× Cookies are disabled! This site requires cookies to be enabled to work properly
SHA256: 57896a0c882a6a01373c59e3cee8b9e7d82fc623ec65c7f37195f298f99cd080
File name: 4.exe
Detection ratio: 48 / 60
Analysis date: 2017-03-30 04:00:05 UTC ( 2 years, 1 month ago ) View latest
Antivirus Result Update
Ad-Aware Trojan.Lethic.Gen.9 20170330
AegisLab Backdoor.W32.Kasidet!c 20170330
AhnLab-V3 Trojan/Win32.Upbot.R168731 20170329
Antiy-AVL Trojan/Win32.AGeneric 20170330
Arcabit Trojan.Lethic.Gen.9 20170330
Avast Win32:Dorder-AB [Trj] 20170330
AVG Crypt_r.ALP 20170330
Avira (no cloud) TR/Crypt.Xpack.321242 20170330
AVware Trojan.Win32.Generic!BT 20170330
Baidu Win32.Trojan.Kryptik.sf 20170329
BitDefender Trojan.Lethic.Gen.9 20170330
CAT-QuickHeal Ransom.Crowti.WR7 20170329
Comodo TrojWare.Win32.Midie.EEY 20170330
CrowdStrike Falcon (ML) malicious_confidence_100% (W) 20170130
Cyren W32/Agent.XL.gen!Eldorado 20170330
DrWeb Trojan.PWS.Steam.8692 20170330
Emsisoft Trojan.Lethic.Gen.9 (B) 20170330
Endgame malicious (high confidence) 20170329
ESET-NOD32 a variant of Win32/Kryptik.EFDN 20170330
F-Prot W32/Agent.XL.gen!Eldorado 20170330
F-Secure Trojan.Lethic.Gen.9 20170330
Fortinet W32/Kryptik.EFLY!tr 20170330
GData Trojan.Lethic.Gen.9 20170330
Ikarus Trojan.Win32.Crypt 20170329
Sophos ML trojan.win32.lethic.b 20170203
Jiangmin TrojanProxy.Lethic.fc 20170329
K7AntiVirus Trojan ( 004d6ed41 ) 20170329
K7GW Trojan ( 004d6ed41 ) 20170330
Kaspersky HEUR:Trojan.Win32.Generic 20170330
McAfee Artemis!B0C224C34778 20170330
McAfee-GW-Edition BehavesLike.Win32.Ransomware.dm 20170330
Microsoft Backdoor:Win32/Kasidet.C 20170330
eScan Trojan.Lethic.Gen.9 20170329
NANO-Antivirus Trojan.Win32.Steam.dyvcno 20170330
Palo Alto Networks (Known Signatures) generic.ml 20170330
Panda Trj/GdSda.A 20170329
Qihoo-360 Win32/Trojan.b51 20170330
Rising Trojan.Generic (cloud:H7caQNvuwCO) 20170330
SentinelOne (Static ML) static engine - malicious 20170315
Sophos AV Troj/Lethic-Z 20170330
Symantec Trojan.Gen 20170329
Tencent Win32.Trojan.Kryptik.Peza 20170330
VIPRE Trojan.Win32.Generic!BT 20170330
ViRobot Trojan.Win32.Z.Kasidet.299520.A[h] 20170330
Webroot Malicious 20170330
Yandex Backdoor.Kasidet! 20170327
Zillya Trojan.Kryptik.Win32.906318 20170329
ZoneAlarm by Check Point HEUR:Trojan.Win32.Generic 20170330
Alibaba 20170330
ALYac 20170330
Bkav 20170329
ClamAV 20170329
CMC 20170330
Kingsoft 20170330
Malwarebytes 20170330
nProtect 20170330
SUPERAntiSpyware 20170330
Symantec Mobile Insight 20170329
TheHacker 20170327
TotalDefense 20170329
TrendMicro 20170330
Trustlook 20170330
VBA32 20170329
WhiteArmor 20170327
The file being studied is a Portable Executable file! More specifically, it is a Win32 EXE file for the Windows GUI subsystem.
PE header basic information
Target machine Intel 386 or later processors and compatible processors
Compilation timestamp 2015-11-16 16:38:52
Entry Point 0x000109B2
Number of sections 4
PE sections
PE imports
CreateToolbarEx
InitCommonControlsEx
ImageList_Destroy
_TrackMouseEvent
ImageList_SetBkColor
ImageList_Create
ImageList_Remove
ImageList_ReplaceIcon
SetMapMode
SaveDC
TextOutA
CreateFontIndirectA
CombineRgn
GetClipBox
