× Cookies are disabled! This site requires cookies to be enabled to work properly
SHA256: 559a2f9804f7ab336e2006ae691e23f40b3e3818762fb9e11159e400669a82f4
File name: 226ff555555555555refresh.exe
Detection ratio: 35 / 56
Analysis date: 2016-08-24 07:55:41 UTC ( 2 years, 6 months ago ) View latest
Antivirus Result Update
Ad-Aware Gen:Variant.Zusy.203214 20160824
AegisLab Troj.W32.Garrun!c 20160824
AhnLab-V3 Trojan/Win32.Garrun.N2082531865 20160824
ALYac Gen:Variant.Zusy.203214 20160824
Arcabit Trojan.Zusy.D319CE 20160824
Avast Win32:Trojan-gen 20160824
AVG Generic_r.MLO 20160824
Avira (no cloud) TR/Crypt.ZPACK.hroh 20160824
AVware Trojan.Win32.Generic!BT 20160824
BitDefender Gen:Variant.Zusy.203214 20160824
Bkav W32.TodicomsASAB.Trojan 20160823
CAT-QuickHeal Trojan.Garrun 20160824
Cyren W32/Trojan.PARF-2141 20160824
DrWeb Trojan.PWS.Steam.12026 20160824
Emsisoft Gen:Variant.Zusy.203214 (B) 20160824
ESET-NOD32 a variant of Win32/Kryptik.FEQG 20160824
F-Prot W32/S-e9be65e2!Eldorado 20160824
F-Secure Gen:Variant.Zusy.203214 20160824
GData Gen:Variant.Zusy.203214 20160824
Ikarus Trojan.Win32.Crypt 20160823
Jiangmin TrojanDropper.Dapato.uuv 20160824
Kaspersky Trojan.Win32.Garrun.cou 20160823
Malwarebytes Backdoor.Bot 20160824
McAfee GenericRXAF-VG!7FAC56A8A434 20160824
McAfee-GW-Edition GenericRXAF-VG!7FAC56A8A434 20160824
Microsoft Trojan:Win32/Lethic.B 20160824
eScan Gen:Variant.Zusy.203214 20160824
Panda Trj/GdSda.A 20160823
Qihoo-360 HEUR/QVM09.0.335B.Malware.Gen 20160824
Rising Trojan.Lethic!8.59D-eVD8Ut5x7cJ (Cloud) 20160824
Sophos AV Mal/Generic-S 20160824
Symantec Trojan Horse 20160824
TrendMicro TROJ_GEN.R021C0DHK16 20160824
TrendMicro-HouseCall TROJ_GEN.R021C0DHK16 20160824
VIPRE Trojan.Win32.Generic!BT 20160824
Alibaba 20160824
Antiy-AVL 20160824
Baidu 20160824
ClamAV 20160824
CMC 20160822
Comodo 20160823
Fortinet 20160824
K7AntiVirus 20160824
K7GW 20160824
Kingsoft 20160824
NANO-Antivirus 20160824
nProtect 20160824
SUPERAntiSpyware 20160823
Tencent 20160824
TheHacker 20160824
TotalDefense 20160824
VBA32 20160823
ViRobot 20160824
Yandex 20160823
Zillya 20160820
Zoner 20160824
The file being studied is a Portable Executable file! More specifically, it is a Win32 EXE file for the Windows GUI subsystem.
PE header basic information
Target machine Intel 386 or later processors and compatible processors
Compilation timestamp 2016-08-17 07:09:32
Entry Point 0x00004342
Number of sections 4
PE sections
PE imports
RegCreateKeyExW
RegCloseKey
RegQueryValueExW
RegOpenKeyExW
RegSetValueExW
GetStdHandle
GetConsoleOutputCP
FileTimeToSystemTime
WaitForSingleObject
HeapDestroy
GetFileAttributesW
FreeEnvironmentStringsA
DeleteCriticalSection
GetCurrentProcess
OpenFileMappingW
GetConsoleMode
GetLocaleInfoA
FreeEnvironmentStringsW
GetLocaleInfoW
SetStdHandle
GetCommModemStatus
WideCharToMultiByte
GetStringTypeA
WriteFile
GetSystemTimeAsFileTime
HeapReAlloc
GetStringTypeW
GetOEMCP
InitializeCriticalSection
FindClose
InterlockedDecrement
MoveFileW
GetFullPathNameW
SetLastError
PeekNamedPipe
GetModuleFileNameW
IsDebuggerPresent
HeapAlloc
FlushFileBuffers
GetModuleFileNameA
UnhandledExceptionFilter
TlsGetValue
MultiByteToWideChar
SetFilePointer
SetFileAttributesW
SetEnvironmentVariableW
MoveFileExW
SetUnhandledExceptionFilter
SetEnvironmentVariableA
TerminateProcess
WriteConsoleA
FreeUserPhysicalPages
SetCurrentDirectoryW
GlobalAlloc
GetCurrentThreadId
LeaveCriticalSection
GetNumberFormatW
WriteConsoleW
HeapFree
EnterCriticalSection
SetHandleCount
LoadLibraryW
GetExitCodeProcess
QueryPerformanceCounter
GetTickCount
TlsAlloc
GetVersionExA
LoadLibraryA
RtlUnwind
FreeLibrary
GetStartupInfoA
GetProcessIoCounters
GetDateFormatW
CreateDirectoryW
DeleteFileW
GetProcAddress
GetProcessHeap
CreateFileMappingW
CompareStringW
ExpandEnvironmentStringsW
FindNextFileW
CompareStringA
FindFirstFileW
GetTimeZoneInformation
GetFileType
TlsSetValue
CreateFileA
ExitProcess
PrepareTape
InterlockedIncrement
GetLastError
LCMapStringW
HeapCreate
GetConsoleCP
FindResourceW
LCMapStringA
GetTimeFormatW
GetEnvironmentStringsW
IsDBCSLeadByte
FileTimeToLocalFileTime
GetEnvironmentStrings
GetCurrentProcessId
GetCommandLineW
GetCPInfo
HeapSize
GetCommandLineA
RaiseException
MapViewOfFile
TlsFree
GetModuleHandleA
ReadFile
CloseHandle
GetACP
GetModuleHandleW
IsValidCodePage
UnmapViewOfFile
GetTempPathW
VirtualFree
Sleep
VirtualAlloc
SHBrowseForFolderW
SHChangeNotify
SHFileOperationW
SHGetPathFromIDListW
SHGetSpecialFolderLocation
ShellExecuteExW
SHGetFileInfoW
SHGetMalloc
IsWindow
GetMenuItemRect
MonitorFromPoint
CreateAcceleratorTableW
GetMouseMovePointsEx
GetKeyboardLayoutNameW
EnableScrollBar
OpenClipboard
CLSIDFromString
OleUninitialize
CoCreateInstance
OleInitialize
CreateStreamOnHGlobal
Number of PE resources by type
RT_ICON 4
RT_MANIFEST 1
RT_GROUP_ICON 1
Number of PE resources by language
NEUTRAL 6
PE resources
ExifTool file metadata
MIMEType
application/octet-stream

