× Cookies are disabled! This site requires cookies to be enabled to work properly
SHA256: 5a969489f91fbffd22d7a30246feb35c380d565ccd6a776254ad30c7f64b3e27
File name: 5a969489f91fbffd22d7a30246feb35c380d565ccd6a776254ad30c7f64b3e27.bin
Detection ratio: 33 / 55
Analysis date: 2016-08-15 01:55:04 UTC ( 2 years, 8 months ago ) View latest
Antivirus Result Update
Ad-Aware Trojan.GenericKD.3446802 20160814
AhnLab-V3 Trojan/Win32.Infostealer.N2072954954 20160814
ALYac Trojan.GenericKD.3446802 20160815
Antiy-AVL Trojan/Win32.BTSGeneric 20160815
Arcabit Trojan.Generic.D349812 20160814
Avast Win32:Malware-gen 20160815
AVG Atros3.CMON 20160815
Avira (no cloud) TR/Crypt.ZPACK.byfw 20160814
AVware Trojan.Win32.Generic!BT 20160814
BitDefender Trojan.GenericKD.3446802 20160814
Cyren W32/Trojan.VNHH-0746 20160815
Emsisoft Trojan.GenericKD.3446802 (B) 20160815
ESET-NOD32 Win32/TrojanDownloader.VB.QZI 20160814
F-Secure Trojan.GenericKD.3446802 20160814
Fortinet W32/VB.QZI!tr.dldr 20160815
GData Trojan.GenericKD.3446802 20160815
Ikarus Trojan-Downloader.Win32.VB 20160814
K7AntiVirus Trojan ( 004f5aec1 ) 20160814
K7GW Trojan ( 004f5aec1 ) 20160815
Kaspersky UDS:DangerousObject.Multi.Generic 20160815
McAfee Artemis!3C61932CB539 20160815
McAfee-GW-Edition BehavesLike.Win32.Sality.ch 20160815
Microsoft Trojan:Win32/Dynamer!ac 20160815
eScan Trojan.GenericKD.3446802 20160815
nProtect Trojan.GenericKD.3446802 20160812
Panda Trj/CI.A 20160814
Qihoo-360 Win32/Trojan.c63 20160815
Sophos AV Mal/Generic-S 20160814
TrendMicro TROJ_GEN.R011C0DHA16 20160815
TrendMicro-HouseCall TROJ_GEN.R011C0DHA16 20160815
VIPRE Trojan.Win32.Generic!BT 20160815
Yandex Trojan.DL.VB!qqX69mmonKQ 20160814
Zillya Trojan.Kryptik.Win32.933739 20160815
AegisLab 20160814
Alibaba 20160812
Baidu 20160813
Bkav 20160813
CAT-QuickHeal 20160813
ClamAV 20160814
CMC 20160811
Comodo 20160815
DrWeb 20160815
F-Prot 20160815
Jiangmin 20160815
Kingsoft 20160815
Malwarebytes 20160815
NANO-Antivirus 20160815
Rising 20160815
SUPERAntiSpyware 20160814
Symantec 20160815
Tencent 20160815
TheHacker 20160814
TotalDefense 20160814
VBA32 20160812
ViRobot 20160814
The file being studied is a Portable Executable file! More specifically, it is a Win32 EXE file for the Windows GUI subsystem.
FileVersionInfo properties
Copyright
Copyright (C) 2016

