× Cookies are disabled! This site requires cookies to be enabled to work properly
SHA256: 49dea2b2b9e0915983b406500fbcaf884eb01e8045ce62f67401bae3405fcc9a
File name: win.exe
Detection ratio: 26 / 57
Analysis date: 2016-10-31 15:01:24 UTC ( 2 years, 4 months ago ) View latest
Antivirus Result Update
Ad-Aware Gen:Variant.Razy.100179 20161031
AhnLab-V3 Trojan/Win32.ZBot.C1597496 20161031
ALYac Gen:Variant.Razy.100179 20161031
Antiy-AVL Trojan/Win32.TSGeneric 20161031
Arcabit Trojan.Razy.D18753 20161031
Baidu Win32.Trojan.Elenoocka.a 20161031
BitDefender Gen:Variant.Razy.100179 20161031
Bkav HW32.Packed.4149 20161031
CrowdStrike Falcon (ML) malicious_confidence_100% (D) 20161024
Emsisoft Gen:Variant.Razy.100179 (B) 20161031
ESET-NOD32 a variant of Win32/Kryptik.FHUA 20161031
F-Secure Gen:Variant.Razy.100179 20161031
Fortinet W32/Kryptik.FHHU!tr 20161031
GData Gen:Variant.Razy.100179 20161031
Sophos ML trojanspy.win32.ursnif.hn 20161018
Kaspersky UDS:DangerousObject.Multi.Generic 20161031
Malwarebytes Trojan.Crypt 20161031
McAfee PWSZbot-FAVG!187668405535 20161031
McAfee-GW-Edition BehavesLike.Win32.Backdoor.dc 20161031
eScan Gen:Variant.Razy.100179 20161031
Qihoo-360 HEUR/QVM20.1.0000.Malware.Gen 20161031
Rising Malware.Generic!5HUQYUHgYqE@2 (thunder) 20161031
Sophos AV Mal/Generic-S 20161031
Symantec Heur.AdvML.B 20161031
TrendMicro Ransom_HPCRYPMIC.SM1 20161031
TrendMicro-HouseCall Ransom_HPCRYPMIC.SM1 20161031
AegisLab 20161031
Alibaba 20161031
Avast 20161031
AVG 20161031
Avira (no cloud) 20161031
AVware 20161031
CAT-QuickHeal 20161031
ClamAV 20161031
CMC 20161031
Comodo 20161031
Cyren 20161031
DrWeb 20161031
F-Prot 20161031
Ikarus 20161031
Jiangmin 20161031
K7AntiVirus 20161031
K7GW 20161031
Kingsoft 20161031
Microsoft 20161031
NANO-Antivirus 20161031
nProtect 20161028
Panda 20161031
SUPERAntiSpyware 20161031
Tencent 20161031
TheHacker 20161029
TotalDefense 20161028
VBA32 20161031
VIPRE 20161031
ViRobot 20161031
Yandex 20161030
Zillya 20161031
Zoner 20161031
The file being studied is a Portable Executable file! More specifically, it is a Win32 EXE file for the Windows GUI subsystem.
FileVersionInfo properties
PE header basic information
Target machine Intel 386 or later processors and compatible processors
Compilation timestamp 2015-05-12 00:56:45
Entry Point 0x00004D24
Number of sections 3
PE sections
PE imports
GlobalDeleteAtom
WaitForSingleObject
FreeLibrary
GetTickCount
GetModuleFileNameA
LoadLibraryA
GetStartupInfoA
GetCPInfoExW
GetCurrentDirectoryW
GetCurrentProcessId
CreateIoCompletionPort
GetConsoleTitleW
GetProcAddress
OpenMutexA
CreateMutexA
GetTempPathA
ReleaseSemaphore
InterlockedExchange
FindResourceExW
CompareStringA
lstrcpynA
FindNextFileA
SetLocalTime
SetPriorityClass
OpenSemaphoreA
GetStringTypeExW
InterlockedDecrement
IsBadStringPtrA
GetCurrentThreadId
lstrcmpW
GetTimeFormatA
TraceSQLCancel
TraceSQLFetch
TraceSQLError
TraceSQLBindCol
SHQueryRecycleBinW
SHBrowseForFolderA
FindExecutableA
StrCmpNW
ShellMessageBoxA
ExtractIconW
StrChrW
StrChrIW
SHGetSettings
DllCanUnloadNow
SHInvokePrinterCommandA
SHPathPrepareForWriteA
ShellAboutW
SHParseDisplayName
Number of PE resources by type
RT_RCDATA 3
Number of PE resources by language
NEUTRAL 3
PE resources
Debug information
ExifTool file metadata
MIMEType
application/octet-stream

Subsystem
Windows GUI

MachineType
Intel 386 or later, and compatibles

FileTypeExtension
exe

TimeStamp
2015:05:12 02:56:45+02:00

FileType
Win32 EXE

PEType
PE32

CodeSize
242176

LinkerVersion
7.1

ImageFileCharacteristics
No relocs, Executable, No line numbers, No symbols, 32-bit

EntryPoint
0x4d24

InitializedDataSize
8704

SubsystemVersion
4.0

ImageVersion
5.1

OSVersion
5.1

UninitializedDataSize
0

File identification
MD5 18766840553512d3d80249e5c8ddcf16
SHA1 ccc09c1e94f68561e375c9117ebff86e744f8a35
SHA256 49dea2b2b9e0915983b406500fbcaf884eb01e8045ce62f67401bae3405fcc9a
ssdeep
6144:QVtFkjyJuH5SrMuKMFAdwzrvxQgafByF2Cw+:ekjheBTQwda62C

authentihash eed62f699a7f95936ed9e9dc20c3ba43a4e087d99691d6850f78b9fb224b7816
imphash d4c7ef40af53cef01ca8c5d46f8aa999
File size 246.0 KB ( 251904 bytes )
File type Win32 EXE
Magic literal
PE32 executable for MS Windows (GUI) Intel 80386 32-bit

TrID Win32 Dynamic Link Library (generic) (38.4%)
Win32 Executable (generic) (26.3%)
OS/2 Executable (generic) (11.8%)
Generic Win/DOS Executable (11.6%)
DOS Executable Generic (11.6%)
Tags
peexe

VirusTotal metadata
First submission 2016-10-31 15:01:24 UTC ( 2 years, 4 months ago )
Last submission 2019-03-16 12:49:33 UTC ( 1 week, 1 day ago )
File names edle.exe
spora.exe
dcf16.exe
localfile~
win.exe
18766840553512d3d80249e5c8ddcf16.exe
18766840553512d3d80249e5c8ddcf16.bin
18766840553512d3d80249e5c8ddcf16.exe
No comments. No VirusTotal Community member has commented on this item yet, be the first one to do so!

Leave your comment...

?
Post comment

You have not signed in. Only registered users can leave comments, sign in and have a voice!

No votes. No one has voted on this item yet, be the first one to do so!
Condensed report! The following is a condensed report of the behaviour of the file when executed in a controlled environment. The actions and events described were either performed by the file itself or by any other process launched by the executed file or subjected to code injection by the executed file.
Opened files
Read files
Written files
Copied files
Deleted files
Created processes
Shell commands
Code injections in the following processes
Created mutexes
Opened mutexes
Runtime DLLs
UDP communications