GetObjectA
OffsetViewportOrgEx
DeleteDC
RestoreDC
SetBkMode
SelectObject
BitBlt
SetTextColor
GetDeviceCaps
CreateBitmap
RectVisible
GetStockObject
SetViewportOrgEx
ScaleWindowExtEx
ExtTextOutA
PtVisible
GetDIBits
CreateCompatibleDC
StretchBlt
GetBkColor
ScaleViewportExtEx
CreateRectRgn
SetViewportExtEx
SetWindowExtEx
Escape
SetBkColor
DeleteObject
CreateCompatibleBitmap
GetStdHandle
GetConsoleOutputCP
GetFileAttributesA
WaitForSingleObject
HeapAlloc
FreeEnvironmentStringsA
DeleteCriticalSection
GetCurrentProcess
GetConsoleMode
GetLocaleInfoA
FreeEnvironmentStringsW
GetLocaleInfoW
SetStdHandle
WideCharToMultiByte
GetStringTypeA
WriteFile
GetSystemTimeAsFileTime
EnumResourceLanguagesA
HeapReAlloc
GetStringTypeW
GetExitCodeProcess
LocalFree
LoadResource
FindClose
TlsGetValue
FormatMessageA
SetLastError
GetModuleFileNameW
IsDebuggerPresent
ExitProcess
FlushFileBuffers
GetModuleFileNameA
EnumSystemLocalesA
UnhandledExceptionFilter
InterlockedDecrement
MultiByteToWideChar
GetModuleHandleA
GlobalAddAtomA
SetUnhandledExceptionFilter
ConvertDefaultLocale
MulDiv
GetSystemDirectoryA
SetEnvironmentVariableA
TerminateProcess
WriteConsoleA
GlobalAlloc
GetVersion
InterlockedIncrement
WriteConsoleW
InitializeCriticalSectionAndSpinCount
HeapFree
EnterCriticalSection
SetHandleCount
GetOEMCP
QueryPerformanceCounter
GetTickCount
TlsAlloc
GetVersionExA
LoadLibraryA
RtlUnwind
FreeLibrary
GetStartupInfoA
GetDateFormatA
GlobalDeleteAtom
GetUserDefaultLCID
CompareStringW
lstrcmpA
FindFirstFileA
lstrcpyA
CompareStringA
GetTempFileNameA
IsValidLocale
lstrcmpW
GetProcAddress
GetTimeZoneInformation
GlobalFindAtomA
GetFileType
TlsSetValue
CreateFileA
GetCurrentThreadId
LeaveCriticalSection
GetLastError
LCMapStringW
lstrlenA
GlobalFree
GetConsoleCP
LCMapStringA
GlobalGetAtomNameA
GetEnvironmentStringsW
GlobalUnlock
GetEnvironmentStrings
GetCurrentProcessId
LockResource
GetCPInfo
HeapSize
GetCommandLineA
GetCurrentThread
RaiseException
TlsFree
SetFilePointer
ReadFile
CloseHandle
lstrcpynA
GetPriorityClass
GetACP
GlobalLock
GetModuleHandleW
FreeResource
SizeofResource
CreateProcessA
IsValidCodePage
HeapCreate
VirtualFree
Sleep
FindResourceA
VirtualAlloc
GetTimeFormatA
SHGetFileInfoA
DragFinish
DragAcceptFiles
SHBrowseForFolderA
DragQueryFileA
SHGetPathFromIDListA
SHGetMalloc
ShellExecuteA
PathFindFileNameA
PathFindExtensionA
MapWindowPoints
SetFocus
GetParent
SystemParametersInfoA
EndDialog
KillTimer
ShowWindow
MessageBeep
LoadMenuW
SetWindowPos
SendDlgItemMessageA
GetWindowRect
DispatchMessageA
EnableWindow
SetDlgItemTextA
PostMessageA
GetDlgItemTextA
MessageBoxA
PeekMessageA
IsCharAlphaA
TranslateMessage
DialogBoxParamA
GetWindow
GetSysColor
LoadStringA
SetWindowLongA
ReleaseDC
CharNextExA
SetWindowTextA
GetWindowLongA
SendMessageA
GetClientRect
CreateWindowExA
GetDlgItem
CreateDialogParamA
ScreenToClient
wsprintfA
SetTimer
CharNextA
GetDesktopWindow
GetClassNameA
GetDC
GetWindowTextA
DestroyWindow
OpenPrinterA
DocumentPropertiesA
ClosePrinter
Number of PE resources by type
RT_GROUP_CURSOR 8
RT_CURSOR 8
RT_MANIFEST 1
Number of PE resources by language
ENGLISH US 17
PE resources
ExifTool file metadata
MIMEType
application/octet-stream

