× Cookies are disabled! This site requires cookies to be enabled to work properly
SHA256: 57a287065d2cfa4733e77106a3c8319cec089095ffcb0d1e0a2b9fa116913c79
File name: aso.exe
Detection ratio: 4 / 56
Analysis date: 2016-09-01 18:17:09 UTC ( 2 years, 6 months ago ) View latest
Antivirus Result Update
ESET-NOD32 a variant of Win32/Kryptik.FFMC 20160901
Sophos ML virtool.win32.injector.ge 20160830
Qihoo-360 HEUR/QVM10.1.0000.Malware.Gen 20160901
Symantec Heur.AdvML.B 20160901
Ad-Aware 20160901
AegisLab 20160901
AhnLab-V3 20160901
Alibaba 20160901
ALYac 20160901
Antiy-AVL 20160901
Arcabit 20160901
Avast 20160901
AVG 20160901
Avira (no cloud) 20160901
AVware 20160901
Baidu 20160901
BitDefender 20160901
Bkav 20160901
CAT-QuickHeal 20160901
ClamAV 20160901
CMC 20160901
Comodo 20160901
Cyren 20160901
DrWeb 20160901
Emsisoft 20160901
F-Prot 20160901
F-Secure 20160901
Fortinet 20160901
GData 20160901
Ikarus 20160901
Jiangmin 20160901
K7AntiVirus 20160901
K7GW 20160901
Kaspersky 20160901
Kingsoft 20160901
Malwarebytes 20160901
McAfee 20160901
McAfee-GW-Edition 20160901
Microsoft 20160901
eScan 20160901
NANO-Antivirus 20160901
nProtect 20160901
Panda 20160901
Rising 20160901
Sophos AV 20160901
SUPERAntiSpyware 20160831
Tencent 20160901
TheHacker 20160829
TrendMicro 20160901
TrendMicro-HouseCall 20160901
VBA32 20160831
VIPRE 20160831
ViRobot 20160901
Yandex 20160831
Zillya 20160901
Zoner 20160901
The file being studied is a Portable Executable file! More specifically, it is a Win32 EXE file for the Windows GUI subsystem.
PE header basic information
Target machine Intel 386 or later processors and compatible processors
Compilation timestamp 2016-08-31 12:31:34
Entry Point 0x0000E03C
Number of sections 5
PE sections
PE imports
GetTokenInformation
IsValidAcl
BuildExplicitAccessWithNameA
OpenServiceA
CryptAcquireContextA
GetUserNameW
GetSecurityDescriptorDacl
SetSecurityDescriptorDacl
QueryServiceObjectSecurity
AllocateAndInitializeSid
InitializeSecurityDescriptor
SetServiceObjectSecurity
InitializeAcl
SetEntriesInAclA
GetNamedSecurityInfoA
CloseServiceHandle
OpenSCManagerA
IsValidSecurityDescriptor
GetOpenFileNameA
ChooseFontA
CertFreeCertificateContext
CertOpenSystemStoreA
CertGetCertificateContextProperty
CertFindCertificateInStore
CertEnumCertificateContextProperties
GetDeviceCaps
GetCurrentObject
CreateRectRgn
TextOutW
GetTextExtentPointA
GetTextMetricsA
AddFontMemResourceEx
GetStockObject
TextOutA
CreateFontIndirectA
GetPaletteEntries
CombineRgn
SelectObject
SetBkColor
CreateCompatibleDC
DeleteObject
SetRectRgn
RemoveFontMemResourceEx
GetTcpTable
GetStdHandle
GetConsoleOutputCP
GetOverlappedResult
SetConsoleCursorPosition
FreeEnvironmentStringsA
CreatePipe
GetCurrentProcess
GetConsoleMode
GetLocaleInfoA
LocalAlloc
lstrcatA
FreeEnvironmentStringsW
SetStdHandle
WideCharToMultiByte
GetStringTypeA
WriteFile
GetSystemTimeAsFileTime
HeapReAlloc
GetStringTypeW
LocalFree
TlsGetValue
OutputDebugStringA
SetLastError
GetSystemTime
DeviceIoControl
ReadConsoleInputA
IsDebuggerPresent
ExitProcess
GetModuleFileNameA
UnhandledExceptionFilter
EnumSystemGeoID
MultiByteToWideChar
GetModuleHandleA
DeleteCriticalSection
SetUnhandledExceptionFilter
InterlockedDecrement
TerminateProcess
WriteConsoleA
SetEndOfFile
GetCurrentThreadId
InterlockedIncrement
WriteConsoleW
InitializeCriticalSectionAndSpinCount
HeapFree
EnterCriticalSection
SetHandleCount
LoadLibraryW
GetOEMCP
QueryPerformanceCounter
GetTickCount
SetConsoleTextAttribute
TlsAlloc
FlushFileBuffers
LoadLibraryA
RtlUnwind
GetStartupInfoA
GetWindowsDirectoryW
GetFileSize
GlobalLock
GetProcessHeap
GetComputerNameW
lstrcpyA
ResetEvent
GetProcAddress
CreateFileW
GetNumberOfConsoleInputEvents
GetFileType
TlsSetValue
CreateFileA
HeapAlloc
LeaveCriticalSection
GetLastError
FlushConsoleInputBuffer
LCMapStringW
SetConsoleMode
GetConsoleCP
LCMapStringA
GetEnvironmentStringsW
GlobalUnlock
GetEnvironmentStrings
GetCurrentProcessId
GetCPInfo
HeapSize
BackupRead
GetCommandLineA
RaiseException
TlsFree
SetFilePointer
ReadFile
CloseHandle
GetACP
GetModuleHandleW
IsValidCodePage
HeapCreate
VirtualFree
Sleep
VirtualAlloc
SafeArrayAccessData
SafeArrayGetLBound
SafeArrayUnlock
SafeArrayUnaccessData
OleCreatePictureIndirect
SysAllocString
SafeArrayCreate
SafeArrayGetUBound
SafeArrayLock
SafeArrayRedim
SysFreeString
VariantInit
PathStripToRootW
StrDupA
PathStripToRootA
linePrepareAddToConferenceA
BeginPaint
PostQuitMessage
DefWindowProcA
SetScrollPos
SetScrollRange
EndPaint
SetMenu
SetCapture
IsRectEmpty
GetDlgItemTextA
MessageBoxA
GetDC
RegisterClassExA
ReleaseDC
CreatePopupMenu
GetMenu
LoadStringA
SendMessageA
CreateMenu
GetDlgItem
SetMenuDefaultItem
MonitorFromWindow
InvalidateRect
GetSubMenu
CreateWindowExA
LoadCursorA
LoadIconA
IsDlgButtonChecked
GetDialogBaseUnits
wsprintfA
wsprintfW
GetWindowTextA
DestroyWindow
FindCloseUrlCache
EndPagePrinter
StartPagePrinter
StartDocPrinterA
OpenPrinterA
GetPrinterDataA
WritePrinter
EndDocPrinter
ClosePrinter
Ord(211)
Ord(143)
WTSEnumerateSessionsA
WTSQuerySessionInformationA
WTSFreeMemory
CoInitializeEx
CoUninitialize
CoInitialize
CreateItemMoniker
CreateStreamOnHGlobal
GetRunningObjectTable
CoCreateInstance
CoInitializeSecurity
CLSIDFromProgID
GetHGlobalFromStream
StringFromGUID2
CoSetProxyBlanket
OleUIInsertObjectW
PdhOpenQueryW
Number of PE resources by type
RT_STRING 6
RT_DIALOG 5
RT_GROUP_CURSOR 3
RT_CURSOR 3
RT_MANIFEST 1
Number of PE resources by language
ENGLISH US 18
PE resources
ExifTool file metadata
MIMEType
application/octet-stream

