× Cookies are disabled! This site requires cookies to be enabled to work properly
SHA256: 6fafb3ca3b28a34c79231e32a1f650424ab1580215b2411b34bb5784df137bda
File name: 76378e1323bac1770068d194d3831aad.virus
Detection ratio: 26 / 56
Analysis date: 2016-02-23 17:53:40 UTC ( 2 years, 12 months ago ) View latest
Antivirus Result Update
Ad-Aware Gen:Variant.Graftor.269862 20160223
ALYac Gen:Variant.Graftor.269862 20160223
Antiy-AVL Trojan[Dropper]/Win32.Agent 20160223
Arcabit Trojan.Graftor.D41E26 20160223
Avast Win32:Malware-gen 20160223
AVG Agent5.AKJV 20160223
Avira (no cloud) TR/Crypt.ZPACK.194621 20160223
AVware Trojan.Win32.Generic!BT 20160223
BitDefender Gen:Variant.Graftor.269862 20160223
DrWeb Trojan.PWS.Panda.10296 20160223
Emsisoft Gen:Variant.Graftor.269862 (B) 20160223
ESET-NOD32 Win32/Qadars.AO 20160223
F-Secure Gen:Variant.Graftor.269862 20160223
Fortinet W32/Agent.AO!tr 20160223
GData Gen:Variant.Graftor.269862 20160223
Kaspersky Trojan-Dropper.Win32.Agent.bjqqgy 20160223
McAfee Artemis!76378E1323BA 20160223
McAfee-GW-Edition BehavesLike.Win32.BadFile.dh 20160223
eScan Gen:Variant.Graftor.269862 20160223
NANO-Antivirus Trojan.Win32.Qadars.eadhyd 20160223
Panda Generic Suspicious 20160223
Qihoo-360 Win32/Trojan.Dropper.05b 20160223
Sophos AV Mal/Generic-S 20160223
Symantec Trojan.Gen.2 20160223
TrendMicro TROJ_GEN.R011C0EBA16 20160223
VIPRE Trojan.Win32.Generic!BT 20160223
AegisLab 20160223
Yandex 20160221
AhnLab-V3 20160223
Alibaba 20160223
Baidu-International 20160223
Bkav 20160223
ByteHero 20160223
CAT-QuickHeal 20160223
ClamAV 20160223
CMC 20160223
Comodo 20160223
Cyren 20160223
F-Prot 20160223
Ikarus 20160223
Jiangmin 20160223
K7AntiVirus 20160223
K7GW 20160223
Malwarebytes 20160223
Microsoft 20160223
nProtect 20160223
Rising 20160223
SUPERAntiSpyware 20160223
Tencent 20160223
TheHacker 20160222
TotalDefense 20160223
TrendMicro-HouseCall 20160223
VBA32 20160223
ViRobot 20160223
Zillya 20160223
Zoner 20160223
The file being studied is a Portable Executable file! More specifically, it is a Win32 EXE file for the Windows GUI subsystem.
PE header basic information
Target machine Intel 386 or later processors and compatible processors
Compilation timestamp 2003-02-27 01:32:49
Entry Point 0x000083AA
Number of sections 4
PE sections
PE imports
GetStdHandle
GetConsoleOutputCP
GetFileAttributesA
HeapDestroy
FreeEnvironmentStringsA
DeleteCriticalSection
GetCurrentProcess
GetConsoleMode
GetLocaleInfoA
FreeEnvironmentStringsW
GetLocaleInfoW
SetStdHandle
GetCPInfo
GetStringTypeA
InterlockedExchange
WriteFile
GetSystemTimeAsFileTime
HeapReAlloc
GetStringTypeW
InitializeCriticalSection
LoadResource
TlsGetValue
SetLastError
GetSystemTime
GetEnvironmentVariableA
CopyFileA
HeapAlloc
GetVersionExA
GetModuleFileNameA
GetVolumeInformationA
WriteProfileStringA
UnhandledExceptionFilter
InterlockedDecrement
MultiByteToWideChar
GetModuleHandleA
CreateSemaphoreA
SetUnhandledExceptionFilter
TerminateProcess
WriteConsoleA
SetEndOfFile
GetCurrentThreadId
GetProcAddress
WriteConsoleW
HeapFree
EnterCriticalSection
SetHandleCount
GetOEMCP
QueryPerformanceCounter
GetTickCount
TlsAlloc
FlushFileBuffers
LoadLibraryA
RtlUnwind
GetStartupInfoA
GetDateFormatA
OpenProcess
WaitForMultipleObjects
GetProcessHeap
InterlockedIncrement
IsValidLocale
GetUserDefaultLCID
IsDebuggerPresent
GetFileType
TlsSetValue
CreateFileA
ExitProcess
LeaveCriticalSection
GetLastError
LCMapStringW
GetConsoleCP
LCMapStringA
GetEnvironmentStringsW
GetShortPathNameA
GetEnvironmentStrings
GetCurrentProcessId
WideCharToMultiByte
HeapSize
GetCommandLineA
InterlockedCompareExchange
RaiseException
TlsFree
SetFilePointer
ReadFile
CloseHandle
EnumSystemLocalesA
GetACP
IsValidCodePage
HeapCreate
VirtualFree
Sleep
VirtualAlloc
ExifTool file metadata
MIMEType
application/octet-stream

