× Cookies are disabled! This site requires cookies to be enabled to work properly
SHA256: 6eed89cebec32968cc7852b4b37143c28c78b5dda3eeb71555e9880cce2774fd
File name: free.exe
Detection ratio: 37 / 56
Analysis date: 2015-12-20 05:41:35 UTC ( 8 months, 1 week ago )
Antivirus Result Update
ALYac Gen:Variant.Graftor.81427 20151218
AVG Generic32.CCTU 20151220
AVware Trojan.Win32.Zbot.ma!ag (v) 20151220
Ad-Aware Gen:Variant.Graftor.81427 20151220
AhnLab-V3 Win-Trojan/Zbot.73216.L 20151219
Arcabit Trojan.Graftor.D13E13 20151220
Avast Win32:Trojan-gen 20151220
Avira (no cloud) TR/Rogue.963566 20151219
Baidu-International Trojan.Win32.Sharik.peo 20151219
BitDefender Gen:Variant.Graftor.81427 20151220
Comodo TrojWare.Win32.Kryptik.BAXK 20151219
ESET-NOD32 a variant of Win32/Kryptik.AZPY 20151219
Emsisoft Gen:Variant.Graftor.81427 (B) 20151220
F-Secure Gen:Variant.Graftor.81427 20151218
Fortinet W32/ZAccess.Y!tr 20151220
GData Gen:Variant.Graftor.81427 20151220
Ikarus Trojan.Win32.Crypt 20151219
K7AntiVirus Riskware ( 0040eff71 ) 20151220
K7GW Riskware ( 0040eff71 ) 20151220
Kaspersky Trojan.Win32.Sharik.peo 20151220
Malwarebytes Virus.Expiro 20151220
McAfee RDN/Suspicious.bfr 20151220
McAfee-GW-Edition BehavesLike.Win32.CryptDoma.lh 20151220
eScan Gen:Variant.Graftor.81427 20151220
NANO-Antivirus Trojan.Win32.Sharik.cobvif 20151220
Panda Generic Malware 20151219
Qihoo-360 HEUR/Malware.QVM07.Gen 20151220
SUPERAntiSpyware Trojan.Agent/Gen-Festo 20151220
Sophos Mal/Generic-S 20151220
Symantec Trojan.Zbot 20151217
Tencent Win32.Trojan.Sharik.Dztj 20151220
TheHacker Trojan/Kryptik.azos 20151220
TrendMicro TROJ_SPNR.14EB13 20151220
TrendMicro-HouseCall TROJ_SPNR.14EB13 20151220
VIPRE Trojan.Win32.Zbot.ma!ag (v) 20151219
ViRobot Trojan.Win32.A.Sharik.73216[h] 20151220
Zillya Trojan.Sharik.Win32.97 20151218
AegisLab 20151219
Yandex 20151219
Alibaba 20151208
Antiy-AVL 20151220
Bkav 20151219
ByteHero 20151220
CAT-QuickHeal 20151219
CMC 20151217
ClamAV 20151219
Cyren 20151220
DrWeb 20151220
F-Prot 20151220
Jiangmin 20151220
Microsoft 20151220
Rising 20151218
TotalDefense 20151220
VBA32 20151218
Zoner 20151220
nProtect 20151218
The file being studied is a Portable Executable file! More specifically, it is a Win32 EXE file for the Windows GUI subsystem.
Packers identified
PEiD Armadillo v1.71
PE header basic information
Target machine Intel 386 or later processors and compatible processors
Compilation timestamp 2013-04-24 12:20:01
Entry Point 0x00004E0D
Number of sections 4
PE sections
PE imports
GetLastError
HeapFree
LocalLock
GetDriveTypeW
GetNamedPipeInfo
SetHandleCount
GetSystemInfo
LoadLibraryW
GetExitCodeProcess
LCMapStringA
HeapDestroy
ExitProcess
GetEnvironmentStringsW
FlushFileBuffers
LoadLibraryA
GetStdHandle
GetModuleFileNameA
FreeLibrary
FindFirstChangeNotificationW
GetCommandLineA
HeapAlloc
GetStartupInfoA
_lwrite
GetEnvironmentStrings
RtlUnwind
GetCurrentProcessId
LCMapStringW
GetProfileSectionW
GetCompressedFileSizeW
GetCPInfo
UnhandledExceptionFilter
MultiByteToWideChar
GetPrivateProfileStructW
FreeEnvironmentStringsW
DeleteFileW
GetProcAddress
GetNamedPipeHandleStateW
SetStdHandle
GetProfileStringW
GetModuleHandleA
FreeEnvironmentStringsA
WideCharToMultiByte
SetEnvironmentVariableW
GetStringTypeA
SetFilePointer
GetDiskFreeSpaceW
GlobalAddAtomA
WriteFile
GetCurrentProcess
CreateMutexW
CloseHandle
IsBadHugeReadPtr
GetProcessWorkingSetSize
GetACP
HeapReAlloc
GetStringTypeW
GetVersion
FreeResource
SetPriorityClass
GetPrivateProfileSectionW
FormatMessageW
TerminateProcess
CreateProcessA
LocalSize
GetProcessShutdownParameters
FreeLibraryAndExitThread
InitializeCriticalSection
HeapCreate
PostQueuedCompletionStatus
VirtualFree
GetFileType
TlsSetValue
SignalObjectAndWait
SetMailslotInfo
OpenSemaphoreW
VirtualAlloc
GetOEMCP
GetWindow
CharToOemW
LoadBitmapA
InvalidateRgn
Number of PE resources by type
RT_MENU 2
RT_ACCELERATOR 1
RT_MANIFEST 1
Number of PE resources by language
ENGLISH US 4
PE resources
ExifTool file metadata
MIMEType
application/octet-stream

