× Cookies are disabled! This site requires cookies to be enabled to work properly
SHA256: 66231da8f5b465d590b0b4b63bbfe2029677e864b25c48a26a22d919457b9aba
File name: 66231da8f5b465d590b0b4b63bbfe2029677e864b25c48a26a22d919457b9aba
Detection ratio: 26 / 57
Analysis date: 2016-05-26 22:39:02 UTC ( 2 years, 10 months ago ) View latest
Antivirus Result Update
Ad-Aware Gen:Variant.Razy.59626 20160526
AegisLab Troj.Dropper.W32.Agent.lj6w 20160526
ALYac Gen:Variant.Razy.59626 20160526
Arcabit Trojan.Razy.DE8EA 20160526
Avast Win32:Malware-gen 20160526
Avira (no cloud) TR/Crypt.ZPACK.rhjz 20160526
Baidu Win32.Trojan.WisdomEyes.151026.9950.10000 20160526
BitDefender Gen:Variant.Razy.59626 20160526
Cyren W32/Trojan.XARY-2073 20160526
Emsisoft Gen:Variant.Razy.59626 (B) 20160526
ESET-NOD32 Win32/TrojanDownloader.Agent.CFH 20160526
F-Secure Gen:Variant.Razy.59626 20160526
Fortinet W32/Agent.CFH!tr 20160526
GData Gen:Variant.Razy.59626 20160526
K7GW Hacktool ( 655367771 ) 20160526
Kaspersky Trojan.Win32.Agent.nevlpt 20160526
Malwarebytes Trojan.MalPack 20160526
McAfee Artemis!6D2C79ADC7FD 20160526
McAfee-GW-Edition BehavesLike.Win32.Backdoor.cc 20160526
eScan Gen:Variant.Razy.59626 20160526
Panda Trj/Genetic.gen 20160526
Qihoo-360 QVM20.1.Malware.Gen 20160526
Rising Malware.Generic!d9ncETwBluT@2 (Thunder) 20160526
Sophos AV Mal/Generic-S 20160526
Symantec Trojan Horse 20160526
Tencent Win32.Trojan-downloader.Agent.Wpjw 20160526
AhnLab-V3 20160526
Alibaba 20160526
Antiy-AVL 20160526
AVG 20160526
AVware 20160526
Baidu-International 20160526
Bkav 20160526
CAT-QuickHeal 20160526
ClamAV 20160526
CMC 20160523
Comodo 20160526
DrWeb 20160526
F-Prot 20160526
Ikarus 20160526
Jiangmin 20160526
K7AntiVirus 20160526
Kingsoft 20160526
Microsoft 20160526
NANO-Antivirus 20160526
nProtect 20160526
SUPERAntiSpyware 20160526
TheHacker 20160526
TotalDefense 20160526
TrendMicro 20160526
TrendMicro-HouseCall 20160526
VBA32 20160525
VIPRE 20160526
ViRobot 20160526
Yandex 20160526
Zillya 20160526
Zoner 20160526
The file being studied is a Portable Executable file! More specifically, it is a Win32 EXE file for the Windows GUI subsystem.
PE header basic information
Target machine Intel 386 or later processors and compatible processors
Compilation timestamp 2012-07-14 09:45:49
Entry Point 0x000189A0
Number of sections 4
PE sections
PE imports
AuthzInitializeContextFromSid
AuthzFreeResourceManager
AuthzAddSidsToContext
AuthzFreeAuditEvent
AuthzFreeContext
ReplaceFileA
CreateHardLinkA
CopyFileA
WaitForSingleObjectEx
GetSystemDirectoryA
GetStartupInfoA
lstrcatA
CreateDirectoryA
lstrlenW
TlsGetValue
DeleteFileW
DefineDosDeviceA
GetFileTime
CompareStringW
GetModuleHandleA
GetDiskFreeSpaceW
ReadFile
WriteFile
CloseHandle
FindNextFileA
GetACP
HeapReAlloc
MoveFileExA
GetProcAddress
GetLongPathNameW
GetExpandedNameW
GetNumberFormatA
OpenEventW
GetLogicalDriveStringsW
InterlockedDecrement
MoveFileW
CreateFileA
GetTickCount
GetVersion
OpenSemaphoreW
WriteConsoleW
OpenJobObjectA
WTSEnumerateSessionsA
WTSSetUserConfigA
WTSSetSessionInformationA
WTSUnRegisterSessionNotification
WTSQueryUserToken
WTSVirtualChannelWrite
WTSVirtualChannelRead
WTSVirtualChannelPurgeInput
WTSCloseServer
WTSRegisterSessionNotification
WTSLogoffSession
WTSFreeMemory
WTSEnumerateProcessesA
WTSWaitSystemEvent
Number of PE resources by type
RT_DIALOG 4
RT_RCDATA 1
RT_VERSION 1
Number of PE resources by language
NEUTRAL 6
PE resources
Debug information
ExifTool file metadata
MIMEType
application/octet-stream

Subsystem
Windows GUI

MachineType
Intel 386 or later, and compatibles

FileTypeExtension
exe

TimeStamp
2012:07:14 10:45:49+01:00

FileType
Win32 EXE

PEType
PE32

CodeSize
117248

LinkerVersion
6.0

Warning
Possibly corrupt Version resource

EntryPoint
0x189a0

InitializedDataSize
9728

SubsystemVersion
4.0

ImageVersion
0.0

OSVersion
4.0

UninitializedDataSize
0

File identification
MD5 6d2c79adc7fda0f34bff2b2e8d61e16d
SHA1 71006bb29998d9a2fbb0638131a8c6b92589457b
SHA256 66231da8f5b465d590b0b4b63bbfe2029677e864b25c48a26a22d919457b9aba
ssdeep
3072:KrvLOU+oi6bTqIGJK6vfX2GAkgxfoSftrKXhDww4:ENfBbeIGJdA3WSgXhk

authentihash 07a8e16dc0b46e22f96876d7cd89078b7e10adf7362cad9cc0308d2fcd70f14a
imphash 4b42b11de784ef96cdf0eb056694347e
File size 125.0 KB ( 128000 bytes )
File type Win32 EXE
Magic literal
PE32 executable for MS Windows (GUI) Intel 80386 32-bit

TrID Win32 Executable (generic) (52.9%)
Generic Win/DOS Executable (23.5%)
DOS Executable Generic (23.5%)
Tags
peexe

VirusTotal metadata
First submission 2016-05-26 22:39:02 UTC ( 2 years, 10 months ago )
Last submission 2016-09-12 08:32:24 UTC ( 2 years, 6 months ago )
No comments. No VirusTotal Community member has commented on this item yet, be the first one to do so!

Leave your comment...

?
Post comment

You have not signed in. Only registered users can leave comments, sign in and have a voice!

No votes. No one has voted on this item yet, be the first one to do so!
Condensed report! The following is a condensed report of the behaviour of the file when executed in a controlled environment. The actions and events described were either performed by the file itself or by any other process launched by the executed file or subjected to code injection by the executed file.
Opened files
Read files
Written files
Deleted files
Created processes
Code injections in the following processes
Created mutexes
Opened mutexes
Opened service managers
Opened services
Runtime DLLs
HTTP requests
DNS requests
TCP connections
UDP communications