× Cookies are disabled! This site requires cookies to be enabled to work properly
SHA256: 6f91d92139da04443afa6ed9e37871b2abfe49d0e240d5d5dccfa4b4baba6941
File name: 666.exe
Detection ratio: 10 / 56
Analysis date: 2016-10-28 20:46:17 UTC ( 2 years, 5 months ago ) View latest
Antivirus Result Update
AVware Trojan-Downloader.Win32.Upatre.tfl (v) 20161028
Baidu Win32.Trojan.WisdomEyes.16070401.9500.9999 20161028
CrowdStrike Falcon (ML) malicious_confidence_100% (W) 20161024
Sophos ML trojandownloader.win32.wintrim.bx 20161018
Kaspersky UDS:DangerousObject.Multi.Generic 20161028
Malwarebytes Trojan.TrickBot 20161028
McAfee-GW-Edition BehavesLike.Win32.PWSZbot.fh 20161028
Qihoo-360 HEUR/QVM07.1.0000.Malware.Gen 20161028
Symantec Trojan Horse 20161028
VIPRE Trojan-Downloader.Win32.Upatre.tfl (v) 20161028
Ad-Aware 20161028
AegisLab 20161028
AhnLab-V3 20161028
Alibaba 20161028
ALYac 20161028
Antiy-AVL 20161028
Arcabit 20161028
Avast 20161028
AVG 20161028
Avira (no cloud) 20161028
BitDefender 20161028
Bkav 20161028
CAT-QuickHeal 20161028
ClamAV 20161027
CMC 20161028
Comodo 20161028
Cyren 20161028
DrWeb 20161028
Emsisoft 20161028
ESET-NOD32 20161028
F-Prot 20161028
F-Secure 20161028
Fortinet 20161028
GData 20161028
Ikarus 20161028
Jiangmin 20161028
K7AntiVirus 20161028
K7GW 20161028
Kingsoft 20161028
McAfee 20161028
Microsoft 20161028
eScan 20161028
NANO-Antivirus 20161028
nProtect 20161028
Panda 20161028
Rising 20161028
Sophos AV 20161028
SUPERAntiSpyware 20161028
Tencent 20161028
TheHacker 20161028
TrendMicro 20161028
TrendMicro-HouseCall 20161028
VBA32 20161028
ViRobot 20161028
Yandex 20161028
Zillya 20161028
Zoner 20161028
The file being studied is a Portable Executable file! More specifically, it is a Win32 EXE file for the Windows GUI subsystem.
PE header basic information
Target machine Intel 386 or later processors and compatible processors
Compilation timestamp 2014-01-17 11:26:57
Entry Point 0x0002DDB2
Number of sections 4
PE sections
PE imports
GetLastError
GetModuleHandleA
GetStartupInfoA
lstrlenA
lstrcmpA
CreateFileW
GetVersionExW
SleepEx
GetTickCount
CloseHandle
CreateFileMappingA
GetModuleHandleW
_except_handler3
_acmdln
memset
__p__fmode
??2@YAPAXI@Z
_adjust_fdiv
__setusermatherr
__p__commode
_controlfp
exit
_XcptFilter
__getmainargs
_exit
_initterm
__set_app_type
SetFocus
GetParent
UpdateWindow
GetScrollRange
EndDialog
LoadBitmapW
GetMessageW
DefWindowProcW
GetScrollPos
PostQuitMessage
ShowWindow
SetWindowLongW
GetMenu
EndPaint
SetMenu
MoveWindow
DialogBoxParamW
TranslateMessage
PostMessageW
SetMenuItemInfoW
DispatchMessageW
GetMenuItemID
BeginPaint
SendMessageW
LoadStringW
SetWindowTextW
GetClassNameW
GetActiveWindow
LoadMenuA
LoadCursorW
LoadIconW
CreateWindowExW
LoadAcceleratorsW
RegisterClassExW
TranslateAcceleratorW
DestroyWindow
Number of PE resources by type
RT_BITMAP 3
RT_GROUP_CURSOR 2
RT_ICON 2
RT_CURSOR 2
RT_MANIFEST 1
RT_GROUP_ICON 1
Number of PE resources by language
ENGLISH US 11
PE resources
ExifTool file metadata
MIMEType
application/octet-stream

Subsystem
Windows GUI

MachineType
Intel 386 or later, and compatibles

FileTypeExtension
exe

TimeStamp
2014:01:17 12:26:57+01:00

FileType
Win32 EXE

PEType
PE32

CodeSize
239104

LinkerVersion
9.0

EntryPoint
0x2ddb2

InitializedDataSize
112128

SubsystemVersion
5.0

ImageVersion
0.0

OSVersion
5.0

UninitializedDataSize
0

File identification
MD5 104923556ace17b4f1e52a50be7a8ea0
SHA1 44cc794f905233fd97943410af133293f28e56c1
SHA256 6f91d92139da04443afa6ed9e37871b2abfe49d0e240d5d5dccfa4b4baba6941
ssdeep
3072:MN7rul5Gom/FQx9vzzALwI/BFUxHx7AFNG//i8cVYEdwUJ8j9iqtWZy3pMVkwiXS:MNs15P+B+HxtrcmEdwTgqlZwiNykA5

authentihash 1311a2030cc465a5345c4ddd94d60071bae88495feb4bfa7797623712ba50fdd
imphash 8e01c7621265f6d5ed191c1ef8e65273
File size 343.5 KB ( 351744 bytes )
File type Win32 EXE
Magic literal
PE32 executable for MS Windows (GUI) Intel 80386 32-bit

TrID Win32 Executable MS Visual C++ (generic) (42.2%)
Win64 Executable (generic) (37.3%)
Win32 Dynamic Link Library (generic) (8.8%)
Win32 Executable (generic) (6.0%)
Generic Win/DOS Executable (2.7%)
Tags
peexe

VirusTotal metadata
First submission 2016-10-28 16:42:42 UTC ( 2 years, 5 months ago )
Last submission 2017-08-21 18:16:41 UTC ( 1 year, 8 months ago )
File names 6f91d.exe
trickbot32.exe
lindoc1.exe
RRR (18).exe
9692.exe
666.exe
9692.exe
rad5a136.tmp.exe
No comments. No VirusTotal Community member has commented on this item yet, be the first one to do so!

Leave your comment...

?
Post comment

You have not signed in. Only registered users can leave comments, sign in and have a voice!

No votes. No one has voted on this item yet, be the first one to do so!
Condensed report! The following is a condensed report of the behaviour of the file when executed in a controlled environment. The actions and events described were either performed by the file itself or by any other process launched by the executed file or subjected to code injection by the executed file.
Opened files
Read files
Written files
Copied files
Moved files
Deleted files
Created processes
Code injections in the following processes
Terminated processes
Created mutexes
Opened mutexes
Opened service managers
Opened services
Runtime DLLs
HTTP requests
DNS requests
TCP connections
UDP communications