× Cookies are disabled! This site requires cookies to be enabled to work properly
SHA256: 6307a60f2ada31c9bea047d116e5831acdd58e74a30eb59e8cf67121f4912355
File name: 458_11_07_2016_15_34_40_inst.exe.malware.MRG
Detection ratio: 44 / 57
Analysis date: 2016-12-11 17:23:52 UTC ( 2 years, 4 months ago ) View latest
Antivirus Result Update
Ad-Aware Trojan.GenericKD.3815855 20161211
AegisLab Heur.Advml.Gen!c 20161211
AhnLab-V3 Trojan/Win32.Banker.C1695776 20161211
ALYac Spyware.PWS.KRBanker.acu 20161211
Arcabit Trojan.Generic.D3A39AF 20161211
Avast Win32:Malware-gen 20161211
AVG Generic38.ABUH 20161211
Avira (no cloud) TR/Vawtrak.cdif 20161211
AVware Trojan.Win32.Generic!BT 20161211
Baidu Win32.Trojan.WisdomEyes.16070401.9500.9999 20161207
BitDefender Trojan.GenericKD.3815855 20161211
CAT-QuickHeal TrojanBanker.Neverquest2 20161210
ClamAV Win.Trojan.Generic-7301 20161211
Comodo UnclassifiedMalware 20161211
CrowdStrike Falcon (ML) malicious_confidence_89% (W) 20161024
Cyren W32/Vawtrak.JWSL-7434 20161211
Emsisoft Trojan.GenericKD.3815855 (B) 20161211
ESET-NOD32 Win32/PSW.Papras.EJ 20161211
F-Prot W32/Vawtrak.BP 20161211
F-Secure Trojan.GenericKD.3815855 20161211
Fortinet W32/Papras.EJ!tr.bdr 20161211
GData Trojan.GenericKD.3815855 20161211
Ikarus Trojan.Win32.PSW 20161211
Sophos ML backdoor.win32.vawtrak.o 20161202
Jiangmin Trojan.Banker.Neverquest2.ez 20161210
K7AntiVirus Password-Stealer ( 004cd4f51 ) 20161211
K7GW Password-Stealer ( 004cd4f51 ) 20161211
Kaspersky Trojan-Banker.Win32.Neverquest2.abo 20161211
Malwarebytes Backdoor.VawTrak 20161211
McAfee RDN/PWS-Banker 20161211
McAfee-GW-Edition RDN/PWS-Banker 20161211
Microsoft Backdoor:Win32/Vawtrak.E 20161211
eScan Trojan.GenericKD.3815855 20161211
NANO-Antivirus Trojan.Win32.Papras.ejjdyb 20161211
Panda Generic Malware 20161211
Qihoo-360 HEUR/QVM20.1.A031.Malware.Gen 20161211
Rising Stealer.Papras!8.132-ban19R10FrM (cloud) 20161211
Sophos AV Troj/Vawtrak-HX 20161211
Symantec Trojan.Snifula.F 20161211
TrendMicro BKDR_VAWTRAK.YUYLL 20161211
TrendMicro-HouseCall BKDR_VAWTRAK.YUYLL 20161211
VIPRE Trojan.Win32.Generic!BT 20161211
ViRobot Trojan.Win32.S.Banker.214528[h] 20161211
Yandex Trojan.PWS.Neverquest2! 20161210
Alibaba 20161211
Antiy-AVL 20161211
Bkav 20161210
CMC 20161211
DrWeb 20161211
Kingsoft 20161211
nProtect 20161211
SUPERAntiSpyware 20161211
Tencent 20161211
TheHacker 20161130
TotalDefense 20161211
Trustlook 20161211
VBA32 20161209
WhiteArmor 20161207
Zillya 20161210
Zoner 20161211
The file being studied is a Portable Executable file! More specifically, it is a Win32 EXE file for the Windows GUI subsystem.
FileVersionInfo properties
Copyright
Copyright (C) 2015 Baidu, Inc. All rights reserved.

