× Cookies are disabled! This site requires cookies to be enabled to work properly
SHA256: 506cb1459dd2fb79226dcb47811618b83e7bfaaff67eb1449f73eebdca9664da
File name: EITest-Rig-EK-payload-possible-Vawtrak.exe
Detection ratio: 33 / 56
Analysis date: 2016-08-19 14:25:09 UTC ( 2 years, 7 months ago ) View latest
Antivirus Result Update
Ad-Aware Trojan.GenericKD.3475790 20160819
AegisLab Generic.R.Mls!c 20160819
AhnLab-V3 Trojan/Win32.MDA.N2083002026 20160819
ALYac Trojan.Dropper.Vawtrak 20160819
Antiy-AVL Trojan/Win32.Fsysna 20160819
Arcabit Trojan.Generic.D35094E 20160819
Avast Win32:Malware-gen 20160819
AVG Generic_r.MLS 20160819
Avira (no cloud) TR/Crypt.Xpack.txxd 20160819
AVware Trojan.Win32.Injector.cdgy (v) 20160819
BitDefender Trojan.GenericKD.3475790 20160819
Comodo TrojWare.Win32.UMal.a 20160819
Cyren W32/Trojan.IHOJ-4822 20160819
DrWeb BackDoor.Siggen.60255 20160819
Emsisoft Trojan.GenericKD.3475790 (B) 20160819
ESET-NOD32 a variant of Win32/Injector.DDXE 20160819
F-Secure Trojan.GenericKD.3475790 20160819
Fortinet W32/Injector.DDXE!tr 20160819
GData Trojan.GenericKD.3475790 20160819
Ikarus Trojan.Win32.Crypt 20160819
Jiangmin Trojan.Inject.pbv 20160819
K7AntiVirus Trojan ( 004f65f31 ) 20160819
K7GW Trojan ( 004f65f31 ) 20160819
Kaspersky UDS:DangerousObject.Multi.Generic 20160819
Malwarebytes Spyware.Boaxxe 20160819
McAfee Artemis!A723E08319BE 20160819
McAfee-GW-Edition BehavesLike.Win32.Downloader.cc 20160819
Microsoft Backdoor:Win32/Vawtrak.E 20160819
eScan Trojan.GenericKD.3475790 20160819
Panda Trj/CI.A 20160819
Sophos AV Mal/Zbot-UM 20160819
Symantec Trojan.Snifula.F 20160819
VIPRE Trojan.Win32.Injector.cdgy (v) 20160819
Alibaba 20160819
Baidu 20160819
Bkav 20160818
CAT-QuickHeal 20160818
ClamAV 20160819
CMC 20160818
F-Prot 20160819
Kingsoft 20160819
NANO-Antivirus 20160819
nProtect 20160817
Qihoo-360 20160819
Rising 20160819
SUPERAntiSpyware 20160819
Tencent 20160819
TheHacker 20160817
TotalDefense 20160819
TrendMicro 20160819
TrendMicro-HouseCall 20160819
VBA32 20160819
ViRobot 20160819
Yandex 20160819
Zillya 20160818
Zoner 20160819
The file being studied is a Portable Executable file! More specifically, it is a Win32 EXE file for the Windows GUI subsystem.
PE header basic information
Target machine Intel 386 or later processors and compatible processors
Compilation timestamp 2016-08-12 19:06:45
Entry Point 0x00001E8A
Number of sections 4
PE sections
PE imports
RegDeleteValueA
GetUserNameW
GetTextExtentPoint32W
RealizePalette
GetStartupInfoA
GetEnvironmentStrings
CreateProcessA
LocalAlloc
GetModuleHandleA
GetModuleFileNameW
CreateFileW
GetCommState
GetDateFormatW
GetTimeFormatA
SetCommState
GetEnvironmentVariableW
GetLocalTime
Ord(1775)
Ord(4080)
Ord(537)
Ord(4710)
Ord(3597)
Ord(3136)
Ord(1995)
Ord(2124)
Ord(755)
Ord(3798)
Ord(6052)
Ord(3259)
Ord(5479)
Ord(2446)
Ord(2370)
Ord(4863)
Ord(2363)
Ord(5811)
Ord(524)
Ord(5797)
Ord(815)
Ord(879)
Ord(641)
Ord(5308)
Ord(4353)
Ord(2514)
Ord(4425)
Ord(5482)
Ord(5277)
Ord(4441)
Ord(1134)
Ord(941)
Ord(4465)
Ord(2863)
Ord(5300)
Ord(4627)
Ord(1168)
Ord(3738)
Ord(4853)
Ord(2982)
Ord(2029)
Ord(4234)
Ord(825)
Ord(3081)
Ord(5199)
Ord(5307)
Ord(3717)
Ord(4424)
Ord(540)
Ord(4335)
Ord(4078)
Ord(2554)
Ord(273)
Ord(6376)
Ord(1727)
Ord(882)
Ord(2379)
Ord(2725)
Ord(4447)
Ord(4998)
Ord(823)
Ord(800)
Ord(3749)
Ord(2512)
Ord(470)
Ord(4274)
Ord(5261)
Ord(4079)
Ord(1146)
Ord(523)
Ord(3147)
Ord(6375)
Ord(2621)
Ord(3262)
Ord(1576)
Ord(5065)
Ord(4407)
Ord(3346)
Ord(858)
Ord(2396)
Ord(3831)
Ord(6374)
Ord(5280)
Ord(3825)
Ord(2976)
Ord(1089)
Ord(2985)
Ord(2077)
Ord(3922)
Ord(1247)
Ord(4160)
Ord(4376)
Ord(324)
Ord(4975)
Ord(3830)
Ord(2385)
Ord(4919)
Ord(3079)
Ord(6334)
Ord(2055)
Ord(4837)
Ord(5241)
Ord(4411)
Ord(967)
Ord(603)
Ord(2648)
Ord(5714)
Ord(5289)
Ord(791)
Ord(4779)
Ord(4622)
Ord(561)
Ord(2032)
Ord(4486)
Ord(4698)
Ord(5163)
Ord(5265)
Ord(4673)
Ord(2801)
Ord(5302)
Ord(860)
Ord(5731)
_except_handler3
__p__fmode
_acmdln
__CxxFrameHandler
_setmbcp
_exit
__p__commode
__setusermatherr
__dllonexit
_onexit
exit
_XcptFilter
__getmainargs
_initterm
_controlfp
_adjust_fdiv
__set_app_type
ReleaseDC
GetSystemMetrics
AppendMenuA
LoadIconA
EnableWindow
SetClipboardData
SetDlgItemTextA
DrawIcon
FindWindowW
SendMessageA
GetClientRect
GetSystemMenu
MessageBeep
IsIconic
DestroyWindow
Number of PE resources by type
RT_ICON 1
RT_STRING 1
RMVB 1
RT_DIALOG 1
RT_GROUP_ICON 1
Number of PE resources by language
NEUTRAL 3
SPANISH MEXICAN 1
DUTCH 1
PE resources
ExifTool file metadata
MIMEType
application/octet-stream

