× Cookies are disabled! This site requires cookies to be enabled to work properly
SHA256: 70dfe7e80ad1f4736e62a556085c9c31389be62b5187a72c1edac0df17447dbe
File name: BNB0D2.vir.HSvir
Detection ratio: 44 / 56
Analysis date: 2016-11-27 02:41:58 UTC ( 4 months ago )
Antivirus Result Update
Ad-Aware Trojan.GenericKD.3739985 20161127
AegisLab Heur.Advml.Gen!c 20161126
AhnLab-V3 Trojan/Win32.Bublik.R190971 20161126
ALYac Trojan.GenericKD.3739985 20161126
Antiy-AVL Trojan/Win32.TSGeneric 20161126
Arcabit Trojan.Generic.D391151 20161127
Avast Win32:Trojan-gen 20161127
AVG Inject3.BLGN 20161126
Avira (no cloud) TR/Crypt.Xpack.mifss 20161126
AVware Trojan.Win32.Generic!BT 20161127
Baidu Win32.Trojan.WisdomEyes.16070401.9500.9999 20161126
BitDefender Trojan.GenericKD.3739985 20161127
Bkav W32.eHeur.Malware03 20161126
CAT-QuickHeal Trojan.Bublik 20161126
Comodo TrojWare.Win32.Papras.~EJ 20161127
CrowdStrike Falcon (ML) malicious_confidence_100% (W) 20161024
Cyren W32/Vawtrak.JEJO-2508 20161127
DrWeb Trojan.PWS.Papras.2166 20161127
Emsisoft Trojan.GenericKD.3739985 (B) 20161127
ESET-NOD32 Win32/PSW.Papras.EJ 20161126
F-Prot W32/Vawtrak.BA 20161127
F-Secure Trojan.GenericKD.3739985 20161127
Fortinet W32/Bublik.ETRW!tr 20161127
GData Trojan.GenericKD.3739985 20161127
Ikarus Trojan.Win32.PSW 20161126
Invincea virus.win32.parite.b 20161018
K7AntiVirus Password-Stealer ( 004cd4f51 ) 20161126
K7GW Password-Stealer ( 004cd4f51 ) 20161127
Kaspersky Trojan.Win32.Bublik.etrw 20161127
McAfee Generic.ars 20161127
McAfee-GW-Edition Generic.ars 20161127
Microsoft Backdoor:Win32/Vawtrak.E 20161126
eScan Trojan.GenericKD.3739985 20161127
NANO-Antivirus Trojan.Win32.Papras.eioyhe 20161127
Panda Trj/GdSda.A 20161126
Qihoo-360 HEUR/QVM20.1.514B.Malware.Gen 20161127
Rising Stealer.Papras!8.132-pCSOQ2ai0yR (cloud) 20161127
Sophos Mal/Generic-S 20161127
Symantec Trojan.Snifula.F 20161127
Tencent Win32.Trojan.Inject.Auto 20161127
TrendMicro BKDR_VAWTRAK.YUYLI 20161127
TrendMicro-HouseCall BKDR_VAWTRAK.YUYLI 20161127
VIPRE Trojan.Win32.Generic!BT 20161127
Yandex Trojan.Bublik!H4ibOXTY0r0 20161126
Alibaba 20161125
ClamAV 20161126
CMC 20161126
Jiangmin 20161124
Kingsoft 20161127
Malwarebytes 20161127
nProtect 20161127
SUPERAntiSpyware 20161126
TheHacker 20161126
Trustlook 20161127
VBA32 20161125
ViRobot 20161127
WhiteArmor 20161125
Zillya 20161125
Zoner 20161126
The file being studied is a Portable Executable file! More specifically, it is a Win32 EXE file for the Windows GUI subsystem.
PE header basic information
Target machine Intel 386 or later processors and compatible processors
Compilation timestamp 2014-08-24 21:15:23
Entry Point 0x00001046
Number of sections 7
PE sections
PE imports
CryptReleaseContext
CredMarshalCredentialA
CryptAcquireContextA
AreAllAccessesGranted
CryptDuplicateHash
CredFree
GetCurrentHwProfileA
AreAnyAccessesGranted
GetCurrentHwProfileW
CryptDestroyHash
CryptCreateHash
AVIClearClipboard
AVIStreamOpenFromFileA
AVIBuildFilterW
EditStreamSetNameA
AVIStreamOpenFromFileW
AVISaveVW
AVISaveOptions
AVIStreamRelease
AVIStreamReadFormat
AVIStreamGetFrame
AVIStreamSetFormat
AVIFileCreateStreamW
AVIStreamEndStreaming
AVIStreamCreate
AVIFileGetStream
AVIStreamLength
AVISaveA
AVIStreamRead
AVISaveW
AVIFileExit
AVIFileInfoA
EditStreamCopy
AVIStreamTimeToSample
AVIStreamInfoW
AVIStreamAddRef
AVIFileInfoW
AVIStreamSampleToTime
AVISaveOptionsFree
AVIFileAddRef
AVIStreamWriteData
GetStockObject
SetThreadAffinityMask
GetLastError
GetVolumePathNameW
GetShortPathNameW
GetSystemInfo
LoadLibraryW
GetExitCodeProcess
GlobalFindAtomA
DisableThreadLibraryCalls
VirtualProtect
LoadLibraryA
GetProcessHeaps
FoldStringA
SetProcessWorkingSetSize
GetDateFormatA
BuildCommDCBAndTimeoutsA
CopyFileExA
GetCompressedFileSizeW
SetErrorMode
GetFileInformationByHandle
GetCommandLineA
GetProcAddress
GetCalendarInfoA
AddAtomW
CreateWaitableTimerW
GetModuleFileNameW
GetTimeFormatW
GlobalAddAtomW
CreateSemaphoreA
GetFileAttributesA
GetModuleHandleA
GetSystemDirectoryW
WriteFile
GetCurrentProcess
CloseHandle
GetComputerNameExW
CreateWaitableTimerA
GetNumberOfConsoleMouseButtons
DeleteVolumeMountPointA
CreateConsoleScreenBuffer
GetBinaryTypeA
LocalFree
CloseConsoleHandle
CreateFileW
FormatMessageA
GetFileAttributesExA
GetVersion
GetDefaultCommConfigA
GetVolumePathNameA
GetForegroundWindow
GetCursorInfo
FindWindowW
MapVirtualKeyW
GetClipboardOwner
GetShellWindow
FindWindowA
GetClipboardViewer
GetWindowRect
GetWindowDC
GetWindow
RegisterClassExA
AnimateWindow
GetIconInfo
GetKeyNameTextA
RegisterClassW
IsWindowVisible
IsZoomed
GetClientRect
GetWindowInfo
RegisterClassA
GetClassLongA
GetKeyNameTextW
LoadAcceleratorsA
LoadCursorA
LoadIconA
FlashWindow
AdjustWindowRect
GetDesktopWindow
LoadCursorW
LoadIconW
GetActiveWindow
GetGUIThreadInfo
GetClassNameW
PtInRect
IsAppThemed
GetThemePropertyOrigin
SetThemeAppProperties
DrawThemeText
GetCurrentThemeName
GetThemeInt
IsThemePartDefined
GetThemeTextMetrics
GetThemeFont
DrawThemeEdge
IsThemeActive
DrawThemeParentBackground
DrawThemeBackground
GetThemeSysInt
GetThemeSysString
GetThemePartSize
SetWindowTheme
HitTestThemeBackground
GetThemeSysColor
GetWindowTheme
GetThemeSysFont
GetThemeBool
IsThemeDialogTextureEnabled
GetThemeRect
GetThemeColor
GetThemeAppProperties
GetThemeIntList
GetThemeBackgroundExtent
GetThemeEnumValue
Debug information
ExifTool file metadata
MIMEType
application/octet-stream