Subsystem
Windows GUI

MachineType
Intel 386 or later, and compatibles

TimeStamp
2016:08:17 08:09:32+01:00

FileType
Win32 EXE

PEType
PE32

CodeSize
57344

LinkerVersion
9.0

FileTypeExtension
exe

InitializedDataSize
70144

SubsystemVersion
5.0

EntryPoint
0x4342

OSVersion
5.0

ImageVersion
0.0

UninitializedDataSize
0

File identification
MD5 7fac56a8a4344910e09860dab52f84e0
SHA1 fb6c0753f72ddbbc99d7c538bbcace8fc5f0e313
SHA256 559a2f9804f7ab336e2006ae691e23f40b3e3818762fb9e11159e400669a82f4
ssdeep
1536:jwO2UHnAVpl3xHZnkvkXdhkEn+7MaJQJa1XILnI5OfQDr02xMN6wZfB:jD2QDkhn+lqc14LIDY2xRwfB

authentihash 474c068d6e1bc2af327ad59ca097b4a7e2e1a6db20484a08c37462459105bf66
imphash 9184a090bf654a9d981bcffeb2f5f760
File size 125.5 KB ( 128512 bytes )
File type Win32 EXE
Magic literal
PE32 executable for MS Windows (GUI) Intel 80386 32-bit

TrID Win32 Executable MS Visual C++ (generic) (41.0%)
Win64 Executable (generic) (36.3%)
Win32 Dynamic Link Library (generic) (8.6%)
Win32 Executable (generic) (5.9%)
OS/2 Executable (generic) (2.6%)
Tags
peexe

VirusTotal metadata
First submission 2016-08-17 07:54:16 UTC ( 2 years, 6 months ago )
Last submission 2016-08-17 07:54:16 UTC ( 2 years, 6 months ago )
File names Aj4UCWQr.xls
VirusShare_7fac56a8a4344910e09860dab52f84e0
svckost310.exe
226ff555555555555refresh.exe
aa
No comments. No VirusTotal Community member has commented on this item yet, be the first one to do so!

Leave your comment...

?
Post comment

You have not signed in. Only registered users can leave comments, sign in and have a voice!

No votes. No one has voted on this item yet, be the first one to do so!
Condensed report! The following is a condensed report of the behaviour of the file when executed in a controlled environment. The actions and events described were either performed by the file itself or by any other process launched by the executed file or subjected to code injection by the executed file.
Opened files
Moved files
Code injections in the following processes
Created mutexes
Runtime DLLs
UDP communications