× Cookies are disabled! This site requires cookies to be enabled to work properly
SHA256: 733eeed941c009572aa2ab01fa329ca0975fb560eb35ebd3ed88640d9bcf729b
File name: 2015-07-22-Nuclear-EK-Payload.exe
Detection ratio: 4 / 55
Analysis date: 2015-07-22 06:15:31 UTC ( 2 years ago ) View latest
Antivirus Result Update
Avast Win32:Evo-gen [Susp] 20150722
ESET-NOD32 a variant of Win32/Kryptik.DQVF 20150722
Malwarebytes Trojan.Fakems.ED 20150722
Sophos AV Mal/Generic-S 20150722
Ad-Aware 20150722
AegisLab 20150721
Yandex 20150721
AhnLab-V3 20150722
Alibaba 20150722
ALYac 20150722
Antiy-AVL 20150722
Arcabit 20150722
AVG 20150721
Avira (no cloud) 20150721
AVware 20150722
Baidu-International 20150720
BitDefender 20150722
Bkav 20150721
ByteHero 20150722
CAT-QuickHeal 20150722
ClamAV 20150721
Comodo 20150722
Cyren 20150722
DrWeb 20150722
Emsisoft 20150722
F-Prot 20150722
F-Secure 20150722
Fortinet 20150722
GData 20150722
Ikarus 20150722
Jiangmin 20150720
K7AntiVirus 20150722
K7GW 20150722
Kaspersky 20150722
Kingsoft 20150722
McAfee 20150722
McAfee-GW-Edition 20150721
Microsoft 20150722
eScan 20150722
NANO-Antivirus 20150722
nProtect 20150721
Panda 20150721
Qihoo-360 20150722
Rising 20150721
SUPERAntiSpyware 20150722
Symantec 20150722
Tencent 20150722
TheHacker 20150721
TrendMicro 20150722
TrendMicro-HouseCall 20150722
VBA32 20150721
VIPRE 20150722
ViRobot 20150722
Zillya 20150721
Zoner 20150722
The file being studied is a Portable Executable file! More specifically, it is a Win32 EXE file for the Windows GUI subsystem.
FileVersionInfo properties
Copyright
Copyright © Alexander Roshal 1993-2011

Publisher Alexander Roshal
Product WinRAR
Internal name Command line RAR
File version 4.1.0
Description Command line RAR
PE header basic information
Target machine Intel 386 or later processors and compatible processors
Compilation timestamp 2015-07-21 22:14:06
Entry Point 0x0000641F
Number of sections 4
PE sections
PE imports
AdjustTokenPrivileges
ExcludeClipRect
GetNearestPaletteIndex
GetTextMetricsW
Polygon
DeleteDC
CloseFigure
GetArcDirection
LineTo
RectVisible
GetCharWidthW
TextOutA
SetDeviceGammaRamp
DPtoLP
Escape
GetCharWidthA
GdiSetBatchLimit
SetSystemPaletteUse
EndPage
GetLastError
InitializeCriticalSectionAndSpinCount
HeapFree
GetStdHandle
EnterCriticalSection
LCMapStringW
SetHandleCount
GetComputerNameA
SystemTimeToFileTime
GetOEMCP
LCMapStringA
IsDebuggerPresent
HeapAlloc
SetProcessShutdownParameters
TlsAlloc
VirtualProtect
FlushFileBuffers
GlobalUnfix
RtlUnwind
LoadLibraryA
GetNumaNodeProcessorMask
FreeEnvironmentStringsA
DeleteCriticalSection
CancelWaitableTimer
FileTimeToDosDateTime
GetEnvironmentStrings
GetPrivateProfileStringA
GetLocaleInfoA
InterlockedIncrement
GlobalReAlloc
UnhandledExceptionFilter
InterlockedDecrement
MultiByteToWideChar
HeapSize
FreeEnvironmentStringsW
GetCommandLineA
WaitForMultipleObjects
QueryPerformanceCounter
TlsFree
IsBadReadPtr
CheckRemoteDebuggerPresent
GetCPInfo
GetStringTypeA
TlsSetValue
GetSystemDirectoryW
SetUnhandledExceptionFilter
WriteFile
GetStartupInfoA
GetSystemTimeAsFileTime
lstrcpynA
TerminateProcess
GetACP
HeapReAlloc
GetStringTypeW
GetModuleHandleW
SetEnvironmentVariableA
GlobalMemoryStatus
GetProcessAffinityMask
GetModuleFileNameA
GetProcessHandleCount
ConvertThreadToFiber
WideCharToMultiByte
GetCurrentProcess
IsValidCodePage
HeapCreate
GlobalCompact
VirtualFree
GetEnvironmentStringsW
TlsGetValue
Sleep
GetFileType
GetTickCount
GetNumaAvailableMemoryNode
ExitProcess
GetCurrentThreadId
GetProcAddress
VirtualAlloc
GetCurrentProcessId
SetLastError
LeaveCriticalSection
ShellExecuteA
SetFocus
GetAsyncKeyState
EndDialog
GetScrollPos
GetUserObjectInformationA
GetSystemMetrics
SetDlgItemTextA
SendMessageTimeoutW
MsgWaitForMultipleObjectsEx
GetDC
CreateDialogParamW
RegisterClassW
AnyPopup
IsZoomed
GetDlgItem
GetNextDlgTabItem
ClientToScreen
SendMessageTimeoutA
GetSysColor
CreateIconFromResourceEx
FindWindowExW
wsprintfW
GetCursorPos
GetKeyboardType
OpenClipboard
CoGetMalloc
OleGetClipboard
Number of PE resources by type
RT_DIALOG 15
Struct(1338) 1
RT_VERSION 1
MUI 1
RT_MANIFEST 1
Number of PE resources by language
ENGLISH US 16
NEUTRAL 3
PE resources
ExifTool file metadata
SubsystemVersion
5.0