Subsystem
Windows GUI

MachineType
Intel 386 or later, and compatibles

FileTypeExtension
exe

TimeStamp
2003:02:27 02:32:49+01:00

FileType
Win32 EXE

PEType
PE32

CodeSize
221184

LinkerVersion
8.0

EntryPoint
0x83aa

InitializedDataSize
118784

SubsystemVersion
4.0

ImageVersion
0.0

OSVersion
4.0

UninitializedDataSize
0

File identification
MD5 76378e1323bac1770068d194d3831aad
SHA1 e15690fa7188a27cf542f523684611ff06f4711c
SHA256 6fafb3ca3b28a34c79231e32a1f650424ab1580215b2411b34bb5784df137bda
ssdeep
3072:CXAer3xUBCl05pOIWX+5gkVKF3AiM1RTfuLDX5nmiJDQFLgAik9QZeW57RqNoG7r:4jxUqmLWX+5K1qmpnra7eZT1PG

authentihash 886c3231617a6c4b9f8adad877bcfb7dee0b81a5b3df057db24bf8b124b12edd
imphash 4b521cc08961cfe504227c1a4089b3dd
File size 276.0 KB ( 282624 bytes )
File type Win32 EXE
Magic literal
PE32 executable for MS Windows (GUI) Intel 80386 32-bit

TrID Win32 Executable MS Visual C++ (generic) (42.2%)
Win64 Executable (generic) (37.3%)
Win32 Dynamic Link Library (generic) (8.8%)
Win32 Executable (generic) (6.0%)
Generic Win/DOS Executable (2.7%)
Tags
peexe

VirusTotal metadata
First submission 2016-02-23 17:53:40 UTC ( 2 years, 12 months ago )
Last submission 2016-02-23 17:53:40 UTC ( 2 years, 12 months ago )
File names 76378e1323bac1770068d194d3831aad.virus
No comments. No VirusTotal Community member has commented on this item yet, be the first one to do so!

Leave your comment...

?
Post comment

You have not signed in. Only registered users can leave comments, sign in and have a voice!

No votes. No one has voted on this item yet, be the first one to do so!
Condensed report! The following is a condensed report of the behaviour of the file when executed in a controlled environment. The actions and events described were either performed by the file itself or by any other process launched by the executed file or subjected to code injection by the executed file.
Opened files
Read files
Written files
Created processes
Shell commands
Created mutexes
Opened mutexes
Opened service managers
Opened services
Runtime DLLs
DNS requests
UDP communications