× Cookies are disabled! This site requires cookies to be enabled to work properly
SHA256: 6f7649825c47d610c7c45e8a19bcd663e3460046cb45503366eddeadfe2fd1f8
File name: 612e5814d57fc3bb143169ddd17efa88d0b9cb4d
Detection ratio: 8 / 51
Analysis date: 2014-04-25 18:47:29 UTC ( 4 years, 10 months ago ) View latest
Antivirus Result Update
AhnLab-V3 Trojan/Win32.Ransomlock 20140425
AVG SHeur4.BUHC 20140425
Bkav W32.DropperFagisF.Trojan 20140425
ESET-NOD32 Win32/Spy.Zbot.YW 20140425
Malwarebytes Spyware.Zbot 20140425
McAfee Artemis!66B57D05411A 20140425
McAfee-GW-Edition Artemis!66B57D05411A 20140425
ViRobot Trojan.Win32.Zbot.86892 20140425
Ad-Aware 20140425
AegisLab 20140425
Yandex 20140425
AntiVir 20140425
Antiy-AVL 20140425
Avast 20140425
Baidu-International 20140425
BitDefender 20140425
ByteHero 20140425
CAT-QuickHeal 20140425
ClamAV 20140425
CMC 20140424
Commtouch 20140425
Comodo 20140425
DrWeb 20140425
Emsisoft 20140425
F-Prot 20140425
F-Secure 20140425
Fortinet 20140422
GData 20140425
Ikarus 20140425
Jiangmin 20140425
K7AntiVirus 20140425
K7GW 20140425
Kaspersky 20140425
Kingsoft 20140425
Microsoft 20140425
eScan 20140425
NANO-Antivirus 20140425
Norman 20140425
nProtect 20140425
Panda 20140425
Qihoo-360 20140425
Rising 20140425
Sophos AV 20140425
SUPERAntiSpyware 20140425
Symantec 20140425
TheHacker 20140425
TotalDefense 20140425
TrendMicro 20140425
TrendMicro-HouseCall 20140425
VBA32 20140425
VIPRE 20140425
The file being studied is a Portable Executable file! More specifically, it is a Win32 EXE file for the Windows GUI subsystem.
PE header basic information
Target machine Intel 386 or later processors and compatible processors
Compilation timestamp 2014-04-05 17:51:40
Entry Point 0x00002A3E
Number of sections 4
PE sections
Overlays
MD5 83de583da4ee3e115a1ffcac92d651b1
File type data
Offset 36864
Size 189288
Entropy 8.00
PE imports
GetObjectA
DeleteDC
SelectObject
BitBlt
GetPixel
MaskBlt
CreateBitmap
CreateCompatibleDC
DeleteObject
CreateCompatibleBitmap
GetModuleFileNameA
GetStartupInfoA
VirtualAlloc
GetModuleHandleA
Ord(1775)
Ord(4080)
Ord(4710)
Ord(2414)
Ord(3597)
Ord(354)
Ord(1641)
Ord(3136)
Ord(4524)
Ord(1842)
Ord(5237)
Ord(665)
Ord(5577)
Ord(3350)
Ord(6375)
Ord(3626)
Ord(4589)
Ord(3798)
Ord(2621)
Ord(3259)
Ord(1665)
Ord(2446)
Ord(5214)
Ord(5301)
Ord(1979)
Ord(4964)
Ord(6172)
Ord(6215)
Ord(4529)
Ord(4531)
Ord(815)
Ord(2723)
Ord(366)
Ord(641)
Ord(5277)
Ord(2514)
Ord(4953)
Ord(4425)
Ord(3454)
Ord(5199)
Ord(4441)
Ord(3571)
Ord(4465)
Ord(4108)
Ord(5300)
Ord(6175)
Ord(5265)
Ord(338)
Ord(4627)
Ord(1168)
Ord(3738)
Ord(4853)
Ord(2982)
Ord(617)
Ord(3172)
Ord(4526)
Ord(4234)
Ord(825)
Ord(3081)
Ord(5307)
Ord(4242)
Ord(4823)
Ord(2390)
Ord(2542)
Ord(4424)
Ord(4273)
Ord(5260)
Ord(5076)
Ord(4078)
Ord(3059)
Ord(2554)
Ord(4376)
Ord(1945)
Ord(6376)
Ord(5282)
Ord(1727)
Ord(2405)
Ord(5785)
Ord(5186)
Ord(813)
Ord(2725)
Ord(640)
Ord(4998)
Ord(5472)
Ord(823)
Ord(4436)
Ord(4457)
Ord(3749)
Ord(2512)
Ord(4427)
Ord(4274)
Ord(5261)
Ord(4696)
Ord(4079)
Ord(4467)
Ord(3058)
Ord(3147)
Ord(2124)
Ord(6052)
Ord(4892)
Ord(1726)
Ord(4077)
Ord(6336)
Ord(4890)
Ord(3262)
Ord(5653)
Ord(674)
Ord(975)
Ord(1576)
Ord(5243)
Ord(4353)
Ord(3748)
Ord(5065)
Ord(5290)
Ord(4407)
Ord(4426)
Ord(6117)
Ord(3663)
Ord(3346)
Ord(4303)
Ord(2396)
Ord(4159)
Ord(3831)
Ord(520)
Ord(6374)
Ord(5280)
Ord(986)
Ord(4612)
Ord(3825)
Ord(2976)
Ord(323)
Ord(1089)
Ord(3198)
Ord(2985)
Ord(3922)
Ord(5240)
Ord(6080)
Ord(3318)
Ord(4151)
Ord(2649)
Ord(5252)
Ord(1776)
Ord(4623)
Ord(324)
Ord(4341)
Ord(4238)
Ord(2510)
Ord(3830)
Ord(5103)
Ord(2385)
Ord(4961)
Ord(4349)
Ord(2878)
Ord(3079)
Ord(4899)
Ord(652)
Ord(4387)
Ord(4723)
Ord(4420)
Ord(2055)
Ord(4837)
Ord(5241)
Ord(5100)
Ord(2399)
Ord(5012)
Ord(2648)
Ord(3065)
Ord(5714)
Ord(5289)
Ord(4545)
Ord(3403)
Ord(4622)
Ord(561)
Ord(1746)
Ord(1640)
Ord(4543)
Ord(4610)
Ord(2879)
Ord(4486)
Ord(560)
Ord(4698)
Ord(4370)
Ord(4588)
Ord(5163)
Ord(6055)
Ord(296)
Ord(4858)
Ord(4432)
Ord(5740)
Ord(5302)
Ord(1825)
Ord(5731)
Ord(5873)
_except_handler3
__p__fmode
_acmdln
__CxxFrameHandler
_setmbcp
_exit
_adjust_fdiv
__getmainargs
__p__commode
__dllonexit
_onexit
wcscat
exit
_XcptFilter
_wfopen
_initterm
_controlfp
__setusermatherr
__set_app_type
EnableWindow
LoadImageA
GetClientRect
UpdateWindow
Number of PE resources by type
RT_BITMAP 46
RT_STRING 12
RT_MENU 1
Struct(144) 1
RT_VERSION 1
Number of PE resources by language
ENGLISH US 31
NEUTRAL 30
PE resources
ExifTool file metadata
MIMEType
application/octet-stream

