× Cookies are disabled! This site requires cookies to be enabled to work properly
SHA256: 5d83962ff5e0b10050e535837c72ca97be8e748e6e0dd69b5951b2ef2e0f6d8a
File name: vastuvut.exe
Detection ratio: 6 / 55
Analysis date: 2015-07-17 12:10:26 UTC ( 3 years, 10 months ago ) View latest
Antivirus Result Update
Avira (no cloud) TR/Crypt.XPACK.Gen 20150717
AVware Trojan.Win32.Upatre.buu (v) 20150717
Kaspersky UDS:DangerousObject.Multi.Generic 20150717
Panda Trj/Genetic.gen 20150717
Qihoo-360 HEUR/QVM09.0.Malware.Gen 20150717
VIPRE Trojan.Win32.Upatre.buu (v) 20150717
Ad-Aware 20150717
AegisLab 20150717
Yandex 20150717
AhnLab-V3 20150717
Alibaba 20150717
ALYac 20150717
Antiy-AVL 20150717
Arcabit 20150717
Avast 20150717
AVG 20150717
Baidu-International 20150717
BitDefender 20150717
Bkav 20150717
ByteHero 20150717
CAT-QuickHeal 20150717
ClamAV 20150716
Comodo 20150717
Cyren 20150717
DrWeb 20150717
Emsisoft 20150717
ESET-NOD32 20150717
F-Prot 20150717
F-Secure 20150716
Fortinet 20150717
GData 20150717
Ikarus 20150717
Jiangmin 20150716
K7AntiVirus 20150717
K7GW 20150717
Kingsoft 20150717
Malwarebytes 20150717
McAfee 20150717
McAfee-GW-Edition 20150716
Microsoft 20150717
eScan 20150717
NANO-Antivirus 20150717
nProtect 20150717
Rising 20150713
Sophos AV 20150717
SUPERAntiSpyware 20150717
Symantec 20150717
Tencent 20150717
TheHacker 20150713
TrendMicro 20150717
TrendMicro-HouseCall 20150717
VBA32 20150717
ViRobot 20150717
Zillya 20150717
Zoner 20150717
The file being studied is a Portable Executable file! More specifically, it is a Win32 EXE file for the Windows GUI subsystem.
PE header basic information
Target machine Intel 386 or later processors and compatible processors
Compilation timestamp 2014-03-28 12:07:09
Entry Point 0x00006AB4
Number of sections 3
PE sections
Overlays
MD5 edbcd1543ecf35697e54164df860069f
File type ASCII text
Offset 78848
Size 136
Entropy 2.97
PE imports
RegOpenKeyExA
RegQueryValueExA
RegCloseKey
InitCommonControlsEx
GetLastError
HeapFree
GetStdHandle
EnterCriticalSection
LCMapStringW
SetHandleCount
GetOEMCP
LCMapStringA
HeapDestroy
HeapAlloc
TlsAlloc
GetEnvironmentStringsW
GetVersionExA
LoadLibraryA
RtlUnwind
GetModuleFileNameA
FreeEnvironmentStringsA
DeleteCriticalSection
GetStartupInfoA
GetDateFormatA
SizeofResource
GetLocaleInfoA
GetCurrentProcessId
LockResource
GetCPInfo
UnhandledExceptionFilter
InterlockedDecrement
MultiByteToWideChar
HeapSize
FreeEnvironmentStringsW
GetCommandLineA
GetProcAddress
TlsFree
GetProcessHeap
LeaveCriticalSection
RaiseException
WideCharToMultiByte
GetStringTypeA
GetModuleHandleA
SetUnhandledExceptionFilter
lstrcpyA
GetCurrentProcess
GetTimeFormatA
GetSystemTimeAsFileTime
GetACP
HeapReAlloc
GetStringTypeW
IsDebuggerPresent
TerminateProcess
GetEnvironmentStrings
QueryPerformanceCounter
InitializeCriticalSection
LoadResource
WriteFile
VirtualFree
TlsGetValue
Sleep
GetFileType
GetTickCount
TlsSetValue
ExitProcess
GetCurrentThreadId
FindResourceA
VirtualAlloc
HeapCreate
SetLastError
InterlockedIncrement
GetMessageA
CreateWindowExA
SetWindowTextA
LoadIconA
LoadStringA
DispatchMessageA
PostQuitMessage
PostMessageA
SendMessageA
TranslateMessage
DefWindowProcA
ShowWindow
UpdateWindow
RegisterClassExA
Number of PE resources by type
RT_GROUP_CURSOR 2
RT_BITMAP 2
RT_CURSOR 2
RT_DIALOG 1
RT_ICON 1
RT_MANIFEST 1
RT_VERSION 1
RT_GROUP_ICON 1
Number of PE resources by language
BELARUSIAN DEFAULT 10
NEUTRAL 1
PE resources
ExifTool file metadata
SubsystemVersion
4.0