Subsystem
Windows GUI

MachineType
Intel 386 or later, and compatibles

FileTypeExtension
exe

TimeStamp
2016:08:31 13:31:34+01:00

FileType
Win32 EXE

PEType
PE32

CodeSize
114176

LinkerVersion
9.0

EntryPoint
0xe03c

InitializedDataSize
95744

SubsystemVersion
5.0

ImageVersion
0.0

OSVersion
5.0

UninitializedDataSize
0

File identification
MD5 0e225191249a5c29d3ab3caa638b12f5
SHA1 3789c3584c695d4af75e2194b2a283461737a4a9
SHA256 57a287065d2cfa4733e77106a3c8319cec089095ffcb0d1e0a2b9fa116913c79
ssdeep
3072:HI1PVJ/V/gUr3JraFd5FhycrhrYJe5TaF5HBCMaQYEUjJVt/ZmkJP1O:YP3VYUr3xahFhdrSJ4e5HPjyZZh

authentihash 59f814511c71d589d98c9c4de0e2c47d16c82ddf7e9ba6c387082568f1f1597e
imphash 8930409e0bebee8cdf0fe6be31dd528c
File size 206.0 KB ( 210944 bytes )
File type Win32 EXE
Magic literal
PE32 executable for MS Windows (GUI) Intel 80386 32-bit

TrID Win32 Executable MS Visual C++ (generic) (67.4%)
Win32 Dynamic Link Library (generic) (14.2%)
Win32 Executable (generic) (9.7%)
Generic Win/DOS Executable (4.3%)
DOS Executable Generic (4.3%)
Tags
peexe

VirusTotal metadata
First submission 2016-09-01 18:17:09 UTC ( 2 years, 6 months ago )
Last submission 2016-09-01 18:17:09 UTC ( 2 years, 6 months ago )
File names aso.exe
No comments. No VirusTotal Community member has commented on this item yet, be the first one to do so!

Leave your comment...

?
Post comment

You have not signed in. Only registered users can leave comments, sign in and have a voice!

No votes. No one has voted on this item yet, be the first one to do so!
Condensed report! The following is a condensed report of the behaviour of the file when executed in a controlled environment. The actions and events described were either performed by the file itself or by any other process launched by the executed file or subjected to code injection by the executed file.
Opened files
Read files
Created processes
Opened mutexes
Opened service managers
Runtime DLLs
UDP communications