× Cookies are disabled! This site requires cookies to be enabled to work properly
SHA256: 612c0e207dcc96de348737196139c561e5cb9c2451ec4697108a75557c51bc64
File name: DSC.exe
Detection ratio: 25 / 64
Analysis date: 2017-10-30 20:12:15 UTC ( 11 months, 2 weeks ago )
Antivirus Result Update
AegisLab Hacktool.W32.Kmsauto!c 20171030
Antiy-AVL Trojan/Win32.BTSGeneric 20171030
AVware Trojan.Win32.Generic!BT 20171030
Baidu Win32.Trojan.WisdomEyes.16070401.9500.9999 20171030
CAT-QuickHeal Trojan.AgentCS.S29823 20171030
Comodo Application.Win32.CMDOW.a 20171030
Cyren W32/Trojan.SYGE-6877 20171030
DrWeb Program.Unwanted.1183 20171030
Endgame malicious (moderate confidence) 20171024
ESET-NOD32 a variant of Win32/CMDOW.A potentially unsafe 20171030
F-Secure Gen:Trojan.Qhost.1 20171030
GData MSIL.Application.HackKMS.X 20171030
Sophos ML heuristic 20170914
Jiangmin Trojan.Generic.bkeiv 20171030
K7AntiVirus Riskware ( 0040eff71 ) 20171030
K7GW Riskware ( 0040eff71 ) 20171030
Kaspersky HackTool.Win32.KMSAuto.m 20171030
McAfee Artemis!FFCE43AA157F 20171030
NANO-Antivirus Trojan.Win32.Cmdow.dmjuol 20171030
SentinelOne (Static ML) static engine - malicious 20171019
Sophos AV Generic PUA IJ (PUA) 20171030
Tencent Win32.Hacktool.Kmsauto.Amcf 20171030
TrendMicro-HouseCall Suspici.3AB2DE20 20171030
Yandex Riskware.Agent! 20171027
ZoneAlarm by Check Point not-a-virus:NetTool.Win64.RPCHook.a 20171030
Ad-Aware 20171030
AhnLab-V3 20171030
Alibaba 20170911
ALYac 20171030
Arcabit 20171030
Avast-Mobile 20171030
Avira (no cloud) 20171030
BitDefender 20171030
Bkav 20171030
ClamAV 20171030
CMC 20171030
CrowdStrike Falcon (ML) 20171016
Cybereason 20170628
Cylance 20171030
eGambit 20171030
Emsisoft 20171030
F-Prot 20171030
Fortinet 20171030
Ikarus 20171030
Kingsoft 20171030
Malwarebytes 20171030
MAX 20171030
McAfee-GW-Edition 20171030
Microsoft 20171030
eScan 20171030
nProtect 20171030
Palo Alto Networks (Known Signatures) 20171030
Panda 20171030
Qihoo-360 20171030
SUPERAntiSpyware 20171030
Symantec 20171030
Symantec Mobile Insight 20171027
TheHacker 20171028
TotalDefense 20171030
Trustlook 20171030
VBA32 20171030
VIPRE 20171030
ViRobot 20171030
Webroot 20171030
WhiteArmor 20171024
Zillya 20171030
Zoner 20171030
The file being studied is a Portable Executable file! More specifically, it is a Win32 EXE file for the Windows GUI subsystem.
Packers identified
F-PROT UPX, appended, NSIS, RAR, UTF-8, Unicode, INNO, 7Z
PE header basic information
Target machine Intel 386 or later processors and compatible processors
Compilation timestamp 2016-08-14 19:15:49
Entry Point 0x0001CAB5
Number of sections 6
PE sections
Overlays
MD5 173c8a0476c29c61137fdc68147933ab
File type application/x-rar
Offset 259072
Size 47419405
Entropy 8.00
PE imports
GetStdHandle
FileTimeToSystemTime
WaitForSingleObject
FindNextFileA
EncodePointer
GetFileAttributesW
SystemTimeToTzSpecificLocalTime
DeleteCriticalSection
GetCurrentProcess
OpenFileMappingW
GetConsoleMode
FreeEnvironmentStringsW
InitializeSListHead
GetLocaleInfoW
SetStdHandle
SetFilePointerEx
GetCPInfo
WriteFile
GetSystemTimeAsFileTime
HeapReAlloc
GetStringTypeW
GetExitCodeProcess
InitializeCriticalSection
AllocConsole
TlsGetValue
MoveFileW
SetFileAttributesW
SetLastError
GetSystemTime
DeviceIoControl
RemoveDirectoryW
IsDebuggerPresent
ExitProcess
GetModuleFileNameA
QueryPerformanceFrequency
LoadLibraryExA
SetThreadPriority
FindClose
UnhandledExceptionFilter
LoadLibraryExW
MultiByteToWideChar
GetLocalTime
FoldStringW
GetFullPathNameW
CreateThread
SetEnvironmentVariableW
MoveFileExW
GetSystemDirectoryW
CreateSemaphoreW
IsProcessorFeaturePresent
TzSpecificLocalTimeToSystemTime
TerminateProcess
SetUnhandledExceptionFilter
GetModuleHandleExW
SetCurrentDirectoryW
GlobalAlloc
LocalFileTimeToFileTime
SetEndOfFile
GetCurrentThreadId
GetNumberFormatW
WriteConsoleW
InitializeCriticalSectionAndSpinCount
HeapFree
EnterCriticalSection
LoadLibraryW
GetVersionExW
FreeLibrary
QueryPerformanceCounter
GetTickCount
TlsAlloc
VirtualProtect
FlushFileBuffers
RtlUnwind
DecodePointer
GetDateFormatW
GetStartupInfoW
CreateDirectoryW
DeleteFileW
GetProcAddress
GetProcessHeap
CreateFileMappingW
GetTimeFormatW
GetModuleFileNameW
ExpandEnvironmentStringsW
FindFirstFileExA
FindNextFileW
ResetEvent
FreeConsole
FindFirstFileW
SetEvent
GetProcessAffinityMask
CreateEventW
CreateFileW
GetFileType
TlsSetValue
HeapAlloc
LeaveCriticalSection
GetLastError
AttachConsole
SystemTimeToFileTime
LCMapStringW
GetShortPathNameW
GetSystemInfo
GetConsoleCP
FindResourceW
CompareStringW
GetEnvironmentStringsW
IsDBCSLeadByte
VirtualQuery
FileTimeToLocalFileTime
GetCurrentDirectoryW
GetCurrentProcessId
SetFileTime
GetCommandLineW
WideCharToMultiByte
HeapSize
GetCommandLineA
RaiseException
ReleaseSemaphore
MapViewOfFile
TlsFree
SetFilePointer
ReadFile
CloseHandle
GetACP
GetModuleHandleW
SetThreadExecutionState
GetLongPathNameW
IsValidCodePage
UnmapViewOfFile
GetTempPathW
Sleep
GetOEMCP
CreateHardLinkW
Number of PE resources by type
RT_STRING 10
RT_DIALOG 6
RT_ICON 4
RT_MANIFEST 1
RT_BITMAP 1
RT_GROUP_ICON 1
Number of PE resources by language
ENGLISH US 23
PE resources
Debug information
ExifTool file metadata
MIMEType
application/octet-stream

