× Cookies are disabled! This site requires cookies to be enabled to work properly
SHA256: 4c78b0b7e26f32b6a1b59ea4aa2a9ba7d46471ec99bff3adf724a0c66a2ea2d4
File name: 235b02e0d243e7bdebefe68d6a0ec8ec.exe
Detection ratio: 53 / 68
Analysis date: 2017-12-04 04:48:07 UTC ( 9 months, 2 weeks ago )
Antivirus Result Update
Ad-Aware Trojan.GenericKD.2139821 20171204
AegisLab Troj.W32.Yakes.iufc!c 20171204
AhnLab-V3 Trojan/Win32.Extrat.C753089 20171203
ALYac Trojan.GenericKD.2139821 20171203
Antiy-AVL Trojan/Win32.Yakes 20171204
Arcabit Trojan.Generic.D20A6AD 20171204
Avast FileRepMetagen [Malware] 20171204
AVG FileRepMetagen [Malware] 20171204
Avira (no cloud) TR/Crypt.ZPACK.Gen4 20171203
AVware Trojan.Win32.Generic.pak!cobra 20171204
Baidu Win32.Trojan.WisdomEyes.16070401.9500.9875 20171201
BitDefender Trojan.GenericKD.2139821 20171204
CAT-QuickHeal Trojan.Generic.B4 20171202
ClamAV Win.Downloader.Yakes-2016 20171204
CrowdStrike Falcon (ML) malicious_confidence_60% (D) 20171016
Cybereason malicious.1b8fb7 20171103
Cylance Unsafe 20171204
Cyren W32/Trojan.APKO-7228 20171204
DrWeb Trojan.Siggen6.23859 20171204
Emsisoft Trojan.GenericKD.2139821 (B) 20171204
Endgame malicious (high confidence) 20171130
ESET-NOD32 Win32/TrojanDownloader.Hancitor.B 20171203
F-Secure Trojan.GenericKD.2139821 20171204
Fortinet W32/Hancitor.B!tr 20171204
GData Trojan.GenericKD.2139821 20171204
Ikarus Trojan-Spy.Win32.Zbot 20171203
Sophos ML heuristic 20170914
Jiangmin Trojan/Yakes.tpq 20171204
K7AntiVirus Trojan-Downloader ( 004aeaef1 ) 20171203
K7GW Trojan-Downloader ( 004aeaef1 ) 20171204
Kaspersky Trojan.Win32.Yakes.iufc 20171204
Malwarebytes Trojan.Agent.HT 20171204
MAX malware (ai score=80) 20171204
McAfee Generic-FAVQ!235B02E0D243 20171204
McAfee-GW-Edition Generic-FAVQ!235B02E0D243 20171203
Microsoft Trojan:Win32/Chanitor.A 20171204
eScan Trojan.GenericKD.2139821 20171204
NANO-Antivirus Trojan.Win32.Yakes.dwkmrq 20171204
Palo Alto Networks (Known Signatures) generic.ml 20171204
Panda Trj/Genetic.gen 20171203
Qihoo-360 HEUR/QVM10.1.Malware.Gen 20171204
Rising Downloader.Hancitor!8.A19 (CLOUD) 20171204
Sophos AV Troj/Chantor-C 20171204
Tencent Suspicious.Heuristic.Gen.b.0 20171204
TheHacker Trojan/Downloader.Hancitor.b 20171130
TrendMicro TROJ_HANCITOR.YT 20171204
TrendMicro-HouseCall TROJ_HANCITOR.YT 20171204
VBA32 Trojan.Yakes 20171201
VIPRE Trojan.Win32.Generic.pak!cobra 20171204
Webroot W32.Hancitor.Gen 20171204
Yandex Trojan.Yakes!CRxqvjlYx6w 20171201
Zillya Trojan.Yakes.Win32.29551 20171201
ZoneAlarm by Check Point Trojan.Win32.Yakes.iufc 20171204
Alibaba 20171204
Avast-Mobile 20171203
Bkav 20171201
CMC 20171204
Comodo 20171204
eGambit 20171204
F-Prot 20171204
Kingsoft 20171204
nProtect 20171201
SentinelOne (Static ML) 20171113
SUPERAntiSpyware 20171203
Symantec 20171204
Symantec Mobile Insight 20171204
TotalDefense 20171203
Trustlook 20171204
ViRobot 20171204
WhiteArmor 20171104
Zoner 20171204
The file being studied is a Portable Executable file! More specifically, it is a Win32 EXE file for the Windows GUI subsystem.
PE header basic information
Target machine Intel 386 or later processors and compatible processors
Compilation timestamp 2015-02-02 14:53:29
Entry Point 0x00003A09
Number of sections 4
PE sections
PE imports
OpenProcessToken
LookupAccountNameW
InitCommonControlsEx
StartDocA
DeleteObject
GetLastError
InitializeCriticalSectionAndSpinCount
HeapFree
GetStdHandle
EnterCriticalSection
LCMapStringW
SetHandleCount
LoadLibraryW
GetConsoleCP
GetOEMCP
QueryPerformanceCounter
IsDebuggerPresent
GetTickCount
TlsAlloc
GetEnvironmentStringsW
FlushFileBuffers
GetModuleFileNameA
GetFileSize
RtlUnwind
IsProcessorFeaturePresent
DeleteCriticalSection
GetCurrentProcess
GetStartupInfoW
GetConsoleMode
DecodePointer
LocalAlloc
lstrcatA
GetModuleHandleW
WideCharToMultiByte
UnhandledExceptionFilter
TlsGetValue
MultiByteToWideChar
HeapSize
FreeEnvironmentStringsW
GetCommandLineA
GetProcAddress
EncodePointer
GetProcessHeap
SetStdHandle
RaiseException
GetCPInfo
GetModuleFileNameW
TlsFree
SetFilePointer
HeapSetInformation
ReadFile
SetUnhandledExceptionFilter
WriteFile
CloseHandle
GetSystemTimeAsFileTime
GetACP
HeapReAlloc
GetStringTypeW
GetCurrentThreadId
LocalFree
TerminateProcess
IsValidCodePage
HeapCreate
SetLastError
CreateFileW
InterlockedDecrement
Sleep
GetFileType
TlsSetValue
HeapAlloc
OutputDebugStringA
LeaveCriticalSection
ExitProcess
GetCurrentProcessId
WriteConsoleW
InterlockedIncrement
OleCreatePictureIndirect
GetModuleInformation
SetupDiGetDeviceInstallParamsA
SetupDiSetDeviceRegistryPropertyA
SetupDiSetDeviceInstallParamsA
SendMessageA
CreateWindowExA
LoadCursorA
LoadIconA
GetMenu
IsWindow
SetWindowTextW
GetDlgItemTextA
GetDesktopWindow
GetClientRect
CreateMenu
DestroyMenu
DefWindowProcA
GetWindow
RegisterClassExA
SetWindowPos
InvalidateRect
GetFileVersionInfoW
CoInitializeEx
CreateStreamOnHGlobal
GetHGlobalFromStream
Number of PE resources by type
RT_DIALOG 5
PNG 5
RT_ICON 4
RT_STRING 3
RT_MANIFEST 1
RT_GROUP_ICON 1
Number of PE resources by language
ENGLISH US 19
PE resources
ExifTool file metadata
MIMEType
application/octet-stream

