× Cookies are disabled! This site requires cookies to be enabled to work properly
SHA256: 52208821bc81d6b032a8468462888d83562285332e36b1283e0a6f126e19d574
File name: iscsiwm.exe
Detection ratio: 39 / 58
Analysis date: 2016-09-03 06:07:47 UTC ( 2 years, 7 months ago ) View latest
Antivirus Result Update
Ad-Aware Trojan.GenericKD.3492705 20160903
AegisLab Backdoor.W32.Hlux!c 20160903
AhnLab-V3 Backdoor/Win32.Hlux.N2090493511 20160903
ALYac Trojan.GenericKD.3492705 20160903
Antiy-AVL Trojan[Backdoor]/Win32.Hlux 20160903
Arcabit Trojan.Generic.D354B61 20160903
Avast Win32:Dropper-gen [Drp] 20160903
AVG Atros4.FJT 20160903
Avira (no cloud) TR/Crypt.ZPACK.wnqv 20160903
AVware Trojan.Win32.Generic!BT 20160903
Baidu Win32.Trojan.WisdomEyes.151026.9950.9999 20160903
BitDefender Trojan.GenericKD.3492705 20160903
CrowdStrike Falcon (ML) malicious_confidence_79% (W) 20160725
Cyren W32/Trojan.ACKO-4043 20160903
DrWeb BackDoor.Bifrost.20608 20160903
Emsisoft Trojan.GenericKD.3492705 (B) 20160903
ESET-NOD32 Win32/TrojanDownloader.VB.QZI 20160903
F-Secure Trojan.GenericKD.3492705 20160903
Fortinet W32/VB.QZI!tr.dldr 20160903
GData Trojan.GenericKD.3492705 20160903
Ikarus Trojan-Downloader.Win32.VB 20160903
Sophos ML backdoor.win32.zegost.b 20160830
Jiangmin Backdoor.Hlux.bas 20160903
K7AntiVirus Trojan ( 004f70e71 ) 20160903
K7GW Trojan ( 004f70e71 ) 20160903
Kaspersky Backdoor.Win32.Hlux.ftug 20160903
McAfee Generic.grp 20160903
McAfee-GW-Edition BehavesLike.Win32.Dropper.dh 20160903
Microsoft Trojan:Win32/Miuref.R 20160903
eScan Trojan.GenericKD.3492705 20160903
Panda Trj/CI.A 20160903
Qihoo-360 Win32/Trojan.Multi.daf 20160903
Rising Backdoor.Hlux!8.159-xFcUsva0ShH (cloud) 20160903
Sophos AV Mal/Generic-S 20160903
Symantec Backdoor.Trojan 20160903
Tencent Win32.Backdoor.Hlux.Amcv 20160903
TrendMicro TROJ_GEN.R08NC0VHT16 20160903
TrendMicro-HouseCall TROJ_GEN.R08NC0VHT16 20160903
VIPRE Trojan.Win32.Generic!BT 20160831
Alibaba 20160901
Bkav 20160901
CAT-QuickHeal 20160903
ClamAV 20160903
CMC 20160901
Comodo 20160903
F-Prot 20160903
Kingsoft 20160903
Malwarebytes 20160903
NANO-Antivirus 20160903
nProtect 20160903
SUPERAntiSpyware 20160902
TheHacker 20160903
TotalDefense 20160903
VBA32 20160902
ViRobot 20160903
Yandex 20160902
Zillya 20160902
Zoner 20160903
The file being studied is a Portable Executable file! More specifically, it is a Win32 EXE file for the Windows GUI subsystem.
PE header basic information
Target machine Intel 386 or later processors and compatible processors
Compilation timestamp 2016-08-26 21:58:25
Entry Point 0x00016E41
Number of sections 4
PE sections
PE imports
RegDeleteKeyA
RegOpenKeyA
RegCloseKey
RegQueryValueA
RegQueryValueExA
RegSetValueExA
RegCreateKeyExA
RegOpenKeyExA
RegEnumKeyA
InitCommonControlsEx
SetMapMode
SaveDC
TextOutA
CreateFontIndirectA
GetClipBox
GetPixel
GetDeviceCaps
OffsetViewportOrgEx
DeleteDC
RestoreDC
SetBkMode
BitBlt
SetTextColor
CreatePatternBrush
GetObjectA
CreateBitmap
RectVisible
GetStockObject
SetViewportOrgEx
ScaleWindowExtEx
ExtTextOutA
PtVisible
CreateCompatibleDC
ScaleViewportExtEx
SelectObject
GetTextExtentPoint32A
SetWindowExtEx
CreateSolidBrush
SetViewportExtEx
Escape
SetBkColor
DeleteObject
CreateCompatibleBitmap
GetStdHandle
GetConsoleOutputCP
HeapDestroy
FreeEnvironmentStringsA
DeleteCriticalSection
GetCurrentProcess
GetConsoleMode
GetLocaleInfoA
LocalAlloc
SetErrorMode
FreeEnvironmentStringsW
GetLocaleInfoW
SetStdHandle
GetCPInfo
GetProcAddress
GetStringTypeA
InterlockedExchange
WriteFile
GetSystemTimeAsFileTime
EnumResourceLanguagesA
HeapReAlloc
