× Cookies are disabled! This site requires cookies to be enabled to work properly
SHA256: 4cfe06a7d1190d184c3dc174893fa9567596726f151aa8bcbcfdcdb447c11730
File name: d4319cc6ee294a020a1832c4e2a54d55b70ee83a
Detection ratio: 16 / 57
Analysis date: 2015-04-10 18:50:20 UTC ( 3 years, 11 months ago )
Antivirus Result Update
Ad-Aware Gen:Variant.Strictor.83449 20150410
AhnLab-V3 Trojan/Win32.MDA 20150410
AVG Inject2.BXLD 20150410
AVware Trojan.Win32.Generic.pak!cobra 20150410
BitDefender Gen:Variant.Strictor.83449 20150410
Cyren W32/Damaged_File.gen!Eldorado 20150410
DrWeb Trojan.DownLoader12.29517 20150410
Emsisoft Gen:Variant.Strictor.83449 (B) 20150410
ESET-NOD32 a variant of Win32/Injector.BXZV 20150410
GData Gen:Variant.Strictor.83449 20150410
K7GW Trojan ( 004bcc0d1 ) 20150410
Malwarebytes Trojan.FileLock 20150410
eScan Gen:Variant.Strictor.83449 20150410
Sophos AV Troj/Fondu-EU 20150410
Tencent Trojan.Win32.YY.Gen.24 20150410
VIPRE Trojan.Win32.Generic.pak!cobra 20150410
AegisLab 20150410
Yandex 20150409
Alibaba 20150410
ALYac 20150410
Antiy-AVL 20150410
Avast 20150410
Avira (no cloud) 20150410
Baidu-International 20150410
Bkav 20150410
ByteHero 20150410
CAT-QuickHeal 20150410
ClamAV 20150410
CMC 20150410
Comodo 20150410
F-Prot 20150410
F-Secure 20150410
Fortinet 20150410
Ikarus 20150410
Jiangmin 20150409
K7AntiVirus 20150410
Kaspersky 20150410
Kingsoft 20150410
McAfee 20150410
McAfee-GW-Edition 20150410
Microsoft 20150410
NANO-Antivirus 20150410
Norman 20150410
nProtect 20150410
Panda 20150410
Qihoo-360 20150410
Rising 20150410
SUPERAntiSpyware 20150410
Symantec 20150410
TheHacker 20150410
TotalDefense 20150409
TrendMicro 20150410
TrendMicro-HouseCall 20150410
VBA32 20150410
ViRobot 20150410
Zillya 20150409
Zoner 20150410
The file being studied is a Portable Executable file! More specifically, it is a Win32 EXE file for the Windows GUI subsystem.
PE header basic information
Target machine Intel 386 or later processors and compatible processors
Compilation timestamp 2015-03-28 09:00:29
Entry Point 0x0000B4E2
Number of sections 6
PE sections
PE imports
StretchDIBits
GetModuleFileNameW
GetStartupInfoW
CreateFileW
GetModuleHandleW
Ord(3820)
Ord(1131)
Ord(2438)
Ord(5573)
Ord(4621)
Ord(5298)
Ord(2980)
Ord(6371)
Ord(6113)
Ord(5237)
Ord(4073)
Ord(6153)
Ord(6048)
Ord(5996)
Ord(5278)
Ord(5257)
Ord(3733)
Ord(5736)
Ord(5236)
Ord(4523)
Ord(5727)
Ord(3744)
Ord(4461)
Ord(4616)
Ord(3167)
Ord(6332)
Ord(2873)
Ord(517)
Ord(4717)
Ord(4852)
Ord(1569)
Ord(4539)
Ord(6370)
Ord(554)
Ord(815)
Ord(4525)
Ord(3257)
Ord(2546)
Ord(641)
Ord(3917)
Ord(3449)
Ord(2388)
Ord(5256)
Ord(338)
Ord(4343)
Ord(567)
Ord(3076)
Ord(4414)
Ord(4233)
Ord(1739)
Ord(4430)
Ord(3142)
Ord(3060)
Ord(3193)
Ord(6127)
Ord(5285)
Ord(4617)
Ord(5233)
Ord(6330)
Ord(1165)
Ord(617)
Ord(3053)
Ord(366)
Ord(825)
Ord(2644)
Ord(4604)
Ord(5710)
Ord(5276)
Ord(4146)
Ord(2502)
Ord(4401)
Ord(2874)
Ord(540)
Ord(4335)
Ord(5273)
Ord(1767)
Ord(2371)
Ord(975)
Ord(4480)
Ord(4229)
Ord(2294)
Ord(823)
Ord(2047)
Ord(4537)
Ord(4954)
Ord(2504)
Ord(5006)
Ord(1912)
Ord(4607)
Ord(656)
Ord(4298)
Ord(6051)
Ord(5261)
Ord(3074)
Ord(1658)
Ord(3345)
Ord(2613)
Ord(3592)
Ord(4609)
Ord(4458)
Ord(4269)
Ord(2879)
Ord(2977)
Ord(2116)
Ord(4418)
Ord(1718)
Ord(2641)
Ord(1834)
Ord(2109)
Ord(796)
Ord(4957)
Ord(674)
Ord(2382)
Ord(4831)
Ord(5070)
Ord(4158)
Ord(4606)
Ord(6076)
Ord(2715)
Ord(4426)
Ord(3398)
Ord(784)
Ord(4992)
Ord(5297)
Ord(4608)
Ord(4883)
Ord(4459)
Ord(4817)
Ord(3743)
Ord(986)
Ord(2377)
Ord(4893)
Ord(3825)
Ord(4419)
Ord(4074)
Ord(2640)
Ord(1089)
Ord(3490)
Ord(4421)
Ord(807)
Ord(4520)
Ord(3254)
Ord(2506)
Ord(4947)
Ord(3341)
Ord(4237)
Ord(4257)
Ord(4451)
Ord(4692)
Ord(4381)
Ord(2534)
Ord(1817)
Ord(4347)
Ord(5248)
Ord(2717)
Ord(324)
Ord(5157)
Ord(2391)
Ord(5296)
Ord(2527)
Ord(4847)
Ord(1768)
Ord(4704)
Ord(1662)
Ord(3793)
Ord(5097)
Ord(3826)
Ord(5193)
Ord(2971)
Ord(5468)
Ord(1720)
Ord(4075)
Ord(2854)
Ord(2859)
Ord(652)
Ord(5094)
Ord(4420)
Ord(520)
Ord(4435)
Ord(6212)
Ord(5303)
Ord(4518)
Ord(6171)
Ord(5208)
Ord(4583)
Ord(6617)
Ord(561)
Ord(2078)
Ord(3054)
Ord(6372)
Ord(3131)
Ord(4154)
Ord(5059)
Ord(3397)
Ord(6211)
Ord(4072)
Ord(4103)
Ord(529)
Ord(4370)
Ord(800)
Ord(296)
Ord(5649)
Ord(5239)
Ord(3605)
Ord(5286)
Ord(4690)
_except_handler3
__p__fmode
__CxxFrameHandler
?terminate@@YAXXZ
_exit
__p__commode
floor
__dllonexit
_onexit
__wgetmainargs
_controlfp
exit
_XcptFilter
_ftol
_initterm
__setusermatherr
_wcmdln
_adjust_fdiv
__set_app_type
ReleaseDC
SendMessageW
UpdateWindow
EnableWindow
SetCapture
GetDC
InvalidateRect
Number of PE resources by type
RT_STRING 15
RT_DIALOG 6
RT_ICON 1
Struct(33) 1
Struct(241) 1
RT_ACCELERATOR 1
RT_BITMAP 1
RT_GROUP_ICON 1
Number of PE resources by language
GERMAN AUSTRIAN 15
CHINESE SIMPLIFIED 9
NEUTRAL 3
PE resources
ExifTool file metadata
MIMEType
application/octet-stream

