× Cookies are disabled! This site requires cookies to be enabled to work properly
SHA256: 69d463a2596835345f3dc56a111312f00827d1654726cdf39ad109f427e56305
File name: 8f3b17bf1aa8d68a274c0bccaf21da6f.virus
Detection ratio: 30 / 54
Analysis date: 2016-08-05 18:18:33 UTC ( 2 years, 7 months ago ) View latest
Antivirus Result Update
Ad-Aware Gen:Variant.Symmi.67309 20160805
AhnLab-V3 Malware/Win32.Generic.N2069455130 20160805
ALYac Gen:Variant.Symmi.67309 20160805
Avast Win32:Malware-gen 20160805
AVG Crypt5.CFCJ 20160805
Avira (no cloud) TR/Crypt.ZPACK.qgpe 20160805
AVware Trojan.Win32.Generic!BT 20160805
Baidu Win32.Trojan.WisdomEyes.151026.9950.9999 20160805
BitDefender Gen:Variant.Symmi.67309 20160805
Bkav HW32.Packed.615F 20160805
Cyren W32/Trojan.UCHR-8340 20160805
Emsisoft Gen:Variant.Symmi.67309 (B) 20160805
ESET-NOD32 a variant of Win32/Kryptik.FDNJ 20160805
F-Secure Gen:Variant.Symmi.67309 20160805
Fortinet W32/Kryptik.FDLX!tr 20160805
GData Gen:Variant.Symmi.67309 20160805
Ikarus Trojan.Win32.Crypt 20160805
K7AntiVirus Trojan ( 004f55581 ) 20160805
K7GW Trojan ( 004f55581 ) 20160805
McAfee RDN/Generic.mem 20160805
McAfee-GW-Edition BehavesLike.Win32.Backdoor.cc 20160805
Microsoft PWS:Win32/Zbot 20160805
eScan Gen:Variant.Symmi.67309 20160805
Panda Trj/GdSda.A 20160805
Qihoo-360 QVM20.1.Malware.Gen 20160805
Sophos AV Mal/Elenoocka-E 20160805
Tencent Win32.Trojan.Kryptik.Eckp 20160805
TrendMicro-HouseCall TROJ_GEN.R072H0CH316 20160805
VIPRE Trojan.Win32.Generic!BT 20160805
Yandex Trojan.Kryptik!9v4eAsEOe48 20160805
AegisLab 20160805
Alibaba 20160805
Antiy-AVL 20160805
CAT-QuickHeal 20160805
ClamAV 20160805
CMC 20160804
Comodo 20160805
DrWeb 20160805
F-Prot 20160805
Jiangmin 20160805
Kaspersky 20160805
Kingsoft 20160805
Malwarebytes 20160805
NANO-Antivirus 20160805
nProtect 20160805
SUPERAntiSpyware 20160805
Symantec 20160805
TheHacker 20160804
TotalDefense 20160805
TrendMicro 20160805
VBA32 20160805
ViRobot 20160805
Zillya 20160805
Zoner 20160805
The file being studied is a Portable Executable file! More specifically, it is a Win32 EXE file for the Windows GUI subsystem.
PE header basic information
Target machine Intel 386 or later processors and compatible processors
Compilation timestamp 2012-07-14 10:54:05
Entry Point 0x0002E60C
Number of sections 4
PE sections
PE imports
CheckADsError
CrackName
ReadFile
GetOEMCP
RemoveDirectoryA
WaitForSingleObjectEx
GetStartupInfoA
GetDateFormatA
FileTimeToLocalFileTime
GetFileSize
CreateDirectoryW
DeleteFileW
GetProcAddress
GetStringTypeA
GetProcessHeap
CreateHardLinkA
MoveFileExW
GetModuleHandleA
lstrcpy
WriteFile
CreateMutexW
CloseHandle
GetComputerNameExW
GetSystemDirectoryA
GetBinaryTypeA
GetExpandedNameW
GetNumberFormatA
OpenEventW
WriteConsoleW
InterlockedIncrement
ExtractIconA
StrChrW
DragQueryFileW
SHFree
ShellAboutA
SHUpdateImageA
DuplicateIcon
SHGetDesktopFolder
DragQueryPoint
FindExecutableW
SHFileOperationA
ShellMessageBoxA
ExtractAssociatedIconA
SHGetNewLinkInfoW
SHGetMalloc
DragFinish
SE_IsShimDll
SE_ProcessDying
SE_DllLoaded
SE_InstallBeforeInit
Number of PE resources by type
RT_RCDATA 1
RT_VERSION 1
Number of PE resources by language
ENGLISH US 2
PE resources
Debug information
ExifTool file metadata
MIMEType
application/octet-stream

Subsystem
Windows GUI

MachineType
Intel 386 or later, and compatibles

FileTypeExtension
exe

TimeStamp
2012:07:14 11:54:05+01:00

FileType
Win32 EXE

PEType
PE32

CodeSize
192512

LinkerVersion
6.0

Warning
Possibly corrupt Version resource

EntryPoint
0x2e60c

InitializedDataSize
7168

SubsystemVersion
4.0

ImageVersion
0.0

OSVersion
4.0

UninitializedDataSize
0

File identification
MD5 8f3b17bf1aa8d68a274c0bccaf21da6f
SHA1 999e7a473ca46cf0e9711cc8994775ac7391c59f
SHA256 69d463a2596835345f3dc56a111312f00827d1654726cdf39ad109f427e56305
ssdeep
3072:qZEmqDua/lagCTymgYO44rDoU7vTInqixvQst2q1bC:qOm1a8CYO44rDoUINQst2ib

authentihash 5973adff70014b669db90be6169a7aff4a97728d485df31df3c144c6e3b6a7df
imphash 7f55e4c4c1b56856719cf07a2d384922
File size 196.0 KB ( 200704 bytes )
File type Win32 EXE
Magic literal
PE32 executable for MS Windows (GUI) Intel 80386 32-bit

TrID Win32 Dynamic Link Library (generic) (43.5%)
Win32 Executable (generic) (29.8%)
Generic Win/DOS Executable (13.2%)
DOS Executable Generic (13.2%)
Tags
peexe

VirusTotal metadata
First submission 2016-08-05 18:18:33 UTC ( 2 years, 7 months ago )
Last submission 2016-08-05 18:18:33 UTC ( 2 years, 7 months ago )
File names 8f3b17bf1aa8d68a274c0bccaf21da6f.virus
No comments. No VirusTotal Community member has commented on this item yet, be the first one to do so!

Leave your comment...

?
Post comment

You have not signed in. Only registered users can leave comments, sign in and have a voice!

No votes. No one has voted on this item yet, be the first one to do so!
Condensed report! The following is a condensed report of the behaviour of the file when executed in a controlled environment. The actions and events described were either performed by the file itself or by any other process launched by the executed file or subjected to code injection by the executed file.
Opened files
Read files
Written files
Copied files
Deleted files
Created processes
Shell commands
Code injections in the following processes
Created mutexes
Opened mutexes
Runtime DLLs
HTTP requests
DNS requests
TCP connections
UDP communications