Subsystem
Windows GUI

MachineType
Intel 386 or later, and compatibles

FileTypeExtension
exe

TimeStamp
2016:08:14 20:15:49+01:00

FileType
Win32 EXE

PEType
PE32

CodeSize
188416

LinkerVersion
14.0

EntryPoint
0x1cab5

InitializedDataSize
69632

SubsystemVersion
5.1

ImageVersion
0.0

OSVersion
5.1

UninitializedDataSize
0

File identification
MD5 e3f96e9cb88e94c53e3139dc3f818c2c
SHA1 54c81e9848da6bc270fcc33846c9c505276e524a
SHA256 612c0e207dcc96de348737196139c561e5cb9c2451ec4697108a75557c51bc64
ssdeep
786432:t512nTonDw9b6VJmk1sQaHc6G7QfkBdRJFrPXvGFL5OZl4XwqBD8Z3bcpTp4G78T:tfQT+w9b6mY76YdB3YLYXoi3QpTWG4T

authentihash df0b4f0e4a319ff6ef9d507e959649212b78422f2d0b42664f2f73dbbdfbda6b
imphash 027ea80e8125c6dda271246922d4c3b0
File size 45.5 MB ( 47678477 bytes )
File type Win32 EXE
Magic literal
PE32 executable for MS Windows (GUI) Intel 80386 32-bit

TrID Win64 Executable (generic) (64.6%)
Win32 Dynamic Link Library (generic) (15.4%)
Win32 Executable (generic) (10.5%)
Generic Win/DOS Executable (4.6%)
DOS Executable Generic (4.6%)
Tags
nsis peexe upx overlay

VirusTotal metadata
First submission 2017-10-30 17:58:22 UTC ( 11 months, 2 weeks ago )
Last submission 2017-10-30 18:04:15 UTC ( 11 months, 2 weeks ago )
File names DSC.exe
No comments. No VirusTotal Community member has commented on this item yet, be the first one to do so!

Leave your comment...

?
Post comment

You have not signed in. Only registered users can leave comments, sign in and have a voice!

No votes. No one has voted on this item yet, be the first one to do so!