× Cookies are disabled! This site requires cookies to be enabled to work properly
SHA256: 6a436b77bebc178aecc48c1f4b76373400885f589d9e60e381955add188e7ce8
File name: ee564da64feb30dacd1d822cba525ad1.virus
Detection ratio: 32 / 62
Analysis date: 2017-04-05 20:34:33 UTC ( 1 year, 5 months ago ) View latest
Antivirus Result Update
Ad-Aware Gen:Variant.Zusy.230571 20170405
ALYac Gen:Variant.Zusy.230571 20170405
Antiy-AVL Worm/Win32.Ngrbot 20170405
Arcabit Trojan.Zusy.D384AB 20170405
Avast Win32:Malware-gen 20170405
AVG Atros5.AGSA 20170405
Avira (no cloud) TR/Crypt.Xpack.ocncl 20170405
Baidu Win32.Trojan.WisdomEyes.16070401.9500.9999 20170405
BitDefender Gen:Variant.Zusy.230571 20170405
CrowdStrike Falcon (ML) malicious_confidence_100% (D) 20170130
Cyren W32/Trojan.RLFE-5529 20170405
Emsisoft Gen:Variant.Zusy.230571 (B) 20170405
Endgame malicious (high confidence) 20170405
ESET-NOD32 a variant of Win32/Kryptik.FQQS 20170405
F-Secure Gen:Variant.Zusy.230571 20170405
Fortinet W32/Ngrbot.BKZH!worm 20170405
GData Gen:Variant.Zusy.230571 20170405
Sophos ML trojan.win32.swrort.a 20170203
Kaspersky Worm.Win32.Ngrbot.bkzh 20170405
McAfee Artemis!EE564DA64FEB 20170405
McAfee-GW-Edition BehavesLike.Win32.AdwareEorezo.fh 20170405
Microsoft Worm:Win32/Dorkbot.I 20170405
eScan Gen:Variant.Zusy.230571 20170405
Panda Trj/GdSda.A 20170405
Qihoo-360 HEUR/QVM10.1.4962.Malware.Gen 20170405
Rising Malware.Generic.5!tfe (cloud:ecy7IHNnMUK) 20170405
Sophos AV Mal/Generic-S 20170405
Symantec Trojan.Gen.2 20170405
Tencent Win32.Worm.Ngrbot.Amly 20170405
TrendMicro TROJ_GEN.R00JC0DD417 20170405
TrendMicro-HouseCall TROJ_GEN.R00JC0DD417 20170405
ZoneAlarm by Check Point Worm.Win32.Ngrbot.bkzh 20170405
AegisLab 20170405
AhnLab-V3 20170405
Alibaba 20170405
AVware 20170405
Bkav 20170405
CAT-QuickHeal 20170405
ClamAV 20170405
CMC 20170405
Comodo 20170405
DrWeb 20170405
F-Prot 20170405
Ikarus 20170405
Jiangmin 20170405
K7AntiVirus 20170405
K7GW 20170405
Kingsoft 20170405
Malwarebytes 20170405
NANO-Antivirus 20170405
nProtect 20170405
Palo Alto Networks (Known Signatures) 20170405
SentinelOne (Static ML) 20170330
SUPERAntiSpyware 20170405
Symantec Mobile Insight 20170405
TheHacker 20170403
TotalDefense 20170405
Trustlook 20170405
VBA32 20170405
VIPRE 20170405
ViRobot 20170405
Webroot 20170405
WhiteArmor 20170327
Yandex 20170404
Zillya 20170404
Zoner 20170405
The file being studied is a Portable Executable file! More specifically, it is a Win32 EXE file for the Windows GUI subsystem.
PE header basic information
Target machine Intel 386 or later processors and compatible processors
Compilation timestamp 2017-04-03 08:31:35
Entry Point 0x0000150F
Number of sections 5
PE sections
PE imports
HeapSize
GetLastError
InitializeCriticalSectionAndSpinCount
HeapFree
IsProcessorFeaturePresent
EnterCriticalSection
LCMapStringW
lstrlenA
lstrcmpiA
GetConsoleCP
FreeLibrary
QueryPerformanceCounter
IsDebuggerPresent
ExitProcess
TlsAlloc
GetEnvironmentStringsW
FlushFileBuffers
GetModuleFileNameA
RtlUnwind
GetStdHandle
DeleteCriticalSection
GetCurrentProcess
GetConsoleMode
GetStringTypeW
GetCurrentProcessId
WriteConsoleW
GetCommandLineW
LoadLibraryExW
UnhandledExceptionFilter
TlsGetValue
MultiByteToWideChar
GetStartupInfoW
SetFilePointerEx
FreeEnvironmentStringsW
GetCPInfo
GetCommandLineA
GetProcAddress
InitializeSListHead
GetProcessHeap
SetStdHandle
lstrcpyW
RaiseException
WideCharToMultiByte
TlsFree
GetModuleHandleA
lstrcmpA
FindFirstFileExA
SetUnhandledExceptionFilter
lstrcpyA
CloseHandle
GetSystemTimeAsFileTime
lstrcpynA
FindNextFileA
GetACP
HeapReAlloc
DecodePointer
GetModuleHandleW
GetOEMCP
TerminateProcess
GetModuleHandleExW
IsValidCodePage
WriteFile
CreateFileW
CreateEventA
FindClose
InterlockedDecrement
Sleep
GetFileType
TlsSetValue
HeapAlloc
GetCurrentThreadId
LeaveCriticalSection
VirtualAlloc
SetLastError
InterlockedIncrement
StrStrA
StrStrIA
Debug information
ExifTool file metadata
MIMEType
application/octet-stream

