× Cookies are disabled! This site requires cookies to be enabled to work properly
SHA256: 6c62772d58d7080196759f9016d4fe204a82b1824b9cc64546ef3878731684ed
File name: 6C62772D58D7080196759F9016D4FE204A82B1824B9CC64546EF3878731684ED
Detection ratio: 3 / 54
Analysis date: 2016-02-09 14:44:28 UTC ( 3 years ago ) View latest
Antivirus Result Update
AhnLab-V3 Trojan/Win32.Cryptolocker 20160209
McAfee Packed-GL!D4A1DA90E060 20160209
Qihoo-360 HEUR/QVM07.1.Malware.Gen 20160209
Ad-Aware 20160209
AegisLab 20160209
Yandex 20160206
Alibaba 20160204
Antiy-AVL 20160209
Arcabit 20160209
Avast 20160209
AVG 20160209
Avira (no cloud) 20160209
Baidu-International 20160209
BitDefender 20160209
Bkav 20160204
ByteHero 20160209
CAT-QuickHeal 20160209
ClamAV 20160209
CMC 20160205
Comodo 20160209
Cyren 20160209
DrWeb 20160209
Emsisoft 20160209
ESET-NOD32 20160209
F-Prot 20160209
F-Secure 20160209
Fortinet 20160209
GData 20160209
Ikarus 20160209
Jiangmin 20160209
K7AntiVirus 20160209
K7GW 20160209
Kaspersky 20160209
Malwarebytes 20160209
McAfee-GW-Edition 20160209
Microsoft 20160209
eScan 20160209
NANO-Antivirus 20160209
nProtect 20160205
Panda 20160208
Rising 20160209
Sophos AV 20160209
SUPERAntiSpyware 20160209
Symantec 20160209
Tencent 20160209
TheHacker 20160208
TotalDefense 20160209
TrendMicro 20160209
TrendMicro-HouseCall 20160209
VBA32 20160209
VIPRE 20160209
ViRobot 20160209
Zillya 20160208
Zoner 20160209
The file being studied is a Portable Executable file! More specifically, it is a Win32 EXE file for the Windows GUI subsystem.
PE header basic information
Target machine Intel 386 or later processors and compatible processors
Compilation timestamp 2008-11-29 11:58:31
Entry Point 0x00015546
Number of sections 4
PE sections
PE imports
SetMetaRgn
SetMapMode
GetWindowOrgEx
CreateMetaFileA
PlayEnhMetaFileRecord
GetTextMetricsA
GetCharABCWidthsA
PlayMetaFile
GetROP2
RectInRegion
GetObjectType
SetColorAdjustment
GetTextExtentPointA
CopyEnhMetaFileW
SetPixel
EndDoc
IntersectClipRect
GetFontLanguageInfo
CopyEnhMetaFileA
OffsetWindowOrgEx
CreateEllipticRgn
SetColorSpace
EqualRgn
ExtCreateRegion
SetPixelFormat
GetEnhMetaFileBits
GetDCOrgEx
StretchBlt
GetTextFaceA
SwapBuffers
EnumICMProfilesA
ScaleViewportExtEx
AbortDoc
SetWindowExtEx
Arc
GetKerningPairsA
WidenPath
ExtCreatePen
GetFontData
GetBkColor
SetRectRgn
CreateFontA
GetDIBColorTable
CreateFontIndirectW
OffsetRgn
EnumFontsW
GetCurrentPositionEx
TextOutA
CreateFontIndirectA
CreateRectRgnIndirect
EndPath
GetEnhMetaFileW
EnumFontsA
UpdateColors
GetBitmapBits
PolyDraw
OffsetViewportOrgEx
SetBkMode
GetICMProfileA
SetMetaFileBitsEx
BitBlt
EnumFontFamiliesA
FillRgn
GetOutlineTextMetricsA
FrameRgn
SelectPalette
SetBkColor
StrokePath
CreateEnhMetaFileA
ExtSelectClipRgn
ScaleWindowExtEx
CloseEnhMetaFile
EndPage
GetNearestPaletteIndex
SetDIBColorTable
EnumEnhMetaFile
CancelDC
GetTextColor
CreatePolyPolygonRgn
Escape
BeginPath
DeleteObject
PlayMetaFileRecord
SetBitmapBits
PatBlt
CreatePen
SetStretchBltMode
GetCharABCWidthsFloatW
Rectangle
GetDeviceCaps
GetMetaFileBitsEx
DeleteDC
SetWorldTransform
GetMapMode
EnumMetaFile
StartPage
CreateDCW
GetCharWidthA
GetEnhMetaFileDescriptionW
CreateDIBPatternBrushPt
CreateBitmap
RectVisible
DeleteColorSpace
PlayEnhMetaFile
ExtTextOutA
UnrealizeObject
GdiFlush
SelectClipRgn
RoundRect
GetTextAlign
GetTextExtentPoint32A
GetWinMetaFileBits
RealizePalette
GetViewportOrgEx
SetWindowOrgEx
SetTextCharacterExtra
GetTextExtentPoint32W
LPtoDP
CreatePolygonRgn
CreateICA
Polygon
GetGlyphOutlineW
GetRgnBox
SetDeviceGammaRamp
MaskBlt
GetEnhMetaFilePaletteEntries
ModifyWorldTransform
GetGlyphOutlineA
GetDeviceGammaRamp
RestoreDC
GetPixel
GetTextExtentExPointW
GetBkMode
ExtFloodFill
GetBrushOrgEx
GetCurrentObject
MoveToEx
EnumFontFamiliesExW
SetPixelV
AbortPath
SetArcDirection
CreateRoundRectRgn
PolyBezierTo
CreateFontW
PolyBezier
CreateRectRgn
RemoveFontResourceA
GetClipRgn
SetPolyFillMode
Ellipse
RemoveFontResourceW
CreateSolidBrush
CombineTransform
StartDocW
CreateCompatibleBitmap
GetStartupInfoA
EnumSystemLocalesA
GlobalAddAtomW
GetNamedPipeInfo
GetModuleHandleA
CreateIoCompletionPort
CreateProcessW
CreateSemaphoreW
GetSystemDefaultLCID
CreateDirectoryW
Ord(324)
Ord(3825)
Ord(1001)
Ord(3147)
Ord(2124)
Ord(1775)
Ord(1094)
Ord(3830)
Ord(1073)
Ord(4627)
Ord(3597)
Ord(3738)
Ord(4853)
Ord(3136)
Ord(3259)
Ord(2982)
Ord(3079)
Ord(2512)
Ord(3262)
Ord(4234)
Ord(1576)
Ord(1089)
Ord(2055)
Ord(4837)
Ord(1026)
Ord(5241)
Ord(3798)
Ord(1002)
Ord(3081)
Ord(2648)
Ord(4407)
Ord(2446)
Ord(4353)
Ord(4079)
Ord(4078)
Ord(2725)
Ord(5065)
Ord(5289)
Ord(2396)
Ord(6376)
Ord(561)
Ord(3831)
Ord(6374)
Ord(3346)
Ord(5302)
Ord(1727)
Ord(1168)
Ord(1008)
Ord(2976)
Ord(2985)
Ord(5163)
Ord(2514)
Ord(815)
Ord(4486)
Ord(5300)
Ord(1044)
Ord(2385)
Ord(4698)
Ord(4998)
Ord(5280)
Ord(3922)
Ord(5277)
Ord(1032)
Ord(5307)
Ord(3749)
Ord(2554)
Ord(5199)
Ord(4441)
Ord(4274)
Ord(5261)
Ord(4465)
Ord(1015)
Ord(5731)
Ord(5265)
_wpgmptr
__p__fmode
_mbstrlen
__CxxFrameHandler
_acmdln
__p__commode
__setusermatherr
_setmbcp
sqrt
_onexit
__dllonexit
__getmainargs
_initterm
_controlfp
ceil
rand
_adjust_fdiv
__set_app_type
wsprintfW
Number of PE resources by type
RT_RCDATA 12
RT_ICON 3
RT_GROUP_ICON 3
RT_DIALOG 2
RT_MENU 2
UukcS34 1
XkJCqC 1
skEw732 1
gm63Q40M3 1
iE51a 1
gS472spql0 1
p5T00 1
ER4Tm1v0 1
RT_VERSION 1
Number of PE resources by language
NEUTRAL 31
PE resources
ExifTool file metadata
SubsystemVersion
4.0

