× Cookies are disabled! This site requires cookies to be enabled to work properly
SHA256: 49bd9be5be57a42d65a4dfa3c130c279468dd3701e62fe817dd3a919497069a5
File name: 31b1e70519d0a8ac1303ea89a0d817dc.virus
Detection ratio: 23 / 55
Analysis date: 2016-10-11 22:50:37 UTC ( 2 years, 4 months ago )
Antivirus Result Update
AegisLab Troj.W32.Gen.lIRz 20161011
Avast Win32:Trojan-gen 20161011
Avira (no cloud) TR/Crypt.Xpack.voukr 20161011
Bkav HW32.Packed.44B1 20161011
CrowdStrike Falcon (ML) malicious_confidence_100% (D) 20160725
Cyren W32/Trojan.SJOI-2359 20161011
DrWeb Trojan.PWS.Papras.2166 20161011
ESET-NOD32 a variant of Win32/Kryptik.FHRH 20161011
Fortinet W32/Androm.FHRH!tr.bdr 20161011
GData Win32.Trojan.Agent.1GR3DB 20161011
Ikarus Trojan.Win32.Crypt 20161011
Sophos ML trojan.win32.lethic.k 20160928
K7AntiVirus Trojan ( 004fa5c31 ) 20161011
K7GW Trojan ( 004fa5c31 ) 20161011
Kaspersky Backdoor.Win32.Androm.lbwv 20161011
McAfee-GW-Edition BehavesLike.Win32.Backdoor.dh 20161011
Microsoft Trojan:Win32/Dynamer!ac 20161011
Panda Generic Suspicious 20161011
Qihoo-360 HEUR/QVM10.1.0000.Malware.Gen 20161011
Rising Malware.Generic!qEkxC223WC@5 (thunder) 20161011
Sophos AV Mal/Generic-S 20161011
Symantec Heur.AdvML.B 20161011
Tencent Win32.Trojan.Bp-generic.Ixrn 20161011
Ad-Aware 20161011
AhnLab-V3 20161011
Alibaba 20161011
ALYac 20161011
Antiy-AVL 20161011
Arcabit 20161011
AVG 20161011
AVware 20161011
Baidu 20161011
BitDefender 20161011
CAT-QuickHeal 20161010
ClamAV 20161011
CMC 20161011
Comodo 20161011
Emsisoft 20161011
F-Prot 20161011
F-Secure 20161011
Jiangmin 20161011
Kingsoft 20161011
Malwarebytes 20161011
McAfee 20161011
eScan 20161011
NANO-Antivirus 20161011
nProtect 20161011
SUPERAntiSpyware 20161011
TheHacker 20161011
TrendMicro 20161011
VBA32 20161011
VIPRE 20161011
ViRobot 20161011
Yandex 20161011
Zillya 20161011
Zoner 20161011
The file being studied is a Portable Executable file! More specifically, it is a Win32 EXE file for the Windows GUI subsystem.
PE header basic information
Target machine Intel 386 or later processors and compatible processors
Compilation timestamp 2016-09-12 05:08:52
Entry Point 0x00003696
Number of sections 4
PE sections
PE imports
RegCreateKeyExW
RegEnumKeyW
RegDeleteValueW
RegCloseKey
OpenProcessToken
RegSetValueExW
FreeSid
RegOpenKeyExW
RegEnumValueW
AllocateAndInitializeSid
RegEnumKeyExW
AdjustTokenPrivileges
LookupPrivilegeValueW
RegOpenKeyW
RegDeleteKeyW
CheckTokenMembership
RegQueryValueExW
RegQueryValueW
GetFileTitleW
GetWindowExtEx
SetMapMode
TextOutW
CreateFontIndirectW
GetRgnBox
SaveDC
CreateRectRgnIndirect
GetClipBox
GetDeviceCaps
OffsetViewportOrgEx
DeleteDC
RestoreDC
SetBkMode
DeleteObject
GetObjectW
SetTextColor
ExtTextOutW
CreateBitmap
RectVisible
GetStockObject
SetViewportOrgEx
ScaleWindowExtEx
GetViewportExtEx
PtVisible
ExtSelectClipRgn
GetBkColor
ScaleViewportExtEx
SelectObject
GetMapMode
SetWindowExtEx
GetTextColor
DPtoLP
Escape
SetBkColor
SetViewportExtEx
GetStdHandle
GetDriveTypeW
GetConsoleOutputCP
ReleaseMutex
FileTimeToSystemTime
GetFileAttributesA
WaitForSingleObject
GetDriveTypeA
HeapDestroy
GetFileAttributesW
FreeEnvironmentStringsA
CreatePipe
GetCurrentProcess
GetConsoleMode
GetLocaleInfoA
LocalAlloc
GetSystemDefaultLCID
SetErrorMode
FreeEnvironmentStringsW
GetLocaleInfoW
EnumResourceLanguagesW
GetCPInfo
GetProcAddress
GetStringTypeA
FindResourceExW
FormatMessageW
GetSystemTimeAsFileTime
HeapReAlloc
GetStringTypeW
GetOEMCP
LocalFree
MoveFileA
InitializeCriticalSection
LoadResource
GlobalHandle
GetLogicalDriveStringsW
FindClose
InterlockedDecrement