Subsystem
Windows GUI

MachineType
Intel 386 or later, and compatibles

TimeStamp
2014:04:05 18:51:40+01:00

FileType
Win32 EXE

PEType
PE32

CodeSize
0

LinkerVersion
3.0

FileTypeExtension
exe

InitializedDataSize
24576

SubsystemVersion
4.0

EntryPoint
0x2a3e

OSVersion
4.0

ImageVersion
0.0

UninitializedDataSize
0

File identification
MD5 66b57d05411a2e63443217e3eac0dd10
SHA1 612e5814d57fc3bb143169ddd17efa88d0b9cb4d
SHA256 6f7649825c47d610c7c45e8a19bcd663e3460046cb45503366eddeadfe2fd1f8
ssdeep
6144:zuKCHQPnbqRICWB9uTy73xsKSB8M7EfPSg:MHqO+FrxiGMIag

authentihash 9ec69a4f2e5a8e6569f5d418f67e970b9c35b516f674f7a7db4f43d306042d64
imphash a3ec3654364001ac50ddf2bb6ff79daa
File size 220.9 KB ( 226152 bytes )
File type Win32 EXE
Magic literal
PE32 executable for MS Windows (GUI) Intel 80386 32-bit

TrID Win32 Dynamic Link Library (generic) (43.5%)
Win32 Executable (generic) (29.8%)
Generic Win/DOS Executable (13.2%)
DOS Executable Generic (13.2%)
Autodesk FLIC Image File (extensions: flc, fli, cel) (0.0%)
Tags
peexe overlay

VirusTotal metadata
First submission 2014-04-25 18:47:29 UTC ( 4 years, 10 months ago )
Last submission 2015-09-27 12:56:39 UTC ( 3 years, 5 months ago )
File names 66b57d05411a2e63443217e3eac0dd10.virobj
612e5814d57fc3bb143169ddd17efa88d0b9cb4d
foHEfMe2D.wbs
66b57d05411a2e63443217e3eac0dd10
Advanced heuristic and reputation engines
Symantec reputation Suspicious.Insight
No comments. No VirusTotal Community member has commented on this item yet, be the first one to do so!

Leave your comment...

?
Post comment

You have not signed in. Only registered users can leave comments, sign in and have a voice!

No votes. No one has voted on this item yet, be the first one to do so!