× Cookies are disabled! This site requires cookies to be enabled to work properly
SHA256: 6f6aded9d54d7d4baa81492bc831b04fe7880e5f7469b2c8e4aa7dd52f90ff3f
File name: be1ec2d9b5a703ee0ceb6e29ea7758d3.vir
Detection ratio: 50 / 66
Analysis date: 2018-10-05 00:37:18 UTC ( 2 months, 2 weeks ago )
Antivirus Result Update
Ad-Aware Trojan.PWS.ZIY 20181005
AegisLab Troj.W32.Gen.lDfK 20181004
AhnLab-V3 Trojan/Win32.Tepfer.R50650 20181004
ALYac Trojan.PWS.ZIY 20181004
Antiy-AVL Trojan[PSW]/Win32.Tepfer 20181005
Avast Sf:Crypt-AS [Trj] 20181005
AVG Sf:Crypt-AS [Trj] 20181005
Avira (no cloud) TR/PSW.Fareit.iloen 20181004
Baidu Win32.Trojan-PSW.Fareit.a 20180930
BitDefender Trojan.PWS.ZIY 20181004
CAT-QuickHeal Trojanpws.Tepfer.20303 20181004
ClamAV Win.Trojan.Fareit-403 20181004
CMC Trojan-PSW.Win32.Tepfer!O 20181004
CrowdStrike Falcon (ML) malicious_confidence_100% (D) 20180723
Cybereason malicious.9b5a70 20180225
Cylance Unsafe 20181005
Cyren W32/Bloop.A.gen!Eldorado 20181005
DrWeb Trojan.PWS.Stealer.1932 20181005
Emsisoft Trojan.PWS.ZIY (B) 20181005
Endgame malicious (high confidence) 20180730
ESET-NOD32 Win32/PSW.Fareit.A 20181005
F-Prot W32/Bloop.A.gen!Eldorado 20181005
Fortinet W32/Agent.NTM!tr 20181005
GData Win32.Trojan-Stealer.Zbot.AB 20181005
Sophos ML heuristic 20180717
Jiangmin Trojan/Generic.atgal 20181004
K7AntiVirus Password-Stealer ( 0040f4f51 ) 20181004
K7GW Password-Stealer ( 004b89e61 ) 20181003
Kaspersky Trojan-PSW.Win32.Tepfer.gen 20181005
Malwarebytes Spyware.Pony 20181005
MAX malware (ai score=100) 20181005
McAfee PWS-Zbot.gen.ate 20181005
McAfee-GW-Edition BehavesLike.Win32.PWSZbot.nh 20181004
Microsoft PWS:Win32/Fareit 20181004
eScan Trojan.PWS.ZIY 20181005
NANO-Antivirus Trojan.Win32.Siggen.evgeyh 20181005
Panda Trj/Tepfer.D 20181004
Rising Trojan.Fareit!1.A343 (CLOUD) 20181005
Sophos AV Mal/Pony-A 20181004
Symantec Infostealer!im 20181004
TACHYON Trojan-PWS/W32.Tepfer.94208.BY 20181005
TheHacker Trojan/Fareit.a 20181001
TrendMicro BKDR_PONY.SM 20181004
TrendMicro-HouseCall BKDR_PONY.SM 20181005
VBA32 BScope.Malware-Cryptor.Ponik 20181004
ViRobot Trojan.Win32.PSW-Tepfer.92672 20181004
Webroot W32.Tepfer 20181005
Zillya Trojan.Tepfer.Win32.85789 20181003
ZoneAlarm by Check Point Trojan-PSW.Win32.Tepfer.gen 20181004
Zoner Trojan.Fareit 20181004
Alibaba 20180921
Avast-Mobile 20181004
AVware 20180925
Babable 20180918
Bkav 20181003
Comodo 20181005
eGambit 20181005
F-Secure 20180810
Kingsoft 20181005
Palo Alto Networks (Known Signatures) 20181005
Qihoo-360 20181005
SentinelOne (Static ML) 20180926
SUPERAntiSpyware 20181004
Symantec Mobile Insight 20181001
TotalDefense 20181004
Trustlook 20181005
VIPRE 20181005
Yandex 20181004
The file being studied is a Portable Executable file! More specifically, it is a Win32 EXE file for the Windows GUI subsystem.
PE header basic information
Target machine Intel 386 or later processors and compatible processors
Compilation timestamp 2015-09-19 07:59:54
Entry Point 0x00010621
Number of sections 3
PE sections
Overlays
MD5 8b16ebb570ac994001b6e386b0a5d293
File type ASCII text
Offset 92672
Size 1536
Entropy 0.08
PE imports
CreateToolhelp32Snapshot
GetLastError
Process32First
GetSystemInfo
lstrlenA
GetFileAttributesA
GetPrivateProfileSectionNamesA
LCMapStringA
GetTickCount
GetVersionExA
GlobalUnlock
LoadLibraryA
lstrlenW
Process32Next
GetCurrentProcess
GetCurrentDirectoryA
GetPrivateProfileStringA
GetLocaleInfoA
LocalAlloc
lstrcatA
GetPrivateProfileIntA
CreateDirectoryA
DeleteFileA
GetWindowsDirectoryA
MultiByteToWideChar
OpenProcess
GlobalLock
GetTempPathA
lstrcmpiA
WideCharToMultiByte
MapViewOfFile
GetModuleHandleA
lstrcmpA
ReadFile
SetUnhandledExceptionFilter
lstrcpyA
FindFirstFileA
CloseHandle
CreateFileMappingA
FindNextFileA
ExpandEnvironmentStringsA
LocalFree
GetModuleFileNameA
UnmapViewOfFile
WriteFile
SetCurrentDirectoryA
FindClose
Sleep
CreateFileA
ExitProcess
GetProcAddress
GetFileSize
RegOpenCurrentUser
RegOpenKeyA
RegCloseKey
GetUserNameA
RegQueryValueExA
RegSetValueExA
RegEnumValueA
IsTextUnicode
RegOpenKeyExA
RegCreateKeyA
RegEnumKeyExA
CreateStreamOnHGlobal
OleInitialize
CoCreateGuid
CoCreateInstance
GetHGlobalFromStream
CoTaskMemFree
ShellExecuteA
StrStrA
StrStrIA
StrToIntA
StrRChrIA
StrStrIW
StrCmpNIA
wsprintfA
LoadUserProfileA
UnloadUserProfile
InternetCrackUrlA
InternetCreateUrlA
setsockopt
socket
recv
inet_addr
send
WSAStartup
gethostbyname
connect
closesocket
select
ExifTool file metadata
MIMEType
application/octet-stream

