× Cookies are disabled! This site requires cookies to be enabled to work properly
SHA256: 6cb4b62044fcc0c477572c16e252c0614dadb93e8ff1b4b66200b01102306d36
File name: whorescomeon.exe
Detection ratio: 23 / 55
Analysis date: 2016-03-19 16:07:57 UTC ( 3 years, 1 month ago ) View latest
Antivirus Result Update
Ad-Aware Trojan.GenericKD.3108785 20160319
Arcabit Trojan.Generic.D2F6FB1 20160319
Avast Win32:Trojan-gen 20160319
AVG Crypt5.AQPX 20160319
AVware Trojan.Win32.Generic!BT 20160319
BitDefender Trojan.GenericKD.3108785 20160319
Bkav HW32.Packed.C88C 20160319
DrWeb Trojan.Dridex.358 20160319
Emsisoft Trojan.GenericKD.3108785 (B) 20160319
ESET-NOD32 Win32/Dridex.AA 20160319
F-Secure Trojan.GenericKD.3108785 20160319
GData Trojan.GenericKD.3108785 20160319
Ikarus Trojan.Win32.Dridex 20160319
Kaspersky Trojan.Win32.Waldek.hbl 20160319
Malwarebytes Trojan.Dridex 20160319
McAfee Drixed-FEQ!F86204BBAF52 20160319
McAfee-GW-Edition BehavesLike.Win32.PWSZbot.dh 20160319
eScan Trojan.GenericKD.3108785 20160319
Qihoo-360 HEUR/QVM07.1.Malware.Gen 20160319
Rising PE:Malware.XPACK-HIE/Heur!1.9C48 [F] 20160319
Symantec Trojan.Cridex 20160319
Tencent Win32.Trojan.Dridex.Edne 20160319
VIPRE Trojan.Win32.Generic!BT 20160319
AegisLab 20160319
Yandex 20160316
AhnLab-V3 20160319
Alibaba 20160318
ALYac 20160319
Antiy-AVL 20160319
Avira (no cloud) 20160319
Baidu 20160318
Baidu-International 20160319
ByteHero 20160319
CAT-QuickHeal 20160319
ClamAV 20160319
CMC 20160316
Comodo 20160319
Cyren 20160319
F-Prot 20160319
Fortinet 20160319
Jiangmin 20160319
K7AntiVirus 20160319
K7GW 20160319
Microsoft 20160319
NANO-Antivirus 20160319
nProtect 20160318
Panda 20160319
SUPERAntiSpyware 20160319
TheHacker 20160319
TrendMicro 20160319
TrendMicro-HouseCall 20160319
VBA32 20160318
ViRobot 20160319
Zillya 20160318
Zoner 20160319
The file being studied is a Portable Executable file! More specifically, it is a Win32 EXE file for the Windows command line subsystem.
PE header basic information
Target machine Intel 386 or later processors and compatible processors
Compilation timestamp 2006-09-14 01:45:19
Entry Point 0x00023596
Number of sections 4
PE sections
PE imports
SetSecurityDescriptorOwner
RegCreateKeyExW
RegCloseKey
GetAce
AdjustTokenPrivileges
RegOpenKeyExW
RegCreateKeyA
GetSidSubAuthorityCount
InitializeSid
QueryServiceStatus
RegEnumKeyW
LookupAccountNameW
RegQueryValueW
GetKernelObjectSecurity
GetSidIdentifierAuthority
RegCreateKeyW
ChangeServiceConfigW
StartServiceCtrlDispatcherA
EnumServicesStatusA
RegSetValueExW
AllocateAndInitializeSid
RegSetValueExA
RegDeleteKeyA
StartServiceA
OpenSCManagerA
InitCommonControlsEx
ImageList_Destroy
ImageList_SetBkColor
ImageList_ReplaceIcon
ImageList_Draw
ImageList_GetImageInfo
CreatePropertySheetPageW
Ord(6)
FlatSB_GetScrollRange
ImageList_BeginDrag
Ord(4)
FlatSB_SetScrollPos
CreatePropertySheetPageA
