× Cookies are disabled! This site requires cookies to be enabled to work properly
SHA256: 62d9a657d2bab028c2ba6b907ee36bdb42d682e0767528621d439ddca97f5fab
File name: 2.bin
Detection ratio: 9 / 57
Analysis date: 2017-02-03 06:54:10 UTC ( 2 years, 2 months ago ) View latest
Antivirus Result Update
Baidu Win32.Trojan.WisdomEyes.16070401.9500.9996 20170125
Bkav [Borland Delphi 3.0 (???)] 20170203
Comodo TrojWare.Win32.Amtar.GIVD 20170203
CrowdStrike Falcon (ML) malicious_confidence_100% (D) 20170130
ESET-NOD32 a variant of Win32/Kryptik.FNUR 20170203
Sophos ML virus.win32.sality.at 20170111
Malwarebytes Trojan.Kovter 20170203
Qihoo-360 HEUR/QVM20.1.0000.Malware.Gen 20170203
Symantec ML.Attribute.HighConfidence 20170202
Ad-Aware 20170203
AegisLab 20170203
AhnLab-V3 20170202
Alibaba 20170122
ALYac 20170203
Antiy-AVL 20170203
Arcabit 20170203
Avast 20170203
AVG 20170202
Avira (no cloud) 20170202
AVware 20170203
BitDefender 20170203
CAT-QuickHeal 20170202
ClamAV 20170203
CMC 20170202
Cyren 20170202
DrWeb 20170203
Emsisoft 20170203
F-Prot 20170203
F-Secure 20170203
Fortinet 20170203
GData 20170203
Ikarus 20170202
Jiangmin 20170203
K7AntiVirus 20170203
K7GW 20170203
Kaspersky 20170203
Kingsoft 20170203
McAfee 20170203
McAfee-GW-Edition 20170203
Microsoft 20170203
eScan 20170203
NANO-Antivirus 20170202
nProtect 20170203
Panda 20170202
Rising 20170203
Sophos AV 20170203
SUPERAntiSpyware 20170203
Tencent 20170203
TheHacker 20170202
TotalDefense 20170203
TrendMicro 20170203
TrendMicro-HouseCall 20170203
Trustlook 20170203
VBA32 20170202
VIPRE 20170203
ViRobot 20170203
WhiteArmor 20170202
Yandex 20170203
Zillya 20170201
Zoner 20170203
The file being studied is a Portable Executable file! More specifically, it is a Win32 EXE file for the Windows GUI subsystem.
FileVersionInfo properties
Copyright
Copyright © 1991-2005 by Gougelet Pierre-e