FormatMessageA
SetFileAttributesW
WritePrivateProfileStringW
GetEnvironmentVariableW
SetLastError
BeginUpdateResourceW
CopyFileW
UpdateResourceW
GetModuleFileNameW
IsDebuggerPresent
ExitProcess
GetModuleFileNameA
EnumSystemLocalesA
UnhandledExceptionFilter
TlsGetValue
MultiByteToWideChar
SetFilePointerEx
GetPrivateProfileStringW
GetModuleHandleA
GetFullPathNameW
CreateThread
SetEnvironmentVariableW
GetSystemDirectoryW
DeleteCriticalSection
GetExitCodeThread
SetUnhandledExceptionFilter
ConvertDefaultLocale
CreateMutexW
MulDiv
SetEnvironmentVariableA
TerminateProcess
WriteConsoleA
SetCurrentDirectoryW
GlobalAlloc
GetDiskFreeSpaceExW
CreateEventW
SetEndOfFile
GetVersion
LeaveCriticalSection
WriteConsoleW
InitializeCriticalSectionAndSpinCount
HeapFree
EnterCriticalSection
SetHandleCount
LoadLibraryW
EndUpdateResourceW
GetVersionExW
GetExitCodeProcess
QueryPerformanceCounter
GetTickCount
TlsAlloc
FlushFileBuffers
LoadLibraryA
RtlUnwind
FreeLibrary
GetStartupInfoA
GetDateFormatA
GetWindowsDirectoryW
LCMapStringW
DeleteFileA
CreateDirectoryW
DeleteFileW
GlobalLock
WriteFile
GlobalReAlloc
RemoveDirectoryW
FindNextFileW
GetCurrentThreadId
CompareStringA
FindFirstFileW
IsValidLocale
lstrcmpW
GetUserDefaultLCID
SetEvent
GetTempPathW
GetTimeZoneInformation
CreateFileW
GetFileType
TlsSetValue
CreateFileA
HeapAlloc
InterlockedIncrement
GetLastError
LocalReAlloc
GlobalDeleteAtom
lstrlenA
GlobalFree
GetConsoleCP
LCMapStringA
GetThreadLocale
GetEnvironmentStringsW
GlobalUnlock
lstrlenW
FileTimeToLocalFileTime
GetEnvironmentStrings
GetCurrentDirectoryW
GetCurrentProcessId
LockResource
GetCommandLineW
GetCurrentDirectoryA
HeapSize
GetCommandLineA
GetCurrentThread
GetSystemDefaultLangID
TlsFree
SetFilePointer
ReadFile
LoadLibraryExW
CloseHandle
GetTimeFormatA
GetACP
GetModuleHandleW
FreeResource
SizeofResource
CreateProcessA
WideCharToMultiByte
IsValidCodePage
HeapCreate
FindResourceW
VirtualFree
Sleep
VirtualAlloc
ResetEvent
SHGetFolderPathW
ShellExecuteW
RedrawWindow
LoadBitmapW
DestroyMenu
PostQuitMessage
DrawStateW
SetWindowPos
IsWindow
GrayStringW
EndPaint
DispatchMessageW
GetCursorPos
MapDialogRect
GetDlgCtrlID
SendMessageW
UnregisterClassA
GetClientRect
DrawTextW
GetNextDlgTabItem
CallNextHookEx
GetTopWindow
GetWindowTextW
CopyAcceleratorTableW
GetActiveWindow
InvalidateRgn
GetMenuItemID
DestroyWindow
GetParent
EqualRect
GetMenuState
GetMessageW
ShowWindow
GetNextDlgGroupItem
GetDesktopWindow
PeekMessageW
EnableWindow
CharUpperW
TranslateMessage
IsWindowEnabled
GetWindow
LoadStringW
GetSubMenu
IsDialogMessageW
SetWindowContextHelpId
GetSysColorBrush
CreateWindowExW
TabbedTextOutW
GetWindowLongW
CharNextW
IsChild
SetFocus
BeginPaint
OffsetRect
DefWindowProcW
GetSystemMetrics
SetWindowLongW
GetWindowRect
SetCapture
ReleaseCapture
DrawTextExW
SendDlgItemMessageW
PostMessageW
GetLastActivePopup
PtInRect
SetWindowTextW
GetDlgItem
BringWindowToTop
ClientToScreen
PostThreadMessageW
GetMenuItemCount
ValidateRect
SetWindowsHookExW
LoadCursorW
LoadIconW
GetDC
SetForegroundWindow
ExitWindowsEx
CreateDialogIndirectParamW
ReleaseDC
IntersectRect
EndDialog
CopyRect
GetWindowThreadProcessId
MessageBoxW
RegisterClassExW
UnhookWindowsHookEx
MoveWindow
GetWindowDC
GetSysColor
RegisterClipboardFormatW
GetKeyState
IsWindowVisible
SystemParametersInfoW
SetRect
InvalidateRect
IsRectEmpty
GetFocus
SetCursor
VerQueryValueW
GetFileVersionInfoW
GetFileVersionInfoSizeW
Number of PE resources by type
RT_DIALOG 2
Number of PE resources by language
NEUTRAL 2
PE resources
ExifTool file metadata
MIMEType
application/octet-stream

