× Cookies are disabled! This site requires cookies to be enabled to work properly
SHA256: 4e65119ccf384b8dc863d4dd6e1c288061262dd770f9f24a6b9a3742d970aa50
File name: e6b838bb2aed0b6e560d3074df583849a5f6ed89
Detection ratio: 32 / 57
Analysis date: 2016-11-26 13:38:22 UTC ( 2 years, 4 months ago )
Antivirus Result Update
Ad-Aware Gen:Variant.Razy.109073 20161126
AhnLab-V3 Trojan/Win32.Tuhkit.R191026 20161126
ALYac Gen:Variant.Razy.109073 20161126
Antiy-AVL Trojan[Banker]/Win32.Tuhkit 20161126
Arcabit Trojan.Razy.D1AA11 20161126
Avast Win32:Malware-gen 20161126
Avira (no cloud) TR/Crypt.ZPACK.vstqe 20161126
AVware Trojan.Win32.Generic!BT 20161126
Baidu Win32.Trojan.WisdomEyes.16070401.9500.9999 20161126
BitDefender Gen:Variant.Razy.109073 20161126
CrowdStrike Falcon (ML) malicious_confidence_100% (D) 20161024
Cyren W32/Trojan.EGJT-6356 20161126
Emsisoft Gen:Variant.Razy.109073 (B) 20161126
ESET-NOD32 a variant of Win32/Kryptik.FKHY 20161126
F-Secure Gen:Variant.Razy.109073 20161126
Fortinet W32/Tuhkit.FKHY!tr 20161126
GData Gen:Variant.Razy.109073 20161126
Ikarus Trojan.Win32.Crypt 20161126
Sophos ML worm.win32.allaple.a 20161018
Kaspersky Trojan-Banker.Win32.Tuhkit.rs 20161126
Malwarebytes Trojan.Downloader 20161126
McAfee Artemis!D64EB6F46DCB 20161126
McAfee-GW-Edition BehavesLike.Win32.Expiro.cc 20161126
eScan Gen:Variant.Razy.109073 20161126
Panda Trj/GdSda.A 20161126
Qihoo-360 HEUR/QVM20.1.0000.Malware.Gen 20161126
Rising Malware.Generic!uJ4BWqPPpgV@3 (thunder) 20161126
Sophos AV Mal/Generic-S 20161126
Symantec Heur.AdvML.B 20161126
Tencent Win32.Trojan-banker.Tuhkit.Wqda 20161126
TrendMicro-HouseCall TROJ_GEN.R0FAH0CKP16 20161126
VIPRE Trojan.Win32.Generic!BT 20161126
AegisLab 20161126
Alibaba 20161125
AVG 20161126
Bkav 20161126
CAT-QuickHeal 20161125
ClamAV 20161126
CMC 20161126
Comodo 20161126
DrWeb 20161126
F-Prot 20161126
Jiangmin 20161124
K7AntiVirus 20161126
K7GW 20161126
Kingsoft 20161126
Microsoft 20161126
NANO-Antivirus 20161126
nProtect 20161126
SUPERAntiSpyware 20161126
TheHacker 20161126
TotalDefense 20161126
TrendMicro 20161126
Trustlook 20161126
VBA32 20161125
ViRobot 20161126
WhiteArmor 20161125
Yandex 20161125
Zillya 20161125
Zoner 20161126
The file being studied is a Portable Executable file! More specifically, it is a Win32 EXE file for the Windows GUI subsystem.
PE header basic information
Target machine Intel 386 or later processors and compatible processors
Compilation timestamp 2014-10-29 20:36:29
Entry Point 0x000034E7
Number of sections 3
PE sections
PE imports
RegRestoreKeyA
IsValidAcl
RegDeleteValueW
RegOpenKeyA
IsValidSid
ReadEventLogA
OpenEventLogW
RegLoadKeyA
RegReplaceKeyW
RegEnumKeyA
InitializeSid
RegQueryValueW
DowngradeAPL
ComPlusMigrate
SetSetupOpen
CertDeleteCRLFromStore
CertAlgIdToOID
CertGetNameStringA
CertDuplicateStore
CertCompareCertificate
CertCloseStore
CryptEnumOIDInfo
CertFindChainInStore
CertFindAttribute
CertSaveStore
CryptFindOIDInfo
CertFindCRLInStore
GetGeoInfoA
LoadLibraryExA
CreateEventW
ReleaseMutex
GetFileSize
GetNumberFormatA
FindFirstFileA
ReadFile
GetProfileStringA
WaitForSingleObject
GetCPInfoExW
LoadLibraryA
GetProcAddress
lstrcmpW
CreateNamedPipeW
FileTimeToLocalFileTime
Number of PE resources by type
IRIS 1
UNA 1
ARA 1
RT_MENU 1
RT_BITMAP 1
JATE 1
RT_VERSION 1
Number of PE resources by language
NEUTRAL 7
PE resources
Debug information
ExifTool file metadata
MIMEType
application/octet-stream

Subsystem
Windows GUI

MachineType
Intel 386 or later, and compatibles

TimeStamp
2014:10:29 21:36:29+01:00

FileType
Win32 EXE

PEType
PE32

CodeSize
148480

LinkerVersion
7.1

Warning
Possibly corrupt Version resource

FileTypeExtension
exe

InitializedDataSize
10752

SubsystemVersion
4.0

EntryPoint
0x34e7

OSVersion
5.1

ImageVersion
5.1

UninitializedDataSize
0

File identification
MD5 d64eb6f46dcbf4555d12d01a47f6f8d0
SHA1 e6b838bb2aed0b6e560d3074df583849a5f6ed89
SHA256 4e65119ccf384b8dc863d4dd6e1c288061262dd770f9f24a6b9a3742d970aa50
ssdeep
3072:8igHQprbraeSNRf63TtUHhCVKHmWmUt/INYBHZd:mmy3/qTtM2KG81Iw5

authentihash 5b00f80542d0ccb2b0a2041d38af2afb2e521438f2863612fad03ce2857b3231
imphash 32fdd6425d37155d38fcad835fc3bf22
File size 156.5 KB ( 160256 bytes )
File type Win32 EXE
Magic literal
PE32 executable for MS Windows (GUI) Intel 80386 32-bit

TrID Win32 Executable (generic) (52.9%)
Generic Win/DOS Executable (23.5%)
DOS Executable Generic (23.5%)
Tags
peexe

VirusTotal metadata
First submission 2016-11-26 13:38:22 UTC ( 2 years, 4 months ago )
Last submission 2016-11-26 13:38:22 UTC ( 2 years, 4 months ago )
No comments. No VirusTotal Community member has commented on this item yet, be the first one to do so!

Leave your comment...

?
Post comment

You have not signed in. Only registered users can leave comments, sign in and have a voice!

No votes. No one has voted on this item yet, be the first one to do so!
Condensed report! The following is a condensed report of the behaviour of the file when executed in a controlled environment. The actions and events described were either performed by the file itself or by any other process launched by the executed file or subjected to code injection by the executed file.
Created processes
Created mutexes
Opened mutexes
Runtime DLLs
DNS requests
UDP communications