion
GetCurrentThread
VirtualAlloc
SetLastError
LeaveCriticalSection
GetSubMenu
SetTimer
TrackPopupMenu
DrawFocusRect
GetMenuItemCount
ReleaseCapture
DefWindowProcW
GetClipboardData
CreateWindowExW
SetWindowPos
Number of PE resources by type
RT_ACCELERATOR 1
RT_STRING 1
RT_VERSION 1
Number of PE resources by language
ENGLISH US 3
PE resources
ExifTool file metadata
SubsystemVersion
4.0

LinkerVersion
7.1

ImageVersion
0.0

FileSubtype
0

FileVersionNumber
1.0.0.0

UninitializedDataSize
0

LanguageCode
English (U.S.)

FileFlagsMask
0x0017

CharacterSet
Windows, Latin1

InitializedDataSize
12288

EntryPoint
0x26c48

MIMEType
application/octet-stream

FileVersion
1.1

TimeStamp
2016:05:26 10:53:53+01:00

FileType
Win32 EXE

PEType
PE32

ProductVersion
2, 1

FileDescription
Fair play

OSVersion
4.0

FileOS
Win32

Subsystem
Windows GUI

MachineType
Intel 386 or later, and compatibles

CompanyName
Fair play

CodeSize
167936

ProductName
Fair play

ProductVersionNumber
1.9.0.0

FileTypeExtension
exe

ObjectFileType
Executable application

File identification
MD5 e1b24bdd6dd897a28ac6ac4fb9251204
SHA1 c9e03fdab3345b6b5ea4fdc5b9f5004841c23232
SHA256 494e4d72d26c6826998b354e4515fd38ed79a8580c511ac73e4d4ab6e8ffd93b
ssdeep
3072:8dPtdjQfXAWIRwPDdZC9ajAmk+PK/UWv5t2AgAfbssagOjgudZ4qDbwCkD9:8RPjojYcjAmRPsUIr2PLsagY1dZ4q/wX

authentihash 3e34b70f861ce3e7a98876796e1801bf53fbfe2a0712e30b28096509586b02db
imphash b26d2c4b7bf87c6b10fc1b686504fb16
File size 180.0 KB ( 184320 bytes )
File type Win32 EXE
Magic literal
PE32 executable for MS Windows (GUI) Intel 80386 32-bit

TrID Win32 Executable MS Visual C++ (generic) (41.0%)
Win64 Executable (generic) (36.3%)
Win32 Dynamic Link Library (generic) (8.6%)
Win32 Executable (generic) (5.9%)
OS/2 Executable (generic) (2.6%)
Tags
peexe

VirusTotal metadata
First submission 2016-06-04 10:57:54 UTC ( 2 years, 10 months ago )
Last submission 2016-06-04 10:57:54 UTC ( 2 years, 10 months ago )
No comments. No VirusTotal Community member has commented on this item yet, be the first one to do so!

Leave your comment...

?
Post comment

You have not signed in. Only registered users can leave comments, sign in and have a voice!

No votes. No one has voted on this item yet, be the first one to do so!
Condensed report! The following is a condensed report of the behaviour of the file when executed in a controlled environment. The actions and events described were either performed by the file itself or by any other process launched by the executed file or subjected to code injection by the executed file.
Opened files
Read files
Written files
Deleted files
Created processes
Code injections in the following processes
Created mutexes
Opened mutexes
Opened service managers
Opened services
Runtime DLLs
HTTP requests
DNS requests
TCP connections
UDP communications