Subsystem
Windows GUI

MachineType
Intel 386 or later, and compatibles

TimeStamp
2015:02:02 15:53:29+01:00

FileType
Win32 EXE

PEType
PE32

CodeSize
49664

LinkerVersion
10.0

FileTypeExtension
exe

InitializedDataSize
71680

SubsystemVersion
5.1

EntryPoint
0x3a09

OSVersion
5.1

ImageVersion
0.0

UninitializedDataSize
0

Compressed bundles
PCAP parents
File identification
MD5 235b02e0d243e7bdebefe68d6a0ec8ec
SHA1 940afeebb3524161d6ddf78778d6b094787d3df4
SHA256 4c78b0b7e26f32b6a1b59ea4aa2a9ba7d46471ec99bff3adf724a0c66a2ea2d4
ssdeep
1536:omeLS3Ey9fEu4nDqn4G4kzao44+WOhtUohRutbnERuwU67W6Q:omwgEyN+DobR+WOhMtbAuwUb

authentihash 6af37defa9253b297675f3b3824522bd02080c71c7c5ebd91bbadcd34c9cc511
imphash dd2ff095b8bb4cf1d42b0bd1350107b0
File size 119.5 KB ( 122368 bytes )
File type Win32 EXE
Magic literal
PE32 executable for MS Windows (GUI) Intel 80386 32-bit

TrID Win32 Executable MS Visual C++ (generic) (42.2%)
Win64 Executable (generic) (37.3%)
Win32 Dynamic Link Library (generic) (8.8%)
Win32 Executable (generic) (6.0%)
Generic Win/DOS Executable (2.7%)
Tags
peexe

VirusTotal metadata
First submission 2015-02-02 16:49:49 UTC ( 3 years, 7 months ago )
Last submission 2016-01-28 00:34:22 UTC ( 2 years, 7 months ago )
File names 235b02e0d243e7bdebefe68d6a0ec8ec
vv.exe
winlogin.exe
56010688
output.56010688.txt
604a504b7b24ab10f5e268b4aca2e2a38fcf0dec
winlogin.exe
hancitor2.exe
winlogin.exe
kWnlpdzh.exe
vti-rescan
235b02e0d243e7bdebefe68d6a0ec8ec.exe
444.exe
4c78b0b7e26f32b6a1b59ea4aa2a9ba7d46471ec99bff3adf724a0c66a2ea2d4.bin
hancitor2.exe
Advanced heuristic and reputation engines
Symantec reputation Suspicious.Insight
No comments. No VirusTotal Community member has commented on this item yet, be the first one to do so!

Leave your comment...

?
Post comment

You have not signed in. Only registered users can leave comments, sign in and have a voice!

No votes. No one has voted on this item yet, be the first one to do so!
Condensed report! The following is a condensed report of the behaviour of the file when executed in a controlled environment. The actions and events described were either performed by the file itself or by any other process launched by the executed file or subjected to code injection by the executed file.
Opened files
Copied files
Created mutexes
Opened mutexes
Runtime DLLs
Additional details
The file sends control codes directly to certain device drivers making use of the DeviceIoControl Windows API function.