× Cookies are disabled! This site requires cookies to be enabled to work properly
SHA256: 547a2c0230a12175833eb2f6034aaa23417a21542178fe57daac6640f8eae177
File name: 4a135fda8c8dcf4752aa1e486607e2e8.virus
Detection ratio: 24 / 57
Analysis date: 2016-05-28 07:20:26 UTC ( 2 years, 10 months ago ) View latest
Antivirus Result Update
Ad-Aware Trojan.GenericKD.3262691 20160528
AegisLab Troj.W32.Gen.lt1a 20160528
ALYac Trojan.GenericKD.3262691 20160528
Arcabit Trojan.Generic.D31C8E3 20160528
Avast Win32:Trojan-gen 20160528
AVG Crypt5.BNDB 20160528
Avira (no cloud) TR/Crypt.ZPACK.ndlr 20160527
AVware Trojan.Win32.Generic!BT 20160528
BitDefender Trojan.GenericKD.3262691 20160528
Cyren W32/Trojan.YTVD-5967 20160528
Emsisoft Trojan.GenericKD.3262691 (B) 20160528
ESET-NOD32 a variant of Win32/Kryptik.EVBG 20160528
F-Secure Trojan.GenericKD.3262691 20160528
Fortinet W32/Kryptik.EVBG!tr 20160528
GData Trojan.GenericKD.3262691 20160528
K7AntiVirus Trojan ( 004e93561 ) 20160528
K7GW Trojan ( 004e93561 ) 20160528
eScan Trojan.GenericKD.3262691 20160528
nProtect Trojan.GenericKD.3262691 20160527
Qihoo-360 HEUR/QVM07.1.0000.Malware.Gen 20160528
Rising Trojan.Kryptik!8.8-iqh2IEAq1vJ (Cloud) 20160528
Sophos AV Mal/Generic-S 20160528
Tencent Win32.Trojan.Kryptik.Pbyx 20160528
VIPRE Trojan.Win32.Generic!BT 20160528
AhnLab-V3 20160527
Alibaba 20160527
Antiy-AVL 20160528
Baidu 20160527
Baidu-International 20160527
Bkav 20160527
CAT-QuickHeal 20160527
ClamAV 20160528
CMC 20160523
Comodo 20160528
DrWeb 20160528
F-Prot 20160528
Ikarus 20160528
Jiangmin 20160528
Kaspersky 20160528
Kingsoft 20160528
Malwarebytes 20160528
McAfee 20160528
McAfee-GW-Edition 20160527
Microsoft 20160528
NANO-Antivirus 20160528
Panda 20160527
SUPERAntiSpyware 20160528
Symantec 20160528
TheHacker 20160527
TotalDefense 20160528
TrendMicro 20160528
TrendMicro-HouseCall 20160528
VBA32 20160527
ViRobot 20160528
Yandex 20160526
Zillya 20160527
Zoner 20160528
The file being studied is a Portable Executable file! More specifically, it is a Win32 EXE file for the Windows GUI subsystem.
FileVersionInfo properties
Product Fair play
File version 1.1
Description Fair play
PE header basic information
Target machine Intel 386 or later processors and compatible processors
Compilation timestamp 2016-05-23 10:24:33
Entry Point 0x0003E568
Number of sections 3
PE sections
PE imports
GetLastError
HeapFree
GetStdHandle
EnterCriticalSection
SetHandleCount
GetModuleFileNameW
HeapDestroy
ExitProcess
IsBadWritePtr
TlsAlloc
GetEnvironmentStringsW
LoadLibraryA
WaitForSingleObjectEx
RtlUnwind
GetModuleFileNameA
FreeEnvironmentStringsA
DeleteCriticalSection
GetCurrentProcess
GetEnvironmentStrings
GetCommandLineW
UnhandledExceptionFilter
MultiByteToWideChar
GetStartupInfoW
SetFilePointerEx
FreeEnvironmentStringsW
GetCommandLineA
GetProcAddress
FatalAppExitA
TlsFree
GetModuleHandleA
WriteFile
GetStartupInfoA
HeapReAlloc
GetCurrentThreadId
TerminateProcess
InitializeCriticalSection
HeapCreate
VirtualFree
TlsGetValue
GetFileType
TlsSetValue
HeapAlloc
GetVersion
GetCurrentThread
VirtualAlloc
SetLastError
LeaveCriticalSection
GetCursorPos
UnregisterClassA
SetCapture
GetClipboardData
DestroyMenu
CreateWindowExW
AdjustWindowRectEx
ClientToScreen
SetWindowPos
Number of PE resources by type
RT_STRING 1
RT_VERSION 1
Number of PE resources by language
ENGLISH US 2
PE resources
ExifTool file metadata
SubsystemVersion
4.0

