× Cookies are disabled! This site requires cookies to be enabled to work properly
SHA256: 49e9ce9eaca7cd3185bdd17200f433aaaf68b51a1d1fbe559ca6122b91147953
File name: 982f76ff4cf7b363d754d5e059cf63b6.virus
Detection ratio: 30 / 53
Analysis date: 2016-02-06 05:08:33 UTC ( 3 years, 1 month ago )
Antivirus Result Update
Ad-Aware Gen:Variant.Zusy.180569 20160206
AegisLab Troj.W32.Gen 20160206
Yandex TrojanSpy.Zbot!Y589uLJTHOo 20160205
AhnLab-V3 Trojan/Win32.Teslacrypt 20160205
Antiy-AVL Trojan[Spy]/Win32.Zbot 20160206
Arcabit Trojan.Zusy.D2C159 20160206
Avast Win32:Malware-gen 20160206
AVG Generic_r.HBP 20160205
Avira (no cloud) TR/Crypt.Xpack.440623 20160206
BitDefender Gen:Variant.Zusy.180569 20160206
Cyren W32/Agent.XL.gen!Eldorado 20160206
DrWeb Trojan.Encoder.3677 20160206
Emsisoft Gen:Variant.Zusy.180569 (B) 20160206
ESET-NOD32 a variant of Win32/Kryptik.EMKD 20160206
F-Prot W32/Agent.XL.gen!Eldorado 20160129
F-Secure Gen:Variant.Zusy.180569 20160206
Fortinet Malicious_Behavior.VEX.99 20160206
GData Gen:Variant.Zusy.180569 20160206
K7GW Hacktool ( 655367771 ) 20160206
Kaspersky Trojan-Spy.Win32.Zbot.wiyk 20160206
Malwarebytes Ransom.TeslaCrypt 20160206
McAfee Trojan-FHTP!982F76FF4CF7 20160206
McAfee-GW-Edition BehavesLike.Win32.PWSZbot.dh 20160206
Microsoft PWS:Win32/Zbot!VM 20160206
Qihoo-360 QVM41.1.Malware.Gen 20160206
Rising PE:Malware.Generic(Thunder)!1.A1C4 [F] 20160205
Sophos AV Mal/Generic-S 20160206
Symantec Suspicious.Cloud.9 20160205
TrendMicro TROJ_GEN.R021C0DB416 20160206
VIPRE Trojan.Win32.Filecoder.eb (v) 20160206
Alibaba 20160204
Baidu-International 20160205
Bkav 20160204
ByteHero 20160206
CAT-QuickHeal 20160205
ClamAV 20160204
CMC 20160205
Comodo 20160206
Ikarus 20160206
Jiangmin 20160206
K7AntiVirus 20160206
NANO-Antivirus 20160206
nProtect 20160205
Panda 20160205
SUPERAntiSpyware 20160206
Tencent 20160206
TheHacker 20160206
TotalDefense 20160206
TrendMicro-HouseCall 20160206
VBA32 20160204
ViRobot 20160206
Zillya 20160206
Zoner 20160206
The file being studied is a Portable Executable file! More specifically, it is a Win32 EXE file for the Windows GUI subsystem.
PE header basic information
Target machine Intel 386 or later processors and compatible processors
Compilation timestamp 2016-02-01 09:38:25
Entry Point 0x00004768
Number of sections 5
PE sections
Overlays
MD5 04fbaa2a67a3d91325f98023fd9b6c4c
File type data
Offset 233984
Size 512
Entropy 7.58
PE imports
RegOpenKeyA
SetFileSecurityW
GetSaveFileNameA
CertOIDToAlgId
SetMapMode
TextOutW
RestoreDC
SetMapperFlags
Arc
StretchBlt
Polygon
GetUserDefaultUILanguage
ExitThread
InitializeCriticalSectionAndSpinCount
HeapFree
GetStdHandle
EnterCriticalSection
LCMapStringW
UnmapViewOfFile
GetOverlappedResult
GetLastError
GetCurrentProcessId
GetExitCodeProcess
LCMapStringA
IsDebuggerPresent
HeapAlloc
TlsAlloc
GetEnvironmentStringsW
LoadLibraryA
RtlUnwind
GetSystemDirectoryA
FreeEnvironmentStringsA
DeleteCriticalSection
GetStartupInfoA
GetEnvironmentStrings
GetWindowsDirectoryW
GetPrivateProfileStringA
GetLocaleInfoA
LocalAlloc
SetHandleCount
IsDBCSLeadByte
GetCommandLineW
WideCharToMultiByte
UnhandledExceptionFilter
InterlockedDecrement
MultiByteToWideChar
HeapSize
FreeEnvironmentStringsW
GetCommandLineA
GlobalLock
TlsFree
GetFileType
SetStdHandle
ReleaseSemaphore
GetCPInfo
GetStringTypeA
GetModuleHandleA
GetCurrentThreadId
SetUnhandledExceptionFilter
WriteFile
InterlockedIncrement
CreateMemoryResourceNotification
GetSystemTimeAsFileTime
FindFirstFileW
TerminateProcess
GetACP
HeapReAlloc
GetStringTypeW
GetModuleHandleW
GetOEMCP
GlobalMemoryStatus
GetModuleFileNameA
QueryPerformanceCounter
GetCurrentProcess
IsValidCodePage
HeapCreate
VirtualFree
OutputDebugStringW
TlsGetValue
Sleep
IsBadReadPtr
GetTickCount
TlsSetValue
ExitProcess
LocalUnlock
GetProcAddress
VirtualAlloc
GetEnvironmentVariableW
SetLastError
LeaveCriticalSection
SHGetSpecialFolderLocation
CommandLineToArgvW
GetWindowLongA
GetDCEx
GetMessagePos
TrackPopupMenu
PostQuitMessage
GetScrollRange
EnableWindow
SystemParametersInfoW
GetDialogBaseUnits
DialogBoxParamW
DdeGetData
IntersectRect
GetKeyboardLayoutList
GetWindowLongW
GetMessageTime
InvalidateRgn
UnionRect
DefWindowProcA
PtInRect
UnDecorateSymbolName
OleDestroyMenuDescriptor
Number of PE resources by type
RT_RCDATA 1
RT_MANIFEST 1
Number of PE resources by language
NEUTRAL 2
PE resources
ExifTool file metadata
MIMEType
application/octet-stream

