× Cookies are disabled! This site requires cookies to be enabled to work properly
SHA256: 51ecc51440442fcb393c7925b8696f95ea8656f967761cfdad3f14f1d1f6cd54
File name: 435323 - Copy.exe
Detection ratio: 5 / 55
Analysis date: 2015-11-24 15:01:57 UTC ( 1 year, 11 months ago ) View latest
Antivirus Result Update
ClamAV Win.Adware.Optimizerpro-2 20151124
K7AntiVirus Trojan ( 004d797e1 ) 20151124
K7GW Trojan ( 004d797e1 ) 20151124
Malwarebytes RiskWare.RemoteAdmin.RMNS 20151124
Qihoo-360 QVM06.1.Malware.Gen 20151124
Ad-Aware 20151124
AegisLab 20151124
Yandex 20151123
AhnLab-V3 20151124
Alibaba 20151124
ALYac 20151124
Antiy-AVL 20151124
Arcabit 20151124
Avast 20151124
AVG 20151124
Avira (no cloud) 20151124
AVware 20151124
Baidu-International 20151124
BitDefender 20151124
Bkav 20151124
ByteHero 20151124
CAT-QuickHeal 20151124
CMC 20151124
Comodo 20151124
Cyren 20151124
DrWeb 20151124
Emsisoft 20151124
ESET-NOD32 20151124
F-Prot 20151124
F-Secure 20151124
Fortinet 20151124
GData 20151124
Ikarus 20151124
Jiangmin 20151123
Kaspersky 20151124
McAfee 20151124
McAfee-GW-Edition 20151124
Microsoft 20151124
eScan 20151124
NANO-Antivirus 20151124
nProtect 20151124
Panda 20151124
Rising 20151122
Sophos AV 20151123
SUPERAntiSpyware 20151124
Symantec 20151123
Tencent 20151124
TheHacker 20151121
TrendMicro 20151124
TrendMicro-HouseCall 20151124
VBA32 20151124
VIPRE 20151124
ViRobot 20151124
Zillya 20151123
Zoner 20151124
The file being studied is a Portable Executable file! More specifically, it is a Win32 EXE file for the Windows GUI subsystem.
FileVersionInfo properties
Copyright
© Microsoft Corporation. All rights reserved.

Product Windows® Internet Explorer
Original name WEXTRACT.EXE .MUI
Internal name Wextract
File version 8.00.7600.16385 (win7_rtm.090713-1255)
Description Win32 Cabinet Self-Extractor
Packers identified
F-PROT SFX
PE header basic information
Target machine Intel 386 or later processors and compatible processors
Compilation timestamp 2009-07-13 23:42:43
Entry Point 0x00006AF8
Number of sections 4
PE sections
PE imports
GetTokenInformation
LookupPrivilegeValueA
RegCloseKey
OpenProcessToken
RegSetValueExA
FreeSid
RegQueryValueExA
AllocateAndInitializeSid
AdjustTokenPrivileges
EqualSid
RegCreateKeyExA
RegOpenKeyExA
RegDeleteValueA
RegQueryInfoKeyA
GetDeviceCaps
GetFileAttributesA
WaitForSingleObject
GetDriveTypeA
GetCurrentProcess
LocalAlloc
_llseek
GetTempPathA
InterlockedExchange
WriteFile
_lopen
GetSystemTimeAsFileTime
EnumResourceLanguagesA
GetDiskFreeSpaceA
SetFileAttributesA
FreeLibrary
LocalFree
LoadResource
FindClose
FormatMessageA
ExitProcess
RemoveDirectoryA
GetVolumeInformationA
LoadLibraryExA
GetPrivateProfileStringA
UnhandledExceptionFilter
CreateMutexA
SetFilePointer
_lclose
CreateThread
SetUnhandledExceptionFilter
MulDiv
GetSystemDirectoryA
TerminateProcess
GetVersion
GlobalAlloc
LocalFileTimeToFileTime
GetCurrentThreadId
GetProcAddress
SetCurrentDirectoryA
TerminateThread
GetExitCodeProcess
QueryPerformanceCounter
GetTickCount
GetVersionExA
LoadLibraryA
RtlUnwind
GetStartupInfoA
GetPrivateProfileIntA
CreateDirectoryA
DeleteFileA
GetWindowsDirectoryA
SetEvent
GlobalLock
lstrcmpA
FindFirstFileA
CompareStringA
GetTempFileNameA
FindNextFileA
ExpandEnvironmentStringsA
CreateEventA
CreateFileA
GetLastError
DosDateTimeToFileTime
GetSystemInfo
lstrlenA
GlobalFree
GlobalUnlock
IsDBCSLeadByte
GetModuleFileNameA
GetShortPathNameA
SizeofResource
WritePrivateProfileStringA
GetCurrentProcessId
LockResource
SetFileTime
GetCurrentDirectoryA
InterlockedCompareExchange
GetModuleHandleA
ReadFile
CloseHandle
GetModuleHandleW
FreeResource
CreateProcessA
Sleep
FindResourceA
ResetEvent
CharPrevA
EndDialog
ShowWindow
MessageBeep
SetWindowPos
SendDlgItemMessageA
GetSystemMetrics
GetWindowRect
DispatchMessageA
EnableWindow
SetDlgItemTextA
GetDlgItemTextA
MessageBoxA
PeekMessageA
SetWindowLongA
CharUpperA
GetDC
ReleaseDC
SetWindowTextA
LoadStringA
SendMessageA
GetDlgItem
GetWindowLongA
CharNextA
GetDesktopWindow
CallWindowProcA
MsgWaitForMultipleObjects
SetForegroundWindow
ExitWindowsEx
DialogBoxIndirectParamA
GetFileVersionInfoSizeA
GetFileVersionInfoA
VerQueryValueA
_cexit
_acmdln
memset
_ismbblead
__p__fmode
__p__commode
__setusermatherr
memcpy
?terminate@@YAXXZ
_amsg_exit
exit
_XcptFilter
__getmainargs
_exit
_vsnprintf
_controlfp
_initterm
__set_app_type
Number of PE resources by type
RT_RCDATA 14
RT_ICON 13
RT_DIALOG 12
RT_STRING 12
RT_VERSION 2
RT_MANIFEST 1
AVI 1
RT_GROUP_ICON 1
Number of PE resources by language
ENGLISH US 33
RUSSIAN 23
PE resources
Debug information
ExifTool file metadata
SubsystemVersion
5.0