GetStringTypeW
FreeLibrary
LocalFree
InitializeCriticalSection
LoadResource
GlobalHandle
InterlockedDecrement
FormatMessageA
SetLastError
GetModuleFileNameW
IsDebuggerPresent
HeapAlloc
GetVersionExA
GetModuleFileNameA
EnumSystemLocalesA
UnhandledExceptionFilter
TlsGetValue
MultiByteToWideChar
GetModuleHandleA
GlobalAddAtomA
SetUnhandledExceptionFilter
ConvertDefaultLocale
MulDiv
TerminateProcess
WriteConsoleA
GlobalAlloc
GetCurrentThreadId
InterlockedIncrement
WriteConsoleW
HeapFree
EnterCriticalSection
SetHandleCount
GetOEMCP
QueryPerformanceCounter
GetTickCount
TlsAlloc
FlushFileBuffers
LoadLibraryA
RtlUnwind
GetStartupInfoA
GlobalDeleteAtom
GetUserDefaultLCID
GetProcessHeap
GlobalReAlloc
lstrcmpA
CompareStringA
IsValidLocale
lstrcmpW
GlobalLock
GlobalFindAtomA
GetFileType
TlsSetValue
CreateFileA
ExitProcess
LeaveCriticalSection
GetLastError
LocalReAlloc
LCMapStringW
lstrlenA
GlobalFree
GetConsoleCP
LCMapStringA
GlobalGetAtomNameA
GetThreadLocale
GetEnvironmentStringsW
GlobalUnlock
GetEnvironmentStrings
WritePrivateProfileStringA
GetCurrentProcessId
LockResource
WideCharToMultiByte
HeapSize
GetCommandLineA
GetCurrentThread
RaiseException
TlsFree
SetFilePointer
ReadFile
GlobalFlags
CloseHandle
GetACP
GetVersion
FreeResource
SizeofResource
IsValidCodePage
HeapCreate
VirtualFree
Sleep
FindResourceA
VirtualAlloc
VariantChangeType
VariantInit
VariantClear
DragFinish
DragQueryFileA
PathFindFileNameA
PathFindExtensionA
MapWindowPoints
GetForegroundWindow
SetMenuItemBitmaps
DestroyMenu
PostQuitMessage
GetMessagePos
LoadBitmapA
SetWindowPos
IsWindow
DispatchMessageA
EndPaint
GrayStringA
GetMessageTime
SetActiveWindow
GetDC
GetCursorPos
DrawTextA
GetDlgCtrlID
GetClassInfoA
GetMenu
UnregisterClassA
SendMessageA
GetClientRect
GetNextDlgTabItem
CallNextHookEx
LoadAcceleratorsA
ClientToScreen
GetTopWindow
GetMenuItemInfoA
GetWindowTextA
PtInRect
GetMessageA
GetParent
UpdateWindow
SetPropA
EqualRect
GetClassInfoExA
ShowWindow
GetPropA
ValidateRect
EnableWindow
PeekMessageA
TranslateMessage
IsWindowEnabled
GetWindow
InsertMenuItemA
GetWindowPlacement
IsIconic
RegisterClassA
TabbedTextOutA
GetWindowLongA
CreateWindowExA
GetActiveWindow
ShowOwnedPopups
FillRect
CopyRect
DeferWindowPos
DestroyWindow
IsDialogMessageA
SetFocus
BeginPaint
OffsetRect
RegisterWindowMessageA
DefWindowProcA
SendDlgItemMessageA
GetSystemMetrics
EnableMenuItem
GetWindowRect
InflateRect
PostMessageA
ReleaseCapture
SetWindowLongA
RemovePropA
CreatePopupMenu
CheckMenuItem
GetSubMenu
GetLastActivePopup
GetDlgItem
GetMenuCheckMarkDimensions
BringWindowToTop
ScreenToClient
GetClassLongA
CreateDialogIndirectParamA
LoadCursorA
LoadIconA
TrackPopupMenu
SetWindowsHookExA
GetMenuItemCount
GetMenuState
ReuseDDElParam
GetMenuItemID
SetForegroundWindow
PostThreadMessageA
ReleaseDC
IntersectRect
EndDialog
LoadMenuA
GetCapture
SetWindowTextA
DrawTextExA
GetWindowThreadProcessId
GetSysColorBrush
BeginDeferWindowPos
SetMenu
RegisterClipboardFormatA
SetRectEmpty
MessageBoxA
GetWindowDC
AdjustWindowRectEx
GetSysColor
GetKeyState
EndDeferWindowPos
SystemParametersInfoA
IsWindowVisible
GetDesktopWindow
UnpackDDElParam
WinHelpA
InvalidateRect
TranslateAcceleratorA
CallWindowProcA
GetClassNameA
GetFocus
ModifyMenuA
UnhookWindowsHookEx
SetCursor
OpenPrinterA
DocumentPropertiesA
ClosePrinter
OleUninitialize
OleInitialize
CoRevokeClassObject
OleFlushClipboard
CoFreeUnusedLibraries
CoRegisterMessageFilter
OleIsCurrentClipboard
Number of PE resources by type
DB 1
Number of PE resources by language
NEUTRAL 1
PE resources
ExifTool file metadata
MIMEType
application/octet-stream