Subsystem
Windows GUI

MachineType
Intel 386 or later, and compatibles

FileTypeExtension
exe

TimeStamp
2013:04:24 12:20:01+00:00

FileType
Win32 EXE

PEType
PE32

CodeSize
37376

LinkerVersion
8.0

EntryPoint
0x4e0d

InitializedDataSize
1031680

SubsystemVersion
4.0

ImageVersion
0.0

OSVersion
4.0

UninitializedDataSize
0

File identification
MD5 80b3735863cc59d3edc6e7331a231c88
SHA1 87485ac47a8d7322fcfd532acd39dd6d1a4ef6d6
SHA256 6eed89cebec32968cc7852b4b37143c28c78b5dda3eeb71555e9880cce2774fd
ssdeep
1536:vYG1BHsvYofMJwQwtzDoNKyji0XxheD2MZ/dMs4o0vU:NMvDJQwt3s1hqBVdMs4o0vU

authentihash 236a9c34440e53b5a5d9550d1a18adcce7e4217ec42c70ad4f5347283538e64a
imphash ec54d9cad96662184b5b1d8e2f086d9c
File size 71.5 KB ( 73216 bytes )
File type Win32 EXE
Magic literal
PE32 executable for MS Windows (GUI) Intel 80386 32-bit

TrID Win32 Executable MS Visual C++ (generic) (67.3%)
Win32 Dynamic Link Library (generic) (14.2%)
Win32 Executable (generic) (9.7%)
Generic Win/DOS Executable (4.3%)
DOS Executable Generic (4.3%)
Tags
peexe armadillo

VirusTotal metadata
First submission 2013-04-25 07:12:30 UTC ( 3 years, 4 months ago )
Last submission 2015-12-20 05:41:35 UTC ( 8 months, 1 week ago )
File names 80b3735863cc59d3edc6e7331a231c88.87485ac47a8d7322fcfd532acd39dd6d1a4ef6d6
a3379f91fb31d5fa9e5b6d12446a5943190b50a3
6eed89cebec32968cc7852b4b37143c28c78b5dda3eeb71555e9880cce2774fd.vir
free.exe
output.10403402.txt
10403402
No comments. No VirusTotal Community member has commented on this item yet, be the first one to do so!

Leave your comment...

?
Post comment

You have not signed in. Only registered users can leave comments, sign in and have a voice!

No votes. No one has voted on this item yet, be the first one to do so!
Condensed report! The following is a condensed report of the behaviour of the file when executed in a controlled environment. The actions and events described were either performed by the file itself or by any other process launched by the executed file or subjected to code injection by the executed file.
Opened files
Deleted files
Searched windows
Runtime DLLs
Additional details
The file sends control codes directly to certain device drivers making use of the DeviceIoControl Windows API function.
TCP connections
UDP communications