ImageList_Copy
FlatSB_EnableScrollBar
ImageList_SetDragCursorImage
ImageList_EndDrag
UninitializeFlatSB
Polygon
GetWindowOrgEx
PatBlt
SetStretchBltMode
GetWinMetaFileBits
GetClipBox
GetBitmapBits
SetMapMode
GetObjectA
RestoreDC
EndDoc
IntersectClipRect
CreateDCW
GetKerningPairsA
CreateDIBSection
EnumFontFamiliesA
SetTextColor
DPtoLP
CreateDIBPatternBrushPt
OffsetRgn
CreateFontA
SetViewportOrgEx
SelectPalette
PtVisible
SetPixelFormat
SetTextAlign
CreateRoundRectRgn
SelectClipRgn
StretchBlt
GetClipRgn
StartDocA
SetPolyFillMode
Pie
SetWindowExtEx
Polyline
SetViewportExtEx
ExtCreatePen
GetBkColor
GetTextExtentPoint32A
EnumerateLoadedModules
SymEnumerateSymbols
GetImageConfigInformation
CreateThread
lstrcpynW
EnumResourceNamesW
GetModuleHandleA
GetFullPathNameW
VarBoolFromR8
VarDecFromUI1
VarDecFromUI2
SysStringByteLen
SafeArrayGetIID
BSTR_UserUnmarshal
DispGetParam
VarCyNeg
VarR8Pow
VarUI4FromDate
SafeArrayGetRecordInfo
VarDateFromDisp
OleSavePictureFile
VarUI1FromCy
VarI2FromStr
VarI4FromI1
VarUI1FromStr
VarBoolFromI4
SafeArrayGetElemsize
VARIANT_UserUnmarshal
VarI2FromBool
VarCyFromUI4
VarCyFromUI2
BSTR_UserMarshal
CreateErrorInfo
VarUI2FromDec
SafeArrayAccessData
VarDateFromR4
VarCyCmpR8
VarUI4FromI4
VarBstrFromUI1
SafeArrayUnaccessData
LHashValOfNameSysA
VarUI4FromI2
VarDateFromI1
SafeArrayUnlock
VarDecCmpR8
SafeArrayGetUBound
VarCyFromDec
OaBuildVersion
LoadTypeLibEx
VarBoolFromDate
SysReAllocString
VarUI4FromBool
VarI1FromUI2
VarPow
VarCyFromDisp
VARIANT_UserFree
VarDecFromStr
VarR8FromDate
VarI2FromDec
VarFormatCurrency
VarUI4FromI1
VarUI2FromI1
VarCyRound
VarBoolFromUI4
VarDecAdd
VARIANT_UserMarshal
VarI4FromDate
SafeArrayGetVartype
VarI4FromUI4
BSTR_UserSize
VarR4FromI2
SafeArrayCopy
VarDateFromCy
VarUI4FromUI2
VarI2FromDisp
VarNot
SystemTimeToVariantTime
LoadRegTypeLib
SafeArrayPtrOfIndex
VarUI1FromI4
VarUI1FromDate
VarDiv
VariantCopy
VarI2FromUI4
SafeArrayLock
VarCyFromBool
VarDateFromUI1
VarI1FromI4
RasSetEntryPropertiesA
RasGetErrorStringW
RasRenameEntryA
Shell_NotifyIconW
ShellExecuteA
ExtractAssociatedIconA
GetFileTitleA
CommDlgExtendedError
OleTranslateAccelerator
CoSuspendClassObjects
StgOpenStorageEx
CreateFileMoniker
SNB_UserFree
CoFreeLibrary
OleFlushClipboard
OleSetContainedObject
OleCreateLinkFromData
StgGetIFillLockBytesOnILockBytes
HGLOBAL_UserUnmarshal
CreateOleAdviseHolder
OleInitialize
OleGetIconOfFile
CoTaskMemRealloc
HMENU_UserMarshal
PropVariantCopy
CoUnmarshalInterface
OleQueryLinkFromData
CreateDataAdviseHolder
WriteClassStm
WriteClassStg
CoGetCurrentProcess
HPALETTE_UserUnmarshal
CoGetObject
OleConvertOLESTREAMToIStorage
MkParseDisplayName
CoBuildVersion
Number of PE resources by type
RT_ICON 8
RT_GROUP_ICON 8
RT_DIALOG 7
RT_MENU 5
RT_ACCELERATOR 1
RT_BITMAP 1
RT_VERSION 1
Number of PE resources by language
TATAR DEFAULT 31
PE resources
ExifTool file metadata
SubsystemVersion
4.0

