× Cookies are disabled! This site requires cookies to be enabled to work properly
SHA256: 60e96694dd81adf1fc0d9d3130df39ef4ee3d077df5182be12e8236c1483ad97
File name: 54915d3ec0912b46059ffe0db842a308887b19ac
Detection ratio: 37 / 58
Analysis date: 2016-09-05 13:09:59 UTC ( 2 years, 5 months ago )
Antivirus Result Update
Ad-Aware Trojan.GenericKD.3498834 20160905
AhnLab-V3 Trojan/Win32.Upbot.N2091386863 20160905
ALYac Trojan.GenericKD.3498834 20160905
Antiy-AVL Trojan[:HEUR]/Win32.AGeneric 20160905
Arcabit Trojan.Generic.D356352 20160905
Avast Win32:Dorder-BH [Trj] 20160905
AVG Generic_r.MVU 20160905
Avira (no cloud) TR/AD.Lethic.cbo 20160905
AVware Trojan.Win32.Generic!BT 20160905
Baidu Win32.Trojan.WisdomEyes.151026.9950.9996 20160905
BitDefender Trojan.GenericKD.3498834 20160905
CrowdStrike Falcon (ML) malicious_confidence_100% (D) 20160725
Cyren W32/S-e2e07e9d!Eldorado 20160905
DrWeb Trojan.PWS.Steam.12127 20160905
Emsisoft Trojan.GenericKD.3498834 (B) 20160905
ESET-NOD32 a variant of Win32/Kryptik.FFHA 20160905
F-Prot W32/S-e2e07e9d!Eldorado 20160905
F-Secure Trojan.GenericKD.3498834 20160905
Fortinet W32/Kryptik.FFJL!tr 20160905
GData Trojan.GenericKD.3498834 20160905
Ikarus Trojan.Win32.Crypt 20160905
Sophos ML worm.win32.dorkbot.i 20160830
Jiangmin TrojanProxy.Lethic.to 20160905
K7GW Hacktool ( 655367771 ) 20160905
Kaspersky HEUR:Trojan.Win32.Generic 20160905
McAfee Artemis!6FFC0104F050 20160905
McAfee-GW-Edition BehavesLike.Win32.PWSZbot.ch 20160904
Microsoft Trojan:Win32/Dynamer!ac 20160905
eScan Trojan.GenericKD.3498834 20160905
Panda Trj/GdSda.A 20160905
Qihoo-360 HEUR/QVM09.0.7348.Malware.Gen 20160905
Rising Malware.Generic!1l60UDQVltO@5 (thunder) 20160905
Sophos AV Mal/Generic-S 20160905
Symantec Trojan.Gen 20160905
Tencent Win32.Trojan.Kryptik.Wvbo 20160905
TrendMicro TROJ_GEN.R0C1C0DHV16 20160905
TrendMicro-HouseCall TROJ_GEN.R0C1C0DHV16 20160905
AegisLab 20160905
Alibaba 20160901
Bkav 20160905
CAT-QuickHeal 20160904
ClamAV 20160905
CMC 20160905
Comodo 20160905
K7AntiVirus 20160905
Kingsoft 20160905
Malwarebytes 20160905
NANO-Antivirus 20160905
nProtect 20160905
SUPERAntiSpyware 20160905
TheHacker 20160903
TotalDefense 20160905
VBA32 20160905
VIPRE 20160831
ViRobot 20160905
Yandex 20160904
Zillya 20160902
Zoner 20160905
The file being studied is a Portable Executable file! More specifically, it is a Win32 EXE file for the Windows GUI subsystem.
PE header basic information
Target machine Intel 386 or later processors and compatible processors
Compilation timestamp 2016-08-29 00:53:22
Entry Point 0x00004442
Number of sections 4
PE sections
PE imports
RegDeleteKeyA
RegOpenKeyA
RegCloseKey
RegEnumValueA
RegQueryValueExA
RegSetValueExA
RegDeleteValueA
RegCreateKeyExA
RegOpenKeyExA
RegEnumKeyA
RegCreateKeyA
GetObjectA
DeleteDC
CreateFontA
CreatePalette
CreateSolidBrush
DeleteObject
GetStdHandle
GetConsoleOutputCP
GetFileAttributesA
HeapDestroy
GetFileAttributesW
FreeEnvironmentStringsA
DeleteCriticalSection
GetCurrentProcess
GetConsoleMode
GetLocaleInfoA
lstrcatA
FreeEnvironmentStringsW
GetLocaleInfoW
SetStdHandle
GetCPInfo
GetStringTypeA
WriteFile
_lopen
GetSystemTimeAsFileTime
HeapReAlloc
GetStringTypeW
SetFileAttributesA
FreeLibrary
MoveFileA
InitializeCriticalSection
FindClose
TlsGetValue
FormatMessageA
SetFileAttributesW
SetLastError
IsDebuggerPresent
HeapAlloc
GetVersionExA
GetModuleFileNameA
EnumSystemLocalesA
UnhandledExceptionFilter
InterlockedDecrement
MultiByteToWideChar
SetFilePointer
GlobalAddAtomA
SetUnhandledExceptionFilter
SetEnvironmentVariableA
TerminateProcess
WriteConsoleA
GlobalAlloc
SetEndOfFile
GetCurrentThreadId
LeaveCriticalSection
SetCurrentDirectoryA
WriteConsoleW
HeapFree
EnterCriticalSection
SetHandleCount
lstrcmpiA
GetOEMCP
QueryPerformanceCounter
GetTickCount
TlsAlloc
FlushFileBuffers
LoadLibraryA
RtlUnwind
GetStartupInfoA
LCMapStringW
CreateDirectoryA
GetFullPathNameA
GetUserDefaultLCID
_lread
GetProcessHeap
CompareStringW
_lcreat
FindFirstFileA
lstrcpyA
CompareStringA
FindNextFileA
IsValidLocale
GetProcAddress
GetTimeZoneInformation
CreateFileW
CopyFileA
GetFileType
TlsSetValue
CreateFileA
ExitProcess
InterlockedIncrement
GetLastError
DosDateTimeToFileTime
GlobalDeleteAtom
lstrlenA
GlobalFree
GetConsoleCP
LCMapStringA
GetEnvironmentStringsW
GlobalUnlock
IsDBCSLeadByte
WinExec
GetEnvironmentStrings
GetCurrentProcessId
SetFileTime
GetCurrentDirectoryA
HeapSize
GetCommandLineA
RaiseException
TlsFree
GetModuleHandleA
ReadFile
GlobalFlags
CloseHandle
GetACP
GlobalLock
WideCharToMultiByte
IsValidCodePage
HeapCreate
VirtualFree
Sleep
VirtualAlloc
SHGetPathFromIDListA
SHBrowseForFolderA
SHFileOperationA
SetFocus
GetMessageA
GetForegroundWindow
ReleaseDC
EndDialog
BeginPaint
OffsetRect
CharUpperW
KillTimer
PostQuitMessage
DefWindowProcA
ShowWindow
SetWindowPos
GetSystemMetrics
MessageBoxW
GetWindowRect
DispatchMessageA
EnableWindow
GetWindowLongA
PostMessageA
MoveWindow
DialogBoxParamW
MessageBoxA
PeekMessageA
GetWindowDC
SetWindowLongA
TranslateMessage
DialogBoxParamA
CharUpperA
CheckDlgButton
DrawTextA
SystemParametersInfoA
SetWindowTextA
LoadStringA
SendMessageA
LoadStringW
SetWindowTextW
SetTimer
GetDlgItem
IsWindow
RegisterClassA
InvalidateRect
wsprintfA
CreateWindowExA
LoadCursorA
LoadIconA
FillRect
EndPaint
GetWindowTextA
SetCursor
IsDialogMessageA
DestroyWindow
Number of PE resources by type
RT_MENU 10
RT_DIALOG 3
RT_MANIFEST 1
Number of PE resources by language
NEUTRAL 3
GERMAN 1
ENGLISH AUS 1
FRENCH 1
CHINESE SIMPLIFIED 1
PORTUGUESE BRAZILIAN 1
SPANISH MODERN 1
ENGLISH US 1
DUTCH 1
RUSSIAN 1
KOREAN 1
ITALIAN 1
PE resources
ExifTool file metadata
MIMEType
application/octet-stream