Product Baidu PC Faster
Internal name Baidu PC Faster
File version 5,1,3,126471
Description Facebook Repair
PE header basic information
Target machine Intel 386 or later processors and compatible processors
Compilation timestamp 2015-08-06 04:49:39
Entry Point 0x0000648A
Number of sections 8
PE sections
PE imports
GetStockObject
GetSystemTime
GetLastError
WriteConsoleInputVDMA
TerminateThread
WriteConsoleInputA
GetExitCodeProcess
CreateTimerQueue
IsDebuggerPresent
DebugBreak
CallNamedPipeA
VirtualProtect
lstrcmpiW
LoadLibraryA
VerifyVersionInfoW
GetCurrentProcess
GetDateFormatA
GetWindowsDirectoryW
SetThreadPriority
AddAtomA
CreateDirectoryA
GetWindowsDirectoryA
EnumSystemLocalesW
SetProcessAffinityMask
CancelIo
GetCurrentThread
SuspendThread
CreateHardLinkA
WideCharToMultiByte
GetModuleHandleA
IsSystemResumeAutomatic
GetDiskFreeSpaceW
GlobalAddAtomA
FindResourceExW
DeleteAtom
GetTimeFormatA
IsProcessorFeaturePresent
GetCompressedFileSizeA
GetSystemTimes
SetThreadIdealProcessor
MoveFileExA
GetBinaryTypeA
GetCurrentDirectoryW
BuildCommDCBAndTimeoutsA
GetCommState
GetBinaryTypeW
RemoveLocalAlternateComputerNameW
Sleep
SetMailslotInfo
GetLocaleInfoW
GetCurrencyFormatW
CreateHardLinkW
CharPrevA
AnimateWindow
IntersectRect
SetMenuItemBitmaps
DlgDirListComboBoxW
SetClassLongW
BroadcastSystemMessageA
GetClassInfoExA
RegisterClassExW
GetShellWindow
FlashWindow
FlashWindowEx
SetClipboardViewer
GetClipboardViewer
HiliteMenuItem
MessageBoxW
GetWindowRect
InflateRect
BroadcastSystemMessageExA
MoveWindow
DdeKeepStringHandle
GetClipboardFormatNameW
RegisterDeviceNotificationW
FillRect
LoadCursorFromFileW
GetWindow
GetSysColor
SetActiveWindow
SetScrollInfo
RegisterClassExA
ReleaseDC
DdeInitializeA
LoadMenuA
GetIconInfo
LoadStringA
GetClassLongW
PtInRect
GetSystemMetrics
IsWindowEnabled
UnionRect
GetThreadDesktop
GetAltTabInfoW
LoadAcceleratorsA
FindWindowExA
LoadCursorA
LoadIconA
LoadStringW
GetKeyboardLayout
TranslateAcceleratorA
GetRawInputBuffer
GetFocus
GetTabbedTextExtentW
GetActiveWindow
CharNextW
GetMenuItemInfoW
SCardListInterfacesW
SCardForgetReaderW
SCardAddReaderToGroupW
SCardLocateCardsA
SCardRemoveReaderFromGroupA
SCardGetAttrib
SCardGetStatusChangeW
SCardForgetCardTypeW
SCardLocateCardsByATRA
SCardState
SCardGetCardTypeProviderNameW
SCardGetProviderIdW
SCardIsValidContext
SCardListInterfacesA
SCardReleaseContext
SCardListCardsW
SCardReleaseStartedEvent
SCardListReaderGroupsW
Number of PE resources by type
RT_ICON 4
RT_GROUP_ICON 2
RT_VERSION 1
Number of PE resources by language
ENGLISH US 7
PE resources
ExifTool file metadata
SubsystemVersion
6.0

InitializedDataSize
173568

ImageVersion
0.0

ProductName
Baidu PC Faster

FileVersionNumber
5.1.3.60935

UninitializedDataSize
0

LanguageCode
English (U.S.)

FileFlagsMask
0x003f

ImageFileCharacteristics
No relocs, Executable, 32-bit

CharacterSet
Unicode

LinkerVersion
12.0

FileTypeExtension
exe

MIMEType
application/octet-stream

Subsystem
Windows GUI

FileVersion
5,1,3,126471

TimeStamp
2015:08:06 05:49:39+01:00

FileType
Win32 EXE

PEType
PE32

InternalName
Baidu PC Faster

ProductVersion
5,1,3,126471

FileDescription
Facebook Repair

OSVersion
6.0

FileOS
Win32

LegalCopyright
Copyright (C) 2015 Baidu, Inc. All rights reserved.

MachineType
Intel 386 or later, and compatibles

CompanyName
Baidu, Inc.

CodeSize
27648

FileSubtype
0

ProductVersionNumber
5.1.3.60935

EntryPoint
0x648a

ObjectFileType
Dynamic link library

Compressed bundles
File identification
MD5 9b4bbc8f7f9bfbbbf102ce01fe47e70d
SHA1 b47abf0283be9dfce50793e4653bb8af38d46a93
SHA256 6307a60f2ada31c9bea047d116e5831acdd58e74a30eb59e8cf67121f4912355
ssdeep
3072:Bpg8kcQmmZzeH3/OGHiKFAefrD61Ig45Fy9aQANk:Bpg8jHWGHb6ef6yfGa3

authentihash cf2c2ec0dfaac682f4941c21a5eb3543b5587b4a78c26122e1820937f39994da
imphash 68f54710cb8d20d8e087f8f4517d4b7f
File size 209.5 KB ( 214528 bytes )
File type Win32 EXE
Magic literal
PE32 executable for MS Windows (GUI) Intel 80386 32-bit

TrID Win32 Executable MS Visual C++ (generic) (41.0%)
Win64 Executable (generic) (36.3%)
Win32 Dynamic Link Library (generic) (8.6%)
Win32 Executable (generic) (5.9%)
OS/2 Executable (generic) (2.6%)
Tags
peexe

VirusTotal metadata
First submission 2016-12-05 15:44:23 UTC ( 2 years, 4 months ago )
Last submission 2017-08-21 18:16:27 UTC ( 1 year, 8 months ago )
File names inst.exe
b47abf0283be9dfce50793e4653bb8af38d46a93
B47ABF0283BE9DFCE50793E4653BB8AF38D46A93.dat
abc8cb9ca35161f5e7822ab6204b0e02
Baidu PC Faster
inst.com
Padve.exe
output.104739074.txt
Xihze.exe
6307a60f2ada31c9bea047d116e5831acdd58e74a30eb59e8cf67121f4912355
Feblit.exe
458_11_07_2016_15_34_40_inst.exe.malware.MRG
b47abf0283be9dfce50793e4653bb8af38d46a93.exe
9b4bbc8f7f9bfbbbf102ce01fe47e70d.exe
994c3187447f13d195a79838ced46111
b47abf0283be9dfce50793e4653bb8af38d46a93
No comments. No VirusTotal Community member has commented on this item yet, be the first one to do so!

Leave your comment...

?
Post comment

You have not signed in. Only registered users can leave comments, sign in and have a voice!

No votes. No one has voted on this item yet, be the first one to do so!