× Cookies are disabled! This site requires cookies to be enabled to work properly
SHA256: 5777c21bcc6e2cd8ff1981544550d51c5a5e1570956a5cdee1e20a102e78b398
File name: other-Neutrino-EK-payload-Gootkit.exe
Detection ratio: 15 / 55
Analysis date: 2016-07-10 19:22:30 UTC ( 2 years, 7 months ago ) View latest
Antivirus Result Update
AhnLab-V3 Trojan/Win32.Ransom.N2043268436 20160710
Avast Win32:Trojan-gen 20160710
Avira (no cloud) TR/Crypt.ZPACK.mgfv 20160710
AVware Trojan.Win32.Generic!BT 20160710
Baidu Win32.Trojan.WisdomEyes.151026.9950.9994 20160706
Cyren W32/S-e2e07e9d!Eldorado 20160710
ESET-NOD32 Win32/TrojanDownloader.Agent.CFH 20160710
F-Prot W32/S-e2e07e9d!Eldorado 20160710
Kaspersky Trojan.Win32.Yakes.qbkp 20160710
McAfee Artemis!0C3FD79F7565 20160710
McAfee-GW-Edition BehavesLike.Win32.FakeAlertSecurityTool.dc 20160710
Microsoft TrojanDownloader:Win32/Talalpek.A 20160710
Qihoo-360 HEUR/QVM09.0.5342.Malware.Gen 20160710
TrendMicro TROJ_GEN.R011C0DGA16 20160710
VIPRE Trojan.Win32.Generic!BT 20160710
Ad-Aware 20160710
AegisLab 20160710
Alibaba 20160708
ALYac 20160710
Antiy-AVL 20160710
Arcabit 20160710
AVG 20160710
BitDefender 20160710
Bkav 20160708
CAT-QuickHeal 20160709
ClamAV 20160710
CMC 20160704
Comodo 20160710
DrWeb 20160710
Emsisoft 20160710
F-Secure 20160710
Fortinet 20160710
GData 20160710
Ikarus 20160710
Jiangmin 20160710
K7AntiVirus 20160710
K7GW 20160710
Kingsoft 20160710
Malwarebytes 20160710
eScan 20160710
NANO-Antivirus 20160710
nProtect 20160708
Panda 20160710
Sophos AV 20160710
SUPERAntiSpyware 20160710
Symantec 20160710
Tencent 20160710
TheHacker 20160709
TotalDefense 20160710
TrendMicro-HouseCall 20160710
VBA32 20160708
ViRobot 20160710
Yandex 20160709
Zillya 20160709
Zoner 20160710
The file being studied is a Portable Executable file! More specifically, it is a Win32 EXE file for the Windows GUI subsystem.
PE header basic information
Target machine Intel 386 or later processors and compatible processors
Compilation timestamp 2016-07-08 10:28:30
Entry Point 0x000034CE
Number of sections 4
PE sections
PE imports
RegOpenKeyExA
RegQueryValueExA
RegCloseKey
GetStdHandle
GetConsoleOutputCP
GetFileAttributesA
WaitForSingleObject
HeapDestroy
FreeEnvironmentStringsA
DeleteCriticalSection
GetCurrentProcess
GetConsoleMode
GetLocaleInfoA
LocalAlloc
lstrcatA
SetErrorMode
FreeEnvironmentStringsW
SetStdHandle
GetTempPathA
WideCharToMultiByte
GetStringTypeA
WriteFile
GetSystemTimeAsFileTime
GetDiskFreeSpaceA
GetStringTypeW
SetFileAttributesA
GetExitCodeProcess
LocalFree
MoveFileA
InitializeCriticalSection
FindClose
TlsGetValue
SetLastError
CopyFileA
ExitProcess
GetVersionExA
GetTempFileNameA
GetModuleFileNameA
SetProcessWorkingSetSize
LoadLibraryExA
GetPrivateProfileStringA
UnhandledExceptionFilter
InterlockedDecrement
MultiByteToWideChar
SetFilePointer
CreateThread
SetUnhandledExceptionFilter
MulDiv
GetSystemDirectoryA
TerminateProcess
WriteConsoleA
FreeUserPhysicalPages
GlobalAlloc
SearchPathA
SetEndOfFile
GetVersion
InterlockedIncrement
SetCurrentDirectoryA
WriteConsoleW
HeapFree
EnterCriticalSection
SetHandleCount
lstrcmpiA
GetOEMCP
QueryPerformanceCounter
CreateJobSet
GetTickCount
TlsAlloc
FlushFileBuffers
LoadLibraryA
RtlUnwind
FreeLibrary
GetStartupInfoA
GetFileSize
CreateDirectoryA
DeleteFileA
GetWindowsDirectoryA
GetFullPathNameA
GetProcAddress
GetProcessHeap
lstrcmpA
FindFirstFileA
GetComputerNameExW
FindNextFileA
ExpandEnvironmentStringsA
IsDebuggerPresent
GetFileType
TlsSetValue
CreateFileA
HeapAlloc
LeaveCriticalSection
GetLastError
LCMapStringW
lstrlenA
GlobalFree
GetConsoleCP
LCMapStringA
HeapReAlloc
GetThreadLocale
GetEnvironmentStringsW
GlobalUnlock
VirtualQuery
RemoveDirectoryA
GetShortPathNameA
GetEnvironmentStrings
CompareFileTime
WritePrivateProfileStringA
GetCurrentProcessId
SetFileTime
GetCPInfo
HeapSize
GetCommandLineA
RaiseException
TlsFree
GetModuleHandleA
ReadFile
CloseHandle
lstrcpynA
GetACP
GlobalLock
GetCurrentThreadId
CreateProcessA
HeapCreate
VirtualFree
Sleep
VirtualAlloc
CharPrevA
DrawTextA
BeginPaint
PostQuitMessage
DefWindowProcA
GetClassInfoA
IsWindow
DispatchMessageA
EnableWindow
SetDlgItemTextA
MessageBoxIndirectA
GetDlgItemTextA
MessageBoxA
PeekMessageA
SetWindowLongA
DialogBoxParamA
GetDC
SystemParametersInfoA
SetWindowTextA
LoadStringA
ShowWindow
FindWindowExA
SendMessageA
GetClientRect
CreateWindowExA
GetDlgItem
CreateDialogParamA
GetDCEx
InvalidateRect
wsprintfA
SendMessageTimeoutA
SetTimer
FillRect
CharNextA
CloseDesktop
LoadImageA
EndPaint
SetForegroundWindow
DestroyWindow
GetKeyboardType
ExitWindowsEx
OpenClipboard
Number of PE resources by type
RT_ACCELERATOR 2
RT_MANIFEST 1
Number of PE resources by language
ENGLISH AUS 2
ENGLISH US 1
PE resources
ExifTool file metadata
MIMEType
application/octet-stream

