× Cookies are disabled! This site requires cookies to be enabled to work properly
SHA256: 5df8692ddbb8466e37497089c021cb5f3880a0a0e0d77a52a4705ea126775a3e
File name: 7d9b38fad4992247cab2663a1e6ed137
Detection ratio: 36 / 56
Analysis date: 2016-10-13 07:41:24 UTC ( 2 years, 4 months ago )
Antivirus Result Update
Ad-Aware Trojan.Generic.19214326 20161013
AhnLab-V3 Backdoor/Win32.Androm.N2124557538 20161012
ALYac Trojan.Generic.19214326 20161013
Antiy-AVL Trojan[Backdoor]/Win32.Androm 20161013
Arcabit Trojan.Generic.D1252FF6 20161013
Avast Win32:Trojan-gen 20161013
AVG Pakes3_c.BAE 20161013
Avira (no cloud) TR/Crypt.Xpack.rdqac 20161012
AVware Trojan.Win32.Generic!BT 20161013
BitDefender Trojan.Generic.19214326 20161013
CrowdStrike Falcon (ML) malicious_confidence_100% (D) 20160725
DrWeb Trojan.PWS.Papras.2354 20161013
Emsisoft Trojan.Generic.19214326 (B) 20161013
ESET-NOD32 a variant of Win32/Kryptik.FHOZ 20161013
F-Secure Trojan.Generic.19214326 20161013
Fortinet W32/Androm.FHOZ!tr.bdr 20161013
GData Trojan.Generic.19214326 20161013
Ikarus Trojan.Win32.Crypt 20161012
Sophos ML virus.win32.sality.at 20160928
Jiangmin Backdoor.Androm.kyw 20161013
K7AntiVirus Trojan ( 004fa3d51 ) 20161013
K7GW Trojan ( 004fa3d51 ) 20161013
Kaspersky Backdoor.Win32.Androm.lbrt 20161013
McAfee RDN/Generic BackDoor 20161013
McAfee-GW-Edition BehavesLike.Win32.Downloader.dh 20161013
Microsoft Backdoor:Win32/Vawtrak.E 20161013
eScan Trojan.Generic.19214326 20161013
Panda Trj/GdSda.A 20161012
Qihoo-360 HEUR/QVM10.1.0000.Malware.Gen 20161013
Rising Malware.Generic!Tar6jcJNF9U@5 (thunder) 20161013
Sophos AV Mal/Generic-S 20161013
Symantec Backdoor.Trojan 20161013
Tencent Win32.Backdoor.Androm.Akzj 20161013
TrendMicro TROJ_GEN.R00JC0DJ916 20161013
TrendMicro-HouseCall TROJ_GEN.R00JC0DJ916 20161013
VIPRE Trojan.Win32.Generic!BT 20161013
AegisLab 20161013
Alibaba 20161013
Baidu 20161012
Bkav 20161012
CAT-QuickHeal 20161013
ClamAV 20161013
CMC 20161013
Comodo 20161013
Cyren 20161013
F-Prot 20161013
Kingsoft 20161013
Malwarebytes 20161013
NANO-Antivirus 20161013
nProtect 20161013
SUPERAntiSpyware 20161013
TheHacker 20161011
VBA32 20161012
ViRobot 20161013
Yandex 20161011
Zillya 20161012
Zoner 20161013
The file being studied is a Portable Executable file! More specifically, it is a Win32 EXE file for the Windows GUI subsystem.
PE header basic information
Target machine Intel 386 or later processors and compatible processors
Compilation timestamp 2016-09-28 09:54:35
Entry Point 0x00003068
Number of sections 4
PE sections
PE imports
RegOpenKeyA
RegCloseKey
RegQueryValueExA
RegSetValueExA
RegOpenKeyExA
RegCreateKeyA
GetStdHandle
GetFileAttributesA
WaitForSingleObject
HeapDestroy
FreeEnvironmentStringsA
DeleteCriticalSection
GetCurrentProcess
GetLocaleInfoA
SetErrorMode
FreeEnvironmentStringsW
FindResourceExA
WideCharToMultiByte
GetStringTypeA
WriteFile
GetSystemTimeAsFileTime
HeapReAlloc
GetStringTypeW
SetFileAttributesA
SetEvent
LocalFree
LoadResource
TlsGetValue
FormatMessageA
SetLastError
GetUserDefaultLangID
CopyFileA
HeapAlloc
GetModuleFileNameA
GetPrivateProfileStringA
UnhandledExceptionFilter
InterlockedDecrement
MultiByteToWideChar
SetUnhandledExceptionFilter
TerminateProcess
GlobalAlloc
GetCurrentThreadId
InterlockedIncrement
InitializeCriticalSectionAndSpinCount
HeapFree
EnterCriticalSection
SetHandleCount
GetOEMCP
QueryPerformanceCounter
GetTickCount
TlsAlloc
GetVersionExA
LoadLibraryA
RtlUnwind
GetStartupInfoA
AddAtomA
GetPrivateProfileIntA
CreateDirectoryA
DeleteFileA
GetWindowsDirectoryA
GlobalLock
CompareStringW
lstrcpyA
CompareStringA
GetTempFileNameA
GetProcAddress
RemoveDirectoryA
IsDebuggerPresent
GetFileType
TlsSetValue
CreateFileA
ExitProcess
LeaveCriticalSection
GetLastError
LCMapStringW
lstrlenA
GlobalFree
LCMapStringA
GetEnvironmentStringsW
GlobalUnlock
lstrlenW
GetShortPathNameA
GetAtomNameA
GetEnvironmentStrings
GetCurrentProcessId
LockResource
GetCPInfo
HeapSize
GetCommandLineA
GetTempPathA
RaiseException
TlsFree
GetModuleHandleA
CloseHandle
GetACP
GetModuleHandleW
OpenEventA
CreateProcessA
IsValidCodePage
HeapCreate
VirtualFree
Sleep
FindResourceA
VirtualAlloc
EndDialog
BeginPaint
CreateDialogIndirectParamA
CharLowerA
GetWindowRect
DispatchMessageA
EndPaint
SetDlgItemTextA
MoveWindow
MessageBoxA
PeekMessageA
SetWindowLongA
TranslateMessage
CharUpperA
GetDC
ReleaseDC
wsprintfA
SendMessageA
GetClientRect
GetDlgItem
CreateDialogParamA
GetWindowLongA
CharNextA
GetDesktopWindow
LoadImageA
DialogBoxIndirectParamA
IsDialogMessageA
DestroyWindow
Number of PE resources by type
RT_ICON 1
RT_GROUP_ICON 1
Number of PE resources by language
NEUTRAL 2
PE resources
ExifTool file metadata
MIMEType
application/octet-stream