Subsystem
Windows GUI

MachineType
Intel 386 or later, and compatibles

TimeStamp
2015:03:28 10:00:29+01:00

FileType
Win32 EXE

PEType
PE32

CodeSize
45056

LinkerVersion
6.0

EntryPoint
0xb4e2

InitializedDataSize
245760

SubsystemVersion
4.0

ImageVersion
0.0

OSVersion
4.0

UninitializedDataSize
0

File identification
MD5 556090cfcaec02f49f3b5298f49ae3fa
SHA1 cfbc46875bf9c0d4cda0194f934a6b2c27406a2d
SHA256 4cfe06a7d1190d184c3dc174893fa9567596726f151aa8bcbcfdcdb447c11730
ssdeep
6144:uaceevYXGcVG46zBtkM21nuTMoEynC+5Ov75wpEC+EmgmIY:lce3bN6N55lEynC+Q5wGzEmgmIY

authentihash 200b87c1be6cff488b9a29706faa416ac6f8795d2dfba5585880984bb78088ec
imphash 16c516c1cecf60be25a6a19798089ba1
File size 288.5 KB ( 295424 bytes )
File type Win32 EXE
Magic literal
PE32 executable for MS Windows (GUI) Intel 80386 system file

TrID Win32 Executable (generic) (52.9%)
Generic Win/DOS Executable (23.5%)
DOS Executable Generic (23.4%)
Autodesk FLIC Image File (extensions: flc, fli, cel) (0.0%)
Tags
peexe

VirusTotal metadata
First submission 2015-04-10 18:50:20 UTC ( 3 years, 11 months ago )
Last submission 2015-04-10 18:50:20 UTC ( 3 years, 11 months ago )
File names d4319cc6ee294a020a1832c4e2a54d55b70ee83a
No comments. No VirusTotal Community member has commented on this item yet, be the first one to do so!

Leave your comment...

?
Post comment

You have not signed in. Only registered users can leave comments, sign in and have a voice!

No votes. No one has voted on this item yet, be the first one to do so!