× Cookies are disabled! This site requires cookies to be enabled to work properly
SHA256: 5f145a70526bde139b8af2cff0e8ed06945b5fed84f871431fbcccbc5f0f2680
File name: 9234150dbebb6cafca2968250b51d331
Detection ratio: 35 / 55
Analysis date: 2016-07-18 19:05:00 UTC ( 2 years, 9 months ago )
Antivirus Result Update
Ad-Aware Gen:Variant.Razy.75737 20160718
AhnLab-V3 Malware/Win32.Generic.N2039720346 20160718
ALYac Gen:Variant.Razy.75737 20160718
Antiy-AVL Trojan[Downloader]/Win32.Agent 20160718
Arcabit Trojan.Razy.D127D9 20160718
Avast Win32:Dropper-gen [Drp] 20160718
AVG Crypt5.BVND 20160718
Avira (no cloud) TR/Crypt.ZPACK.gzvd 20160718
AVware Trojan.Win32.Generic!BT 20160718
Baidu Win32.Trojan.WisdomEyes.151026.9950.9999 20160718
BitDefender Gen:Variant.Razy.75737 20160718
Bkav HW32.Packed.999B 20160718
Cyren W32/Trojan.PRIV-7262 20160718
Emsisoft Gen:Variant.Razy.75737 (B) 20160718
ESET-NOD32 Win32/TrojanDownloader.Agent.CFH 20160718
F-Secure Gen:Variant.Razy.75737 20160718
Fortinet W32/Agent.CFH!tr.dldr 20160718
GData Gen:Variant.Razy.75737 20160718
Ikarus Trojan-Downloader.Win32.Agent 20160718
Jiangmin TrojanDownloader.Agent.fivz 20160718
K7AntiVirus Trojan-Downloader ( 004e141d1 ) 20160718
K7GW Trojan-Downloader ( 004e141d1 ) 20160718
Kaspersky Trojan-Downloader.Win32.Agent.wukzj 20160718
Malwarebytes Trojan.Downloader 20160718
McAfee RDN/Generic Downloader.x 20160718
McAfee-GW-Edition BehavesLike.Win32.Backdoor.cc 20160718
Microsoft TrojanDownloader:Win32/Talalpek.A 20160718
eScan Gen:Variant.Razy.75737 20160718
Panda Trj/Downloader.PZL 20160718
Qihoo-360 QVM20.1.Malware.Gen 20160718
Sophos AV Mal/Generic-S 20160718
Symantec Trojan.Gen.SMH 20160718
Tencent Win32.Trojan-downloader.Agent.Hqky 20160718
TrendMicro TROJ_GEN.R011C0DG816 20160718
VIPRE Trojan.Win32.Generic!BT 20160718
AegisLab 20160718
Alibaba 20160718
CAT-QuickHeal 20160718
ClamAV 20160718
CMC 20160715
Comodo 20160718
DrWeb 20160718
F-Prot 20160718
Kingsoft 20160718
NANO-Antivirus 20160718
nProtect 20160718
SUPERAntiSpyware 20160718
TheHacker 20160717
TotalDefense 20160718
TrendMicro-HouseCall 20160718
VBA32 20160718
ViRobot 20160718
Yandex 20160717
Zillya 20160718
Zoner 20160718
The file being studied is a Portable Executable file! More specifically, it is a Win32 EXE file for the Windows GUI subsystem.
PE header basic information
Target machine Intel 386 or later processors and compatible processors
Compilation timestamp 2012-07-14 10:54:05
Entry Point 0x000173A7
Number of sections 4
PE sections
PE imports
CopyFileW
CreateWaitableTimerA
CompareStringW
GetTickCount
ReplaceFileW
RemoveDirectoryA
WaitForSingleObjectEx
GetSystemDirectoryA
GetDiskFreeSpaceA
GetDateFormatA
CreateDirectoryW
DeleteFileW
GetProcAddress
GetProcessHeap
CreateHardLinkA
GetTempPathA
MoveFileExW
GetModuleHandleA
ReadFile
WriteFile
GetStartupInfoA
CreateMutexW
lstrcpynA
FindNextFileA
GetACP
HeapReAlloc
lstrcatW
GetBinaryTypeA
GetNumberFormatA
GetLogicalDriveStringsW
QueryDosDeviceW
CreateFileA
OpenJobObjectA
WriteConsoleW
InterlockedIncrement
ResUtilGetBinaryValue
ClusWorkerStart
ClusWorkerTerminate
ResUtilDupString
ClusWorkerCreate
ExtractIconA
SHFree
FindExecutableA
DragQueryFileW
SHChangeNotify
DragQueryPoint
ShellAboutA
SHGetNewLinkInfoA
SHGetDiskFreeSpaceA
SHUpdateImageA
StrChrA
SHGetDataFromIDListA
ShellMessageBoxA
ExtractAssociatedIconA
SHFileOperationA
SHGetMalloc
DragFinish
IsAppThemed
DrawThemeEdge
GetThemeColor
GetCurrentThemeName
GetThemeBool
OpenThemeData
CloseThemeData
GetThemeSysSize
GetWindowTheme
SetWindowTheme
GetThemeEnumValue
Number of PE resources by type
RT_RCDATA 1
Number of PE resources by language
NEUTRAL 1
PE resources
Debug information
ExifTool file metadata
MIMEType
application/octet-stream

