× Cookies are disabled! This site requires cookies to be enabled to work properly
SHA256: 50855f9321de846f6a02b264e25e4c59983badb912c3c51d8c71fcd517205f26
File name: 22f77c113cc6d43d8c12ed3c9fb39825.exe
Detection ratio: 49 / 62
Analysis date: 2017-04-22 09:39:17 UTC ( 1 year, 6 months ago )
Antivirus Result Update
AegisLab Troj.Downloader.W32.Injecter.gxz!c 20170422
Antiy-AVL Trojan[Downloader]/Win32.Injecter 20170422
Arcabit Trojan.Generic.KDV.D5CD67 20170422
Avast Win32:RQG-A [Trj] 20170422
AVG BackDoor.Generic_r.XY 20170422
Avira (no cloud) TR/RQG.A.2 20170421
AVware Trojan.Win32.Generic!BT 20170422
Baidu Win32.Trojan.WisdomEyes.16070401.9500.9971 20170421
BitDefender Trojan.Generic.KDV.380263 20170422
CAT-QuickHeal Backdoor.Agent 20170421
ClamAV Win.Trojan.Agent-30305 20170422
Comodo Heur.Suspicious 20170422
CrowdStrike Falcon (ML) malicious_confidence_96% (D) 20170130
Cyren W32/Poison.AZND-8418 20170422
DrWeb Trojan.DownLoad2.38574 20170422
Emsisoft Trojan.Generic.KDV.380263 (B) 20170422
Endgame malicious (moderate confidence) 20170419
ESET-NOD32 Win32/Poison.NGK 20170422
F-Prot W32/Poison.AA 20170422
F-Secure Trojan.Generic.KDV.380263 20170422
Fortinet W32/BENNET.A!tr 20170422
GData Trojan.Generic.KDV.380263 20170422
Ikarus Trojan-Downloader.Win32.Injecter 20170422
Jiangmin TrojanDownloader.Injecter.bgt 20170422
K7AntiVirus Trojan ( 002d03e11 ) 20170422
K7GW Trojan ( 002d03e11 ) 20170422
Kaspersky Trojan-Downloader.Win32.Injecter.gxz 20170422
McAfee Generic.dx!22F77C113CC6 20170422
McAfee-GW-Edition Generic.dx!22F77C113CC6 20170421
Microsoft Backdoor:Win32/Poison.BF 20170422
eScan Trojan.Generic.KDV.380263 20170422
NANO-Antivirus Trojan.Win32.Injecter.dxkkmj 20170422
Palo Alto Networks (Known Signatures) generic.ml 20170422
Panda Trj/CI.A 20170422
Qihoo-360 Win32/Trojan.b75 20170422
Rising Trojan.Generic (cloud:UoUaOA5J9RR) 20170422
SentinelOne (Static ML) static engine - malicious 20170330
Sophos AV Troj/Inject-QL 20170422
Symantec Trojan.ADH.2 20170421
Tencent Win32.Trojan-downloader.Injecter.Hsix 20170422
TotalDefense Win32/Injecter.ZAAA 20170422
TrendMicro Mal_PoisonCFG 20170422
TrendMicro-HouseCall Mal_PoisonCFG 20170422
VBA32 Trojan-Injector.14105 20170421
VIPRE Trojan.Win32.Generic!BT 20170422
Webroot W32.Malware.Gen 20170422
Yandex Trojan.DL.Injecter!bZA05gtDP+k 20170421
Zillya Downloader.Injecter.Win32.2343 20170421
ZoneAlarm by Check Point Trojan-Downloader.Win32.Injecter.gxz 20170422
Ad-Aware 20170422
AhnLab-V3 20170421
Alibaba 20170421
ALYac 20170422
Bkav 20170422
CMC 20170421
Sophos ML 20170413
Kingsoft 20170422
Malwarebytes 20170422
nProtect 20170422
SUPERAntiSpyware 20170422
Symantec Mobile Insight 20170422
TheHacker 20170420
Trustlook 20170422
ViRobot 20170422
WhiteArmor 20170409
Zoner 20170422
The file being studied is a Portable Executable file! More specifically, it is a Win32 EXE file for the Windows GUI subsystem.
Packers identified
Command appended
F-PROT appended, RAR
PE header basic information
Target machine Intel 386 or later processors and compatible processors
Compilation timestamp 2011-05-28 16:04:29
Entry Point 0x0000B480
Number of sections 5
PE sections
Overlays
MD5 e5680687ac49d95bae6288c91e6bb623
File type application/x-rar
Offset 98816
Size 34191
Entropy 7.99
PE imports
RegCreateKeyExW
RegCloseKey
OpenProcessToken
RegSetValueExW
RegOpenKeyExW
SetFileSecurityW
AdjustTokenPrivileges
LookupPrivilegeValueW
SetFileSecurityA
RegQueryValueExW
Ord(17)
InitCommonControlsEx
GetSaveFileNameW
CommDlgExtendedError
GetOpenFileNameW
GetDeviceCaps
DeleteDC
SelectObject
StretchBlt
GetObjectW
CreateCompatibleDC
DeleteObject
CreateCompatibleBitmap
SetFilePointer
GetSystemTime
GetLastError
HeapFree
GetStdHandle
SystemTimeToFileTime
ReadFile
FileTimeToSystemTime
GetModuleFileNameW
WaitForSingleObject
GetVersionExW
FreeLibrary
FindNextFileA
CompareStringW
HeapAlloc
SetFileTime
IsDBCSLeadByte
GetCommandLineW
GetFileAttributesW
GetCurrentProcess
FileTimeToLocalFileTime
MoveFileW
OpenFileMappingW
SetFileAttributesA
GetDateFormatW
CreateDirectoryA
DeleteFileA
GetCPInfo
ExitProcess
MultiByteToWideChar
SetEnvironmentVariableW
CreateDirectoryW
DeleteFileW
GetProcAddress
GetProcessHeap
CreateFileMappingW
GetTimeFormatW
WriteFile
SetFileAttributesW
DosDateTimeToFileTime
CloseHandle
WideCharToMultiByte
MapViewOfFile
MoveFileExW
ExpandEnvironmentStringsW
FindNextFileW
SetEndOfFile
GetFileAttributesA
GetTempPathW
FindFirstFileA
FindFirstFileW
HeapReAlloc
GetModuleHandleW
GetFullPathNameA
GetCurrentDirectoryW
LoadLibraryW
SetCurrentDirectoryW
UnmapViewOfFile
FindResourceW
CreateFileW
GlobalAlloc
LocalFileTimeToFileTime
FindClose
Sleep
GetFileType
GetFullPathNameW
CreateFileA
GetTickCount
GetLocaleInfoW
GetNumberFormatW
SetLastError
CompareStringA
VariantInit
SHBrowseForFolderW
SHChangeNotify
SHFileOperationW
SHGetPathFromIDListW
SHGetSpecialFolderLocation
ShellExecuteExW
SHGetFileInfoW
SHGetMalloc
SHAutoComplete
SetFocus
MapWindowPoints
GetParent
UpdateWindow
EndDialog
LoadBitmapW
DefWindowProcW
CopyRect
GetWindowTextW
GetMessageW
ShowWindow
GetSystemMetrics
SetWindowPos
wvsprintfW
CharToOemBuffA
SetWindowLongW
IsWindow
SendMessageW
GetWindowRect
RegisterClassExW
CharUpperW
DialogBoxParamW
CharToOemBuffW
wvsprintfA
SendDlgItemMessageW
GetDlgItemTextW
PostMessageW
GetSysColor
SetDlgItemTextW
GetDC
ReleaseDC
DestroyIcon
TranslateMessage
IsWindowVisible
LoadStringW
SetWindowTextW
GetDlgItem
GetWindow
MessageBoxW
DispatchMessageW
GetClassNameW
PeekMessageW
CharUpperA
OemToCharA
EnableWindow
GetClientRect
WaitForInputIdle
OemToCharBuffA
LoadCursorW
LoadIconW
FindWindowExW
CreateWindowExW
GetWindowLongW
SetForegroundWindow
DestroyWindow
CharToOemA
CreateStreamOnHGlobal
OleUninitialize
CoCreateInstance
OleInitialize
CLSIDFromString
Number of PE resources by type
RT_DIALOG 6
RT_STRING 5
RT_ICON 4
RT_MANIFEST 1
RT_BITMAP 1
RT_GROUP_ICON 1
Number of PE resources by language
ENGLISH US 18
PE resources
Debug information
ExifTool file metadata
MIMEType
application/octet-stream

