× Cookies are disabled! This site requires cookies to be enabled to work properly
SHA256: 6b8311f49a5831d3f881d69ff6aef70ece368c0131fdddb56937f8e54daeb69c
File name: 21ac2c99b482054390f6e6798fb745821009d2ec
Detection ratio: 16 / 54
Analysis date: 2014-07-30 06:45:18 UTC ( 4 years, 7 months ago ) View latest
Antivirus Result Update
Ad-Aware Trojan.GenericKD.1782207 20140730
AntiVir TR/Rogue.273408.2 20140730
AVware Trojan.Win32.Generic!BT 20140730
BitDefender Trojan.GenericKD.1782207 20140730
Emsisoft Trojan.GenericKD.1782207 (B) 20140730
ESET-NOD32 a variant of Win32/Kryptik.CHSI 20140730
F-Secure Trojan.GenericKD.1782207 20140730
GData Trojan.GenericKD.1782207 20140730
Kaspersky Trojan-Ransom.Win32.Foreign.kzsv 20140730
Malwarebytes Trojan.Agent.ED 20140730
McAfee Artemis!C4FE829FC49B 20140730
McAfee-GW-Edition Artemis!C4FE829FC49B 20140729
eScan Trojan.GenericKD.1782207 20140730
Qihoo-360 Malware.QVM10.Gen 20140730
Sophos AV Mal/Generic-S 20140730
VIPRE Trojan.Win32.Generic!BT 20140730
AegisLab 20140730
Yandex 20140729
AhnLab-V3 20140729
Antiy-AVL 20140730
Avast 20140730
AVG 20140730
Baidu-International 20140729
Bkav 20140728
ByteHero 20140730
CAT-QuickHeal 20140730
ClamAV 20140730
CMC 20140728
Commtouch 20140730
Comodo 20140730
DrWeb 20140730
F-Prot 20140730
Fortinet 20140730
Ikarus 20140730
Jiangmin 20140725
K7AntiVirus 20140728
K7GW 20140728
Kingsoft 20140730
Microsoft 20140730
NANO-Antivirus 20140730
Norman 20140730
nProtect 20140729
Panda 20140729
Rising 20140729
SUPERAntiSpyware 20140730
Symantec 20140730
Tencent 20140730
TheHacker 20140728
TotalDefense 20140730
TrendMicro 20140730
TrendMicro-HouseCall 20140730
VBA32 20140729
ViRobot 20140730
Zoner 20140729
The file being studied is a Portable Executable file! More specifically, it is a Win32 EXE file for the Windows GUI subsystem.
PE header basic information
Target machine Intel 386 or later processors and compatible processors
Compilation timestamp 2014-07-28 15:23:53
Entry Point 0x0000EA20
Number of sections 4
PE sections
PE imports
ImageList_Create
InitCommonControlsEx
ChooseFontW
GetOpenFileNameA
GetDIBColorTable
GetTextMetricsW
SetMapMode
TextOutW
CreateFontIndirectW
CreatePen
TextOutA
CreateFontIndirectA
CombineRgn
UpdateColors
GetPixel
Rectangle
Polygon
GetObjectA
ExcludeClipRect
DeleteDC
SetBkMode
GetObjectW
BitBlt
SetTextColor
GetCurrentObject
CreateEllipticRgn
GetStockObject
GetDIBits
CreateCompatibleDC
SetROP2
CreateRectRgn
SelectObject
GetTextExtentPoint32A
Pie
Ellipse
CreateSolidBrush
SetBkColor
DeleteObject
CreateCompatibleBitmap
GetStdHandle
FileTimeToSystemTime
EncodePointer
DeleteCriticalSection
GetCurrentProcess
GetConsoleMode
LocalAlloc
FreeEnvironmentStringsW
SetStdHandle
GetCPInfo
WriteFile
GetSystemTimeAsFileTime
GetThreadTimes
HeapReAlloc
GetStringTypeW
LocalFree
TlsGetValue
GetEnvironmentVariableW
SetLastError
GetModuleFileNameW
IsDebuggerPresent
HeapAlloc
GetModuleFileNameA
HeapSetInformation
UnhandledExceptionFilter
InterlockedDecrement
MultiByteToWideChar
GetModuleHandleA
CreateSemaphoreA
CreateThread
SetUnhandledExceptionFilter
IsProcessorFeaturePresent
DecodePointer
SetEnvironmentVariableA
TerminateProcess
GetCurrentThreadId
InterlockedIncrement
WriteConsoleW
InitializeCriticalSectionAndSpinCount
HeapFree
EnterCriticalSection
SetHandleCount
LoadLibraryW
GetOEMCP
QueryPerformanceCounter
GetTickCount
TlsAlloc
FlushFileBuffers
LoadLibraryA
RtlUnwind
GetStartupInfoW
GetProcAddress
GetProcessHeap
CompareStringW
lstrcpyW
FreeConsole
DuplicateHandle
GetTimeZoneInformation
CreateFileW
GetFileType
TlsSetValue
ExitProcess
LeaveCriticalSection
GetLastError
LCMapStringW
lstrlenA
GetConsoleCP
GetProcessTimes
GetEnvironmentStringsW
FileTimeToLocalFileTime
GetCurrentDirectoryW
GetCurrentProcessId
WideCharToMultiByte
HeapSize
GetCommandLineA
GetCurrentThread
SetConsoleTitleW
RaiseException
TlsFree
SetFilePointer
CloseHandle
GetACP
GetModuleHandleW
IsValidCodePage
HeapCreate
Sleep
IsBadReadPtr
SHGetFolderLocation
SHCreateDirectoryExW
SHBrowseForFolderW
SHGetFolderPathW
SHGetDesktopFolder
SHGetPathFromIDListW
SHGetFolderPathA
SHGetMalloc
StrRetToBufA
SHCreateStreamOnFileW
SHAutoComplete
StrCpyNW
StrChrW
MapWindowPoints
RedrawWindow
GetParent
ShowScrollBar
UpdateWindow
IntersectRect
PostMessageA
EndDialog
BeginPaint
HideCaret
MoveWindow
GetWindowTextW
PostQuitMessage
DefWindowProcA
ShowWindow
SetWindowPos
SendDlgItemMessageA
GetSystemMetrics
MessageBoxW
GetWindowRect
EndPaint
SetDlgItemTextA
SetCapture
DrawIcon
GetDlgItemTextA
MessageBoxA
GetWindowDC
SendDlgItemMessageW
GetWindow
SetDlgItemTextW
GetMenuItemID
InsertMenuItemA
GetCursorPos
SystemParametersInfoA
CreatePopupMenu
ShowCaret
GetTopWindow
CharNextW
wsprintfW
IsWindowVisible
SendMessageA
GetWindowTextA
GetClientRect
SetTimer
GetDlgItem
GetDlgItemTextW
IsWindow
IsIconic
ClientToScreen
DeleteMenu
InvalidateRect
CreateDialogParamW
GetSubMenu
GetWindowTextLengthA
CreateWindowExW
LoadImageW
GetMenuItemCount
LoadStringA
SetWindowTextW
DestroyAcceleratorTable
ValidateRect
CreateWindowExA
IsRectEmpty
GetSystemMenu
GetDC
ReleaseDC
GetActiveWindow
GetUpdateRect
CreateAcceleratorTableA
CharToOemA
CoUninitialize
CreateBindCtx
CoCreateInstance
CoInitialize
PdhCloseQuery
PdhOpenQueryA
CreateURLMoniker
Number of PE resources by type
RT_MENU 2
RT_DIALOG 2
RT_MANIFEST 1
Struct(240) 1
Number of PE resources by language
ENGLISH US 5
RUSSIAN 1
PE resources
Debug information
ExifTool file metadata
MIMEType
application/octet-stream

