× Cookies are disabled! This site requires cookies to be enabled to work properly
SHA256: 53c080ca8cdeb8a610c2a7a79952181e8feae9fddb646c011eac76186b43ffec
File name: a0d48dc276029b4dccd1ba06ccb55877.virus
Detection ratio: 35 / 58
Analysis date: 2017-02-10 09:50:48 UTC ( 2 years ago ) View latest
Antivirus Result Update
Ad-Aware Gen:Variant.Zusy.220673 20170210
AhnLab-V3 Trojan/Win32.Garrun.C1777815 20170209
ALYac Gen:Variant.Mikey.59279 20170210
Arcabit Trojan.Zusy.D35E01 20170210
Avast Win32:Rootkit-gen [Rtk] 20170210
AVG Generic_r.REY 20170210
Avira (no cloud) TR/Crypt.ZPACK.kjlaa 20170209
AVware Trojan.Win32.Generic!BT 20170210
Baidu Win32.Trojan.WisdomEyes.16070401.9500.9637 20170210
BitDefender Gen:Variant.Zusy.220673 20170210
CrowdStrike Falcon (ML) malicious_confidence_100% (D) 20170130
Cyren W32/S-e2e07e9d!Eldorado 20170210
DrWeb BackDoor.Spy.2956 20170210
Emsisoft Gen:Variant.Zusy.220673 (B) 20170210
Endgame malicious (moderate confidence) 20170208
ESET-NOD32 a variant of Win32/Kryptik.FNZC 20170210
F-Prot W32/S-e2e07e9d!Eldorado 20170210
F-Secure Gen:Variant.Zusy.220673 20170210
Fortinet W32/Kryptik.FNZC!tr 20170210
GData Gen:Variant.Zusy.220673 20170210
Ikarus Trojan.Win32.Crypt 20170210
Sophos ML worm.win32.dorkbot.i 20170203
Jiangmin Backdoor.Androm.ndx 20170210
Kaspersky Trojan.Win32.Scar.ppjb 20170210
Malwarebytes Backdoor.DorkBot 20170210
McAfee-GW-Edition BehavesLike.Win32.Sdbot.ch 20170210
eScan Gen:Variant.Zusy.220673 20170210
NANO-Antivirus Trojan.Win32.Ruskill.elixyi 20170210
Panda Trj/GdSda.A 20170209
Qihoo-360 HEUR/QVM09.0.0000.Malware.Gen 20170210
Rising Malware.Generic!C6UXffEwh8H@5 (thunder) 20170210
Symantec ML.Attribute.HighConfidence 20170209
Tencent Win32.Trojan.Scar.Lmki 20170210
TrendMicro-HouseCall TROJ_GEN.R00YH0CB917 20170210
VIPRE Trojan.Win32.Generic!BT 20170210
AegisLab 20170210
Alibaba 20170122
Antiy-AVL 20170210
Bkav 20170209
CAT-QuickHeal 20170210
ClamAV 20170210
CMC 20170210
Comodo 20170210
K7AntiVirus 20170210
K7GW 20170210
Kingsoft 20170210
McAfee 20170210
Microsoft 20170210
nProtect 20170210
Sophos AV 20170210
SUPERAntiSpyware 20170210
TheHacker 20170209
TotalDefense 20170210
TrendMicro 20170210
Trustlook 20170210
VBA32 20170209
ViRobot 20170210
WhiteArmor 20170202
Yandex 20170209
Zillya 20170209
Zoner 20170210
The file being studied is a Portable Executable file! More specifically, it is a Win32 EXE file for the Windows GUI subsystem.
PE header basic information
Target machine Intel 386 or later processors and compatible processors
Compilation timestamp 2017-02-07 09:51:36
Entry Point 0x000032C6
Number of sections 4
PE sections
PE imports
GetTokenInformation
CloseServiceHandle
LookupPrivilegeValueA
RegCloseKey
OpenServiceA
OpenProcessToken
RegSetValueExA
CreateServiceA
RegQueryValueExA
RegQueryValueA
RegFlushKey
RegSetValueA
AdjustTokenPrivileges
ControlService
StartServiceA
DeleteService
RegOpenKeyExA
RegCreateKeyA
OpenSCManagerA
ImageList_LoadImageA
Ord(17)
GetOpenFileNameA
ChooseColorA
GetSaveFileNameA
Polygon
CreateFontIndirectW
CreatePen
TextOutA
GetDeviceCaps
LineTo
DeleteDC
SetBkMode
ChoosePixelFormat
GetObjectW
BitBlt
SetTextColor
MoveToEx
CreateFontA
SetPixelFormat
CreateCompatibleDC
