× Cookies are disabled! This site requires cookies to be enabled to work properly
SHA256: 6e7785213d6af20f376a909c1ecb6c9bddec70049764f08e5054a52997241e3d
File name: 31656.exe
Detection ratio: 6 / 56
Analysis date: 2016-11-08 10:53:26 UTC ( 2 years, 3 months ago ) View latest
Antivirus Result Update
CrowdStrike Falcon (ML) malicious_confidence_99% (D) 20161024
ESET-NOD32 a variant of Win32/GenKryptik.JTN 20161108
Sophos ML generic.a 20161018
Kaspersky Trojan.Win32.Yakes.rnja 20161108
Qihoo-360 HEUR/QVM10.1.0000.Malware.Gen 20161108
Symantec Trojan Horse 20161108
Ad-Aware 20161108
AegisLab 20161108
AhnLab-V3 20161108
Alibaba 20161108
ALYac 20161108
Antiy-AVL 20161108
Arcabit 20161108
Avast 20161108
AVG 20161108
Avira (no cloud) 20161107
AVware 20161108
Baidu 20161107
BitDefender 20161108
Bkav 20161107
CAT-QuickHeal 20161108
ClamAV 20161108
CMC 20161108
Comodo 20161108
Cyren 20161108
DrWeb 20161108
Emsisoft 20161108
F-Prot 20161108
F-Secure 20161108
Fortinet 20161108
GData 20161108
Ikarus 20161108
Jiangmin 20161108
K7AntiVirus 20161108
K7GW 20161108
Kingsoft 20161108
Malwarebytes 20161108
McAfee 20161108
McAfee-GW-Edition 20161108
Microsoft 20161108
eScan 20161108
NANO-Antivirus 20161108
nProtect 20161108
Panda 20161107
Rising 20161108
Sophos AV 20161108
SUPERAntiSpyware 20161108
Tencent 20161108
TheHacker 20161106
TotalDefense 20161108
TrendMicro 20161108
VBA32 20161105
VIPRE 20161108
ViRobot 20161108
Yandex 20161107
Zillya 20161107
Zoner 20161108
The file being studied is a Portable Executable file! More specifically, it is a Win32 EXE file for the Windows GUI subsystem.
FileVersionInfo properties
PE header basic information
Target machine Intel 386 or later processors and compatible processors
Compilation timestamp 2016-11-07 01:13:51
Entry Point 0x00005AA9
Number of sections 4
PE sections
PE imports
Ord(6)
ImageList_ReplaceIcon
ImageList_Create
ImageList_BeginDrag
ImageList_DragEnter
SelectObject
CreateEllipticRgn
DeleteDC
CreateRectRgn
GdiGradientFill
CreateSolidBrush
CombineRgn
CreateBitmap
SetBkColor
CreateDIBSection
CreateCompatibleDC
DeleteObject
gluOrtho2D
ImmAssociateContext
GetLastError
InitializeCriticalSectionAndSpinCount
HeapFree
GetStdHandle
EnterCriticalSection
LCMapStringW
SetHandleCount
GetSystemInfo
lstrlenA
DeactivateActCtx
WaitForSingleObject
GetOEMCP
QueryPerformanceCounter
IsDebuggerPresent
GetTickCount
TlsAlloc
GetEnvironmentStringsW
GetModuleFileNameA
RtlUnwind
LoadLibraryA
FreeEnvironmentStringsA
DeleteCriticalSection
GetCurrentProcess
GetEnvironmentStrings
GetLocaleInfoA
GetCurrentProcessId
DebugActiveProcessStop
GetCPInfo
UnhandledExceptionFilter
TlsGetValue
MultiByteToWideChar
HeapSize
FreeEnvironmentStringsW
GetCommandLineA
GetProcAddress
TlsFree
RaiseException
WideCharToMultiByte
MapViewOfFile
GetStringTypeA
GetModuleHandleA
UnmapViewOfFile
SetUnhandledExceptionFilter
WriteFile
GetStartupInfoA
GetProfileStringA
CloseHandle
GetSystemTimeAsFileTime
CreateFileMappingA
GetACP
HeapReAlloc
GetStringTypeW
GetModuleHandleW
HeapAlloc
TerminateProcess
LCMapStringA
IsValidCodePage
HeapCreate
lstrcpyA
VirtualFree
CreateEventA
InterlockedDecrement
Sleep
GetFileType
TlsSetValue
ExitProcess
GetCurrentThreadId
InterlockedIncrement
VirtualAlloc
SetLastError
LeaveCriticalSection
glFrustum
glViewport
glMatrixMode
glLoadIdentity
RasConnectionNotificationW
RasDeleteEntryA
RasEntryDlgA
SetupDiSetClassInstallParamsA
SetupDiEnumDeviceInfo
SetupDiGetClassDevsA
SetupDiDestroyDeviceInfoList
SetupDiCallClassInstaller
SHBrowseForFolderA
Shell_NotifyIconA
StrFormatByteSizeA
SetWindowRgn
LoadMenuA
CreateIconIndirect
GetMessageW
DefWindowProcA
ShowWindow
LoadBitmapA
SetWindowPos
DestroyIcon
GetWindowRect
EndPaint
SetMenu
SetCapture
MessageBoxA
TranslateMessage
DialogBoxParamA
GetDC
RegisterClassExA
GetCursorPos
BeginPaint
SetWindowTextA
GetMenu
LoadStringA
SetCaretBlinkTime
SendMessageA
GetClientRect
SetCursorPos
LoadAcceleratorsA
wsprintfA
GetWindowTextLengthA
CreateWindowExA
LoadCursorA
LoadIconA
GetMenuItemInfoA
RealChildWindowFromPoint
DispatchMessageW
GetWindowTextA
GetDlgItem
CLSIDFromString
Number of PE resources by type
RT_DIALOG 8
RT_MANIFEST 1
Number of PE resources by language
ENGLISH US 9
PE resources
ExifTool file metadata
MIMEType
application/octet-stream

