× Cookies are disabled! This site requires cookies to be enabled to work properly
SHA256: 6d7d99c6ae96cd4d24649174922dc1f23f70a8a8274495a67b57326f63cadbb2
File name: 18cc8da6788d8f0444004ebc28e58d72.exe
Detection ratio: 38 / 58
Analysis date: 2016-09-26 12:45:28 UTC ( 2 years, 7 months ago )
Antivirus Result Update
AegisLab Troj.Banker.W32.Banbra.agym!c 20160926
AhnLab-V3 Trojan/Win32.Banbra.N311587571 20160926
Antiy-AVL Trojan[Banker]/Win32.Banbra 20160926
Avast Win32:Malware-gen 20160926
AVG Generic22.XAM 20160926
Avira (no cloud) TR/Banker.Banbra.agym.1 20160926
AVware Trojan.Win32.Generic!BT 20160926
Bkav W32.SantandernetFamLB.Worm 20160926
CAT-QuickHeal TrojanSpy.Banker.r5 20160926
ClamAV Win.Trojan.Banbra-348 20160926
Comodo UnclassifiedMalware 20160926
CrowdStrike Falcon (ML) malicious_confidence_68% (D) 20160725
Cyren W32/ArchSMS.BS.gen!Eldorado 20160926
DrWeb Trojan.Bankfraud.551 20160926
ESET-NOD32 Win32/Spy.Banker.XUQ 20160926
F-Prot W32/ArchSMS.BS.gen!Eldorado 20160926
Fortinet W32/Banbra.AGYM!tr 20160926
GData Win32.Trojan.Agent.QY57UB 20160926
Ikarus Trojan-Banker.Win32.Banbra 20160926
Sophos ML trojan.win32.neurevt.a 20160917
Kaspersky HEUR:Trojan.Win32.Generic 20160926
McAfee Generic.dx!18CC8DA6788D 20160923
McAfee-GW-Edition Generic.dx!18CC8DA6788D 20160926
Microsoft TrojanSpy:Win32/Banker 20160926
NANO-Antivirus Trojan.Win32.Banbra.chgwa 20160926
nProtect Trojan-Spy/W32.Banker.839245 20160926
Panda Trj/CI.A 20160925
Qihoo-360 Win32/Trojan.Spy.852 20160926
Rising Trojan.Generic-zQp7afLdamB (cloud) 20160926
Sophos AV Mal/Generic-S 20160926
Symantec Heur.AdvML.C 20160926
Tencent Win32.Trojan-banker.Banbra.Eaoa 20160926
TrendMicro Cryp_Banker14 20160926
TrendMicro-HouseCall Cryp_Banker14 20160926
VBA32 TrojanBanker.Banbra 20160923
VIPRE Trojan.Win32.Generic!BT 20160926
ViRobot Trojan.Win32.S.Banbra.839245[h] 20160926
Yandex Trojan.PWS.Banbra!R/4FsNzHjuU 20160925
Ad-Aware 20160926
Alibaba 20160926
ALYac 20160926
Arcabit 20160926
Baidu 20160926
BitDefender 20160926
CMC 20160921
Emsisoft 20160926
F-Secure 20160926
Jiangmin 20160926
K7AntiVirus 20160926
K7GW 20160926
Kingsoft 20160926
Malwarebytes 20160926
eScan 20160926
SUPERAntiSpyware 20160926
TheHacker 20160926
TotalDefense 20160920
Zillya 20160924
Zoner 20160926
The file being studied is a Portable Executable file! More specifically, it is a Win32 EXE file for the Windows GUI subsystem.
Packers identified
Command RAR
F-PROT RAR
PE header basic information
Target machine Intel 386 or later processors and compatible processors
Compilation timestamp 2010-03-15 06:27:50
Entry Point 0x0000A7B1
Number of sections 5
PE sections
Overlays
MD5 ca25043503928509bc229380a6cb4952
File type data
Offset 91136
Size 748109
Entropy 8.00
PE imports
LookupPrivilegeValueA
RegCloseKey
OpenProcessToken
AdjustTokenPrivileges
RegQueryValueExA
SetFileSecurityW
RegSetValueExA
RegCreateKeyExA
RegOpenKeyExA
SetFileSecurityA
GetOpenFileNameA
GetSaveFileNameA
CommDlgExtendedError
GetDeviceCaps
GetObjectA
DeleteDC
SelectObject
StretchBlt
CreateCompatibleDC
DeleteObject
CreateCompatibleBitmap
GetSystemTime
GetLastError
HeapFree
GetStdHandle
SystemTimeToFileTime
ReadFile
FileTimeToSystemTime
lstrlenA
lstrcmpiA
WaitForSingleObject
LoadLibraryA
FreeLibrary
FindNextFileA
HeapAlloc
SetFileTime
GetVersionExA
GetModuleFileNameA
IsDBCSLeadByte
GetCPInfo
GetCurrentProcess
GetDateFormatA
FileTimeToLocalFileTime
GetCurrentDirectoryA
CreateFileMappingA
GetLocaleInfoA
CreateDirectoryA
DeleteFileA
OpenFileMappingA
ExitProcess
MultiByteToWideChar
CreateDirectoryW
DeleteFileW
GetProcAddress
GetProcessHeap
SetFileAttributesA
GetModuleFileNameW
SetFilePointer
GetTempPathA
SetEndOfFile
DosDateTimeToFileTime
CloseHandle
WideCharToMultiByte
MapViewOfFile
GetModuleHandleA
FindNextFileW
GetFileAttributesA
WriteFile
FindFirstFileA
GetTimeFormatA
GetCommandLineA
FindFirstFileW
HeapReAlloc
MoveFileExA
ExpandEnvironmentStringsA
SetEnvironmentVariableA
GetFullPathNameA
MoveFileA
GetFileAttributesW
GetNumberFormatA
UnmapViewOfFile
CreateFileW
GlobalAlloc
LocalFileTimeToFileTime
FindClose
Sleep
GetFileType
SetFileAttributesW
CreateFileA
GetTickCount
FindResourceA
SetCurrentDirectoryA
SetLastError
CompareStringA
VariantInit
SHGetFileInfoA
ShellExecuteExA
SHChangeNotify
SHGetSpecialFolderLocation
SHBrowseForFolderA
SHGetPathFromIDListA
SHGetMalloc
SHFileOperationA
SetFocus
MapWindowPoints
GetParent
UpdateWindow
EndDialog
DefWindowProcA
ShowWindow
GetSystemMetrics
LoadBitmapA
SetWindowPos
SendDlgItemMessageA
CharToOemBuffA
IsWindow
GetWindowRect
DispatchMessageA
EnableWindow
SetMenu
SetDlgItemTextA
PostMessageA
GetDlgItemTextA
MessageBoxA
PeekMessageA
SetWindowLongA
wvsprintfA
TranslateMessage
DialogBoxParamA
GetWindow
CharUpperA
GetDC
RegisterClassExA
ReleaseDC
SetWindowTextA
DestroyIcon
GetWindowLongA
IsWindowVisible
SendMessageA
GetWindowTextA
GetClientRect
CreateWindowExA
GetDlgItem
OemToCharBuffA
LoadIconA
wsprintfA
FindWindowExA
GetSysColor
LoadCursorA
OemToCharA
LoadStringA
CopyRect
WaitForInputIdle
GetClassNameA
GetMessageA
DestroyWindow
CharToOemA
CreateStreamOnHGlobal
OleUninitialize
CoCreateInstance
OleInitialize
CLSIDFromString
Number of PE resources by type
RT_DIALOG 6
RT_STRING 5
RT_ICON 1
RT_MANIFEST 1
RT_BITMAP 1
RT_GROUP_ICON 1
Number of PE resources by language
ENGLISH US 13
NEUTRAL DEFAULT 2
PE resources
Debug information
ExifTool file metadata
MIMEType
application/octet-stream

