× Cookies are disabled! This site requires cookies to be enabled to work properly
SHA256: 6133b43660f1dd839d5ca4a73fb98f51ec99a75856147af85a9b3cf921fece79
File name: rad1EB84.tmp.exe
Detection ratio: 8 / 51
Analysis date: 2016-07-01 03:00:18 UTC ( 2 years, 8 months ago ) View latest
Antivirus Result Update
Avira (no cloud) TR/Crypt.ZPACK.vkpe 20160701
AVware Trojan.Win32.Generic.pak!cobra 20160701
Baidu Win32.Trojan.WisdomEyes.151026.9950.9999 20160630
ESET-NOD32 Win32/TrojanDownloader.Agent.CFH 20160701
Kaspersky HEUR:Trojan.Win32.Generic 20160701
McAfee-GW-Edition BehavesLike.Win32.Malware.dm 20160630
Qihoo-360 HEUR/QVM20.1.0000.Malware.Gen 20160701
VIPRE Trojan.Win32.Generic.pak!cobra 20160701
Ad-Aware 20160701
AegisLab 20160701
AhnLab-V3 20160630
Alibaba 20160701
Antiy-AVL 20160701
Arcabit 20160630
Avast 20160701
AVG 20160701
BitDefender 20160630
Bkav 20160630
CAT-QuickHeal 20160630
ClamAV 20160701
CMC 20160630
Comodo 20160701
Cyren 20160701
DrWeb 20160701
Emsisoft 20160630
F-Prot 20160701
F-Secure 20160630
Fortinet 20160701
GData 20160701
Ikarus 20160630
Jiangmin 20160701
K7AntiVirus 20160630
K7GW 20160630
Kingsoft 20160701
Malwarebytes 20160630
McAfee 20160701
Microsoft 20160630
eScan 20160701
NANO-Antivirus 20160701
nProtect 20160630
Panda 20160630
Sophos AV 20160701
SUPERAntiSpyware 20160701
Symantec 20160701
Tencent 20160701
TheHacker 20160630
TrendMicro 20160701
TrendMicro-HouseCall 20160701
VBA32 20160630
ViRobot 20160701
Zoner 20160701
The file being studied is a Portable Executable file! More specifically, it is a Win32 EXE file for the Windows GUI subsystem.
PE header basic information
Target machine Intel 386 or later processors and compatible processors
Compilation timestamp 2016-07-02 02:52:52
Entry Point 0x00001AE0
Number of sections 4
PE sections
PE imports
RegQueryValueExW
RegOpenKeyW
GetEnhMetaFileA
SetMetaRgn
PathToRegion
GetBkMode
SaveDC
GetTextCharset
GetEnhMetaFileW
GetROP2
UpdateColors
GetObjectType
GetLayout
GetMapMode
GetPixelFormat
GetSystemPaletteUse
GetStretchBltMode
GetFontLanguageInfo
RealizePalette
GetDCBrushColor
GetColorSpace
GetStockObject
GetPolyFillMode
StrokePath
GetDCPenColor
GetGraphicsMode
GetTextAlign
SwapBuffers
GetTextColor
UnrealizeObject
WidenPath
GetBkColor
GetTextCharacterExtra
GetStdHandle
GetDriveTypeW
ReleaseMutex
FileTimeToSystemTime
WaitForSingleObject
EncodePointer
GetFileAttributesW
GetLocalTime
DeleteCriticalSection
GetCurrentProcess
GetConsoleMode
EnumSystemLocalesW
GetFileInformationByHandle
lstrcatW
GetLocaleInfoW
SetStdHandle
WideCharToMultiByte
GetProcAddress
GetTempPathW
GetSystemTimeAsFileTime
HeapReAlloc
GetStringTypeW
GetOEMCP
CreateEventW
OutputDebugStringW
FindClose
TlsGetValue
SetFileAttributesW
SetLastError
PeekNamedPipe
InterlockedDecrement
CopyFileW
LoadResource
GetModuleFileNameW
IsDebuggerPresent
HeapAlloc
lstrcpyW
GetModuleFileNameA
LoadLibraryA
UnhandledExceptionFilter
LoadLibraryExW
MultiByteToWideChar
SystemTimeToTzSpecificLocalTime
SetFilePointerEx
GetFullPathNameW
CreateThread
MoveFileExW
SetUnhandledExceptionFilter
CreateMutexW
MulDiv
IsProcessorFeaturePresent
DecodePointer
SetEnvironmentVariableA
TerminateProcess
GetModuleHandleExW
SetCurrentDirectoryW
GlobalAlloc
SetEndOfFile
GetCurrentThreadId
InterlockedIncrement
WriteConsoleW
InitializeCriticalSectionAndSpinCount
HeapFree
EnterCriticalSection
LoadLibraryW
GetVersionExW
SetEvent
QueryPerformanceCounter
TlsAlloc
FlushFileBuffers
lstrcmpiW
RtlUnwind
FreeLibrary
GlobalSize
GetDateFormatW
GetStartupInfoW
CreateDirectoryW
DeleteFileW
GetUserDefaultLCID
GetProcessHeap
GetTimeFormatW
WriteFile
FreeEnvironmentStringsW
FindNextFileW
ResetEvent
FindFirstFileW
IsValidLocale
lstrcmpW
FindFirstFileExW
GlobalLock
ReadConsoleW
GetTimeZoneInformation
CreateFileW
GetFileType
TlsSetValue
ExitProcess
LeaveCriticalSection
GetLastError
LCMapStringW
GetSystemInfo
GlobalFree
GetConsoleCP
FindResourceW
CompareStringW
GetEnvironmentStringsW
GlobalUnlock
lstrlenW
FileTimeToLocalFileTime
SizeofResource
GetCurrentDirectoryW
GetCurrentProcessId
LockResource
GetCommandLineW
GetCPInfo
HeapSize
GetCommandLineA
lstrcpynW
ExpandEnvironmentStringsW
RaiseException
TlsFree
ReadFile
CloseHandle
GetACP
GetModuleHandleW
GetLongPathNameW
IsValidCodePage
OpenEventW
Sleep
CountClipboardFormats
AnyPopup
LoadCursorFromFileA
GetDialogBaseUnits
LoadIconW
CloseClipboard
GetClipboardSequenceNumber
Number of PE resources by type
RT_ICON 9
RT_GROUP_ICON 1
Number of PE resources by language
ENGLISH US 10
PE resources
ExifTool file metadata
MIMEType
application/octet-stream

