× Cookies are disabled! This site requires cookies to be enabled to work properly
SHA256: 5b62f31b10cd19548ce294929827bf39d5c9c91ce5cc18391308b983363bf80f
File name: 4826e1b51599e3eeaa792e9621170324.virus
Detection ratio: 34 / 57
Analysis date: 2016-11-02 23:10:18 UTC ( 2 years, 3 months ago ) View latest
Antivirus Result Update
Ad-Aware Gen:Variant.Razy.103005 20161102
AhnLab-V3 Backdoor/Win32.Vawtrak.N2144688670 20161102
ALYac Gen:Variant.Razy.103005 20161102
Antiy-AVL Trojan[Backdoor]/Win32.Androm 20161102
Arcabit Trojan.Razy.D1925D 20161102
Avast Win32:Trojan-gen 20161102
AVG Crypt6.HZX 20161102
AVware Trojan.Win32.Generic!BT 20161102
Baidu Win32.Trojan.WisdomEyes.16070401.9500.9999 20161101
BitDefender Gen:Variant.Razy.103005 20161102
Bkav HW32.Packed.47DC 20161102
CrowdStrike Falcon (ML) malicious_confidence_100% (D) 20161024
DrWeb Trojan.PWS.Papras.2166 20161102
Emsisoft Gen:Variant.Razy.103005 (B) 20161102
ESET-NOD32 a variant of Win32/Kryptik.FIRP 20161102
F-Secure Gen:Variant.Razy.103005 20161102
Fortinet W32/Generic!tr 20161102
GData Gen:Variant.Razy.103005 20161102
Sophos ML virtool.win32.injector.ge 20161018
K7GW Trojan ( 004fc1861 ) 20161102
Kaspersky HEUR:Trojan.Win32.Generic 20161102
Microsoft Backdoor:Win32/Vawtrak.E 20161102
eScan Gen:Variant.Razy.103005 20161102
NANO-Antivirus Trojan.Win32.Papras.ehzeow 20161102
Panda Trj/GdSda.A 20161102
Qihoo-360 HEUR/QVM20.1.0000.Malware.Gen 20161103
Rising Malware.Generic!laGW8isFBrT@2 (thunder) 20161102
Sophos AV Mal/Generic-S 20161102
Symantec Trojan.Gen 20161102
Tencent Win32.Trojan.Kryptik.Pbpe 20161103
TrendMicro TROJ_GEN.R00XC0DK216 20161102
TrendMicro-HouseCall TROJ_GEN.R00XC0DK216 20161102
VIPRE Trojan.Win32.Generic!BT 20161102
Yandex Backdoor.Vawtrak! 20161102
AegisLab 20161102
Alibaba 20161102
Avira (no cloud) 20161102
CAT-QuickHeal 20161102
ClamAV 20161102
CMC 20161102
Comodo 20161102
Cyren 20161102
F-Prot 20161102
Ikarus 20161102
Jiangmin 20161103
K7AntiVirus 20161102
Kingsoft 20161103
Malwarebytes 20161102
McAfee 20161102
McAfee-GW-Edition 20161102
nProtect 20161101
SUPERAntiSpyware 20161102
TheHacker 20161101
TotalDefense 20161028
VBA32 20161102
ViRobot 20161102
Zillya 20161102
Zoner 20161102
The file being studied is a Portable Executable file! More specifically, it is a Win32 EXE file for the Windows GUI subsystem.
FileVersionInfo properties
Copyright
(c) simplitec GmbH. All rights reserved.