Product FirstOne
Internal name FirstOne
File version 1, 0, 0, 1
Description FirstOne
PE header basic information
Target machine Intel 386 or later processors and compatible processors
Compilation timestamp 2016-08-06 19:56:43
Entry Point 0x0000F46A
Number of sections 4
PE sections
PE imports
RegDeleteKeyA
RegOpenKeyA
RegCloseKey
RegQueryValueA
RegQueryValueExA
RegSetValueExA
RegCreateKeyExA
RegOpenKeyExA
RegEnumKeyA
SetMapMode
SaveDC
TextOutA
GetClipBox
GetDeviceCaps
OffsetViewportOrgEx
DeleteDC
RestoreDC
SetTextColor
CreateBitmap
RectVisible
GetStockObject
SetViewportOrgEx
ScaleWindowExtEx
ExtTextOutA
PtVisible
ScaleViewportExtEx
SelectObject
SetWindowExtEx
SetViewportExtEx
Escape
SetBkColor
DeleteObject
GetStdHandle
GetConsoleOutputCP
HeapDestroy
FreeEnvironmentStringsA
DeleteCriticalSection
GetCurrentProcess
GetConsoleMode
GetLocaleInfoA
LocalAlloc
lstrcatA
SetErrorMode
FreeEnvironmentStringsW
SetStdHandle
GetCPInfo
GetStringTypeA
InterlockedExchange
WriteFile
GetSystemTimeAsFileTime
EnumResourceLanguagesA
HeapReAlloc
GetStringTypeW
FreeLibrary
LocalFree
InitializeCriticalSection
LoadResource
GlobalHandle
TlsGetValue
FormatMessageA
SetLastError
GetModuleFileNameW
GlobalFindAtomA
HeapAlloc
FlushFileBuffers
GetModuleFileNameA
UnhandledExceptionFilter
InterlockedDecrement
MultiByteToWideChar
SetFilePointer
GlobalAddAtomA
SetUnhandledExceptionFilter
ConvertDefaultLocale
TerminateProcess
WriteConsoleA
GlobalAlloc
GetCurrentThreadId
InterlockedIncrement
WriteConsoleW
HeapFree
EnterCriticalSection
SetHandleCount
GetOEMCP
QueryPerformanceCounter
GetTickCount
TlsAlloc
GetVersionExA
LoadLibraryA
RtlUnwind
GetStartupInfoA
GlobalDeleteAtom
GlobalLock
GetProcessHeap
GlobalReAlloc
lstrcmpA
lstrcpyA
CompareStringA
lstrcmpW
GetProcAddress
IsDebuggerPresent
GetFileType
TlsSetValue
CreateFileA
ExitProcess
LeaveCriticalSection
GetLastError
LocalReAlloc
LCMapStringW
lstrlenA
GlobalFree
GetConsoleCP
LCMapStringA
GlobalGetAtomNameA
GetThreadLocale
GetEnvironmentStringsW
GlobalUnlock
GetEnvironmentStrings
WritePrivateProfileStringA
GetCurrentProcessId
LockResource
WideCharToMultiByte
HeapSize
GetCommandLineA
GetCurrentThread
RaiseException
TlsFree
GetModuleHandleA
ReadFile
GlobalFlags
CloseHandle
GetACP
GetVersion
SizeofResource
HeapCreate
VirtualFree
Sleep
FindResourceA
VirtualAlloc
VariantChangeType
VariantInit
VariantClear
PathFindFileNameA
PathFindExtensionA
GetForegroundWindow
SetMenuItemBitmaps
DestroyMenu
PostQuitMessage
GetMessagePos
LoadBitmapA
SetWindowPos
IsWindow
DispatchMessageA
GrayStringA
GetMessageTime
GetDC
GetCursorPos
DrawTextA
GetDlgCtrlID
GetClassInfoA
GetMenu
UnregisterClassA
SendMessageA
GetClientRect
CallNextHookEx
GetTopWindow
GetActiveWindow
GetWindowTextA
PtInRect
GetMessageA
GetParent
SetPropA
GetClassInfoExA
ShowWindow
GetPropA
ValidateRect
EnableWindow
PeekMessageA
TranslateMessage
IsWindowEnabled
GetWindow
GetWindowPlacement
IsIconic
RegisterClassA
TabbedTextOutA
GetWindowLongA
CreateWindowExA
CopyRect
GetSysColorBrush
DestroyWindow
MapWindowPoints
RegisterWindowMessageA
DefWindowProcA
GetSystemMetrics
EnableMenuItem
GetWindowRect
PostMessageA
SetWindowLongA
RemovePropA
SetWindowTextA
CheckMenuItem
GetSubMenu
GetLastActivePopup
GetDlgItem
GetMenuCheckMarkDimensions
ClientToScreen
GetClassLongA
LoadCursorA
LoadIconA
SetWindowsHookExA
GetMenuItemCount
GetMenuState
GetMenuItemID
SetForegroundWindow
ReleaseDC
GetCapture
DrawTextExA
GetWindowThreadProcessId
UnhookWindowsHookEx
MessageBoxA
AdjustWindowRectEx
GetSysColor
GetKeyState
SystemParametersInfoA
IsWindowVisible
WinHelpA
CallWindowProcA
GetClassNameA
GetFocus
ModifyMenuA
SetCursor
OpenPrinterA
DocumentPropertiesA
ClosePrinter
Number of PE resources by type
OMG 2
RT_VERSION 1
Number of PE resources by language
NEUTRAL 2
CHINESE SIMPLIFIED 1
PE resources
Debug information
ExifTool file metadata
SubsystemVersion
4.0