LinkerVersion
7.1

ImageVersion
0.0

FileSubtype
0

FileVersionNumber
1.0.0.0

UninitializedDataSize
0

LanguageCode
English (U.S.)

FileFlagsMask
0x0017

CharacterSet
Windows, Latin1

InitializedDataSize
12288

EntryPoint
0x3e568

MIMEType
application/octet-stream

FileVersion
1.1

TimeStamp
2016:05:23 11:24:33+01:00

FileType
Win32 EXE

PEType
PE32

ProductVersion
2, 1

FileDescription
Fair play

OSVersion
4.0

FileOS
Win32

Subsystem
Windows GUI

MachineType
Intel 386 or later, and compatibles

CompanyName
Fair play

CodeSize
262144

ProductName
Fair play

ProductVersionNumber
1.9.0.0

FileTypeExtension
exe

ObjectFileType
Executable application

File identification
MD5 4a135fda8c8dcf4752aa1e486607e2e8
SHA1 13312c07d9f72356926a3d7a12f543fb92ad11f4
SHA256 547a2c0230a12175833eb2f6034aaa23417a21542178fe57daac6640f8eae177
ssdeep
6144:pfTtK/cYXl3B5A38+XBbSjDVmwIWaw+K2xnMNuREnGqaubbbbbbbbbb:NTAXt+X9GI4aw+tFIuOn8ubbbbbbbbbb

authentihash 3fc047a3228521ab9c2778da5af5106264387a7c15cda36ec68d00be9c2a47a7
imphash f3c539892e23c928cfe166c3e9092b3d
File size 272.0 KB ( 278528 bytes )
File type Win32 EXE
Magic literal
PE32 executable for MS Windows (GUI) Intel 80386 32-bit

TrID Win32 Executable MS Visual C++ (generic) (41.0%)
Win64 Executable (generic) (36.3%)
Win32 Dynamic Link Library (generic) (8.6%)
Win32 Executable (generic) (5.9%)
OS/2 Executable (generic) (2.6%)
Tags
peexe

VirusTotal metadata
First submission 2016-05-28 07:20:26 UTC ( 2 years, 10 months ago )
Last submission 2018-02-21 10:26:16 UTC ( 1 year, 1 month ago )
File names 4a135fda8c8dcf4752aa1e486607e2e8.virus
LEONARDO.SCR
2016-05-24_547a2c0230a12175833eb2f6034aaa23417a21542178fe57daac6640f8eae177
No comments. No VirusTotal Community member has commented on this item yet, be the first one to do so!

Leave your comment...

?
Post comment

You have not signed in. Only registered users can leave comments, sign in and have a voice!

No votes. No one has voted on this item yet, be the first one to do so!
Condensed report! The following is a condensed report of the behaviour of the file when executed in a controlled environment. The actions and events described were either performed by the file itself or by any other process launched by the executed file or subjected to code injection by the executed file.
Opened files
Read files
Written files
Deleted files
Created processes
Code injections in the following processes
Created mutexes
Opened mutexes
Opened service managers
Opened services
Runtime DLLs
HTTP requests
DNS requests
TCP connections
UDP communications