× Cookies are disabled! This site requires cookies to be enabled to work properly
SHA256: 6821cc612c547553d5527ed7b8f64582cbafe7845cfecf6a1ff09a61ac1d6c04
File name: a437a71f1691b14c3bf83164bcf02d70.virus
Detection ratio: 30 / 57
Analysis date: 2016-09-18 09:08:10 UTC ( 2 years, 5 months ago ) View latest
Antivirus Result Update
Ad-Aware Trojan.GenericKD.3528129 20160918
Arcabit Trojan.Generic.D35D5C1 20160917
AVG Crypt6.AEP 20160918
AVware Trojan.Win32.Generic!BT 20160918
Baidu Win32.Trojan.WisdomEyes.151026.9950.9999 20160914
BitDefender Trojan.GenericKD.3528129 20160918
Bkav HW32.Packed.ACAA 20160917
CrowdStrike Falcon (ML) malicious_confidence_100% (D) 20160725
Cyren W32/Trojan.FYLT-4493 20160918
DrWeb Trojan.Siggen6.58358 20160918
Emsisoft Trojan.GenericKD.3528129 (B) 20160918
ESET-NOD32 Win32/TrojanDownloader.Agent.CFH 20160918
F-Secure Trojan.GenericKD.3528129 20160918
Fortinet W32/Kryptik.FGFS!tr 20160918
GData Trojan.GenericKD.3528129 20160918
Sophos ML virus.win32.sality.at 20160917
Kaspersky Trojan-Downloader.Win32.Gootkit.wp 20160918
Malwarebytes Trojan.Crypt 20160918
McAfee Trojan-FJQX!A437A71F1691 20160918
McAfee-GW-Edition BehavesLike.Win32.Ransom.cc 20160918
eScan Trojan.GenericKD.3528129 20160918
NANO-Antivirus Trojan.Win32.Agent.egesdi 20160918
Panda Trj/GdSda.A 20160918
Qihoo-360 HEUR/QVM20.1.0000.Malware.Gen 20160918
Rising Malware.Generic!6aukseCqUgU@2 (thunder) 20160918
Symantec Ransom.CryptXXX!g13 20160918
Tencent Win32.Trojan-downloader.Gootkit.Lkdj 20160918
TrendMicro TROJ_GEN.R011C0EIH16 20160918
TrendMicro-HouseCall TROJ_GEN.R011C0EIH16 20160918
VIPRE Trojan.Win32.Generic!BT 20160918
AegisLab 20160918
AhnLab-V3 20160917
Alibaba 20160918
ALYac 20160918
Antiy-AVL 20160918
Avast 20160918
Avira (no cloud) 20160917
CAT-QuickHeal 20160917
ClamAV 20160916
CMC 20160916
Comodo 20160916
F-Prot 20160918
Ikarus 20160918
Jiangmin 20160918
K7AntiVirus 20160918
K7GW 20160918
Kingsoft 20160918
Microsoft 20160918
nProtect 20160918
Sophos AV 20160918
SUPERAntiSpyware 20160918
TheHacker 20160918
VBA32 20160917
ViRobot 20160918
Yandex 20160917
Zillya 20160915
Zoner 20160918
The file being studied is a Portable Executable file! More specifically, it is a Win32 EXE file for the Windows GUI subsystem.
Packers identified
PEiD Ste@lth PE 1.01 -> BGCorp
PE header basic information
Target machine Intel 386 or later processors and compatible processors
Compilation timestamp 2012-07-14 10:54:05
Entry Point 0x00004BB2
Number of sections 3
PE sections
PE imports
AuthzAddSidsToContext
AuthzFreeContext
ReleaseMutex
WaitForSingleObject
GetOEMCP
RemoveDirectoryA
LoadLibraryA
GetCompressedFileSizeA
GetProcAddress
OpenMutexA
lstrcpynW
GetFileTime
SetEndOfFile
GetBinaryTypeW
MapViewOfFile
GetDiskFreeSpaceW
DeleteFileW
GetACP
GetStringTypeW
CreateEventW
GetFullPathNameW
FindResourceA
GetEnvironmentVariableW
InterlockedIncrement
SHGetFileInfoA
ExtractIconA
SHFree
ShellAboutA
DuplicateIcon
ShellMessageBoxA
DllUnregisterServer
SHGetDiskFreeSpaceA
SHGetDataFromIDListA
SHGetDesktopFolder
DragFinish
Number of PE resources by type
RT_RCDATA 10
Number of PE resources by language
NEUTRAL 10
PE resources
Debug information
ExifTool file metadata
MIMEType
application/octet-stream

Subsystem
Windows GUI

MachineType
Intel 386 or later, and compatibles

TimeStamp
2012:07:14 11:54:05+01:00

FileType
Win32 EXE

PEType
PE32

CodeSize
108032

LinkerVersion
7.0

FileTypeExtension
exe

InitializedDataSize
33792

SubsystemVersion
4.0

EntryPoint
0x4bb2

OSVersion
5.1

ImageVersion
5.1

UninitializedDataSize
0

File identification
MD5 a437a71f1691b14c3bf83164bcf02d70
SHA1 c6f7a523b5720b31fe05836b69e0f3485586cb2a
SHA256 6821cc612c547553d5527ed7b8f64582cbafe7845cfecf6a1ff09a61ac1d6c04
ssdeep
3072:KQBCvv4Djj4nVDnlCnGa66qj+J3R8/ysM85:KN3qjjCJkGl2BM31

authentihash 8952a13b0e9c7db64e56d42e52b20046f759bfa1f4e74721ecbf57c1acbac747
imphash 56cec9e217296682979fe15d1410cf8b
File size 139.5 KB ( 142848 bytes )
File type Win32 EXE
Magic literal
PE32 executable for MS Windows (GUI) Intel 80386 32-bit

TrID Win32 Dynamic Link Library (generic) (43.5%)
Win32 Executable (generic) (29.8%)
Generic Win/DOS Executable (13.2%)
DOS Executable Generic (13.2%)
Tags
stealth peexe

VirusTotal metadata
First submission 2016-09-18 09:08:10 UTC ( 2 years, 5 months ago )
Last submission 2016-09-18 09:08:10 UTC ( 2 years, 5 months ago )
File names a437a71f1691b14c3bf83164bcf02d70.virus
No comments. No VirusTotal Community member has commented on this item yet, be the first one to do so!

Leave your comment...

?
Post comment

You have not signed in. Only registered users can leave comments, sign in and have a voice!

No votes. No one has voted on this item yet, be the first one to do so!
Condensed report! The following is a condensed report of the behaviour of the file when executed in a controlled environment. The actions and events described were either performed by the file itself or by any other process launched by the executed file or subjected to code injection by the executed file.
Created processes
Created mutexes
Opened mutexes
Runtime DLLs
DNS requests
UDP communications