Subsystem
Windows GUI

MachineType
Intel 386 or later, and compatibles

TimeStamp
2016:02:01 10:38:25+01:00

FileType
Win32 EXE

PEType
PE32

CodeSize
38400

LinkerVersion
9.0

FileTypeExtension
exe

InitializedDataSize
194560

SubsystemVersion
5.0

EntryPoint
0x4768

OSVersion
5.0

ImageVersion
0.0

UninitializedDataSize
0

File identification
MD5 982f76ff4cf7b363d754d5e059cf63b6
SHA1 efde8322919ff511335a50a98b6af719c21cef21
SHA256 49e9ce9eaca7cd3185bdd17200f433aaaf68b51a1d1fbe559ca6122b91147953
ssdeep
3072:iZZ5XJH8+JZ5X2zn4CFBvU2GUCkY3jOzbfBqf6Fim0qKqAyCTlT1Cti/G5HeOd9+:6Z5h/aNFS2G+YTBf6FJ0GglT1gdeOHS

authentihash cc7c00cc6c7c64e958637f1bb9de2feee857b74c1a8419ca8460f53f264567f9
imphash 6b9941200c9d1a9b1518799238aab5ad
File size 229.0 KB ( 234496 bytes )
File type Win32 EXE
Magic literal
PE32 executable for MS Windows (GUI) Intel 80386 32-bit

TrID Win32 Executable MS Visual C++ (generic) (35.8%)
Win64 Executable (generic) (31.7%)
Windows screen saver (15.0%)
Win32 Dynamic Link Library (generic) (7.5%)
Win32 Executable (generic) (5.1%)
Tags
peexe overlay

VirusTotal metadata
First submission 2016-02-06 05:08:33 UTC ( 3 years, 1 month ago )
Last submission 2016-02-06 05:08:33 UTC ( 3 years, 1 month ago )
File names 982f76ff4cf7b363d754d5e059cf63b6.virus
No comments. No VirusTotal Community member has commented on this item yet, be the first one to do so!

Leave your comment...

?
Post comment

You have not signed in. Only registered users can leave comments, sign in and have a voice!

No votes. No one has voted on this item yet, be the first one to do so!
Condensed report! The following is a condensed report of the behaviour of the file when executed in a controlled environment. The actions and events described were either performed by the file itself or by any other process launched by the executed file or subjected to code injection by the executed file.
Opened files
Read files
Written files
Created processes
Created mutexes
Opened mutexes
Runtime DLLs
UDP communications