Subsystem
Windows GUI

MachineType
Intel 386 or later, and compatibles

FileTypeExtension
exe

TimeStamp
2014:07:28 16:23:53+01:00

FileType
Win32 EXE

PEType
PE32

CodeSize
117760

LinkerVersion
10.0

EntryPoint
0xea20

InitializedDataSize
154624

SubsystemVersion
5.1

ImageVersion
0.0

OSVersion
5.1

UninitializedDataSize
0

File identification
MD5 c4fe829fc49bb9efec92fe4a8a5d29fc
SHA1 2391c224b5323cfd13bdc54c9bff458970104afc
SHA256 6b8311f49a5831d3f881d69ff6aef70ece368c0131fdddb56937f8e54daeb69c
ssdeep
6144:XbnHq6J4/euC8r6TXKuQ4uVr+OSRb57QhqjITAOnAs:PJ49C8r6TWiOSRehrTd

authentihash 82525cfdfc05a01778eae80da23843c71bccb496288cd2a31bcde031f530980f
imphash 503abe07302d1ebc68eed6e0f24c834c
File size 267.0 KB ( 273408 bytes )
File type Win32 EXE
Magic literal
PE32 executable for MS Windows (GUI) Intel 80386 32-bit

TrID Win32 Executable MS Visual C++ (generic) (42.2%)
Win64 Executable (generic) (37.3%)
Win32 Dynamic Link Library (generic) (8.8%)
Win32 Executable (generic) (6.0%)
Generic Win/DOS Executable (2.7%)
Tags
peexe

VirusTotal metadata
First submission 2014-07-30 06:45:18 UTC ( 4 years, 7 months ago )
Last submission 2014-07-30 06:45:18 UTC ( 4 years, 7 months ago )
File names 21ac2c99b482054390f6e6798fb745821009d2ec
Advanced heuristic and reputation engines
Symantec reputation Suspicious.Insight
No comments. No VirusTotal Community member has commented on this item yet, be the first one to do so!

Leave your comment...

?
Post comment

You have not signed in. Only registered users can leave comments, sign in and have a voice!

No votes. No one has voted on this item yet, be the first one to do so!
Condensed report! The following is a condensed report of the behaviour of the file when executed in a controlled environment. The actions and events described were either performed by the file itself or by any other process launched by the executed file or subjected to code injection by the executed file.
Opened files
Read files
Created processes
Opened mutexes
Runtime DLLs