SwapBuffers
SelectObject
CreateSolidBrush
SetBkColor
DeleteObject
CreateCompatibleBitmap
GetStdHandle
GetConsoleOutputCP
WaitForSingleObject
HeapDestroy
GetFileAttributesW
GetLocalTime
FreeEnvironmentStringsA
DeleteCriticalSection
GetCurrentProcess
GetConsoleMode
GetLocaleInfoA
OpenFileMappingA
FreeEnvironmentStringsW
SetStdHandle
GetCPInfo
GetStringTypeA
GetTempPathW
GetSystemTimeAsFileTime
GlobalMemoryStatusEx
HeapReAlloc
GetStringTypeW
FreeLibrary
InitializeCriticalSection
LoadResource
FindClose
InterlockedDecrement
FormatMessageA
SetFileAttributesW
SetLastError
GetUserDefaultUILanguage
DeviceIoControl
GetUserDefaultLangID
RemoveDirectoryW
IsDebuggerPresent
HeapAlloc
GetVersionExA
GetModuleFileNameA
lstrcmpiW
RaiseException
UnhandledExceptionFilter
TlsGetValue
MultiByteToWideChar
GetPrivateProfileStringW
LeaveCriticalSection
SetFilePointer
CreateThread
SetEnvironmentVariableW
GetExitCodeThread
SetUnhandledExceptionFilter
ExitThread
TerminateProcess
WriteConsoleA
FreeUserPhysicalPages
SetCurrentDirectoryW
GlobalAlloc
SetEndOfFile
GetCurrentThreadId
GetProcAddress
WriteConsoleW
HeapFree
EnterCriticalSection
SetHandleCount
LoadLibraryW
GetOEMCP
QueryPerformanceCounter
GetTickCount
TlsAlloc
FlushFileBuffers
LoadLibraryA
RtlUnwind
GetStartupInfoA
GetWindowsDirectoryW
OpenProcess
CreateDirectoryA
DeleteFileA
GetWindowsDirectoryA
SetEvent
DeleteFileW
GetUserDefaultLCID
GetProcessHeap
WriteFile
ExpandEnvironmentStringsW
FindNextFileW
CreateDirectoryW
ResetEvent
CreateFileMappingA
FindFirstFileW
lstrcmpW
WaitForMultipleObjects
GlobalLock
CreateEventW
CreateFileW
AllocateUserPhysicalPages
GetFileType
TlsSetValue
CreateFileA
ExitProcess
InterlockedIncrement
GetLastError
SystemTimeToFileTime
LCMapStringW
lstrlenA
GlobalFree
GetConsoleCP
LCMapStringA
GetEnvironmentStringsW
GlobalUnlock
lstrlenW
CreateProcessW
GetEnvironmentStrings
CompareFileTime
GetCurrentProcessId
LockResource
SetFileTime
GetCommandLineW
MapUserPhysicalPages
GetCurrentDirectoryA
HeapSize
GetCommandLineA
GetCurrentThread
QueryPerformanceFrequency
MapViewOfFile
TlsFree
GetModuleHandleA
ReadFile
CloseHandle
GetACP
GetVersion
CreateProcessA
WideCharToMultiByte
HeapCreate
OpenEventW
VirtualFree
Sleep
FindResourceA
VirtualAlloc
SHBrowseForFolderW
SHChangeNotify
ShellExecuteW
SHGetPathFromIDListW
ShellExecuteExW
SHGetFileInfoW
SHGetSpecialFolderPathW
SHGetMalloc
ShellExecuteA
SetFocus
GetParent
EndDialog
SystemParametersInfoW
DefWindowProcW
KillTimer
ChangeDisplaySettingsA
ShowWindow
MessageBeep
SetWindowPos
wvsprintfW
GetSystemMetrics
SetWindowLongW
AppendMenuA
GetWindowRect
ScreenToClient
CharUpperW
MessageBoxA
LoadIconW
GetWindowDC
GetWindow
SetDlgItemTextW
GetDC
GetKeyState
ReleaseDC
BeginPaint
SendMessageW
wsprintfW
DrawIconEx
GetClientRect
CloseWindow
GetDlgItem
CreateDialogParamA
DrawTextW
LoadImageW
EnableMenuItem
ClientToScreen
SetRect
wsprintfA
SetTimer
CallWindowProcW
DialogBoxIndirectParamW
SetWindowTextW
GetWindowTextW
GetSystemMenu
GetWindowTextLengthW
GetWindowLongW
Number of PE resources by type
RT_STRING 10
RT_MANIFEST 1
Number of PE resources by language
FINNISH DEFAULT 10
ENGLISH TRINIDAD 1
PE resources
ExifTool file metadata
MIMEType
application/octet-stream