Product Simplitec CrashLogMailer
Original name CrashLogMailer.exe
File version 1.0.0.1020
Description CrashLogMailer
PE header basic information
Target machine Intel 386 or later processors and compatible processors
Compilation timestamp 2015-10-12 03:15:33
Entry Point 0x000036BD
Number of sections 9
PE sections
PE imports
GetStockObject
UnlockFile
GetLastError
GetCurrencyFormatA
CopyFileW
GetUserDefaultLangID
CopyFileExA
InterlockedPopEntrySList
lstrlenA
SetTapeParameters
SetCommState
GetOEMCP
GetCommConfig
GetTimeFormatW
DebugBreak
DisableThreadLibraryCalls
GetCommMask
VirtualProtect
GetFileAttributesW
LockFile
LoadLibraryA
GetSystemDefaultLangID
GetProfileIntA
CreateRemoteThread
GetComputerNameA
GetCurrentProcess
GetPriorityClass
GetProcessIoCounters
GetPrivateProfileStringA
GetCurrentProcessId
AddAtomA
OpenProcess
SetFilePointer
FreeLibrary
GetEnvironmentVariableA
FindActCtxSectionStringA
DeleteFileW
DefineDosDeviceA
GetPrivateProfileStringW
GetCurrentThread
GetComputerNameW
AssignProcessToJobObject
RaiseException
CheckRemoteDebuggerPresent
GetPrivateProfileSectionW
GetSystemDefaultUILanguage
GetModuleHandleA
DebugBreakProcess
ReadFile
InterlockedExchange
WriteFile
CreateMemoryResourceNotification
CloseHandle
CreateTimerQueueTimer
GetCompressedFileSizeA
GetNumberOfConsoleMouseButtons
SetThreadIdealProcessor
SetComputerNameA
GetProcAddress
SetPriorityClass
GetExitCodeProcess
FindAtomW
ConnectNamedPipe
AllocateUserPhysicalPages
GetProcessShutdownParameters
GetNumberFormatA
UTRegister
FindFirstVolumeA
TlsGetValue
TerminateProcess
DeleteTimerQueueEx
CreateFileA
CreateMutexW
GetCurrentThreadId
LocalAlloc
ASN1CEREncZeroMultibyteString
ASN1BERDecZeroChar16String
ASN1BERDecSkip
ASN1BERDecU32Val
ASN1intx2int32
ASN1BERDecCheck
ASN1charstring_free
ASN1BERDecZeroChar32String
ASN1BERDecObjectIdentifier2
ASN1BERDecOpenType
ASN1BERDecS32Val
ASN1open_free
ASN1BEREncLength
ASN1BEREncOpenType
ASN1BERDecBitString2
ASN1_CreateDecoderEx
ASN1CEREncMultibyteString
ASN1bitstring_cmp
ASN1_CreateEncoder
ASN1_CloseEncoder2
ASN1ztchar32string_free
ASN1ztchar16string_free
ASN1BERDecUTF8String
ReadProcessorPwrScheme
ValidatePowerPolicies
IsPwrShutdownAllowed
WriteProcessorPwrScheme
CanUserWritePwrScheme
GetPwrCapabilities
IsPwrSuspendAllowed
ReadGlobalPwrPolicy
EnumPwrSchemes
MergeLegacyPwrScheme
DeletePwrScheme
CallNtPowerInformation
IsPwrHibernateAllowed
LoadCurrentPwrScheme
GetPwrDiskSpindownRange
IsAdminOverrideActive
WritePwrScheme
GetForegroundWindow
LoadMenuA
FindWindowW
FindWindowA
RegisterClassExW
GetClassNameA
LoadCursorFromFileW
GetWindow
RegisterClassExA
GetClientRect
IsIconic
GetSubMenu
FindWindowExA
LoadCursorA
LoadIconA
GetActiveWindow
AdjustWindowRect
CopyRect
GetSysColorBrush
LoadCursorW
LoadIconW
GetFocus
GetWindowLongW
OleUIEditLinksW
OleUIChangeIconW
OleUIInsertObjectW
OleUIAddVerbMenuW
OleUIObjectPropertiesW
OleUIBusyW
OleUIPasteSpecialW
OleUIChangeSourceW
OleUIUpdateLinksW
Number of PE resources by type
RT_ICON 10
RT_DIALOG 2
RT_GROUP_ICON 2
RT_ACCELERATOR 1
RT_BITMAP 1
RT_VERSION 1
Number of PE resources by language
NEUTRAL DEFAULT 17
PE resources
ExifTool file metadata
SubsystemVersion
5.0

LinkerVersion
14.0

ImageVersion
0.0

FileSubtype
0

FileVersionNumber
1.0.0.1020

UninitializedDataSize
0

LanguageCode
Neutral

FileFlagsMask
0x003f

CharacterSet
Unicode

InitializedDataSize
98304

EntryPoint
0x36bd

OriginalFileName
CrashLogMailer.exe

MIMEType
application/octet-stream

LegalCopyright
(c) simplitec GmbH. All rights reserved.

FileVersion
1.0.0.1020

TimeStamp
2015:10:12 04:15:33+01:00

FileType
Win32 EXE

PEType
PE32

ProductVersion
2.0.0.0

FileDescription
CrashLogMailer

OSVersion
5.0

FileOS
Windows NT 32-bit

Subsystem
Windows GUI

MachineType
Intel 386 or later, and compatibles

CompanyName
simplitec GmbH

CodeSize
77824

ProductName
Simplitec CrashLogMailer

ProductVersionNumber
2.0.0.0

FileTypeExtension
exe

ObjectFileType
Executable application

File identification
MD5 4826e1b51599e3eeaa792e9621170324
SHA1 7194f3472a1bbe2d53e269530c2cd2c6302b6bae
SHA256 5b62f31b10cd19548ce294929827bf39d5c9c91ce5cc18391308b983363bf80f
ssdeep
3072:INjHKcBc0Gh4Un0k/RK9fPB8ML6DcSS1kXIbOhLNFkSbHr3QfKbPr4SZkmjj:MjnBc72UnV/KSPdR

authentihash 214b644cd372bfbd931d4d7db454060c99fa3e7146edb33657e18d8c4a860426
imphash 3dcaaccccf98c6ca6141ad9f5789fdc0
File size 200.0 KB ( 204800 bytes )
File type Win32 EXE
Magic literal
PE32 executable for MS Windows (GUI) Intel 80386 32-bit

TrID Win32 Executable MS Visual C++ (generic) (67.3%)
Win32 Dynamic Link Library (generic) (14.1%)
Win32 Executable (generic) (9.7%)
Generic Win/DOS Executable (4.3%)
DOS Executable Generic (4.3%)
Tags
peexe

VirusTotal metadata
First submission 2016-11-02 23:10:18 UTC ( 2 years, 3 months ago )
Last submission 2016-11-02 23:10:18 UTC ( 2 years, 3 months ago )
File names 4826e1b51599e3eeaa792e9621170324.virus
CrashLogMailer.exe
No comments. No VirusTotal Community member has commented on this item yet, be the first one to do so!

Leave your comment...

?
Post comment

You have not signed in. Only registered users can leave comments, sign in and have a voice!

No votes. No one has voted on this item yet, be the first one to do so!
Condensed report! The following is a condensed report of the behaviour of the file when executed in a controlled environment. The actions and events described were either performed by the file itself or by any other process launched by the executed file or subjected to code injection by the executed file.
Opened files
Read files
Written files
Code injections in the following processes
Created mutexes
Searched windows
Runtime DLLs