× Cookies are disabled! This site requires cookies to be enabled to work properly
SHA256: 62688371ef1e2c6fef6521dff91fa9564d318d3be0b863ab0c26cee9486a8ab1
File name: 1
Detection ratio: 41 / 56
Analysis date: 2015-10-27 03:10:08 UTC ( 1 year, 5 months ago )
Antivirus Result Update
Ad-Aware Gen:Variant.Jaik.100 20151027
Yandex Trojan.Injector!S+yNg5saW2A 20151026
AhnLab-V3 Trojan/Win32.Injector 20151027
ALYac Gen:Variant.Jaik.100 20151027
Arcabit Trojan.Jaik.100 20151027
Avast Win32:Malware-gen 20151027
AVG Inject2.RSX 20151026
Avira (no cloud) TR/PSW.Zbot.15517 20151027
AVware Trojan.Win32.Generic!BT 20151027
Baidu-International Trojan.Win32.Dropper.juiv 20151026
BitDefender Gen:Variant.Jaik.100 20151027
CAT-QuickHeal TrojanPWS.Zbot.Y4 20151027
CMC Trojan-Dropper.Win32.Injector!O 20151026
Comodo UnclassifiedMalware 20151027
Cyren W32/Trojan.UNRW-1690 20151027
DrWeb Trojan.PWS.Panda.2401 20151027
Emsisoft Trojan-Dropper.Win32.Injector (A) 20151027
ESET-NOD32 a variant of Win32/Injector.AWXE 20151027
F-Prot W32/Trojan2.OATC 20151027
F-Secure Gen:Variant.Jaik.100 20151027
Fortinet W32/Injector.ANTB!tr 20151026
GData Gen:Variant.Jaik.100 20151027
Ikarus Virus.Win32.CeeInject 20151027
K7AntiVirus Trojan ( 004949dc1 ) 20151026
K7GW Trojan ( 004949dc1 ) 20151027
Kaspersky Trojan-Dropper.Win32.Injector.juiv 20151027
Malwarebytes Spyware.PasswordStealer.ED 20151026
McAfee RDN/FakeAV-M.bfr!i 20151027
McAfee-GW-Edition BehavesLike.Win32.Downloader.dc 20151027
Microsoft PWS:Win32/Zbot 20151027
eScan Gen:Variant.Jaik.100 20151027
NANO-Antivirus Trojan.Win32.Injector.crhler 20151027
nProtect Trojan-Dropper/W32.Injector.283271 20151026
Panda Trj/CI.A 20151026
Qihoo-360 Win32/Trojan.Dropper.bf3 20151027
Rising PE:Malware.Generic/QRS!1.9E2D [F] 20151026
Sophos Troj/Inject-ATT 20151027
Symantec Trojan.ADH 20151026
Tencent Win32.Trojan-dropper.Injector.Ljua 20151027
VIPRE Trojan.Win32.Generic!BT 20151027
ViRobot Trojan.Win32.S.Agent.283271[h] 20151026
AegisLab 20151026
Alibaba 20151027
Antiy-AVL 20151027
Bkav 20151026
ByteHero 20151027
ClamAV 20151027
Jiangmin 20151026
SUPERAntiSpyware 20151027
TheHacker 20151026
TotalDefense 20151026
TrendMicro 20151027
TrendMicro-HouseCall 20151027
VBA32 20151026
Zillya 20151026
Zoner 20151027
The file being studied is a Portable Executable file! More specifically, it is a Win32 EXE file for the Windows GUI subsystem.
FileVersionInfo properties
Publisher swiner softs co limited
File version 1.0.0.1
Packers identified
Command NSIS
F-PROT NSIS
PE header basic information
Target machine Intel 386 or later processors and compatible processors
Compilation timestamp 2013-07-14 20:09:51
Entry Point 0x0000310B
Number of sections 5
PE sections
Overlays
MD5 c4b0e07f15daddd47a02f68394ef9f2a
File type data
Offset 64512
Size 218759
Entropy 8.00
PE imports
RegDeleteKeyA
RegCloseKey
RegQueryValueExA
RegSetValueExA
RegEnumKeyA
RegDeleteValueA
RegCreateKeyExA
RegOpenKeyExA
RegEnumValueA
ImageList_Create
Ord(17)
ImageList_Destroy
ImageList_AddMasked
GetDeviceCaps
SelectObject
CreateBrushIndirect
CreateFontIndirectA
SetBkMode
SetBkColor
DeleteObject
SetTextColor
GetLastError
ReadFile
lstrlenA
lstrcmpiA
GlobalFree
WaitForSingleObject
GetExitCodeProcess
CopyFileA
ExitProcess
SetFileTime
GlobalUnlock
LoadLibraryA
DeleteFileA
GetModuleFileNameA
GetShortPathNameA
GetCurrentProcess
LoadLibraryExA
CompareFileTime
GetPrivateProfileStringA
WritePrivateProfileStringA
GetFileSize
lstrcatA
CreateDirectoryA
ExpandEnvironmentStringsA
GetWindowsDirectoryA
SetErrorMode
MultiByteToWideChar
GetCommandLineA
GlobalLock
SetFileAttributesA
SetFilePointer
GetTempPathA
CreateThread
GetFileAttributesA
GetModuleHandleA
lstrcmpA
FindFirstFileA
lstrcpyA
CloseHandle
GetTempFileNameA
lstrcpynA
FindNextFileA
RemoveDirectoryA
GetSystemDirectoryA
GetDiskFreeSpaceA
GetProcAddress
SetEnvironmentVariableA
GetFullPathNameA
FreeLibrary
MoveFileA
CreateProcessA
WriteFile
GlobalAlloc
SearchPathA
FindClose
Sleep
CreateFileA
GetTickCount
GetVersion
SetCurrentDirectoryA
MulDiv
SHGetFileInfoA
SHBrowseForFolderA
SHGetSpecialFolderLocation
SHGetPathFromIDListA
ShellExecuteA
SHFileOperationA
CharPrevA
GetMessagePos
EndPaint
ReleaseDC
EndDialog
BeginPaint
ShowWindow
DefWindowProcA
GetClassInfoA
SetClassLongA
LoadBitmapA
SetWindowPos
GetSystemMetrics
IsWindow
AppendMenuA
PostQuitMessage
GetWindowRect
DispatchMessageA
ScreenToClient
SetDlgItemTextA
MessageBoxIndirectA
LoadImageA
GetDlgItemTextA
PeekMessageA
SetWindowLongA
IsWindowEnabled
GetSysColor
CheckDlgButton
GetDC
SystemParametersInfoA
CreatePopupMenu
wsprintfA
DialogBoxParamA
SetClipboardData
IsWindowVisible
SendMessageA
DrawTextA
GetClientRect
SetTimer
GetDlgItem
SetForegroundWindow
CreateDialogParamA
EnableMenuItem
RegisterClassA
SendMessageTimeoutA
InvalidateRect
GetWindowLongA
FindWindowExA
CreateWindowExA
LoadCursorA
TrackPopupMenu
SetWindowTextA
FillRect
OpenClipboard
CharNextA
CallWindowProcA
GetSystemMenu
EmptyClipboard
EnableWindow
CloseClipboard
DestroyWindow
ExitWindowsEx
SetCursor
GetFileVersionInfoSizeA
GetFileVersionInfoA
VerQueryValueA
CoTaskMemFree
OleUninitialize
CoCreateInstance
OleInitialize
Number of PE resources by type
RT_ICON 3
RT_DIALOG 3
RT_MANIFEST 1
RT_VERSION 1
RT_GROUP_ICON 1
Number of PE resources by language
ENGLISH US 9
PE resources
ExifTool file metadata
UninitializedDataSize
1024

