× Cookies are disabled! This site requires cookies to be enabled to work properly
SHA256: 67413610f4c68457cf66cf4bfb4c405a57b9e0bab14b9c8bce8044456514eb9b
File name: n.gif
Detection ratio: 40 / 56
Analysis date: 2016-09-07 13:09:49 UTC ( 2 years, 6 months ago ) View latest
Antivirus Result Update
Ad-Aware Gen:Variant.Zusy.204900 20160907
AegisLab Backdoor.W32.Ruskill!c 20160907
AhnLab-V3 Trojan/Win32.Upbot.N2094697646 20160907
ALYac Gen:Variant.Zusy.204900 20160907
Antiy-AVL Trojan[Backdoor]/Win32.Ruskill 20160907
Arcabit Trojan.Zusy.D32064 20160907
Avast Win32:Dropper-gen [Drp] 20160907
AVG Generic37.COOD 20160907
Avira (no cloud) TR/Crypt.Xpack.otyw 20160907
AVware Trojan.Win32.Generic!BT 20160907
BitDefender Gen:Variant.Zusy.204900 20160907
Bkav W32.TocerydLTF.Trojan 20160907
Cyren W32/Trojan.ZCZG-0294 20160907
Emsisoft Gen:Variant.Zusy.204900 (B) 20160907
ESET-NOD32 Win32/Dorkbot.B 20160907
F-Secure Gen:Variant.Zusy.204900 20160907
Fortinet W32/Ruskill.ADJC!tr.bdr 20160907
GData Gen:Variant.Zusy.204900 20160907
Ikarus Worm.Win32.Dorkbot 20160907
Jiangmin TrojanProxy.Lethic.ua 20160907
K7AntiVirus Trojan ( 0001589d1 ) 20160907
K7GW Trojan ( 0001589d1 ) 20160907
Kaspersky Backdoor.Win32.Ruskill.adjc 20160907
Malwarebytes Backdoor.Andromeda 20160907
McAfee RDN/Generic.grp 20160907
McAfee-GW-Edition BehavesLike.Win32.GameVance.fh 20160907
Microsoft Worm:Win32/Dorkbot 20160907
eScan Gen:Variant.Zusy.204900 20160907
nProtect Backdoor/W32.Ruskill.322048 20160907
Panda Trj/CI.A 20160907
Rising Backdoor.Ruskill!8.6FD-xMHEKUYDIZH (cloud) 20160907
Sophos AV Mal/Generic-S 20160907
Symantec Heur.AdvML.C 20160907
Tencent Win32.Backdoor.Ruskill.Pijw 20160907
TrendMicro WORM_DORKBOT.XXTJ 20160907
TrendMicro-HouseCall WORM_DORKBOT.XXTJ 20160907
VBA32 Worm.Ngrbot 20160907
VIPRE Trojan.Win32.Generic!BT 20160907
ViRobot Trojan.Win32.Z.Mikey.322048[h] 20160907
Yandex Backdoor.Ruskill!W7FCVdrvKPE 20160907
Alibaba 20160907
Baidu 20160907
CAT-QuickHeal 20160907
ClamAV 20160907
CMC 20160907
Comodo 20160907
DrWeb 20160907
F-Prot 20160907
Sophos ML 20160830
Kingsoft 20160907
NANO-Antivirus 20160907
Qihoo-360 20160907
SUPERAntiSpyware 20160907
TheHacker 20160905
TotalDefense 20160907
Zillya 20160907
Zoner 20160907
The file being studied is a Portable Executable file! More specifically, it is a Win32 EXE file for the Windows GUI subsystem.
PE header basic information
Target machine Intel 386 or later processors and compatible processors
Compilation timestamp 2016-09-01 08:06:59
Entry Point 0x00003AE7
Number of sections 4
PE sections
PE imports
GetLastError
InterlockedDecrement
HeapFree
GetStdHandle
EnterCriticalSection
LCMapStringW
ReadFile
SetHandleCount
lstrlenA
GetConsoleCP
GetOEMCP
LCMapStringA
TlsSetValue
IsDebuggerPresent
HeapAlloc
TlsAlloc
FlushFileBuffers
GetEnvironmentStringsW
GetVersionExA
GetModuleFileNameA
GlobalHandle
RtlUnwind
LoadLibraryA
WinExec
FreeEnvironmentStringsA
OpenFile
GetStartupInfoA
GetEnvironmentStrings
GetConsoleMode
GetLocaleInfoA
InterlockedIncrement
GetConsoleOutputCP
WriteConsoleW
DeleteFileA
GetWindowsDirectoryA
UnhandledExceptionFilter
TlsGetValue
MultiByteToWideChar
HeapSize
GetTickCount
FreeEnvironmentStringsW
GetCPInfo
GetCommandLineA
GetProcAddress
TlsFree
GetProcessHeap
SetStdHandle
SetFilePointer
WideCharToMultiByte
GetStringTypeA
GetModuleHandleA
DeleteCriticalSection
FindFirstFileA
SetUnhandledExceptionFilter
WriteFile
GetCurrentProcess
CloseHandle
GetSystemTimeAsFileTime
GetACP
HeapReAlloc
GetStringTypeW
HeapDestroy
FreeLibrary
TerminateProcess
QueryPerformanceCounter
WriteConsoleA
FreeUserPhysicalPages
InitializeCriticalSection
HeapCreate
GlobalAlloc
VirtualFree
FindClose
CopyFileA
Sleep
GetFileType
SetEndOfFile
SetThreadPriority
CreateFileA
ExitProcess
GetCurrentThreadId
LeaveCriticalSection
VirtualAlloc
GetCurrentProcessId
SetLastError
MulDiv
ExifTool file metadata
MIMEType
application/octet-stream