Subsystem
Windows GUI

MachineType
Intel 386 or later, and compatibles

TimeStamp
2016:08:29 01:53:22+01:00

FileType
Win32 EXE

PEType
PE32

CodeSize
83456

LinkerVersion
9.0

FileTypeExtension
exe

InitializedDataSize
406528

SubsystemVersion
5.0

EntryPoint
0x4442

OSVersion
5.0

ImageVersion
0.0

UninitializedDataSize
0

File identification
MD5 6ffc0104f05048b8e68494dc1ffcbcd8
SHA1 54915d3ec0912b46059ffe0db842a308887b19ac
SHA256 60e96694dd81adf1fc0d9d3130df39ef4ee3d077df5182be12e8236c1483ad97
ssdeep
3072:U4N7nXtKdSSHlyu+ZVRD3g+9RKAkkT2WNg67+i320IejiWG:qdjkD/cRknNIi32lejiWG

authentihash 6b6c993e056c73e2745e2b870a1dd00170e4a6746b50192f231f4408c430192c
imphash ec3e884399de1a7a053488acd8434950
File size 180.5 KB ( 184832 bytes )
File type Win32 EXE
Magic literal
PE32 executable for MS Windows (GUI) Intel 80386 32-bit

TrID Win32 Executable MS Visual C++ (generic) (42.2%)
Win64 Executable (generic) (37.3%)
Win32 Dynamic Link Library (generic) (8.8%)
Win32 Executable (generic) (6.0%)
Generic Win/DOS Executable (2.7%)
Tags
peexe

VirusTotal metadata
First submission 2016-09-05 13:09:59 UTC ( 2 years, 5 months ago )
Last submission 2016-09-05 13:09:59 UTC ( 2 years, 5 months ago )
File names mobsync.exe
No comments. No VirusTotal Community member has commented on this item yet, be the first one to do so!

Leave your comment...

?
Post comment

You have not signed in. Only registered users can leave comments, sign in and have a voice!

No votes. No one has voted on this item yet, be the first one to do so!
Condensed report! The following is a condensed report of the behaviour of the file when executed in a controlled environment. The actions and events described were either performed by the file itself or by any other process launched by the executed file or subjected to code injection by the executed file.
Created processes
Opened mutexes
Runtime DLLs
UDP communications