LinkerVersion
6.0

ImageVersion
6.0

FileVersionNumber
1.0.0.1

LanguageCode
English (U.S.)

FileFlagsMask
0x0000

CharacterSet
Windows, Latin1

InitializedDataSize
164864

EntryPoint
0x310b

MIMEType
application/octet-stream

FileVersion
1.0.0.1

TimeStamp
2013:07:14 21:09:51+01:00

FileType
Win32 EXE

PEType
PE32

SubsystemVersion
4.0

OSVersion
4.0

FileOS
Win32

Subsystem
Windows GUI

MachineType
Intel 386 or later, and compatibles

CompanyName
swiner softs co limited

CodeSize
24064

FileSubtype
0

ProductVersionNumber
1.0.0.1

FileTypeExtension
exe

ObjectFileType
Executable application

Compressed bundles
File identification
MD5 32b4cb0970a85aae424cf3654207c184
SHA1 136139e72ff91127557129037c2df157dedd9947
SHA256 62688371ef1e2c6fef6521dff91fa9564d318d3be0b863ab0c26cee9486a8ab1
ssdeep
6144:bauq7bFVBKJuUoM2DdsSptxUk0KUzdw6rGLvHdrysJEhmwzXs/f:AbFVgKdhsSHxkxhw6SLvBlvwzXm

authentihash 000848ee8760f41a9ce1a02b67fa20e44cc5ee531a4ed45cb3d1f236525bea73
imphash b40f29cd171eb54c01b1dd2683c9c26b
File size 276.6 KB ( 283271 bytes )
File type Win32 EXE
Magic literal
PE32 executable for MS Windows (GUI) Intel 80386 32-bit

TrID NSIS - Nullsoft Scriptable Install System (94.8%)
Win32 Executable MS Visual C++ (generic) (3.4%)
Win32 Dynamic Link Library (generic) (0.7%)
Win32 Executable (generic) (0.5%)
Generic Win/DOS Executable (0.2%)
Tags
nsis peexe overlay

VirusTotal metadata
First submission 2014-01-28 10:38:39 UTC ( 3 years, 2 months ago )
Last submission 2014-02-12 04:26:27 UTC ( 3 years, 2 months ago )
File names 1
vti-rescan
RIA_agent_outstanding_balance.scr
Advanced heuristic and reputation engines
Symantec reputation Suspicious.Insight
No comments. No VirusTotal Community member has commented on this item yet, be the first one to do so!

Leave your comment...

?
Post comment

You have not signed in. Only registered users can leave comments, sign in and have a voice!

No votes. No one has voted on this item yet, be the first one to do so!
Condensed report! The following is a condensed report of the behaviour of the file when executed in a controlled environment. The actions and events described were either performed by the file itself or by any other process launched by the executed file or subjected to code injection by the executed file.
Opened files
Read files
Written files
Deleted files
Created processes
Code injections in the following processes
Opened mutexes
Runtime DLLs
Additional details
The file sends control codes directly to certain device drivers making use of the DeviceIoControl Windows API function.