Subsystem
Windows GUI

MachineType
Intel 386 or later, and compatibles

FileTypeExtension
exe

TimeStamp
2016:11:07 02:13:51+01:00

FileType
Win32 EXE

PEType
PE32

CodeSize
78336

LinkerVersion
9.0

ImageFileCharacteristics
No relocs, Executable, 32-bit

EntryPoint
0x5aa9

InitializedDataSize
40960

SubsystemVersion
5.0

ImageVersion
0.0

OSVersion
5.0

UninitializedDataSize
0

Compressed bundles
File identification
MD5 31963075abec1ca51a7c8416baf097f2
SHA1 44b5e306c4b3af5c7819eaef7b13a3560ecaefac
SHA256 6e7785213d6af20f376a909c1ecb6c9bddec70049764f08e5054a52997241e3d
ssdeep
1536:nZA7kdutJNpY1c/Mb4Cx84Iq8FiqBKRN7QgV7Jnqs4R1w0D2f1Qvk:m7msNpGchCqPoRdjVgzR1w0C1Ok

authentihash 8d20359f0a403bcbf7b35dbb0b9a57428542f80e8c0b6f6f44c71c92332c1b75
imphash a688501fbb51d94a1bf72b0577b5d8a6
File size 117.5 KB ( 120320 bytes )
File type Win32 EXE
Magic literal
PE32 executable for MS Windows (GUI) Intel 80386 32-bit

TrID Win32 Executable MS Visual C++ (generic) (41.0%)
Win64 Executable (generic) (36.3%)
Win32 Dynamic Link Library (generic) (8.6%)
Win32 Executable (generic) (5.9%)
OS/2 Executable (generic) (2.6%)
Tags
peexe

VirusTotal metadata
First submission 2016-11-08 10:53:26 UTC ( 2 years, 3 months ago )
Last submission 2019-02-05 17:50:27 UTC ( 2 weeks ago )
File names Yakes Trojaner.exe
mr6.exe
554eda8a-b08b-11e6-978e-80e65024849a.file
1 (31).exe
8d3cbbae-aa57-11e6-bd12-80e65024849a.file
6e7785213d6af20f376a909c1ecb6c9bddec70049764f08e5054a52997241e3d.x32.exe
2d47daee-afb8-11e6-b811-80e65024849a.file
723b4ccc-adcb-11e6-8801-80e65024849a.file
f7a55a4f-a6ab-11e6-9f75-80e65024849a.file
554eda8a-b08b-11e6-978e-80e65024849a.file
31656.exe
c7cf5c57-ab20-11e6-a6c5-80e65024849a.file
mr6 (1).exe
0f3bb1d9-ae92-11e6-8a36-80e65024849a.file
0f3bb1d9-ae92-11e6-8a36-80e65024849a.file
8d3cbbae-aa57-11e6-bd12-80e65024849a.file
1d6763bd-a71c-11e6-91fd-80e65024849a.file
531f9cc5-ac06-11e6-bb68-80e65024849a.exe
6e7785213d6af20f_0f3bb1d9-ae92-11e6-8a36-80e65024849a.file
mr6.exe
f7a55a4f-a6ab-11e6-9f75-80e65024849a.file
mr6.exe
mr6.exe
ae8ef61c-a7de-11e6-a889-80e65024849a.exe
531f9cc5-ac06-11e6-bb68-80e65024849a.file
Advanced heuristic and reputation engines
No comments. No VirusTotal Community member has commented on this item yet, be the first one to do so!

Leave your comment...

?
Post comment

You have not signed in. Only registered users can leave comments, sign in and have a voice!

No votes. No one has voted on this item yet, be the first one to do so!
Condensed report! The following is a condensed report of the behaviour of the file when executed in a controlled environment. The actions and events described were either performed by the file itself or by any other process launched by the executed file or subjected to code injection by the executed file.
Opened files
Read files
Created processes
Opened mutexes
Searched windows
Runtime DLLs
UDP communications