× Cookies are disabled! This site requires cookies to be enabled to work properly
SHA256: 5cf89991284ffde6be3484be9f8f889b6d2e9cc3e251e21ef62ef2a06034c90b
File name: f4d75444d2ce9c9a7af95740c0ebf2205b24445a
Detection ratio: 27 / 54
Analysis date: 2016-06-27 22:35:39 UTC ( 2 years, 7 months ago ) View latest
Antivirus Result Update
Ad-Aware Trojan.GenericKD.3348638 20160627
AhnLab-V3 Malware/Win32.Generic.N2034177660 20160627
Arcabit Trojan.Generic.D33189E 20160627
Avast Win32:Malware-gen 20160627
AVG Crypt5.BTZA 20160627
Avira (no cloud) TR/Crypt.ZPACK.cxvp 20160627
AVware Trojan.Win32.Generic!BT 20160627
Baidu Win32.Trojan.WisdomEyes.151026.9950.9998 20160627
BitDefender Trojan.GenericKD.3348638 20160627
Emsisoft Trojan.GenericKD.3348638 (B) 20160627
ESET-NOD32 a variant of Win32/Kryptik.FAWM 20160627
F-Secure Trojan.GenericKD.3348638 20160627
Fortinet W32/Kryptik.FAWM!tr 20160627
GData Trojan.GenericKD.3348638 20160627
K7AntiVirus Trojan ( 004f2e561 ) 20160627
Kaspersky UDS:DangerousObject.Multi.Generic 20160627
Malwarebytes Trojan.MalPack 20160627
McAfee Artemis!2B09AF3DBF91 20160627
McAfee-GW-Edition BehavesLike.Win32.Ransom.cc 20160627
Microsoft TrojanDownloader:Win32/Talalpek.A 20160627
eScan Trojan.GenericKD.3348638 20160627
nProtect Trojan.GenericKD.3348638 20160627
Qihoo-360 HEUR/QVM20.1.0000.Malware.Gen 20160627
Sophos AV Mal/Generic-S 20160627
Symantec Trojan Horse 20160627
Tencent Win32.Trojan.Kryptik.Hqbx 20160627
VIPRE Trojan.Win32.Generic!BT 20160627
AegisLab 20160627
Alibaba 20160627
ALYac 20160627
Antiy-AVL 20160627
Baidu-International 20160614
CAT-QuickHeal 20160627
ClamAV 20160627
CMC 20160627
Comodo 20160627
Cyren 20160627
DrWeb 20160627
F-Prot 20160627
Ikarus 20160627
Jiangmin 20160627
K7GW 20160627
Kingsoft 20160627
NANO-Antivirus 20160627
Panda 20160627
SUPERAntiSpyware 20160627
TheHacker 20160625
TotalDefense 20160627
TrendMicro 20160627
TrendMicro-HouseCall 20160627
VBA32 20160627
ViRobot 20160627
Yandex 20160626
Zillya 20160627
Zoner 20160627
The file being studied is a Portable Executable file! More specifically, it is a Win32 EXE file for the Windows GUI subsystem.
PE header basic information
Target machine Intel 386 or later processors and compatible processors
Compilation timestamp 2012-07-14 10:54:05
Entry Point 0x000173C1
Number of sections 4
PE sections
PE imports
CopyFileW
CreateWaitableTimerA
CompareStringW
GetTickCount
ReplaceFileW
RemoveDirectoryA
WaitForSingleObjectEx
GetSystemDirectoryA
GetDiskFreeSpaceA
GetDateFormatA
OpenWaitableTimerW
CreateDirectoryW
DeleteFileW
GetProcAddress
GetProcessHeap
CreateHardLinkA
GetModuleHandleA
ReadFile
WriteFile
GetStartupInfoA
CreateMutexW
lstrcpynA
FindNextFileA
GetACP
HeapReAlloc
MoveFileExA
lstrcatW
GetBinaryTypeA
GetLogicalDriveStringsA
GetNumberFormatA
InterlockedDecrement
QueryDosDeviceW
MoveFileW
CreateFileA
WriteConsoleW
OneXInitialize
OneXCopyAuthParams
OneXFreeMemory
OneXAddTLV
OneXDeInitialize
ExtractIconA
SHFree
FindExecutableA
ShellAboutA
SHChangeNotify
DragQueryPoint
DragQueryFileA
SHFileOperationA
SHGetDiskFreeSpaceA
DragAcceptFiles
StrChrA
SHGetDataFromIDListA
ShellMessageBoxA
ExtractAssociatedIconA
DllRegisterServer
SHGetMalloc
DragFinish
DrawThemeEdge
GetThemeColor
GetCurrentThemeName
GetThemeEnumValue
OpenThemeData
CloseThemeData
GetThemeSysSize
GetWindowTheme
GetThemeBool
SetWindowTheme
GetThemeTextMetrics
Number of PE resources by type
RT_VERSION 1
Number of PE resources by language
NEUTRAL 1
PE resources
Debug information
ExifTool file metadata
MIMEType
application/octet-stream

Subsystem
Windows GUI

MachineType
Intel 386 or later, and compatibles

FileTypeExtension
exe

TimeStamp
2012:07:14 11:54:05+01:00

FileType
Win32 EXE

PEType
PE32

CodeSize
96256

LinkerVersion
6.0

Warning
Possibly corrupt Version resource

EntryPoint
0x173c1

InitializedDataSize
12800

SubsystemVersion
4.0

ImageVersion
0.0

OSVersion
4.0

UninitializedDataSize
0

File identification
MD5 2b09af3dbf91ae4b8517b670c1b16a6c
SHA1 f5e4147ea273aae457bff3f18f1dc265f0d0f760
SHA256 5cf89991284ffde6be3484be9f8f889b6d2e9cc3e251e21ef62ef2a06034c90b
ssdeep
1536:yLryCBNIPyhjv28LIXuGIGHAGfQ0gh5ygAtyGeSEErSr6/Gnwz7Er6ceObbLUSyD:OMUje8LITINOQNSILTErQEGnwz8ewyD

authentihash c58fd46b224d293c06ad99e4893343efbdaa1ca664cf74a21858331aae7ec9c4
imphash fdfc408e56db15f7ab5813704dc0236b
File size 107.5 KB ( 110080 bytes )
File type Win32 EXE
Magic literal
PE32 executable for MS Windows (GUI) Intel 80386 32-bit

TrID Win32 Dynamic Link Library (generic) (43.5%)
Win32 Executable (generic) (29.8%)
Generic Win/DOS Executable (13.2%)
DOS Executable Generic (13.2%)
Tags
peexe

VirusTotal metadata
First submission 2016-06-27 04:29:03 UTC ( 2 years, 7 months ago )
Last submission 2016-06-27 22:35:39 UTC ( 2 years, 7 months ago )
File names f4d75444d2ce9c9a7af95740c0ebf2205b24445a
No comments. No VirusTotal Community member has commented on this item yet, be the first one to do so!

Leave your comment...

?
Post comment

You have not signed in. Only registered users can leave comments, sign in and have a voice!

No votes. No one has voted on this item yet, be the first one to do so!
Condensed report! The following is a condensed report of the behaviour of the file when executed in a controlled environment. The actions and events described were either performed by the file itself or by any other process launched by the executed file or subjected to code injection by the executed file.
Opened files
Read files
Written files
Deleted files
Created processes
Code injections in the following processes
Created mutexes
Opened mutexes
Opened service managers
Opened services
Runtime DLLs
HTTP requests
DNS requests
TCP connections
UDP communications