× Cookies are disabled! This site requires cookies to be enabled to work properly
SHA256: 512c28cae7aa7b8cdc53dc8647dd19f81e4f75a1e80d3e78c2848e9f49ea6ed3
File name: 92c861ab77d1130c5e07294f2802ff78ce0ada05
Detection ratio: 23 / 54
Analysis date: 2016-01-25 05:47:28 UTC ( 3 years ago ) View latest
Antivirus Result Update
Ad-Aware Gen:Variant.Symmi.59911 20160125
ALYac Gen:Variant.Symmi.59911 20160125
Antiy-AVL Trojan/Win32.Waldek 20160125
Arcabit Trojan.Symmi.DEA07 20160125
AVG Downloader.Agent2.BZEG 20160125
Avira (no cloud) TR/AD.Gootkit.Y.85 20160124
BitDefender Gen:Variant.Symmi.59911 20160125
DrWeb Trojan.DownLoader19.6899 20160125
Emsisoft Gen:Variant.Symmi.59911 (B) 20160125
ESET-NOD32 Win32/TrojanDownloader.Agent.BXE 20160125
F-Secure Gen:Variant.Symmi.59911 20160125
Fortinet PossibleThreat.P0 20160125
GData Gen:Variant.Symmi.59911 20160125
Ikarus Trojan-Downloader.Win32.Agent 20160125
Kaspersky Trojan.Win32.Waldek.bqz 20160125
Malwarebytes Trojan.Agent.DSHL 20160124
McAfee Artemis!0790C6444231 20160125
McAfee-GW-Edition BehavesLike.Win32.Downloader.ch 20160125
Microsoft TrojanSpy:Win32/Ursnif.HN 20160125
eScan Gen:Variant.Symmi.59911 20160125
Qihoo-360 HEUR/QVM07.1.Malware.Gen 20160125
Sophos AV Mal/Generic-S 20160125
VIPRE Trojan.Win32.Generic!BT 20160125
AegisLab 20160122
Yandex 20160124
AhnLab-V3 20160124
Alibaba 20160125
Avast 20160125
Baidu-International 20160124
Bkav 20160123
ByteHero 20160125
CAT-QuickHeal 20160125
ClamAV 20160124
CMC 20160111
Comodo 20160125
Cyren 20160125
F-Prot 20160125
Jiangmin 20160125
K7AntiVirus 20160124
K7GW 20160125
NANO-Antivirus 20160125
nProtect 20160122
Panda 20160124
Rising 20160124
SUPERAntiSpyware 20160125
Symantec 20160124
TheHacker 20160124
TotalDefense 20160125
TrendMicro 20160125
TrendMicro-HouseCall 20160125
VBA32 20160123
ViRobot 20160125
Zillya 20160124
Zoner 20160125
The file being studied is a Portable Executable file! More specifically, it is a Win32 EXE file for the Windows GUI subsystem.
PE header basic information
Target machine Intel 386 or later processors and compatible processors
Compilation timestamp 2007-09-08 00:07:31
Entry Point 0x0000606A
Number of sections 4
PE sections
PE imports
SetSecurityDescriptorOwner
RegNotifyChangeKeyValue
IsTokenRestricted
RegOverridePredefKey
LsaLookupSids
LookupAccountSidA
ClearEventLogW
RegDeleteKeyW
GetAclInformation
SetSecurityDescriptorDacl
GetSidSubAuthorityCount
AbortSystemShutdownW
OpenProcessToken
RegEnumKeyW
LookupPrivilegeDisplayNameA
GetTrusteeTypeA
RegOpenKeyExA
SetFileSecurityA
DuplicateTokenEx
LsaLookupNames
IsValidSid
RegQueryInfoKeyW
RegReplaceKeyA
GetPrivateObjectSecurity
OpenThreadToken
BuildTrusteeWithNameA
CreateProcessAsUserW
RegCreateKeyExA
AccessCheckAndAuditAlarmA
RegDeleteValueW
SetEntriesInAclA
ReadEventLogA
IsValidSecurityDescriptor
ImageList_SetOverlayImage
ImageList_DragShowNolock
Ord(6)
InitializeFlatSB
ImageList_ReplaceIcon
Ord(13)
AnimatePalette
CreateRectRgnIndirect
CreateBrushIndirect
GetWorldTransform
HeapSize
GetStringTypeW
GetDefaultCommConfigW
ConnectNamedPipe
__p__fmode
_mbctolower
_findfirsti64
_controlfp
fclose
sqrt
_mbschr
_mbstok
__getmainargs
_initterm
feof
_atoi64
__set_app_type
RasDeleteEntryW
RasGetErrorStringW
RasEnumEntriesW
RasEditPhonebookEntryA
RasDialW
RasEnumDevicesA
RasEnumConnectionsW
RasGetCountryInfoW
RasSetEntryPropertiesW
RasEditPhonebookEntryW
RasCreatePhonebookEntryA
RasGetProjectionInfoA
RasHangUpA
RasCreatePhonebookEntryW
PathGetCharTypeA
StrFormatByteSizeA
PathIsDirectoryA
SHRegDeleteUSValueW
PathCanonicalizeA
PathGetCharTypeW
PathGetArgsW
SHRegGetUSValueA
PathIsSystemFolderW
PathAddBackslashA
PathIsURLW
StrTrimW
PathRemoveExtensionA
PathRelativePathToA
PathMakeSystemFolderA
PathCombineA
PathCompactPathA
StrCSpnW
PathRelativePathToW
SHEnumValueA
PathStripPathW
ChrCmpIW
PathCommonPrefixW
PathAppendA
StrCmpW
SHQueryInfoKeyW
PathRemoveFileSpecW
StrToIntA
SHRegCreateUSKeyA
SHEnumKeyExW
PathFindNextComponentW
PathStripPathA
PathSearchAndQualifyA
PathIsURLA
SHRegWriteUSValueA
PathGetArgsA
SHDeleteEmptyKeyW
PathUnquoteSpacesA
PathQuoteSpacesW
StrDupA
PathFindNextComponentA
PathIsSameRootA
StrPBrkW
SendDlgItemMessageA
LoadImageW
GetClassInfoExW
PostThreadMessageW
FlashWindow
GetKeyboardLayoutNameW
GetFocus
CreateDialogParamA
wvsprintfA
IsWindowEnabled
InvalidateRgn
ReplaceTextA
CommDlgExtendedError
Number of PE resources by type
RT_RCDATA 6
RT_DIALOG 2
RT_ICON 1
RT_VERSION 1
RT_GROUP_ICON 1
Number of PE resources by language
BULGARIAN DEFAULT 6
LATVIAN DEFAULT 3
ENGLISH US 2
PE resources
ExifTool file metadata
UninitializedDataSize
0

