× Cookies are disabled! This site requires cookies to be enabled to work properly
SHA256: 4f8aabf4d700b211b82f0750d3547a8cbc47f824f91688299af997630ed918f9
File name: malware
Detection ratio: 9 / 56
Analysis date: 2016-03-21 19:10:12 UTC ( 3 years, 1 month ago )
Antivirus Result Update
AhnLab-V3 Trojan/Win32.Filecoder 20160321
Avast Win32:Malware-gen 20160321
ESET-NOD32 Win32/Filecoder.NFV 20160321
Fortinet W32/Filecoder.NFV!tr 20160321
NANO-Antivirus Trojan.Win32.Filecoder.eajdae 20160321
nProtect Trojan/W32.Agent.2560.PX 20160321
Qihoo-360 QVM20.1.Malware.Gen 20160321
Rising PE:Malware.Generic(Thunder)!1.A1C4 [F] 20160321
Symantec Trojan.Cryptolocker 20160321
Ad-Aware 20160321
AegisLab 20160321
Yandex 20160316
Alibaba 20160321
ALYac 20160321
Antiy-AVL 20160321
Arcabit 20160321
AVG 20160321
Avira (no cloud) 20160321
AVware 20160321
Baidu 20160321
Baidu-International 20160321
BitDefender 20160321
Bkav 20160321
ByteHero 20160321
CAT-QuickHeal 20160321
ClamAV 20160319
CMC 20160316
Comodo 20160321
Cyren 20160321
DrWeb 20160321
Emsisoft 20160321
F-Prot 20160321
F-Secure 20160321
GData 20160321
Ikarus 20160321
Jiangmin 20160321
K7AntiVirus 20160321
K7GW 20160321
Kaspersky 20160321
Malwarebytes 20160321
McAfee 20160321
McAfee-GW-Edition 20160321
Microsoft 20160321
eScan 20160321
Panda 20160321
Sophos AV 20160321
SUPERAntiSpyware 20160321
Tencent 20160321
TheHacker 20160321
TrendMicro 20160321
TrendMicro-HouseCall 20160321
VBA32 20160321
VIPRE 20160321
ViRobot 20160321
Zillya 20160321
Zoner 20160321
The file being studied is a Portable Executable file! More specifically, it is a Win32 EXE file for the Windows command line subsystem.
PE header basic information
Target machine Intel 386 or later processors and compatible processors
Entry Point 0x000011E0
Number of sections 2
PE sections
PE imports
_except_handler3
malloc
fread
fwrite
memset
fclose
fseek
ftell
exit
_XcptFilter
__getmainargs
_controlfp
fopen
strlen
_exit
__set_app_type
ExifTool file metadata
MIMEType
application/octet-stream

Subsystem
Windows command line

MachineType
Intel 386 or later, and compatibles

TimeStamp
0000:00:00 00:00:00

FileType
Win32 EXE

PEType
PE32

CodeSize
0

LinkerVersion
6.0

FileTypeExtension
exe

InitializedDataSize
0

SubsystemVersion
4.0

EntryPoint
0x11e0

OSVersion
4.0

ImageVersion
0.0

UninitializedDataSize
0

File identification
MD5 2d1692ca8ba41aed8dc65f4d19705424
SHA1 c88e0abaab0e325147924ac7ee976248ddff8e70
SHA256 4f8aabf4d700b211b82f0750d3547a8cbc47f824f91688299af997630ed918f9
ssdeep
24:etGSBr8R7iEAqcNbp20JJAyspnQ+T6amtUHgwkKwePIlfbQYWTHTdHT0lFqjR:6mjAVg0E5eamtRYDPIlj/WX5Ay

authentihash 74ad7d9b65a746563936189ec5275f18bb0e3047807468925fe1e60df210dd78
imphash 4afc596e677872a5ef6d27ddd953788c
File size 2.5 KB ( 2560 bytes )
File type Win32 EXE
Magic literal
PE32 executable for MS Windows (console) Intel 80386 32-bit

TrID Win64 Executable (generic) (64.6%)
Win32 Dynamic Link Library (generic) (15.3%)
Win32 Executable (generic) (10.5%)
Generic Win/DOS Executable (4.6%)
DOS Executable Generic (4.6%)
Tags
peexe

VirusTotal metadata
First submission 2016-03-21 19:10:12 UTC ( 3 years, 1 month ago )
Last submission 2016-03-21 19:10:12 UTC ( 3 years, 1 month ago )
File names malware
No comments. No VirusTotal Community member has commented on this item yet, be the first one to do so!

Leave your comment...

?
Post comment

You have not signed in. Only registered users can leave comments, sign in and have a voice!

No votes. No one has voted on this item yet, be the first one to do so!
Condensed report! The following is a condensed report of the behaviour of the file when executed in a controlled environment. The actions and events described were either performed by the file itself or by any other process launched by the executed file or subjected to code injection by the executed file.
UDP communications