Subsystem
Windows GUI

MachineType
Intel 386 or later, and compatibles

FileTypeExtension
exe

TimeStamp
2017:04:03 09:31:35+01:00

FileType
Win32 EXE

PEType
PE32

CodeSize
45568

LinkerVersion
14.0

EntryPoint
0x150f

InitializedDataSize
303104

SubsystemVersion
5.1

ImageVersion
0.0

OSVersion
5.1

UninitializedDataSize
0

File identification
MD5 ee564da64feb30dacd1d822cba525ad1
SHA1 7bb361367984a1367f07cc33b9e8b9556511475d
SHA256 6a436b77bebc178aecc48c1f4b76373400885f589d9e60e381955add188e7ce8
ssdeep
6144:uMzkl4HWpyYEntPqNDv2UfpE2Q1WSeM2YXgsHA0daf:uyka2cYIPIvpfG2Q1WSe3GfHA0Yf

authentihash 15eed65fd6a868f7e542bfbe62200ecfd378b15338534d993c3cec54daefded3
imphash 0b275395d30bac8b919c86747ac7fac6
File size 341.5 KB ( 349696 bytes )
File type Win32 EXE
Magic literal
PE32 executable for MS Windows (GUI) Intel 80386 32-bit

TrID Win32 Executable MS Visual C++ (generic) (42.2%)
Win64 Executable (generic) (37.3%)
Win32 Dynamic Link Library (generic) (8.8%)
Win32 Executable (generic) (6.0%)
Generic Win/DOS Executable (2.7%)
Tags
peexe

VirusTotal metadata
First submission 2017-04-05 20:34:33 UTC ( 1 year, 5 months ago )
Last submission 2017-04-05 20:34:33 UTC ( 1 year, 5 months ago )
File names ee564da64feb30dacd1d822cba525ad1.virus
No comments. No VirusTotal Community member has commented on this item yet, be the first one to do so!

Leave your comment...

?
Post comment

You have not signed in. Only registered users can leave comments, sign in and have a voice!

No votes. No one has voted on this item yet, be the first one to do so!
Condensed report! The following is a condensed report of the behaviour of the file when executed in a controlled environment. The actions and events described were either performed by the file itself or by any other process launched by the executed file or subjected to code injection by the executed file.
Created processes
Opened mutexes
Runtime DLLs
UDP communications