Subsystem
Windows GUI

MachineType
Intel 386 or later, and compatibles

TimeStamp
2016:09:28 10:54:35+01:00

FileType
Win32 EXE

PEType
PE32

CodeSize
54272

LinkerVersion
9.0

FileTypeExtension
exe

InitializedDataSize
284160

SubsystemVersion
5.0

EntryPoint
0x3068

OSVersion
5.0

ImageVersion
0.0

UninitializedDataSize
0

File identification
MD5 7d9b38fad4992247cab2663a1e6ed137
SHA1 c2fe078602402c35fcdcdfa1c71bba1314543cc9
SHA256 5df8692ddbb8466e37497089c021cb5f3880a0a0e0d77a52a4705ea126775a3e
ssdeep
3072:E/YplSoHHKfr+x3WNx1BiVWZy4tfrpicTUeVIxfYliZGeYP8cch32IFzkFxvd:THiv1BTZjtNia9Ixg8ZGocczzKJd

authentihash 4b64fa4c07bc95a54b4cdae085abd67f371ebb35016453a739ba566a922bb405
imphash fa7a673bb1e126e6e150ba5f0c6f7638
File size 256.5 KB ( 262656 bytes )
File type Win32 EXE
Magic literal
PE32 executable for MS Windows (GUI) Intel 80386 32-bit

TrID Win32 Executable MS Visual C++ (generic) (42.2%)
Win64 Executable (generic) (37.3%)
Win32 Dynamic Link Library (generic) (8.8%)
Win32 Executable (generic) (6.0%)
Generic Win/DOS Executable (2.7%)
Tags
peexe

VirusTotal metadata
First submission 2016-10-13 07:41:24 UTC ( 2 years, 4 months ago )
Last submission 2016-10-13 07:41:24 UTC ( 2 years, 4 months ago )
No comments. No VirusTotal Community member has commented on this item yet, be the first one to do so!

Leave your comment...

?
Post comment

You have not signed in. Only registered users can leave comments, sign in and have a voice!

No votes. No one has voted on this item yet, be the first one to do so!
Condensed report! The following is a condensed report of the behaviour of the file when executed in a controlled environment. The actions and events described were either performed by the file itself or by any other process launched by the executed file or subjected to code injection by the executed file.
Opened files
Read files
Written files
Code injections in the following processes
Created mutexes
Runtime DLLs
UDP communications