Subsystem
Windows GUI

SubsystemVersion
5.0

MachineType
Intel 386 or later, and compatibles

TimeStamp
2016:07:08 11:28:30+01:00

FileType
Win32 EXE

PEType
PE32

CodeSize
68096

LinkerVersion
9.0

FileTypeExtension
exe

InitializedDataSize
231424

ImageFileCharacteristics
No relocs, Executable, 32-bit

EntryPoint
0x34ce

OSVersion
5.0

ImageVersion
0.0

UninitializedDataSize
0

File identification
MD5 0c3fd79f7565ae56ba2db92eeb8a4ed2
SHA1 794b776db2627e451e130239964f8cb128b28393
SHA256 5777c21bcc6e2cd8ff1981544550d51c5a5e1570956a5cdee1e20a102e78b398
ssdeep
3072:I1UwfGgW3Ag0FuhCF4mEV+bYflQvs/SolH3yKyYxSdG7ItV97+zlZ:rH3AOu4mELAYfWySdGgeZ

authentihash 5228c6ab1380803210abfdd36775b302f52c225f8a91430e7b9a0517ba7b146f
imphash 2768119900c1b30d4c74396826a3e8e1
File size 222.0 KB ( 227328 bytes )
File type Win32 EXE
Magic literal
PE32 executable for MS Windows (GUI) Intel 80386 32-bit

TrID Win32 Executable MS Visual C++ (generic) (41.0%)
Win64 Executable (generic) (36.3%)
Win32 Dynamic Link Library (generic) (8.6%)
Win32 Executable (generic) (5.9%)
OS/2 Executable (generic) (2.6%)
Tags
peexe

VirusTotal metadata
First submission 2016-07-10 19:22:30 UTC ( 2 years, 7 months ago )
Last submission 2018-05-14 23:49:59 UTC ( 9 months, 1 week ago )
File names 2016-07-08-other-Neutrino-EK-payload-Gootkit.exe
5777c21bcc6e2cd8ff1981544550d51c5a5e1570956a5cdee1e20a102e78b398.exe
2016-07-08-other-Neutrino-EK-payload-Gootkit.exe
2016-07-08-other-Neutrino-EK-payload-Gootkit.exe
other-Neutrino-EK-payload-Gootkit.exe
2016-07-08-other-Neutrino-EK-payload-Gootkit.exe
Advanced heuristic and reputation engines
TrendMicro-HouseCall
TrendMicro's heuristic engine has flagged this file as: TROJ_GEN.R011C0DGA16.

No comments. No VirusTotal Community member has commented on this item yet, be the first one to do so!

Leave your comment...

?
Post comment

You have not signed in. Only registered users can leave comments, sign in and have a voice!

No votes. No one has voted on this item yet, be the first one to do so!
Condensed report! The following is a condensed report of the behaviour of the file when executed in a controlled environment. The actions and events described were either performed by the file itself or by any other process launched by the executed file or subjected to code injection by the executed file.
Opened files
Read files
Written files
Deleted files
Created processes
Code injections in the following processes
Created mutexes
Opened mutexes
Opened service managers
Opened services
Runtime DLLs
HTTP requests
DNS requests
TCP connections
UDP communications