× Cookies are disabled! This site requires cookies to be enabled to work properly
SHA256: 4d00787706d8e66ee70ee915256d9c06da3acef75199668a35edbbc3ec35d654
File name: 28BF4B527CEEE4B8567B886008274FB2
Detection ratio: 18 / 52
Analysis date: 2016-06-14 00:32:49 UTC ( 2 years, 10 months ago )
Antivirus Result Update
Ad-Aware Gen:Variant.Midie.30379 20160613
Avast Win32:Dropper-gen [Drp] 20160613
AVG Ransom_r.QI 20160613
Avira (no cloud) TR/Crypt.ZPACK.nmtv 20160613
Baidu Win32.Trojan.Kryptik.acs 20160612
BitDefender Gen:Variant.Midie.30379 20160613
Cyren W32/S-e2e07e9d!Eldorado 20160613
Emsisoft Gen:Variant.Midie.30379 (B) 20160613
ESET-NOD32 a variant of Win32/Kryptik.EZVB 20160613
F-Prot W32/S-e2e07e9d!Eldorado 20160613
F-Secure Gen:Variant.Midie.30379 20160613
Fortinet W32/Kryptik.EZSU!tr 20160613
GData Gen:Variant.Midie.30379 20160613
Jiangmin Trojan.Yakes.jxz 20160613
Kaspersky Trojan.Win32.SelfDel.cdwb 20160613
McAfee-GW-Edition BehavesLike.Win32.PWSZbot.gm 20160613
eScan Gen:Variant.Midie.30379 20160613
Tencent Win32.Trojan.Generic.Htcx 20160614
AegisLab 20160613
AhnLab-V3 20160613
Alibaba 20160613
ALYac 20160613
Antiy-AVL 20160613
Arcabit 20160613
AVware 20160613
Baidu-International 20160606
Bkav 20160613
CAT-QuickHeal 20160613
ClamAV 20160613
CMC 20160613
Comodo 20160613
DrWeb 20160613
Ikarus 20160613
K7AntiVirus 20160613
K7GW 20160613
Kingsoft 20160614
McAfee 20160613
Microsoft 20160613
NANO-Antivirus 20160613
nProtect 20160613
Panda 20160613
Qihoo-360 20160614
Sophos AV 20160613
SUPERAntiSpyware 20160613
TheHacker 20160612
TotalDefense 20160613
TrendMicro 20160613
VBA32 20160611
ViRobot 20160614
Yandex 20160612
Zillya 20160612
Zoner 20160613
The file being studied is a Portable Executable file! More specifically, it is a Win32 EXE file for the Windows GUI subsystem.
PE header basic information
Target machine Intel 386 or later processors and compatible processors
Compilation timestamp 2016-06-12 16:22:33
Entry Point 0x00004003
Number of sections 7
PE sections
PE imports
GetStdHandle
GetConsoleOutputCP
lstrlenW
GetFileAttributesA
WaitForSingleObject
HeapDestroy
FreeEnvironmentStringsA
DeleteCriticalSection
GetCurrentProcess
GetConsoleMode
GetLocaleInfoA
lstrcatA
UnhandledExceptionFilter
FreeEnvironmentStringsW
GetLocaleInfoW
SetStdHandle
FindResourceExA
GetCPInfo
GetStringTypeA
WriteFile
GetSystemTimeAsFileTime
GetDiskFreeSpaceA
GetStringTypeW
SetFileAttributesA
GetOEMCP
LocalFree
FormatMessageW
InitializeCriticalSection
LoadResource
FindClose
InterlockedDecrement
FormatMessageA
SetLastError
GetUserDefaultUILanguage
IsDebuggerPresent
HeapAlloc
GetVersionExA
RemoveDirectoryA
LoadLibraryA
EnumSystemLocalesA
GetPrivateProfileStringA
GetSystemDefaultLCID
TlsGetValue
MultiByteToWideChar
SetFilePointer
MoveFileExW
SetUnhandledExceptionFilter
MulDiv
GetSystemDirectoryA
TerminateProcess
WriteConsoleA
LocalFileTimeToFileTime
GetVersion
LeaveCriticalSection
WriteConsoleW
InitializeCriticalSectionAndSpinCount
HeapFree
EnterCriticalSection
SetHandleCount
LoadLibraryW
FreeLibrary
QueryPerformanceCounter
GetTickCount
TlsAlloc
FlushFileBuffers
GetModuleHandleW
RtlUnwind
GetStartupInfoA
GetFileSize
CreateDirectoryA
DeleteFileA
GetWindowsDirectoryA
CreateDirectoryW
DeleteFileW
GetUserDefaultLCID
GetProcessHeap
GetTempFileNameW
CompareStringW
lstrcmpA
FindFirstFileA
lstrcpyA
CompareStringA
GetTempFileNameA
CreateFileMappingA
FindNextFileA
IsValidLocale
GetProcAddress
CreateFileW
GetFileType
TlsSetValue
CreateFileA
ExitProcess
InterlockedIncrement
GetLastError
DosDateTimeToFileTime
LCMapStringW
UnmapViewOfFile
lstrlenA
GetConsoleCP
LCMapStringA
HeapReAlloc
GlobalUnlock
GetEnvironmentStringsW
GetTempPathA
GetModuleFileNameA
SizeofResource
GetCurrentProcessId
LockResource
SetFileTime
GetCommandLineW
WideCharToMultiByte
HeapSize
GetCommandLineA
MapViewOfFile
TlsFree
GetModuleHandleA
ReadFile
CloseHandle
lstrcpynA
GetACP
GetCurrentThreadId
GetFileAttributesExW
GetEnvironmentStrings
CreateProcessA
IsValidCodePage
HeapCreate
GetTempPathW
VirtualFree
Sleep
FindResourceA
VirtualAlloc
SHGetPathFromIDListA
SHBrowseForFolderA
ShellExecuteA
SetFocus
MapWindowPoints
GetOpenClipboardWindow
GetParent
SystemParametersInfoA
EndDialog
KillTimer
DdeImpersonateClient
MessageBeep
SetWindowPos
SendDlgItemMessageA
GetWindowRect
DispatchMessageA
EnableWindow
SetDlgItemTextA
PostMessageA
GetDlgItemTextA
PeekMessageA
IsCharAlphaA
DialogBoxParamA
GetWindow
GetSysColor
GetDC
SetWindowLongA
ReleaseDC
SetWindowTextA
LoadStringA
GetClassLongW
GetClientRect
CreateWindowExA
GetDlgItem
CreateDialogParamA
ScreenToClient
GetWindowLongA
SetTimer
CharNextA
GetDesktopWindow
GetClassNameA
GetWindowTextA
IsChild
DestroyWindow
Number of PE resources by type
RT_MANIFEST 1
RT_DIALOG 1
Number of PE resources by language
TAMIL DEFAULT 1
ENGLISH US 1
PE resources
ExifTool file metadata
MIMEType
application/octet-stream

