× Cookies are disabled! This site requires cookies to be enabled to work properly
SHA256: 68cd7054961daf31214cd222db368ec8f1ef31be9c65ea3cc72af2dcff0e259d
File name: cb36f7b66e56fa3445f8d9a74cce62ca
Detection ratio: 9 / 59
Analysis date: 2017-02-28 20:23:29 UTC ( 2 years, 1 month ago ) View latest
Antivirus Result Update
Baidu Win32.Trojan.WisdomEyes.16070401.9500.9999 20170228
Bkav HW32.Packed.3ACF 20170228
CrowdStrike Falcon (ML) malicious_confidence_100% (D) 20170130
Endgame malicious (high confidence) 20170222
ESET-NOD32 a variant of Win32/Kryptik.FORI 20170228
Sophos ML backdoor.win32.qakbot.t 20170203
Microsoft Backdoor:Win32/Qakbot.T 20170228
Qihoo-360 HEUR/QVM20.1.0000.Malware.Gen 20170228
Symantec ML.Attribute.HighConfidence 20170228
Ad-Aware 20170228
AegisLab 20170228
AhnLab-V3 20170228
Alibaba 20170228
ALYac 20170228
Antiy-AVL 20170228
Arcabit 20170228
Avast 20170228
AVG 20170228
Avira (no cloud) 20170228
AVware 20170228
BitDefender 20170228
CAT-QuickHeal 20170228
ClamAV 20170228
CMC 20170228
Comodo 20170228
Cyren 20170228
DrWeb 20170228
Emsisoft 20170228
F-Prot 20170228
F-Secure 20170228
Fortinet 20170228
GData 20170228
Ikarus 20170228
Jiangmin 20170228
K7AntiVirus 20170228
K7GW 20170228
Kaspersky 20170228
Kingsoft 20170228
Malwarebytes 20170228
McAfee 20170228
McAfee-GW-Edition 20170228
eScan 20170228
NANO-Antivirus 20170228
nProtect 20170228
Panda 20170228
Rising 20170228
Sophos AV 20170228
SUPERAntiSpyware 20170228
Tencent 20170228
TheHacker 20170228
TotalDefense 20170228
TrendMicro 20170228
TrendMicro-HouseCall 20170228
Trustlook 20170228
VBA32 20170228
VIPRE 20170228
ViRobot 20170228
Webroot 20170228
WhiteArmor 20170222
Yandex 20170225
Zillya 20170228
Zoner 20170228
The file being studied is a Portable Executable file! More specifically, it is a Win32 EXE file for the Windows command line subsystem.
PE header basic information
Target machine Intel 386 or later processors and compatible processors
Compilation timestamp 2017-02-22 09:19:59
Entry Point 0x00004EC0
Number of sections 3
PE sections
PE imports
SetDIBits
SetICMProfileA
ResizePalette
FillRgn
UpdateColors
TranslateCharsetInfo
LineTo
SetDCPenColor
GetTextExtentExPointI
GetCharWidthI
GetObjectW
GetCharacterPlacementA
GetCurrentObject
CreateEnhMetaFileW
FrameRgn
SetArcDirection
CreateEnhMetaFileA
GetEnhMetaFileBits
GetTextCharacterExtra
PolyBezier
GetKerningPairsW
AddFontResourceExA
CreateColorSpaceA
SetPolyFillMode
RealizePalette
BeginPath
SetRectRgn
FreeLibrary
GetLastError
FindAtomW
RaiseException
LocalAlloc
LocalFree
InterlockedExchange
LoadLibraryA
GetProcAddress
EnumerateSecurityPackagesA
CompleteAuthToken
AcquireCredentialsHandleA
InitializeSecurityContextW
AcceptSecurityContext
QueryContextAttributesA
QueryContextAttributesW
QueryCredentialsAttributesW
QuerySecurityPackageInfoW
EnumerateSecurityPackagesW
ImportSecurityContextW
DecryptMessage
ExportSecurityContext
InitSecurityInterfaceW
FreeCredentialsHandle
CoFileTimeNow
OleLockRunning
CoFreeUnusedLibraries
SNB_UserSize
CreateClassMoniker
CoRegisterSurrogate
OleConvertOLESTREAMToIStorage
GetHGlobalFromILockBytes
GetConvertStg
CoResumeClassObjects
OleGetClipboard
CoIsOle1Class
CoGetClassObject
SNB_UserMarshal
CoQueryProxyBlanket
OleLoadFromStream
OleCreateLinkFromDataEx
HGLOBAL_UserSize
OleCreate
CoInitializeSecurity
CoFreeAllLibraries
OleSetMenuDescriptor
CoReleaseServerProcess
OleCreateLinkToFileEx
PdhGetDataSourceTimeRangeA
PdhComputeCounterStatistics
PdhGetCounterInfoW
PdhMakeCounterPathW
PdhLookupPerfIndexByNameA
PdhParseInstanceNameW
ExifTool file metadata
MIMEType
application/octet-stream

Subsystem
Windows command line

MachineType
Intel 386 or later, and compatibles

FileTypeExtension
exe

TimeStamp
2017:02:22 10:19:59+01:00

FileType
Win32 EXE

PEType
PE32

CodeSize
270336

LinkerVersion
8.0

ImageFileCharacteristics
No relocs, Executable, 32-bit

EntryPoint
0x4ec0

InitializedDataSize
253952

SubsystemVersion
4.0

ImageVersion
0.0

OSVersion
4.0

UninitializedDataSize
0

File identification
MD5 cb36f7b66e56fa3445f8d9a74cce62ca
SHA1 1756ad4681086d745f9d71483fe5fb4f44619148
SHA256 68cd7054961daf31214cd222db368ec8f1ef31be9c65ea3cc72af2dcff0e259d
ssdeep
12288:E4hQcx+cWGWxnpNO5mJkpNvn0bhzKemV:DlxgGgpNOw4Nv0Veem

authentihash 1870c8550ceee166caa14e9632bb283e74159df6e5bef00a6e60193f2a816752
imphash 0eb668d784f684f431086b6189b9863f
File size 516.0 KB ( 528384 bytes )
File type Win32 EXE
Magic literal
PE32 executable for MS Windows (console) Intel 80386 32-bit

TrID Win32 Executable (generic) (35.8%)
OS/2 Executable (generic) (16.1%)
Clipper DOS Executable (16.0%)
Generic Win/DOS Executable (15.9%)
DOS Executable Generic (15.8%)
Tags
peexe

VirusTotal metadata
First submission 2017-02-28 20:23:29 UTC ( 2 years, 1 month ago )
Last submission 2018-11-07 15:53:37 UTC ( 5 months, 2 weeks ago )
No comments. No VirusTotal Community member has commented on this item yet, be the first one to do so!

Leave your comment...

?
Post comment

You have not signed in. Only registered users can leave comments, sign in and have a voice!

No votes. No one has voted on this item yet, be the first one to do so!
Condensed report! The following is a condensed report of the behaviour of the file when executed in a controlled environment. The actions and events described were either performed by the file itself or by any other process launched by the executed file or subjected to code injection by the executed file.
Opened files
Read files
Written files
Created processes
Shell commands
Created mutexes
Opened mutexes
Runtime DLLs
UDP communications