Subsystem
Windows GUI

MachineType
Intel 386 or later, and compatibles

TimeStamp
2016:09:12 06:08:52+01:00

FileType
Win32 EXE

PEType
PE32

CodeSize
38400

LinkerVersion
9.0

FileTypeExtension
exe

InitializedDataSize
283136

SubsystemVersion
5.0

EntryPoint
0x3696

OSVersion
5.0

ImageVersion
0.0

UninitializedDataSize
0

File identification
MD5 31b1e70519d0a8ac1303ea89a0d817dc
SHA1 1a8b54f057bb904a6d72f995e4621c79d4e84221
SHA256 49bd9be5be57a42d65a4dfa3c130c279468dd3701e62fe817dd3a919497069a5
ssdeep
6144:osFkbxpFuwwCxrpy7RiJcMAWtfmVsgRee:jEsnurTJSWdmnRe

authentihash 5b1d8ba799a74a7c08340a2f35da312bc238c140fc45fddf6be69e29f83eb40a
imphash ea01b80a6df1350f9f938a76b7790809
File size 240.0 KB ( 245760 bytes )
File type Win32 EXE
Magic literal
PE32 executable for MS Windows (GUI) Intel 80386 32-bit

TrID Win32 Executable MS Visual C++ (generic) (35.8%)
Win64 Executable (generic) (31.7%)
Windows screen saver (15.0%)
Win32 Dynamic Link Library (generic) (7.5%)
Win32 Executable (generic) (5.1%)
Tags
peexe

VirusTotal metadata
First submission 2016-10-11 22:50:37 UTC ( 2 years, 4 months ago )
Last submission 2016-10-11 22:50:37 UTC ( 2 years, 4 months ago )
File names 31b1e70519d0a8ac1303ea89a0d817dc.virus
Advanced heuristic and reputation engines
No comments. No VirusTotal Community member has commented on this item yet, be the first one to do so!

Leave your comment...

?
Post comment

You have not signed in. Only registered users can leave comments, sign in and have a voice!

No votes. No one has voted on this item yet, be the first one to do so!
Condensed report! The following is a condensed report of the behaviour of the file when executed in a controlled environment. The actions and events described were either performed by the file itself or by any other process launched by the executed file or subjected to code injection by the executed file.
Opened files
Read files
Written files
Code injections in the following processes
Created mutexes
Runtime DLLs
UDP communications