LinkerVersion
9.0

ImageVersion
0.0

FileSubtype
0

FileVersionNumber
4.1.0.0

UninitializedDataSize
0

LanguageCode
English (U.S.)

FileFlagsMask
0x0000

CharacterSet
Windows, Latin1

InitializedDataSize
147968

EntryPoint
0x641f

MIMEType
application/octet-stream

LegalCopyright
Copyright Alexander Roshal 1993-2011

FileVersion
4.1.0

TimeStamp
2015:07:21 23:14:06+01:00

FileType
Win32 EXE

PEType
PE32

InternalName
Command line RAR

ProductVersion
4.1.0

FileDescription
Command line RAR

OSVersion
5.0

FileOS
Win32

Subsystem
Windows GUI

MachineType
Intel 386 or later, and compatibles

CompanyName
Alexander Roshal

CodeSize
46592

ProductName
WinRAR

ProductVersionNumber
4.1.0.0

FileTypeExtension
exe

ObjectFileType
Executable application

File identification
MD5 11f6569334b8e5c5b59673aee50f4ea0
SHA1 0abe3010969740db976959a93abd51c68215fb28
SHA256 733eeed941c009572aa2ab01fa329ca0975fb560eb35ebd3ed88640d9bcf729b
ssdeep
3072:hnOoCtk3VOUO1JNgvh2OBiWaGEzmUjxzxYIK0:hUCmNQBi1G0miz3J

authentihash 3ff1c11d5d8f6456678f3f981ceba10ecbf0e17e683231abe7acf86dc9e2e80d
imphash 58f08b56f5d8422e2d0de9039c792933
File size 191.0 KB ( 195584 bytes )
File type Win32 EXE
Magic literal
PE32 executable for MS Windows (GUI) Intel 80386 32-bit

TrID Win32 Executable MS Visual C++ (generic) (67.3%)
Win32 Dynamic Link Library (generic) (14.2%)
Win32 Executable (generic) (9.7%)
Generic Win/DOS Executable (4.3%)
DOS Executable Generic (4.3%)
Tags
peexe

VirusTotal metadata
First submission 2015-07-22 06:15:31 UTC ( 2 years ago )
Last submission 2015-07-23 05:51:36 UTC ( 2 years ago )
File names 11F6569334B8E5C5B59673AEE50F4EA0
Command line RAR
2015-07-22-Nuclear-EK-Payload.exe
Advanced heuristic and reputation engines
TrendMicro-HouseCall
TrendMicro's heuristic engine has flagged this file as: TROJ_GEN.R00UC0DGQ15.

Symantec reputation Suspicious.Insight
No comments. No VirusTotal Community member has commented on this item yet, be the first one to do so!

Leave your comment...

?
Post comment

You have not signed in. Only registered users can leave comments, sign in and have a voice!

No votes. No one has voted on this item yet, be the first one to do so!
Condensed report! The following is a condensed report of the behaviour of the file when executed in a controlled environment. The actions and events described were either performed by the file itself or by any other process launched by the executed file or subjected to code injection by the executed file.
Opened files
Read files
Created processes
Opened mutexes
Runtime DLLs