Subsystem
Windows GUI

MachineType
Intel 386 or later, and compatibles

TimeStamp
2011:05:28 17:04:29+01:00

FileType
Win32 EXE

PEType
PE32

CodeSize
72192

LinkerVersion
9.0

FileTypeExtension
exe

InitializedDataSize
90624

SubsystemVersion
5.0

EntryPoint
0xb480

OSVersion
5.0

ImageVersion
0.0

UninitializedDataSize
0

File identification
MD5 22f77c113cc6d43d8c12ed3c9fb39825
SHA1 dd639a7f682e985406256468d6df8a717e77b7f3
SHA256 50855f9321de846f6a02b264e25e4c59983badb912c3c51d8c71fcd517205f26
ssdeep
3072:I4lRkAehGfzmuqTPryFm8le+ZNX2TpF3Vb:I4lRkAehaKuqT+FDl7NXs7B

authentihash d08e3d92235d91676182715edf17e49fb0b25958e27d07bdc15521bd391f6e08
imphash dbb1eb5c3476069287a73206929932fd
File size 129.9 KB ( 133007 bytes )
File type Win32 EXE
Magic literal
PE32 executable for MS Windows (GUI) Intel 80386 32-bit

TrID Win32 Executable MS Visual C++ (generic) (42.2%)
Win64 Executable (generic) (37.3%)
Win32 Dynamic Link Library (generic) (8.8%)
Win32 Executable (generic) (6.0%)
Generic Win/DOS Executable (2.7%)
Tags
peexe overlay

VirusTotal metadata
First submission 2011-10-10 17:53:24 UTC ( 7 years ago )
Last submission 2015-09-30 05:17:57 UTC ( 3 years ago )
File names antivirus.exe.1
22f77c113cc6d43d8c12ed3c9fb39825dd639a7f682e985406256468d6df8a717e77b7f3133007.exe
antivirus.exe
dd639a7f682e985406256468d6df8a717e77b7f3.bin
poison
07.exe
file-2916039_exe
1043919
22f77c113cc6d43d8c12ed3c9fb39825_50855f9321de846f6a02b264e25e4c59983badb912c3c51d8c71fcd517205f2.exe
22f77c113cc6d43d8c12ed3c9fb39825.exe
rCvS9.fon
Advanced heuristic and reputation engines
TrendMicro-HouseCall
TrendMicro's heuristic engine has flagged this file as: Suspicious_GEN.F47V0928.

Symantec reputation Suspicious.Insight
No comments. No VirusTotal Community member has commented on this item yet, be the first one to do so!

Leave your comment...

?
Post comment

You have not signed in. Only registered users can leave comments, sign in and have a voice!

No votes. No one has voted on this item yet, be the first one to do so!