Subsystem
Windows GUI

MachineType
Intel 386 or later, and compatibles

FileTypeExtension
exe

TimeStamp
2015:09:19 08:59:54+01:00

FileType
Win32 EXE

PEType
PE32

CodeSize
72704

LinkerVersion
2.5

ImageFileCharacteristics
No relocs, Executable, No line numbers, No symbols, 32-bit

EntryPoint
0x10621

InitializedDataSize
20992

SubsystemVersion
4.0

ImageVersion
0.0

OSVersion
4.0

UninitializedDataSize
0

File identification
MD5 be1ec2d9b5a703ee0ceb6e29ea7758d3
SHA1 cace5bf785d809917409195dc6e655df7b1254c2
SHA256 6f6aded9d54d7d4baa81492bc831b04fe7880e5f7469b2c8e4aa7dd52f90ff3f
ssdeep
1536:UnSncgyGqTDRXmGcwSCfZDalZNg9tvo0iO3AX4ApTvMEItkzmt2l+:2SnMuGc/CfZDap6COU45EIBtm+

authentihash 9be97ae0687d739e144a94d20d2843b5d322a12d391ef80eb29b981fd898207e
imphash 09070e021d4505e6183701ac6e022a16
File size 92.0 KB ( 94208 bytes )
File type Win32 EXE
Magic literal
PE32 executable for MS Windows (GUI) Intel 80386 32-bit

TrID Win64 Executable (generic) (32.7%)
Win32 EXE Yoda's Crypter (31.4%)
Windows screen saver (15.5%)
Win32 Dynamic Link Library (generic) (7.7%)
Win32 Executable (generic) (5.3%)
Tags
peexe overlay

VirusTotal metadata
First submission 2018-09-05 09:35:02 UTC ( 3 months, 2 weeks ago )
Last submission 2018-10-04 15:15:12 UTC ( 2 months, 2 weeks ago )
File names Dumpp.exe
be1ec2d9b5a703ee0ceb6e29ea7758d3.vir
No comments. No VirusTotal Community member has commented on this item yet, be the first one to do so!

Leave your comment...

?
Post comment

You have not signed in. Only registered users can leave comments, sign in and have a voice!

No votes. No one has voted on this item yet, be the first one to do so!
Condensed report! The following is a condensed report of the behaviour of the file when executed in a controlled environment. The actions and events described were either performed by the file itself or by any other process launched by the executed file or subjected to code injection by the executed file.
Opened files
Read files
Written files
Deleted files
Created processes
Shell commands
Opened service managers
Opened services
Runtime DLLs
HTTP requests
DNS requests
TCP connections