× Cookies are disabled! This site requires cookies to be enabled to work properly
SHA256: 65629212d275d625b48a39759bb8745f26101e3e9fe85fb4c857f82f556fa7f3
File name: 11354fa0f1c8f23e86f4903097f4aa1c.virus
Detection ratio: 27 / 57
Analysis date: 2016-06-11 18:42:24 UTC ( 2 years, 10 months ago )
Antivirus Result Update
Ad-Aware Gen:Variant.Zusy.196967 20160611
AegisLab Troj.W32.Gen.lt1a 20160611
ALYac Gen:Variant.Graftor.290119 20160610
Arcabit Trojan.Zusy.D30167 20160611
Avast Win32:Malware-gen 20160611
AVG Crypt5.BPXZ 20160611
Avira (no cloud) TR/Crypt.ZPACK.xglb 20160611
AVware Trojan.Win32.Generic!BT 20160611
BitDefender Gen:Variant.Zusy.196967 20160611
Cyren W32/Trojan.SWTN-0726 20160611
DrWeb Trojan.Siggen6.58358 20160611
Emsisoft Gen:Variant.Zusy.196967 (B) 20160611
ESET-NOD32 a variant of Win32/Kryptik.AHUT 20160611
F-Secure Gen:Variant.Zusy.196967 20160611
Fortinet W32/Kryptik.AHUT!tr 20160611
GData Gen:Variant.Zusy.196967 20160611
Ikarus Trojan.Win32.Crypt 20160611
McAfee-GW-Edition BehavesLike.Win32.PWSZbot.ct 20160611
Microsoft TrojanDownloader:Win32/Talalpek.A 20160611
eScan Gen:Variant.Zusy.196967 20160611
Panda Trj/GdSda.A 20160611
Qihoo-360 HEUR/QVM07.1.0000.Malware.Gen 20160611
Rising Malware.RDM.35!5.29 20160611
Sophos AV Mal/Generic-S 20160611
Symantec Trojan.Gen.2 20160611
TrendMicro TROJ_GEN.R00YC0EFA16 20160611
VIPRE Trojan.Win32.Generic!BT 20160611
AhnLab-V3 20160611
Alibaba 20160608
Antiy-AVL 20160611
Baidu 20160608
Baidu-International 20160606
Bkav 20160611
CAT-QuickHeal 20160611
ClamAV 20160611
CMC 20160607
Comodo 20160611
F-Prot 20160611
Jiangmin 20160611
K7AntiVirus 20160611
K7GW 20160611
Kaspersky 20160611
Kingsoft 20160611
Malwarebytes 20160611
McAfee 20160611
NANO-Antivirus 20160611
nProtect 20160610
SUPERAntiSpyware 20160611
Tencent 20160611
TheHacker 20160610
TotalDefense 20160611
TrendMicro-HouseCall 20160611
VBA32 20160611
ViRobot 20160611
Yandex 20160611
Zillya 20160610
Zoner 20160611
The file being studied is a Portable Executable file! More specifically, it is a Win32 EXE file for the Windows GUI subsystem.
PE header basic information
Target machine Intel 386 or later processors and compatible processors
Compilation timestamp 2016-06-05 19:13:04
Entry Point 0x00026875
Number of sections 4
PE sections
PE imports
GetLastError
HeapFree
GetStdHandle
EnterCriticalSection
SetHandleCount
GetModuleFileNameW
FreeLibrary
HeapDestroy
HeapAlloc
IsBadWritePtr
TlsAlloc
GetEnvironmentStringsW
LoadLibraryA
RtlUnwind
GetModuleFileNameA
FreeEnvironmentStringsA
DeleteCriticalSection
GetCurrentProcess
GetEnvironmentStrings
GetCommandLineW
UnhandledExceptionFilter
MultiByteToWideChar
GetStartupInfoW
FreeEnvironmentStringsW
GetCommandLineA
GetProcAddress
InterlockedCompareExchange
FatalAppExitA
WideCharToMultiByte
TlsFree
GetModuleHandleA
WriteFile
GetStartupInfoA
HeapReAlloc
GetCurrentThreadId
TerminateProcess
InitializeCriticalSection
HeapCreate
VirtualFree
TlsGetValue
GetFileType
TlsSetValue
ExitProcess
GetVersion
GetCurrentThread
VirtualAlloc
SetLastError
LeaveCriticalSection
SHQueryInfoKeyA
GetActiveWindow
SetWindowTextW
ClientToScreen
MessageBeep
ReleaseDC
Number of PE resources by type
RT_STRING 1
Number of PE resources by language
ENGLISH US 1
PE resources
ExifTool file metadata
MIMEType
application/octet-stream

Subsystem
Windows GUI

MachineType
Intel 386 or later, and compatibles

FileTypeExtension
exe

TimeStamp
2016:06:05 20:13:04+01:00

FileType
Win32 EXE

PEType
PE32

CodeSize
167936

LinkerVersion
7.1

EntryPoint
0x26875

InitializedDataSize
16384

SubsystemVersion
4.0

ImageVersion
0.0

OSVersion
4.0

UninitializedDataSize
0

File identification
MD5 11354fa0f1c8f23e86f4903097f4aa1c
SHA1 3dda89be8439dce8033973b11dd230827535fff8
SHA256 65629212d275d625b48a39759bb8745f26101e3e9fe85fb4c857f82f556fa7f3
ssdeep
3072:/L4UBRcDJX1K8PjnLlyvpJrrkYhzACSXuHfL3ariBtyVw5tdRW/gjTX6jESF0Mjt:jzgX1/jnLlyhJHnzNfzar+yVwFY/g/Xa

authentihash db49787fa3a5e58823e2a48c89efd9127e39beb1c5c07b37d131c8b93372a0e5
imphash 97ba1e993664b141b9e303ebeac466a2
File size 184.0 KB ( 188416 bytes )
File type Win32 EXE
Magic literal
PE32 executable for MS Windows (GUI) Intel 80386 32-bit

TrID Win32 Executable MS Visual C++ (generic) (67.4%)
Win32 Dynamic Link Library (generic) (14.2%)
Win32 Executable (generic) (9.7%)
Generic Win/DOS Executable (4.3%)
DOS Executable Generic (4.3%)
Tags
peexe

VirusTotal metadata
First submission 2016-06-11 18:42:24 UTC ( 2 years, 10 months ago )
Last submission 2016-06-11 18:42:24 UTC ( 2 years, 10 months ago )
File names 11354fa0f1c8f23e86f4903097f4aa1c.virus
No comments. No VirusTotal Community member has commented on this item yet, be the first one to do so!

Leave your comment...

?
Post comment

You have not signed in. Only registered users can leave comments, sign in and have a voice!

No votes. No one has voted on this item yet, be the first one to do so!