Subsystem
Windows GUI

MachineType
Intel 386 or later, and compatibles

TimeStamp
2016:06:12 17:22:33+01:00

FileType
Win32 EXE

PEType
PE32

CodeSize
66560

LinkerVersion
9.0

FileTypeExtension
exe

InitializedDataSize
347648

SubsystemVersion
5.0

EntryPoint
0x4003

OSVersion
5.0

ImageVersion
0.0

UninitializedDataSize
0

File identification
MD5 28bf4b527ceee4b8567b886008274fb2
SHA1 8759242b19dac4b6cc764cfcce9bebcd87687071
SHA256 4d00787706d8e66ee70ee915256d9c06da3acef75199668a35edbbc3ec35d654
ssdeep
6144:6JXw5NSav6iuv5CGSy+sEeScVyuUP1wQlPwJ1toNOrVMSKaXI/dN:OAvS7sGB+zd71wj1t/rj4/H

authentihash 79d663a024a5b190cd20836c3ed04b64b8a822ae20addc0403c0b6627000dff0
imphash 62efb733dfe8ab756a0c684444124ab8
File size 405.5 KB ( 415232 bytes )
File type Win32 EXE
Magic literal
PE32 executable for MS Windows (GUI) Intel 80386 32-bit

TrID Win32 Executable MS Visual C++ (generic) (42.2%)
Win64 Executable (generic) (37.3%)
Win32 Dynamic Link Library (generic) (8.8%)
Win32 Executable (generic) (6.0%)
Generic Win/DOS Executable (2.7%)
Tags
peexe

VirusTotal metadata
First submission 2016-06-14 00:32:49 UTC ( 2 years, 10 months ago )
Last submission 2016-06-14 00:32:49 UTC ( 2 years, 10 months ago )
No comments. No VirusTotal Community member has commented on this item yet, be the first one to do so!

Leave your comment...

?
Post comment

You have not signed in. Only registered users can leave comments, sign in and have a voice!

No votes. No one has voted on this item yet, be the first one to do so!
Condensed report! The following is a condensed report of the behaviour of the file when executed in a controlled environment. The actions and events described were either performed by the file itself or by any other process launched by the executed file or subjected to code injection by the executed file.
Opened files
Deleted files
Created processes
Opened mutexes
Searched windows
Runtime DLLs
Additional details
The file uses the IsDebuggerPresent Windows API function in order to see whether it is being debugged.