LinkerVersion
6.0

ImageVersion
0.0

FileSubtype
0

FileVersionNumber
0.202.46.44

LanguageCode
Neutral

FileFlagsMask
0x003f

CharacterSet
Unicode

InitializedDataSize
266240

EntryPoint
0x606a

OriginalFileName
Showering.exe

MIMEType
application/octet-stream

FileVersion
147, 47, 152, 226

TimeStamp
2007:09:08 01:07:31+01:00

FileType
Win32 EXE

PEType
PE32

ProductVersion
44, 103, 249, 188

SubsystemVersion
4.0

OSVersion
4.0

FileOS
Windows NT 32-bit

Subsystem
Windows GUI

MachineType
Intel 386 or later, and compatibles

CompanyName
Techsoft

CodeSize
24576

ProductName
Pond Punks

ProductVersionNumber
0.199.152.112

FileTypeExtension
exe

ObjectFileType
Executable application

File identification
MD5 0790c64442318e1be31429599142089a
SHA1 92c861ab77d1130c5e07294f2802ff78ce0ada05
SHA256 512c28cae7aa7b8cdc53dc8647dd19f81e4f75a1e80d3e78c2848e9f49ea6ed3
ssdeep
3072:MZdjBhDp67xwSGGoYlYyEvXcQm7o7e7KUhp+7Z9wz2+cP00+/M91cgn:alhDp69wLClXwm7D7Ks+7Z2b0mgn

authentihash bcd0ee6b9ca5e29d0fcfbe60f2013cf8a97e19ffdf332d418ba0a03f95b8f338
imphash a5a1903240c7448d5b6c6d690c3be938
File size 176.0 KB ( 180224 bytes )
File type Win32 EXE
Magic literal
PE32 executable for MS Windows (GUI) Intel 80386 32-bit

TrID Win64 Executable (generic) (61.7%)
Win32 Dynamic Link Library (generic) (14.7%)
Win32 Executable (generic) (10.0%)
OS/2 Executable (generic) (4.5%)
Generic Win/DOS Executable (4.4%)
Tags
suspicious-dns peexe

VirusTotal metadata
First submission 2016-01-24 00:47:04 UTC ( 3 years ago )
Last submission 2018-05-26 17:57:12 UTC ( 8 months, 3 weeks ago )
File names 0790c64442318e1be31429599142089a
No comments. No VirusTotal Community member has commented on this item yet, be the first one to do so!

Leave your comment...

?
Post comment

You have not signed in. Only registered users can leave comments, sign in and have a voice!

No votes. No one has voted on this item yet, be the first one to do so!
Condensed report! The following is a condensed report of the behaviour of the file when executed in a controlled environment. The actions and events described were either performed by the file itself or by any other process launched by the executed file or subjected to code injection by the executed file.
Opened files
Read files
Written files
Moved files
Deleted files
Created processes
Shell commands
Code injections in the following processes
Created mutexes
Opened mutexes
Opened service managers
Opened services
Runtime DLLs
DNS requests
TCP connections
UDP communications