Subsystem
Windows GUI

MachineType
Intel 386 or later, and compatibles

TimeStamp
2016:09:01 09:06:59+01:00

FileType
Win32 EXE

PEType
PE32

CodeSize
48128

LinkerVersion
9.0

FileTypeExtension
exe

InitializedDataSize
272896

SubsystemVersion
5.0

EntryPoint
0x3ae7

OSVersion
5.0

ImageVersion
0.0

UninitializedDataSize
0

File identification
MD5 bd8805cadfd7097b1a55ce105280de23
SHA1 e40fb47e81cb6ad036c33071c3d07aaf7ff24fa8
SHA256 67413610f4c68457cf66cf4bfb4c405a57b9e0bab14b9c8bce8044456514eb9b
ssdeep
6144:grvIVDfETb45F7SR6nGc8PIt6gRIZqPiA1iXBYpuSAaLn:qglsTk1So6whfPCXypuS1Ln

authentihash 48af06678035dcbb2632233afcc9304494b67e8270b568d1d85e7900a29ba31e
imphash 54cc607dfe23ac605abafe9c505b02ef
File size 314.5 KB ( 322048 bytes )
File type Win32 EXE
Magic literal
PE32 executable for MS Windows (GUI) Intel 80386 32-bit

TrID Win32 Executable MS Visual C++ (generic) (41.0%)
Win64 Executable (generic) (36.3%)
Win32 Dynamic Link Library (generic) (8.6%)
Win32 Executable (generic) (5.9%)
OS/2 Executable (generic) (2.6%)
Tags
peexe

VirusTotal metadata
First submission 2016-09-02 06:34:07 UTC ( 2 years, 6 months ago )
Last submission 2018-05-13 17:55:15 UTC ( 10 months, 1 week ago )
File names Whbeba.ex_
Explorer.exe
MKuswlc.exe
nsTlyaY.exe
Wygqgm.exe
updater.exe
MSLzRlg.exe
bkj4d.exe
updater.exe
Explorer.ex_
twiwip.exe
n.gif
updater.exe
Updater.exe
Updater.exe
z4yrn.exe
updater.exe
updater.exe
updater.exe
3weef.exe
api1.gif
n.gif
bllalb.exe
updater.exe
No comments. No VirusTotal Community member has commented on this item yet, be the first one to do so!

Leave your comment...

?
Post comment

You have not signed in. Only registered users can leave comments, sign in and have a voice!

No votes. No one has voted on this item yet, be the first one to do so!
Condensed report! The following is a condensed report of the behaviour of the file when executed in a controlled environment. The actions and events described were either performed by the file itself or by any other process launched by the executed file or subjected to code injection by the executed file.
Opened files
Created processes
Code injections in the following processes
Created mutexes
Opened mutexes
Runtime DLLs