× Cookies are disabled! This site requires cookies to be enabled to work properly
SHA256: 4b01c1fa5cf110168ea3234c6306f3922f9940da91b6e7a90b1ff23cd700467d
File name: 6271a3455e1e2e65d312dcff2bea2048.virus
Detection ratio: 34 / 57
Analysis date: 2016-09-18 09:10:43 UTC ( 2 years, 5 months ago )
Antivirus Result Update
Ad-Aware Trojan.GenericKD.3410593 20160918
AhnLab-V3 Trojan/Win32.Yakes.N2048630082 20160917
ALYac Trojan.GenericKD.3410593 20160918
Arcabit Trojan.Generic.D340AA1 20160917
Avast Win32:Trojan-gen 20160918
AVG Downloader.Generic14.BBNM 20160918
Avira (no cloud) TR/Crypt.ZPACK.hqcz 20160917
AVware Trojan.Win32.Generic!BT 20160918
BitDefender Trojan.GenericKD.3410593 20160918
CAT-QuickHeal Trojan.Dynamer 20160917
Comodo TrojWare.Win32.Genome.vtmf 20160916
Cyren W32/Trojan.HSOW-4066 20160918
Emsisoft Trojan.GenericKD.3410593 (B) 20160918
ESET-NOD32 Win32/TrojanDownloader.Agent.CFH 20160918
F-Secure Trojan.GenericKD.3410593 20160918
Fortinet W32/Agent.CFH!tr.dldr 20160918
GData Trojan.GenericKD.3410593 20160918
Sophos ML virus.win32.sality.at 20160917
K7AntiVirus Trojan-Downloader ( 004e141d1 ) 20160918
K7GW Trojan-Downloader ( 004e141d1 ) 20160918
Kaspersky Trojan.Win32.Yakes.qjcf 20160918
McAfee RDN/Generic Downloader.x 20160918
McAfee-GW-Edition RDN/Generic Downloader.x 20160918
Microsoft Trojan:Win32/Dynamer!ac 20160918
eScan Trojan.GenericKD.3410593 20160918
Panda Trj/GdSda.A 20160918
Qihoo-360 HEUR/QVM09.0.0000.Malware.Gen 20160918
Sophos AV Mal/Generic-S 20160918
Symantec Trojan.Gen 20160918
Tencent Win32.Trojan.Yakes.Wncj 20160918
TrendMicro TROJ_GEN.R011C0DGJ16 20160918
TrendMicro-HouseCall TROJ_GEN.R011C0DGJ16 20160918
VIPRE Trojan.Win32.Generic!BT 20160918
Yandex Trojan.DL.Agent!qNFb981DMJo 20160917
AegisLab 20160918
Alibaba 20160918
Antiy-AVL 20160918
Baidu 20160914
Bkav 20160917
ClamAV 20160916
CMC 20160916
CrowdStrike Falcon (ML) 20160725
DrWeb 20160918
F-Prot 20160918
Ikarus 20160918
Jiangmin 20160918
Kingsoft 20160918
Malwarebytes 20160918
NANO-Antivirus 20160918
nProtect 20160918
Rising 20160918
SUPERAntiSpyware 20160918
TheHacker 20160918
VBA32 20160917
ViRobot 20160918
Zillya 20160915
Zoner 20160918
The file being studied is a Portable Executable file! More specifically, it is a Win32 EXE file for the Windows GUI subsystem.
PE header basic information
Target machine Intel 386 or later processors and compatible processors
Compilation timestamp 2004-06-14 04:00:57
Entry Point 0x0000E1F9
Number of sections 6
PE sections
PE imports
GetStdHandle
GetConsoleOutputCP
HeapDestroy
FreeEnvironmentStringsA
DeleteCriticalSection
GetCurrentProcess
GetConsoleMode
GetLocaleInfoA
FreeEnvironmentStringsW
GetLocaleInfoW
SetStdHandle
GetCPInfo
GetStringTypeA
InterlockedExchange
WriteFile
GetSystemTimeAsFileTime
HeapReAlloc
GetStringTypeW
GetOEMCP
LocalFree
SetWaitableTimer
InitializeCriticalSection
TlsGetValue
FormatMessageA
SetLastError
GetModuleFileNameW
IsDebuggerPresent
ExitProcess
GetVersionExA
GetModuleFileNameA
EnumSystemLocalesA
UnhandledExceptionFilter
InterlockedDecrement
MultiByteToWideChar
WriteProfileStringW
GetModuleHandleA
SetUnhandledExceptionFilter
WaitForMultipleObjectsEx
TerminateProcess
WriteConsoleA
GetCurrentThreadId
LeaveCriticalSection
WriteConsoleW
HeapFree
EnterCriticalSection
SetHandleCount
SetEvent
QueryPerformanceCounter
GetTickCount
TlsAlloc
FlushFileBuffers
LoadLibraryA
RtlUnwind
GetStartupInfoA
GetStartupInfoW
GetUserDefaultLCID
GetProcessHeap
ResetEvent
CreateWaitableTimerA
IsValidLocale
GetProcAddress
CreateEventA
GetFileType
TlsSetValue
CreateFileA
HeapAlloc
InterlockedIncrement
GetLastError
SystemTimeToFileTime
LCMapStringW
GetConsoleCP
LCMapStringA
GetEnvironmentStringsW
WaitForSingleObjectEx
FindFirstChangeNotificationW
GetEnvironmentStrings
GetCurrentProcessId
GetCommandLineW
WideCharToMultiByte
HeapSize
GetCommandLineA
RaiseException
TlsFree
SetFilePointer
ReadFile
CloseHandle
GetACP
GetModuleHandleW
IsValidCodePage
HeapCreate
VirtualFree
Sleep
OpenEventA
VirtualAlloc
Number of PE resources by type
RT_MANIFEST 1
Number of PE resources by language
ENGLISH US 1
PE resources
Debug information
ExifTool file metadata
MIMEType
application/octet-stream