Subsystem
Windows GUI

MachineType
Intel 386 or later, and compatibles

FileTypeExtension
exe

TimeStamp
2016:07:02 03:52:52+01:00

FileType
Win32 EXE

PEType
PE32

CodeSize
128000

LinkerVersion
9.0

EntryPoint
0x1ae0

InitializedDataSize
120832

SubsystemVersion
5.0

ImageVersion
0.0

OSVersion
5.0

UninitializedDataSize
0

File identification
MD5 42041225b7819b93794b1118f8583a3f
SHA1 44d441ae139a2cd895b59cd02772dfa8539786f1
SHA256 6133b43660f1dd839d5ca4a73fb98f51ec99a75856147af85a9b3cf921fece79
ssdeep
3072:SWxDRsyLm3i1/XYRbVkBeIoa7WEP/dKBMZQ6:Hxdss84We/1KBMZ

authentihash 8a66e4f5df0f4560515b03894fb9fe2e3fb4eb60a40f7e288c49d1d082f47a50
imphash e4820125283062f0f72900e080a1531d
File size 244.0 KB ( 249856 bytes )
File type Win32 EXE
Magic literal
PE32 executable for MS Windows (GUI) Intel 80386 32-bit

TrID Win32 Executable MS Visual C++ (generic) (67.4%)
Win32 Dynamic Link Library (generic) (14.2%)
Win32 Executable (generic) (9.7%)
Generic Win/DOS Executable (4.3%)
DOS Executable Generic (4.3%)
Tags
peexe

VirusTotal metadata
First submission 2016-07-01 03:00:18 UTC ( 2 years, 8 months ago )
Last submission 2016-07-01 03:00:18 UTC ( 2 years, 8 months ago )
File names rad1EB84.tmp.exe
No comments. No VirusTotal Community member has commented on this item yet, be the first one to do so!

Leave your comment...

?
Post comment

You have not signed in. Only registered users can leave comments, sign in and have a voice!

No votes. No one has voted on this item yet, be the first one to do so!
Condensed report! The following is a condensed report of the behaviour of the file when executed in a controlled environment. The actions and events described were either performed by the file itself or by any other process launched by the executed file or subjected to code injection by the executed file.
Opened files
Read files
Written files
Deleted files
Created processes
Code injections in the following processes
Created mutexes
Opened mutexes
Opened service managers
Opened services
Runtime DLLs
HTTP requests
DNS requests
TCP connections
UDP communications