Description XnView SlideShow
PE header basic information
Target machine Intel 386 or later processors and compatible processors
Compilation timestamp 2006-03-10 12:20:05
Entry Point 0x000033AF
Number of sections 8
PE sections
Overlays
MD5 966c72d0a6d25a48f2517c0466ce3077
File type data
Offset 338944
Size 649
Entropy 7.68
PE imports
CryptReleaseContext
ReportEventA
RegisterEventSourceA
CryptAcquireContextA
CryptGenRandom
CertEnumCertificatesInStore
CertOpenSystemStoreA
CertCloseStore
GetDeviceCaps
GetObjectA
DeleteDC
CreateDCA
DeleteObject
SelectObject
BitBlt
CreateCompatibleDC
GetBitmapBits
CreateCompatibleBitmap
SetThreadAffinityMask
GetLastError
GetStdHandle
EnterCriticalSection
WaitForSingleObject
GetThreadPriority
SetEvent
QueryPerformanceCounter
GetTickCount
TlsAlloc
VirtualProtect
LoadLibraryA
GlobalHandle
DuplicateHandle
DeleteCriticalSection
LeaveCriticalSection
SetThreadPriority
ReleaseSemaphore
OpenProcess
SetProcessAffinityMask
WaitForMultipleObjects
GetThreadContext
GetCurrentThread
SuspendThread
IsDBCSLeadByteEx
GetTempPathA
QueryPerformanceFrequency
CreateSemaphoreA
GetProcAddress
TlsFree
GetModuleHandleA
FindFirstFileA
SetUnhandledExceptionFilter
lstrcpyA
ResetEvent
lstrcpynA
FindNextFileA
GetSystemDirectoryA
GetVersion
ResumeThread
SetThreadContext
GlobalMemoryStatus
GetProcessAffinityMask
GetTimeZoneInformation
GlobalAlloc
CreateEventA
TlsGetValue
Sleep
TlsSetValue
ExitProcess
GetCurrentThreadId
VirtualQuery
GetModuleHandleExA
SetLastError
CloseHandle
wsprintfA
MessageBoxW
GetDesktopWindow
MessageBoxA
GetUserObjectInformationW
GetProcessWindowStation
timeGetTime
getaddrinfo
htonl
shutdown
accept
ioctlsocket
WSAStartup
freeaddrinfo
connect
getsockname
htons
getnameinfo
select
gethostname
getsockopt
closesocket
ntohl
inet_addr
send
ntohs
WSAGetLastError
listen
__WSAFDIsSet
sendto
WSACleanup
gethostbyname
getpeername
recv
setsockopt
socket
bind
recvfrom
WSAEnumNetworkEvents
WSASetLastError
_lock
_wfindfirst
fclose
_snwprintf
strtoul
fflush
_getpid
strtol
_get_osfhandle
_ftime64
fwrite
fputs
isspace
_close
_exit
__dllonexit
_wfopen
_write
memcpy
strstr
memmove
signal
_mkdir
strcmp
memchr
strncmp
toupper
fgetc
memset
strcat
_stricmp
_setmode
fgets
__pioinfo
strchr
fopen
_wfindnext
fgetpos
fsetpos
ftell
exit
sprintf
_unlink
strcspn
fputc
ferror
gmtime
free
_strnicmp
_fstati64
_stat
_lseeki64
_vsnprintf
putchar
puts
_read
strcpy
bsearch
__mb_cur_max
islower
_initterm
isupper
_ftime
_iob
rand
_putenv
setlocale
realloc
__doserrno
fwprintf
isprint
_setjmp3
_access
printf
_rmdir
strncpy
raise
isalnum
mktime
qsort
_open
_onexit
wcslen
isalpha
putc
memcmp
__setusermatherr
log10
fread
_fdopen
getenv
_stati64
atoi
vfprintf
atof
localeconv
strerror
wcscpy
strrchr
_beginthreadex
strspn
ungetc
localtime
isxdigit
rename
malloc
sscanf
srand
abort
fprintf
strlen
_endthreadex
strncat
_errno
feof
fseek
_findclose
_strdup
_fileno
_amsg_exit
longjmp
tolower
_unlock
calloc
_getch
_filelengthi64
strftime
time
wcsstr
getc
setvbuf
Number of PE resources by type
RT_ICON 1
RT_VERSION 1
RT_GROUP_ICON 1
Number of PE resources by language
FRENCH 2
FINNISH DEFAULT 1
PE resources
ExifTool file metadata
MIMEType
application/octet-stream

Subsystem
Windows GUI

MachineType
Intel 386 or later, and compatibles

TimeStamp
2006:03:10 13:20:05+01:00

FileType
Win32 EXE

PEType
PE32

CodeSize
69632

LinkerVersion
2.23

FileTypeExtension
exe

InitializedDataSize
339456

SubsystemVersion
4.0

EntryPoint
0x33af

OSVersion
4.0

ImageVersion
1.0

UninitializedDataSize
16384

File identification
MD5 ac195bb515b7c7e45a0bd7e066a8e7f0
SHA1 92ce551163deb959c836d35c405bb7cd459163d5
SHA256 62d9a657d2bab028c2ba6b907ee36bdb42d682e0767528621d439ddca97f5fab
ssdeep
6144:rTlX2afUVMJnGGYONpiG/rpdOpMvh6EEpv6UIFcqiWEiHUpl:nlX2afBFOyXbaqigUv

authentihash b4c087d1424acb476afd344c189182f014ced5946048c3ab96b7856914b9ca7a
imphash a7b4799da9653208616da857a108655c
File size 331.6 KB ( 339593 bytes )
File type Win32 EXE
Magic literal
PE32 executable for MS Windows (GUI) Intel 80386 32-bit

TrID Win32 Executable MS Visual C++ (generic) (67.3%)
Win32 Dynamic Link Library (generic) (14.1%)
Win32 Executable (generic) (9.7%)
Generic Win/DOS Executable (4.3%)
DOS Executable Generic (4.3%)
Tags
peexe overlay

VirusTotal metadata
First submission 2017-02-03 06:54:10 UTC ( 2 years, 2 months ago )
Last submission 2017-07-28 14:54:47 UTC ( 1 year, 9 months ago )
File names ac195bb515b7c7e45a0bd7e066a8e7f0.virobj
2.bin
62d9a657d2bab028c2ba6b907ee36bdb42d682e0767528621d439ddca97f5fab.bin
Advanced heuristic and reputation engines
No comments. No VirusTotal Community member has commented on this item yet, be the first one to do so!

Leave your comment...

?
Post comment

You have not signed in. Only registered users can leave comments, sign in and have a voice!

No votes. No one has voted on this item yet, be the first one to do so!
Condensed report! The following is a condensed report of the behaviour of the file when executed in a controlled environment. The actions and events described were either performed by the file itself or by any other process launched by the executed file or subjected to code injection by the executed file.
Opened files
Created processes
Terminated processes
Opened mutexes
Runtime DLLs
UDP communications