Subsystem
Windows GUI

MachineType
Intel 386 or later, and compatibles

FileTypeExtension
exe

TimeStamp
2016:08:26 22:58:25+01:00

FileType
Win32 EXE

PEType
PE32

CodeSize
192512

LinkerVersion
8.0

EntryPoint
0x16e41

InitializedDataSize
77824

SubsystemVersion
4.0

ImageVersion
0.0

OSVersion
4.0

UninitializedDataSize
0

File identification
MD5 7be9383e8157823f6f26d59c8fe9313c
SHA1 8ef92007af1080d67885543ada0c9a0e840923a2
SHA256 52208821bc81d6b032a8468462888d83562285332e36b1283e0a6f126e19d574
ssdeep
6144:PsVCqCRladpeQWwR1qOIpXkzwjQhbTBMGJFPb3:Ps0ajd3nzwWbT13

authentihash e204c8f8eab07a9950322dfc1bbfa336c233b4b7a41b3870dd1bed233191e522
imphash f9815e6e6cdb06bc06037176ad30dc1f
File size 268.0 KB ( 274432 bytes )
File type Win32 EXE
Magic literal
PE32 executable for MS Windows (GUI) Intel 80386 32-bit

TrID Win32 Executable MS Visual C++ (generic) (35.8%)
Win64 Executable (generic) (31.7%)
Windows screen saver (15.0%)
Win32 Dynamic Link Library (generic) (7.5%)
Win32 Executable (generic) (5.1%)
Tags
peexe

VirusTotal metadata
First submission 2016-08-27 06:07:02 UTC ( 2 years, 7 months ago )
Last submission 2016-08-27 06:07:02 UTC ( 2 years, 7 months ago )
File names ics32.exe
iscsiwm.exe
No comments. No VirusTotal Community member has commented on this item yet, be the first one to do so!

Leave your comment...

?
Post comment

You have not signed in. Only registered users can leave comments, sign in and have a voice!

No votes. No one has voted on this item yet, be the first one to do so!
Condensed report! The following is a condensed report of the behaviour of the file when executed in a controlled environment. The actions and events described were either performed by the file itself or by any other process launched by the executed file or subjected to code injection by the executed file.
Created processes
Opened mutexes
Hooking activity
Runtime DLLs
Additional details
The file installs an application-defined hook procedure into a hook chain. You would install a hook procedure to monitor the system for certain types of events. These events are associated either with a specific thread or with all threads in the same desktop as the calling thread. This is done making use of the SetWindowsHook Windows API function.