Subsystem
Windows GUI

MachineType
Intel 386 or later, and compatibles

TimeStamp
2004:06:14 05:00:57+01:00

FileType
Win32 EXE

PEType
PE32

CodeSize
139264

LinkerVersion
8.0

FileTypeExtension
exe

InitializedDataSize
212992

SubsystemVersion
4.0

EntryPoint
0xe1f9

OSVersion
4.0

ImageVersion
0.0

UninitializedDataSize
0

File identification
MD5 6271a3455e1e2e65d312dcff2bea2048
SHA1 f8e96ebae56288905819111defcb0100e708d26b
SHA256 4b01c1fa5cf110168ea3234c6306f3922f9940da91b6e7a90b1ff23cd700467d
ssdeep
3072:CQxwZ3Pf9tZbZxCMAm5sQzwtyROk1Bs5ToUdvSoTmkZVQ+lCHfUQxIA5qynU4lIf:CQUH9tZbZI0q6s/SonQ+lCVx/nXwP

authentihash 6658b63917ca37ea366708e43041fa1b743b47135c81815795d7c5c2827c241b
imphash e7d9b26f34c1b438750ddb0cbd6573ae
File size 308.0 KB ( 315392 bytes )
File type Win32 EXE
Magic literal
PE32 executable for MS Windows (GUI) Intel 80386 32-bit

TrID Win32 Executable MS Visual C++ (generic) (42.2%)
Win64 Executable (generic) (37.3%)
Win32 Dynamic Link Library (generic) (8.8%)
Win32 Executable (generic) (6.0%)
Generic Win/DOS Executable (2.7%)
Tags
peexe

VirusTotal metadata
First submission 2016-09-18 09:10:43 UTC ( 2 years, 5 months ago )
Last submission 2016-09-18 09:10:43 UTC ( 2 years, 5 months ago )
File names 6271a3455e1e2e65d312dcff2bea2048.virus
No comments. No VirusTotal Community member has commented on this item yet, be the first one to do so!

Leave your comment...

?
Post comment

You have not signed in. Only registered users can leave comments, sign in and have a voice!

No votes. No one has voted on this item yet, be the first one to do so!
Condensed report! The following is a condensed report of the behaviour of the file when executed in a controlled environment. The actions and events described were either performed by the file itself or by any other process launched by the executed file or subjected to code injection by the executed file.
Created processes
Created mutexes
Opened mutexes
Runtime DLLs
DNS requests
UDP communications