LinkerVersion
9.0

ImageVersion
6.1

FileSubtype
0

FileVersionNumber
8.0.7600.16385

UninitializedDataSize
0

LanguageCode
English (U.S.)

FileFlagsMask
0x003f

CharacterSet
Unicode

InitializedDataSize
2412544

EntryPoint
0x6af8

OriginalFileName
WEXTRACT.EXE .MUI

MIMEType
application/octet-stream

LegalCopyright
Microsoft Corporation. All rights reserved.

FileVersion
8.00.7600.16385 (win7_rtm.090713-1255)

TimeStamp
2009:07:14 00:42:43+01:00

FileType
Win32 EXE

PEType
PE32

InternalName
Wextract

ProductVersion
8.00.7600.16385

FileDescription
Win32 Cabinet Self-Extractor

OSVersion
6.1

FileOS
Windows NT 32-bit

Subsystem
Windows GUI

MachineType
Intel 386 or later, and compatibles

CompanyName
Microsoft Corporation

CodeSize
44032

ProductName
Windows Internet Explorer

ProductVersionNumber
8.0.7600.16385

FileTypeExtension
exe

ObjectFileType
Executable application

Compressed bundles
File identification
MD5 dfe5c17d74d5827df48395561ff2df58
SHA1 263846531220e9df1e58bf3857c3ad2dcdc11fd8
SHA256 51ecc51440442fcb393c7925b8696f95ea8656f967761cfdad3f14f1d1f6cd54
ssdeep
49152:byOzws++FRyyE37sn1yoqCjkCCnBkpI4d1Gn1C6sdQzp:uew+ry12sCjkCid4d1c1C6sE

authentihash ea9164d5beae6e63ad30c3b42f863b2d1522a7f3073c3fbcd6d395aafba26871
imphash 2339ac77bf9371500ebbf86df3a10d43
File size 2.3 MB ( 2457600 bytes )
File type Win32 EXE
Magic literal
PE32 executable for MS Windows (GUI) Intel 80386 32-bit

TrID Win32 MS Cabinet Self-Extractor (WExtract stub) (80.4%)
Win32 Executable MS Visual C++ (generic) (8.2%)
Win64 Executable (generic) (7.3%)
Win32 Dynamic Link Library (generic) (1.7%)
Win32 Executable (generic) (1.1%)
Tags
peexe

VirusTotal metadata
First submission 2015-11-24 11:45:05 UTC ( 1 year, 11 months ago )
Last submission 2017-03-11 18:10:36 UTC ( 7 months, 1 week ago )
File names settings.bin
sample.jpg
51ecc51440442fcb_test.exe
435323_yapfiles.ru.jpg
435323.jpg
435323.exe
51ecc51440442fcb_51ecc51440442fcb393c7925b8696f95ea8656f967761cfdad3f14f1d1f6cd54.exe
435323_yapfiles.ru.jpg.exe
435323 - Copy.exe
Wextract
dfe5c17d74d5827df48395561ff2df58.jpg
435323.jpg.bad
WEXTRACT.EXE .MUI
435323_yapfiles_ru_jpg
test.exe
test.exe
RMS_rmansys.ru_malicious_remote_admin8
output.109112617.txt
No comments. No VirusTotal Community member has commented on this item yet, be the first one to do so!

Leave your comment...

?
Post comment

You have not signed in. Only registered users can leave comments, sign in and have a voice!

No votes. No one has voted on this item yet, be the first one to do so!
Condensed report! The following is a condensed report of the behaviour of the file when executed in a controlled environment. The actions and events described were either performed by the file itself or by any other process launched by the executed file or subjected to code injection by the executed file.
Opened files
Read files
Written files
Moved files
Deleted files
Created processes
Shell commands
Code injections in the following processes
Created mutexes
Opened mutexes
Searched windows
Opened service managers
Opened services
Runtime DLLs
HTTP requests
DNS requests
TCP connections