LinkerVersion
7.0

ImageVersion
6.9

FileSubtype
0

FileVersionNumber
1.1.3.32

UninitializedDataSize
0

LanguageCode
Unknown (02A9)

FileFlagsMask
0x0000

CharacterSet
Unknown (5810)

InitializedDataSize
41472

EntryPoint
0x6ab4

MIMEType
application/octet-stream

FileVersion
1.1.3.32

TimeStamp
2014:03:28 13:07:09+01:00

FileType
Win32 EXE

PEType
PE32

ProductVersion
3.32

FileDescription
MissFuture

OSVersion
4.0

FileOS
Win32

Subsystem
Windows GUI

MachineType
Intel 386 or later, and compatibles

CompanyName
MissFuture

CodeSize
36352

ProductName
MissFuture

ProductVersionNumber
1.1.3.32

FileTypeExtension
exe

ObjectFileType
Executable application

Execution parents
File identification
MD5 debfdeb9b14dda4ed068a73b78ce5a24
SHA1 79a17925565c497b8a7f6447723e26d31df4e056
SHA256 5d83962ff5e0b10050e535837c72ca97be8e748e6e0dd69b5951b2ef2e0f6d8a
ssdeep
1536:Fyquf4wXGlvu/4ScG2hksUHfk+FlN2NoNvRYX+yRfM:0ow21u/emfk+p2WNvRYX+ypM

authentihash d090e9481dccd4562b0423826eb8a093b24576b94ef40929bf21c5adc42e521d
imphash e0db9493366ea7231ec184554e4ce365
File size 77.1 KB ( 78984 bytes )
File type Win32 EXE
Magic literal
PE32 executable for MS Windows (GUI) Intel 80386 32-bit

TrID Win32 Executable MS Visual C++ (generic) (67.3%)
Win32 Dynamic Link Library (generic) (14.2%)
Win32 Executable (generic) (9.7%)
Generic Win/DOS Executable (4.3%)
DOS Executable Generic (4.3%)
Tags
peexe overlay

VirusTotal metadata
First submission 2015-07-17 09:42:38 UTC ( 3 years, 10 months ago )
Last submission 2015-07-17 12:10:26 UTC ( 3 years, 10 months ago )
File names vastuvut.exe
Advanced heuristic and reputation engines
Symantec reputation Suspicious.Insight
No comments. No VirusTotal Community member has commented on this item yet, be the first one to do so!

Leave your comment...

?
Post comment

You have not signed in. Only registered users can leave comments, sign in and have a voice!

No votes. No one has voted on this item yet, be the first one to do so!
Condensed report! The following is a condensed report of the behaviour of the file when executed in a controlled environment. The actions and events described were either performed by the file itself or by any other process launched by the executed file or subjected to code injection by the executed file.
Opened files
Read files
Written files
Deleted files
Created processes
Created mutexes
Opened mutexes
Opened service managers
Opened services
Runtime DLLs
HTTP requests
DNS requests
TCP connections