× Cookies are disabled! This site requires cookies to be enabled to work properly
SHA256: 6c919213b5318cdb60d67a4b4ace709dfb7e544982c0e101c8526eff067c8332
File name: da8a7ca6af5d8d2ef44d6b92c5a8b218
Detection ratio: 32 / 58
Analysis date: 2017-01-16 08:58:04 UTC ( 1 year, 10 months ago ) View latest
Antivirus Result Update
Ad-Aware Trojan.GenericKD.4175574 20170116
AhnLab-V3 Trojan/Win32.Banki.C1748305 20170116
ALYac Trojan.GenericKD.4175574 20170116
Arcabit Trojan.Generic.D3FB6D6 20170116
Avast Win32:Evo-gen [Susp] 20170116
AVG Inject3.BQOP 20170116
Avira (no cloud) TR/Hijacker.Gen 20170116
BitDefender Trojan.GenericKD.4175574 20170116
Bkav W32.eHeur.Malware09 20170114
CAT-QuickHeal Risktool.Flystudio.17324 20170116
CrowdStrike Falcon (ML) malicious_confidence_100% (W) 20161024
DrWeb Trojan.DownLoader23.45440 20170116
Emsisoft Trojan.GenericKD.4175574 (B) 20170116
ESET-NOD32 a variant of Win32/Injector.WJU 20170116
F-Secure Trojan.GenericKD.4175574 20170116
GData Trojan.GenericKD.4175574 20170116
Ikarus Exploit.Win32.ShellCode 20170115
Sophos ML virus.win32.ramnit.p 20170111
K7GW Trojan ( 003c959a1 ) 20170116
Kaspersky Trojan-Banker.Win32.Banbra.vlwa 20170116
McAfee Artemis!DA8A7CA6AF5D 20170108
McAfee-GW-Edition BehavesLike.Win32.Nimda.fc 20170116
eScan Trojan.GenericKD.4175574 20170116
NANO-Antivirus Trojan.Win32.Hijacker.ekmcfg 20170116
Qihoo-360 Win32/Trojan.d54 20170116
Rising Trojan.Injector!8.C4-NdncKuxFLJR (cloud) 20170116
Sophos AV Mal/EncPk-CK 20170116
Symantec Heur.AdvML.B 20170115
Tencent Win32.Trojan.Inject.Auto 20170116
TrendMicro TROJ_GEN.R047C0RAE17 20170116
TrendMicro-HouseCall TROJ_GEN.R047C0RAE17 20170116
ViRobot Trojan.Win32.R.Agent.325120.E[h] 20170116
AegisLab 20170116
Alibaba 20170116
Antiy-AVL 20170116
AVware 20170116
Baidu 20170116
ClamAV 20170116
CMC 20170116
Comodo 20170116
Cyren 20170116
F-Prot 20170116
Fortinet 20170116
Jiangmin 20170116
K7AntiVirus 20170116
Kingsoft 20170116
Malwarebytes 20170116
Microsoft 20170116
nProtect 20170116
Panda 20170115
SUPERAntiSpyware 20170116
TheHacker 20170116
TotalDefense 20170116
Trustlook 20170116
VBA32 20170113
VIPRE 20170116
WhiteArmor 20170113
Yandex 20170115
Zillya 20170113
Zoner 20170116
The file being studied is a Portable Executable file! More specifically, it is a Win32 EXE file for the Windows GUI subsystem.
Packers identified
PEiD ASPack v2.12
PE header basic information
Target machine Intel 386 or later processors and compatible processors
Compilation timestamp 2017-01-13 17:46:30
Entry Point 0x00069001
Number of sections 8
PE sections
PE imports
RegSetValueExA
GetProcAddress
GetModuleHandleA
LoadLibraryA
DispatchMessageA
Number of PE resources by type
RT_STRING 29
RT_ICON 6
RT_DIALOG 2
RT_GROUP_CURSOR 2
RT_BITMAP 2
RT_CURSOR 2
RT_GROUP_ICON 1
Number of PE resources by language
NEUTRAL 37
CHINESE SIMPLIFIED 7
PE resources
ExifTool file metadata
MIMEType
application/octet-stream

Subsystem
Windows GUI

MachineType
Intel 386 or later, and compatibles

FileTypeExtension
exe

TimeStamp
2017:01:13 18:46:30+01:00

FileType
Win32 EXE

PEType
PE32

CodeSize
420864

LinkerVersion
6.0

EntryPoint
0x69001

InitializedDataSize
137728

SubsystemVersion
4.0

ImageVersion
0.0

OSVersion
4.0

UninitializedDataSize
0

CarbonBlack CarbonBlack acts as a surveillance camera for computers
While monitoring an end-user machine in-the-wild, CarbonBlack noticed the following files in execution wrote this sample to disk.
File identification
MD5 da8a7ca6af5d8d2ef44d6b92c5a8b218
SHA1 6e7c77183ec1003891f29329edd483ff1df065d3
SHA256 6c919213b5318cdb60d67a4b4ace709dfb7e544982c0e101c8526eff067c8332
ssdeep
6144:UmLaQuxE2y69tuJ93ZnJSLE0H6/rfq3MsChd/65jQ1GSEL:U0aQKEz63uj3ZMLEvQ7ed/IEU

authentihash e2f3c580e5de0897f0d84c06c96a1157d4e7b76116a329cb1651801c4174709d
imphash fac9d4414e54b6e2cc0a43df6ef3505b
File size 317.5 KB ( 325120 bytes )
File type Win32 EXE
Magic literal
PE32 executable for MS Windows (GUI) Intel 80386 32-bit

TrID Win64 Executable (generic) (64.6%)
Win32 Dynamic Link Library (generic) (15.4%)
Win32 Executable (generic) (10.5%)
Generic Win/DOS Executable (4.6%)
DOS Executable Generic (4.6%)
Tags
peexe aspack

VirusTotal metadata
First submission 2017-01-14 07:44:47 UTC ( 1 year, 11 months ago )
Last submission 2017-03-13 09:53:13 UTC ( 1 year, 9 months ago )
File names 6c919213b5318cdb_ric5h.pif
6c919213b5318cdb60d67a4b4ace709dfb7e544982c0e101c8526eff067c8332.bin
java.exe
f0o2p.pif
java[1].exe
7c8332.exe
ryzgr.pif
No comments. No VirusTotal Community member has commented on this item yet, be the first one to do so!

Leave your comment...

?
Post comment

You have not signed in. Only registered users can leave comments, sign in and have a voice!

No votes. No one has voted on this item yet, be the first one to do so!
Condensed report! The following is a condensed report of the behaviour of the file when executed in a controlled environment. The actions and events described were either performed by the file itself or by any other process launched by the executed file or subjected to code injection by the executed file.
Opened files
Created processes
Terminated processes
Opened mutexes
Runtime DLLs
UDP communications