LinkerVersion
8.0

ImageVersion
0.0

FileSubtype
0

FileVersionNumber
1.0.0.1

UninitializedDataSize
0

LanguageCode
English (U.S.)

FileFlagsMask
0x0017

CharacterSet
Unicode

InitializedDataSize
45056

EntryPoint
0xf46a

MIMEType
application/octet-stream

LegalCopyright
Copyright (C) 2016

FileVersion
1, 0, 0, 1

TimeStamp
2016:08:06 20:56:43+01:00

FileType
Win32 EXE

PEType
PE32

InternalName
FirstOne

ProductVersion
1, 0, 0, 1

FileDescription
FirstOne

OSVersion
4.0

FileOS
Win32

Subsystem
Windows GUI

MachineType
Intel 386 or later, and compatibles

CodeSize
126976

ProductName
FirstOne

ProductVersionNumber
1.0.0.1

FileTypeExtension
exe

ObjectFileType
Executable application

File identification
MD5 3c61932cb53931fc57856d553198cc09
SHA1 1e133aa01356c8efac940b93559dc9377f5a7db2
SHA256 5a969489f91fbffd22d7a30246feb35c380d565ccd6a776254ad30c7f64b3e27
ssdeep
3072:ho6B2yFmjjDQypvi9OysdsGawoF/zFaDmryY8K+Hz7tLmV8:C6BFmjjDRvilXbnaDHKsmy

authentihash d464442074b404c7f79600d2aa01929a1bb8d16e0022794d90211bbc8d85fbaa
imphash f182b3dbb4057a263c279041c0c98941
File size 172.0 KB ( 176128 bytes )
File type Win32 EXE
Magic literal
PE32 executable for MS Windows (GUI) Intel 80386 32-bit

TrID Win32 Executable MS Visual C++ (generic) (42.2%)
Win64 Executable (generic) (37.3%)
Win32 Dynamic Link Library (generic) (8.8%)
Win32 Executable (generic) (6.0%)
Generic Win/DOS Executable (2.7%)
Tags
peexe

VirusTotal metadata
First submission 2016-08-15 01:55:04 UTC ( 2 years, 8 months ago )
Last submission 2018-01-07 02:55:17 UTC ( 1 year, 3 months ago )
File names 5a969489f91fbffd22d7a30246feb35c380d565ccd6a776254ad30c7f64b3e27.bin
FirstOne
WEVTUTIL.EXE
No comments. No VirusTotal Community member has commented on this item yet, be the first one to do so!

Leave your comment...

?
Post comment

You have not signed in. Only registered users can leave comments, sign in and have a voice!

No votes. No one has voted on this item yet, be the first one to do so!
Condensed report! The following is a condensed report of the behaviour of the file when executed in a controlled environment. The actions and events described were either performed by the file itself or by any other process launched by the executed file or subjected to code injection by the executed file.
Created processes
Opened mutexes
Hooking activity
Runtime DLLs
Additional details
The file installs an application-defined hook procedure into a hook chain. You would install a hook procedure to monitor the system for certain types of events. These events are associated either with a specific thread or with all threads in the same desktop as the calling thread. This is done making use of the SetWindowsHook Windows API function.
UDP communications