LinkerVersion
8.0

ImageVersion
0.0

FileVersionNumber
0.10.13.73

UninitializedDataSize
0

LanguageCode
Neutral

FileFlagsMask
0x003f

CharacterSet
Unicode

InitializedDataSize
196608

EntryPoint
0x23596

OriginalFileName
Bombards.exe

MIMEType
application/octet-stream

LegalCopyright
Copyright 2014

FileVersion
92, 35, 153, 135

TimeStamp
2006:09:14 02:45:19+01:00

FileType
Win32 EXE

PEType
PE32

InternalName
Astrolabes

ProductVersion
87, 155, 217, 81

FileDescription
Barrenness

OSVersion
4.0

FileOS
Windows NT 32-bit

Subsystem
Windows command line

MachineType
Intel 386 or later, and compatibles

CompanyName
Nicholas Decker

CodeSize
143360

FileSubtype
0

ProductVersionNumber
0.200.35.220

FileTypeExtension
exe

ObjectFileType
Executable application

File identification
MD5 f86204bbaf52c0090f8c8ee4cd6a3ce8
SHA1 ab10aaba47e8f1f1d27196f2cb6f884646161771
SHA256 6cb4b62044fcc0c477572c16e252c0614dadb93e8ff1b4b66200b01102306d36
ssdeep
6144:FE/GFDmHcBxQQvwUVkOXIls0hNyx5VQVI:F9AHwx/vwgqG5VQI

authentihash 4823b0d0da6d218600e93cd7510b8f45b05c805184b68c91378b4e1a986cc02d
imphash f0b3da6d95f0e28b821e3843acadfdce
File size 228.0 KB ( 233472 bytes )
File type Win32 EXE
Magic literal
PE32 executable for MS Windows (console) Intel 80386 32-bit

TrID Win32 Dynamic Link Library (generic) (43.5%)
Win32 Executable (generic) (29.8%)
Generic Win/DOS Executable (13.2%)
DOS Executable Generic (13.2%)
Tags
peexe

VirusTotal metadata
First submission 2016-03-18 16:10:03 UTC ( 3 years, 1 month ago )
Last submission 2016-08-09 12:37:22 UTC ( 2 years, 8 months ago )
File names 6cb4b62044fcc0c477572c16e252c0614dadb93e8ff1b4b66200b01102306d36.bin
whorescomeon.exe
No comments. No VirusTotal Community member has commented on this item yet, be the first one to do so!

Leave your comment...

?
Post comment

You have not signed in. Only registered users can leave comments, sign in and have a voice!

No votes. No one has voted on this item yet, be the first one to do so!
Condensed report! The following is a condensed report of the behaviour of the file when executed in a controlled environment. The actions and events described were either performed by the file itself or by any other process launched by the executed file or subjected to code injection by the executed file.
Opened files
Read files
Written files
Deleted files
Created processes
Code injections in the following processes
Terminated processes
Created mutexes
Opened mutexes
Searched windows
Opened service managers
Opened services
Runtime DLLs
HTTP requests
DNS requests
TCP connections
UDP communications