Subsystem
Windows GUI

MachineType
Intel 386 or later, and compatibles

TimeStamp
2010:03:15 07:27:50+01:00

FileType
Win32 EXE

PEType
PE32

CodeSize
67584

LinkerVersion
9.0

FileTypeExtension
exe

InitializedDataSize
22528

SubsystemVersion
4.0

EntryPoint
0xa7b1

OSVersion
5.0

ImageVersion
0.0

UninitializedDataSize
0

File identification
MD5 18cc8da6788d8f0444004ebc28e58d72
SHA1 81d230bccbe226fd1c495dc0ffad97738966cb2f
SHA256 6d7d99c6ae96cd4d24649174922dc1f23f70a8a8274495a67b57326f63cadbb2
ssdeep
24576:cutr5OUVST9tT1etR+x9bLZpQZZkdChFPX70DJMSXc:cuXuhetRQ//Qr0+SM

authentihash 4d82f1720fefd685eb974f64102be62fad660473c6141d90541a9c0604b7f1a8
imphash 9402b48d966c911f0785b076b349b5ef
File size 819.6 KB ( 839245 bytes )
File type Win32 EXE
Magic literal
PE32 executable for MS Windows (GUI) Intel 80386 32-bit

TrID Win32 Executable MS Visual C++ (generic) (42.2%)
Win64 Executable (generic) (37.3%)
Win32 Dynamic Link Library (generic) (8.8%)
Win32 Executable (generic) (6.0%)
Generic Win/DOS Executable (2.7%)
Tags
peexe overlay

VirusTotal metadata
First submission 2011-04-14 03:06:13 UTC ( 8 years ago )
Last submission 2014-02-01 06:37:44 UTC ( 5 years, 2 months ago )
File names 18cc8da6788d8f0444004ebc28e58d72.exe
817751
file-2103479_exe
NSKuHZ1hh.gif
[12924]Atualizacao-Dados-Cadastrais.exe.#
18cc8da6788d8f0444004ebc28e58d7281d230bccbe226fd1c495dc0ffad97738966cb2f839245.exe
18cc8da6788d8f0444004ebc28e58d72
mO70d5Y.bz2
Atualizacao-Dados-Cadastrais.exe
81d230bccbe226fd1c495dc0ffad97738966cb2f.exe
santandernet.php
Advanced heuristic and reputation engines
ClamAV
Possibly Unwanted Application. While not necessarily malicious, the scanned file presents certain characteristics which depending on the user policies and environment may or may not represent a threat. For full details see: https://www.clamav.net/documents/potentially-unwanted-applications-pua .

Symantec reputation Suspicious.Insight
No comments. No VirusTotal Community member has commented on this item yet, be the first one to do so!

Leave your comment...

?
Post comment

You have not signed in. Only registered users can leave comments, sign in and have a voice!

No votes. No one has voted on this item yet, be the first one to do so!