Subsystem
Windows GUI

MachineType
Intel 386 or later, and compatibles

TimeStamp
2017:02:07 10:51:36+01:00

FileType
Win32 EXE

PEType
PE32

CodeSize
68096

LinkerVersion
9.0

FileTypeExtension
exe

InitializedDataSize
154624

SubsystemVersion
5.0

EntryPoint
0x32c6

OSVersion
5.0

ImageVersion
0.0

UninitializedDataSize
0

File identification
MD5 a0d48dc276029b4dccd1ba06ccb55877
SHA1 535697a44d13f18916e5894a0149529c23688210
SHA256 53c080ca8cdeb8a610c2a7a79952181e8feae9fddb646c011eac76186b43ffec
ssdeep
3072:c0nZPOQJ9neWuOxLtiAxI0fB+EAFT2yNobLl0iVSAyPaU+:LhOYeWuOxLxEDF6yecHa

authentihash 252bceb3b3c5a0a8fda491617c716c5b69c180a6355590d40b60d8e9cf59ded7
imphash dea89eb56ee5dbe4a6d8f88cb3d29fd1
File size 175.0 KB ( 179200 bytes )
File type Win32 EXE
Magic literal
PE32 executable for MS Windows (GUI) Intel 80386 32-bit

TrID Win32 Executable MS Visual C++ (generic) (42.2%)
Win64 Executable (generic) (37.3%)
Win32 Dynamic Link Library (generic) (8.8%)
Win32 Executable (generic) (6.0%)
Generic Win/DOS Executable (2.7%)
Tags
peexe

VirusTotal metadata
First submission 2017-02-10 09:50:48 UTC ( 2 years ago )
Last submission 2017-02-10 09:50:48 UTC ( 2 years ago )
File names a0d48dc276029b4dccd1ba06ccb55877.virus
No comments. No VirusTotal Community member has commented on this item yet, be the first one to do so!

Leave your comment...

?
Post comment

You have not signed in. Only registered users can leave comments, sign in and have a voice!

No votes. No one has voted on this item yet, be the first one to do so!
Condensed report! The following is a condensed report of the behaviour of the file when executed in a controlled environment. The actions and events described were either performed by the file itself or by any other process launched by the executed file or subjected to code injection by the executed file.
Opened files
Runtime DLLs
UDP communications