× Cookies are disabled! This site requires cookies to be enabled to work properly
SHA256: 5911f6c109c436c1004a3e6b724b7b775c86969e31d341742453ba4e140cb8da
File name: 2015-07-07-Angler-EK-Payload.exe
Detection ratio: 12 / 55
Analysis date: 2015-07-08 13:11:37 UTC ( 2 years, 2 months ago ) View latest
Antivirus Result Update
Avast Win32:Malware-gen 20150708
AVG Crypt4.BFEH 20150708
Baidu-International Adware.Win32.iBryte.DOZY 20150708
DrWeb Trojan.PWS.Tinba.153 20150708
ESET-NOD32 a variant of Win32/Kryptik.DOZY 20150708
K7AntiVirus Trojan ( 004c7c8b1 ) 20150708
K7GW Trojan ( 004c7c8b1 ) 20150708
Kaspersky Trojan.Win32.Agent.neshvm 20150708
Malwarebytes Trojan.Tinba 20150708
Panda Trj/Chgt.O 20150708
Qihoo-360 HEUR/QVM20.1.Malware.Gen 20150708
Tencent Win32.Trojan.Bp-generic.Ixrn 20150708
Ad-Aware 20150708
AegisLab 20150708
Yandex 20150707
AhnLab-V3 20150708
Alibaba 20150630
ALYac 20150708
Antiy-AVL 20150708
Arcabit 20150708
Avira (no cloud) 20150708
AVware 20150708
BitDefender 20150708
Bkav 20150708
ByteHero 20150708
CAT-QuickHeal 20150708
ClamAV 20150708
Comodo 20150708
Cyren 20150708
Emsisoft 20150708
F-Prot 20150708
F-Secure 20150708
Fortinet 20150708
GData 20150708
Ikarus 20150708
Jiangmin 20150707
Kingsoft 20150708
McAfee 20150708
McAfee-GW-Edition 20150708
Microsoft 20150708
eScan 20150708
NANO-Antivirus 20150708
nProtect 20150708
Rising 20150707
Sophos AV 20150708
SUPERAntiSpyware 20150708
Symantec 20150708
TheHacker 20150707
TrendMicro 20150708
TrendMicro-HouseCall 20150708
VBA32 20150707
VIPRE 20150708
ViRobot 20150708
Zillya 20150708
Zoner 20150708
The file being studied is a Portable Executable file! More specifically, it is a Win32 EXE file for the Windows GUI subsystem.
PE header basic information
Target machine Intel 386 or later processors and compatible processors
Compilation timestamp 2012-01-23 10:41:21
Entry Point 0x0000636C
Number of sections 4
PE sections
PE imports
CoCreateActivity
CoLoadServices
SafeRef
CreateWaitableTimerW
DeviceIoControl
GetStartupInfoA
GetDateFormatA
GetFileSize
GetModuleHandleA
GetVolumePathNameA
CreateMutexA
DeleteFileA
WriteConsoleW
GetDiskFreeSpaceA
WriteFile
GetTickCount
CompareStringA
GetProcAddress
WaitForSingleObjectEx
GetACP
GetLocalTime
GetLocaleInfoW
SE_InstallBeforeInit
SE_IsShimDll
SE_ProcessDying
SE_DllLoaded
SE_InstallAfterInit
CreateDesktopA
GetMessageW
MessageBoxA
DialogBoxParamW
GetClassInfoW
PeekMessageA
GetFocus
wsprintfW
DrawTextW
CharToOemA
Number of PE resources by type
RT_ICON 1
RT_VERSION 1
RT_RCDATA 1
Number of PE resources by language
NEUTRAL 3
PE resources
Debug information
ExifTool file metadata
MIMEType
application/octet-stream

Subsystem
Windows GUI

MachineType
Intel 386 or later, and compatibles

FileTypeExtension
exe

TimeStamp
2012:01:23 11:41:21+01:00

FileType
Win32 EXE

PEType
PE32

CodeSize
36864

LinkerVersion
6.0

Warning
Possibly corrupt Version resource

EntryPoint
0x636c

InitializedDataSize
28672

SubsystemVersion
4.0

ImageVersion
0.0

OSVersion
4.0

UninitializedDataSize
0

File identification
MD5 1076e8d21a2f6aeb71f7be1939657d41
SHA1 1fad4d8fec0ba988d66bf05141a115995bca5d88
SHA256 5911f6c109c436c1004a3e6b724b7b775c86969e31d341742453ba4e140cb8da
ssdeep
1536:CHV9gXaKwpwavJwYlzVfxsqQCwP7LllEsFyy:CjgPwpDJz/QCgLDxFyy

authentihash 66d3ce32a0e9a8e251354381eac2793dc3cec6d1369b710f91c44471add55453
imphash cb20afee07473a5f40857b5aa3d96163
File size 68.0 KB ( 69632 bytes )
File type Win32 EXE
Magic literal
PE32 executable for MS Windows (GUI) Intel 80386 32-bit

TrID Win32 Dynamic Link Library (generic) (43.5%)
Win32 Executable (generic) (29.8%)
Generic Win/DOS Executable (13.2%)
DOS Executable Generic (13.2%)
Tags
peexe

VirusTotal metadata
First submission 2015-07-08 12:22:36 UTC ( 2 years, 2 months ago )
Last submission 2016-12-05 08:00:10 UTC ( 9 months, 2 weeks ago )
File names 2015-07-07-Angler-EK-Payload.exe
KB15240484.exe
Advanced heuristic and reputation engines
TrendMicro-HouseCall
TrendMicro's heuristic engine has flagged this file as: TROJ_GEN.R034E01J915.

Symantec reputation Suspicious.Insight
No comments. No VirusTotal Community member has commented on this item yet, be the first one to do so!

Leave your comment...

?
Post comment

You have not signed in. Only registered users can leave comments, sign in and have a voice!

No votes. No one has voted on this item yet, be the first one to do so!
Condensed report! The following is a condensed report of the behaviour of the file when executed in a controlled environment. The actions and events described were either performed by the file itself or by any other process launched by the executed file or subjected to code injection by the executed file.
Opened files
Read files
Written files
Created processes
Code injections in the following processes
Created mutexes
Opened mutexes
Runtime DLLs
HTTP requests
DNS requests
TCP connections