Subsystem
Windows GUI

MachineType
Intel 386 or later, and compatibles

FileTypeExtension
exe

TimeStamp
2014:08:24 22:15:23+01:00

FileType
Win32 EXE

PEType
PE32

CodeSize
52224

LinkerVersion
9.0

EntryPoint
0x1046

InitializedDataSize
219136

SubsystemVersion
4.0

ImageVersion
0.0

OSVersion
4.0

UninitializedDataSize
0

File identification
MD5 419ba0ad0d1eda8c29e07b1740d4695f
SHA1 1ff847ab60d74c43d05eea4a6dff133df2a7797f
SHA256 70dfe7e80ad1f4736e62a556085c9c31389be62b5187a72c1edac0df17447dbe
ssdeep
3072:JBxEn5/VB/rH471pimyW+fsEJ3r5YWwCanXl87kntRoW+5R4o3C453X:Je14emyWCZ5YXV86HoW+lC0

authentihash dd0a2b46091ba210201eeca9f5b6af8d58fbb0a091b3ffbebba513ea655af06e
imphash 53a8f2e1b4b05caca748ffc9035f6922
File size 266.0 KB ( 272384 bytes )
File type Win32 EXE
Magic literal
PE32 executable for MS Windows (GUI) Intel 80386 32-bit

TrID InstallShield setup (48.1%)
Win32 Executable MS Visual C++ (generic) (34.9%)
Win32 Dynamic Link Library (generic) (7.3%)
Win32 Executable (generic) (5.0%)
Generic Win/DOS Executable (2.2%)
Tags
peexe

VirusTotal metadata
First submission 2016-11-21 15:09:36 UTC ( 4 months ago )
Last submission 2016-11-27 02:41:58 UTC ( 4 months ago )
File names BNB0D2.vir.HSvir
inst.exe
203_11_07_2016_15_34_40_inst.exe.malware.MRG
LawTugx.exe
JiyZahc.exe
No comments. No VirusTotal Community member has commented on this item yet, be the first one to do so!

Leave your comment...

?
Post comment

You have not signed in. Only registered users can leave comments, sign in and have a voice!

No votes. No one has voted on this item yet, be the first one to do so!
Condensed report! The following is a condensed report of the behaviour of the file when executed in a controlled environment. The actions and events described were either performed by the file itself or by any other process launched by the executed file or subjected to code injection by the executed file.
Opened files
Read files
Written files
Copied files
Code injections in the following processes
Created mutexes
Searched windows
Runtime DLLs
UDP communications