LinkerVersion
6.0

ImageVersion
0.0

FileSubtype
0

FileVersionNumber
0.34.146.61

UninitializedDataSize
0

LanguageCode
Unknown (REAC)

FileFlagsMask
0x003f

CharacterSet
Unknown (TIONS)

InitializedDataSize
114688

EntryPoint
0x15546

MIMEType
application/octet-stream

LegalCopyright
2017 (C) 2010

FileVersion
Promoter 0,152,132,107

TimeStamp
2008:11:29 12:58:31+01:00

FileType
Win32 EXE

PEType
PE32

InternalName
Keratin

ProductVersion
0,30,34,101

FileDescription
Notepads Progenitors Photocopied

OSVersion
4.0

FileOS
Win32

Subsystem
Windows GUI

MachineType
Intel 386 or later, and compatibles

CompanyName
FilterGate Ltd.

CodeSize
86016

ProductName
Proprietors Laths

ProductVersionNumber
0.169.16.126

FileTypeExtension
exe

ObjectFileType
Executable application

File identification
MD5 d4a1da90e060c3c8699935218c542ec8
SHA1 b9c5023e2e311416034926fa7709d1eebb4e50b2
SHA256 6c62772d58d7080196759f9016d4fe204a82b1824b9cc64546ef3878731684ed
ssdeep
3072:B6b8xqgvZiX09zFNbAYrqnnqlfuOIeGCXnZ3OM/otxmA2NoUcbgXHtJunyyC73bG:hc+FcguOIhQwMqmAzbSHtJunU7L+FQO

authentihash 9c246ca5853e83d4a3272e4eff918e4903ee374060789b6dcac021406baa7180
imphash d20de16a846febdbcaa27be411633d18
File size 196.0 KB ( 200704 bytes )
File type Win32 EXE
Magic literal
PE32 executable for MS Windows (GUI) Intel 80386 32-bit

TrID Win32 Executable MS Visual C++ (generic) (42.2%)
Win64 Executable (generic) (37.3%)
Win32 Dynamic Link Library (generic) (8.8%)
Win32 Executable (generic) (6.0%)
Generic Win/DOS Executable (2.7%)
Tags
peexe

VirusTotal metadata
First submission 2016-02-09 14:44:28 UTC ( 3 years ago )
Last submission 2016-02-09 14:44:28 UTC ( 3 years ago )
No comments. No VirusTotal Community member has commented on this item yet, be the first one to do so!

Leave your comment...

?
Post comment

You have not signed in. Only registered users can leave comments, sign in and have a voice!

No votes. No one has voted on this item yet, be the first one to do so!
Condensed report! The following is a condensed report of the behaviour of the file when executed in a controlled environment. The actions and events described were either performed by the file itself or by any other process launched by the executed file or subjected to code injection by the executed file.
DNS requests
UDP communications