Subsystem
Windows GUI

MachineType
Intel 386 or later, and compatibles

FileTypeExtension
exe

TimeStamp
2015:11:16 17:38:52+01:00

FileType
Win32 EXE

PEType
PE32

CodeSize
146432

LinkerVersion
9.0

EntryPoint
0x109b2

InitializedDataSize
152064

SubsystemVersion
5.0

ImageVersion
0.0

OSVersion
5.0

UninitializedDataSize
0

File identification
MD5 b0c224c34778f136f1b1f12922c67045
SHA1 2866b4ceca9433c423f2f301cf00cac348e412a5
SHA256 57896a0c882a6a01373c59e3cee8b9e7d82fc623ec65c7f37195f298f99cd080
ssdeep
3072:6vENvPuxtnmG1zq9yI6G//wA+lOu/nJUdt3GeNiSajYY32x:6vSv61YycX8OUn+dt31/g34

authentihash bcda626e17ee98542868786a07066e8e02f971557dbbb0e58dd8c2a60d64cd6f
imphash bfb3ea6b10e26ac9eb08d3da3824789a
File size 292.5 KB ( 299520 bytes )
File type Win32 EXE
Magic literal
PE32 executable for MS Windows (GUI) Intel 80386 32-bit

TrID Win32 Executable MS Visual C++ (generic) (42.2%)
Win64 Executable (generic) (37.3%)
Win32 Dynamic Link Library (generic) (8.8%)
Win32 Executable (generic) (6.0%)
Generic Win/DOS Executable (2.7%)
Tags
peexe

VirusTotal metadata
First submission 2015-11-16 16:57:55 UTC ( 3 years, 6 months ago )
Last submission 2015-11-16 17:57:14 UTC ( 3 years, 6 months ago )
File names B0C224C34778F136F1B1F12922C67045
4.exe
nut50a478.exe
cfa0.exe
nut478.exe
No comments. No VirusTotal Community member has commented on this item yet, be the first one to do so!

Leave your comment...

?
Post comment

You have not signed in. Only registered users can leave comments, sign in and have a voice!

No votes. No one has voted on this item yet, be the first one to do so!
Condensed report! The following is a condensed report of the behaviour of the file when executed in a controlled environment. The actions and events described were either performed by the file itself or by any other process launched by the executed file or subjected to code injection by the executed file.
Opened files
Created processes
Created mutexes
Opened mutexes
Searched windows
Runtime DLLs
Additional details
The file uses the IsDebuggerPresent Windows API function in order to see whether it is being debugged.