Subsystem
Windows GUI

MachineType
Intel 386 or later, and compatibles

TimeStamp
2012:07:14 11:54:05+01:00

FileType
Win32 EXE

PEType
PE32

CodeSize
96256

LinkerVersion
6.0

FileTypeExtension
exe

InitializedDataSize
16896

SubsystemVersion
4.0

EntryPoint
0x173a7

OSVersion
4.0

ImageVersion
0.0

UninitializedDataSize
0

File identification
MD5 9234150dbebb6cafca2968250b51d331
SHA1 c73dce8445c5967b5102d581ab58d07d9107ac89
SHA256 5f145a70526bde139b8af2cff0e8ed06945b5fed84f871431fbcccbc5f0f2680
ssdeep
1536:ffqTxI37B+QxqRyMsaH2Qj8bPmQ+CT6kqXLdlP5hS+ufBzcVKmxWVD5fqTxW9XKd:ffqT2+Q0MYWFbPp6P03fFcAVD5fqTY8

authentihash 3d3e2facd17d4012c5bd22303870a60fd7914c5c00c6bf666ea131679643d669
imphash aab5b0a045e9efb78d12ccc8380cda08
File size 111.5 KB ( 114176 bytes )
File type Win32 EXE
Magic literal
PE32 executable for MS Windows (GUI) Intel 80386 32-bit

TrID Win32 Dynamic Link Library (generic) (43.5%)
Win32 Executable (generic) (29.8%)
Generic Win/DOS Executable (13.2%)
DOS Executable Generic (13.2%)
Tags
peexe

VirusTotal metadata
First submission 2016-07-18 19:05:00 UTC ( 2 years, 9 months ago )
Last submission 2016-07-18 19:05:00 UTC ( 2 years, 9 months ago )
File names 5f145a70526bde139b8af2cff0e8ed06945b5fed84f871431fbcccbc5f0f2680.exe
No comments. No VirusTotal Community member has commented on this item yet, be the first one to do so!

Leave your comment...

?
Post comment

You have not signed in. Only registered users can leave comments, sign in and have a voice!

No votes. No one has voted on this item yet, be the first one to do so!
Condensed report! The following is a condensed report of the behaviour of the file when executed in a controlled environment. The actions and events described were either performed by the file itself or by any other process launched by the executed file or subjected to code injection by the executed file.
Created processes
Created mutexes
Opened mutexes
Runtime DLLs
DNS requests
UDP communications