Subsystem
Windows GUI

MachineType
Intel 386 or later, and compatibles

FileTypeExtension
exe

TimeStamp
2016:08:12 20:06:45+01:00

FileType
Win32 EXE

PEType
PE32

CodeSize
268443648

LinkerVersion
6.0

EntryPoint
0x1e8a

InitializedDataSize
167936

SubsystemVersion
4.0

ImageVersion
0.0

OSVersion
4.0

UninitializedDataSize
0

File identification
MD5 a723e08319be660ef5db2abd2c426991
SHA1 d0f08c15bfca56235b0e6644feb4b0d224a6ce33
SHA256 506cb1459dd2fb79226dcb47811618b83e7bfaaff67eb1449f73eebdca9664da
ssdeep
3072:rjZasb3BTPdrRMMmIQGA+6zU/Ptj7CGMiFPAnQCdkkkkkkkge:ZasbjONxU/liGZZAnjdkkkkkkkge

authentihash 8a25da87c485c340a89874b6bd38e5dfd63330c279d4e6ab3dd9fd02a4c2e2b2
imphash 94b1bfa3e749c0c1e4b1b00c1c70f765
File size 176.0 KB ( 180224 bytes )
File type Win32 EXE
Magic literal
PE32 executable for MS Windows (GUI) Intel 80386 32-bit

TrID Win32 Executable MS Visual C++ (generic) (42.2%)
Win64 Executable (generic) (37.3%)
Win32 Dynamic Link Library (generic) (8.8%)
Win32 Executable (generic) (6.0%)
Generic Win/DOS Executable (2.7%)
Tags
peexe

VirusTotal metadata
First submission 2016-08-18 01:45:09 UTC ( 2 years, 7 months ago )
Last submission 2017-04-16 01:09:08 UTC ( 1 year, 11 months ago )
File names EITest-Rig-EK-payload-possible-Vawtrak.exe
2016-08-17-EITest-Rig-EK-payload-possible-Vawtrak.exe
2016-08-17-EITest-Rig-EK-payload-possible-Vawtrak.exe-
2016-08-17-EITest-Rig-EK-payload-possible-Vawtrak.ex
No comments. No VirusTotal Community member has commented on this item yet, be the first one to do so!

Leave your comment...

?
Post comment

You have not signed in. Only registered users can leave comments, sign in and have a voice!

No votes. No one has voted on this item yet, be the first one to do so!
Condensed report! The following is a condensed report of the behaviour of the file when executed in a controlled environment. The actions and events described were either performed by the file itself or by any other process launched by the executed file or subjected to code injection by the executed file.
Opened files
Read files
Written files
Created processes
Code injections in the following processes
Opened mutexes
Runtime DLLs
UDP communications