× Cookies are disabled! This site requires cookies to be enabled to work properly
SHA256: 735abbb3b5a1e7eeb625696c92c08ca4cfda110c1f6627524ade4f368a311bc0
File name: dorisfix.exe
Detection ratio: 27 / 66
Analysis date: 2018-03-07 00:02:49 UTC ( 9 months, 2 weeks ago ) View latest
Antivirus Result Update
Ad-Aware Gen:Trojan.Heur.PT.fGW@bSD2tse 20180306
AegisLab Gen.Troj.Heur!c 20180306
AhnLab-V3 Trojan/Win32.Crypmod.C2257696 20180306
Arcabit Trojan.Heur.PT.EDDBCC 20180306
Avast Win32:Malware-gen 20180306
AVG Win32:Malware-gen 20180306
Baidu Win32.Trojan.WisdomEyes.16070401.9500.9703 20180305
BitDefender Gen:Trojan.Heur.PT.fGW@bSD2tse 20180306
Comodo TrojWare.Win32.TrojanDownloader.Delf.gen 20180306
CrowdStrike Falcon (ML) malicious_confidence_90% (W) 20170201
Cybereason malicious.93c44c 20180225
Cylance Unsafe 20180307
eGambit Unsafe.AI_Score_96% 20180307
Emsisoft Gen:Trojan.Heur.PT.fGW@bSD2tse (B) 20180306
Endgame malicious (high confidence) 20180303
ESET-NOD32 a variant of Win32/Filecoder.EQ 20180306
F-Secure Gen:Trojan.Heur.PT.fGW@bSD2tse 20180306
GData Gen:Trojan.Heur.PT.fGW@bSD2tse 20180306
Sophos ML heuristic 20180121
Kaspersky UDS:DangerousObject.Multi.Generic 20180306
MAX malware (ai score=83) 20180307
McAfee Artemis!ACB81BCCAA33 20180306
McAfee-GW-Edition BehavesLike.Win32.Sytro.mh 20180307
eScan Gen:Trojan.Heur.PT.fGW@bSD2tse 20180306
Tencent Win32.Trojan.Filecoder.Lqey 20180307
Webroot W32.Malware.Gen 20180307
ZoneAlarm by Check Point UDS:DangerousObject.Multi.Generic 20180306
Alibaba 20180306
ALYac 20180306
Antiy-AVL 20180307
Avast-Mobile 20180306
Avira (no cloud) 20180306
AVware 20180306
Bkav 20180306
CAT-QuickHeal 20180306
ClamAV 20180306
CMC 20180306
Cyren 20180306
DrWeb 20180306
F-Prot 20180306
Fortinet 20180306
Ikarus 20180306
Jiangmin 20180306
K7AntiVirus 20180306
K7GW 20180307
Kingsoft 20180307
Malwarebytes 20180306
Microsoft 20180307
NANO-Antivirus 20180306
nProtect 20180306
Palo Alto Networks (Known Signatures) 20180307
Panda 20180306
Qihoo-360 20180307
Rising 20180306
SentinelOne (Static ML) 20180225
Sophos AV 20180306
SUPERAntiSpyware 20180306
Symantec 20180306
Symantec Mobile Insight 20180306
TheHacker 20180305
TotalDefense 20180306
Trustlook 20180307
VBA32 20180306
VIPRE 20180306
ViRobot 20180306
WhiteArmor 20180223
Yandex 20180306
Zillya 20180306
Zoner 20180306
The file being studied is a Portable Executable file! More specifically, it is a Win32 EXE file for the Windows GUI subsystem.
PE header basic information
Target machine Intel 386 or later processors and compatible processors
Compilation timestamp 1992-06-19 22:22:17
Entry Point 0x0000F9A0
Number of sections 8
PE sections
PE imports
GetTokenInformation
RegOpenKeyA
RegCloseKey
OpenProcessToken
FreeSid
RegQueryValueExA
AllocateAndInitializeSid
OpenThreadToken
RegSetValueExA
EqualSid
RegOpenKeyExA
GetStockObject
GetLastError
EnumCalendarInfoA
GetStdHandle
EnterCriticalSection
FileTimeToDosDateTime
lstrlenA
GetStringTypeExA
SetFileAttributesW
FreeLibrary
QueryPerformanceCounter
GetTickCount
GetThreadLocale
GetVersionExA
GetModuleFileNameA
RtlUnwind
GetFileAttributesW
DeleteCriticalSection
GetStartupInfoA
GetVolumeInformationA
LoadLibraryExA
FindNextFileW
GetLocaleInfoA
LocalAlloc
GetWindowsDirectoryA
UnhandledExceptionFilter
SetErrorMode
MultiByteToWideChar
GetCPInfo
GetCommandLineA
GetProcAddress
MoveFileW
CreateMutexA
SetFilePointer
GetTempPathA
RaiseException
CloseHandle
WideCharToMultiByte
GetModuleHandleA
FindFirstFileA
WriteFile
GetCurrentProcess
ReadFile
lstrcpynA
FindFirstFileW
GetACP
GetDiskFreeSpaceA
GetCurrentThreadId
FileTimeToLocalFileTime
LocalFree
GetDiskFreeSpaceExA
InitializeCriticalSection
CreateFileW
VirtualQuery
VirtualFree
FindClose
TlsGetValue
Sleep
GetFileType
SetEndOfFile
TlsSetValue
CreateFileA
ExitProcess
GetVersion
GetCurrentThread
VirtualAlloc
GetFileSize
LeaveCriticalSection
WNetEnumResourceW
WNetCloseEnum
WNetOpenEnumW
SysReAllocStringLen
SysFreeString
SysAllocStringLen
ShellExecuteExA
ShellExecuteA
SHGetSpecialFolderPathA
GetMessageA
GetSystemMetrics
CreateWindowExA
LoadCursorA
LoadIconA
LoadStringA
DispatchMessageA
CharLowerBuffA
PostQuitMessage
CharNextA
MessageBoxA
GetFocus
TranslateMessage
DefWindowProcA
ShowWindow
CharToOemA
GetKeyboardType
RegisterClassExA
InternetReadFile
InternetOpenUrlA
InternetCloseHandle
InternetOpenA
Number of PE resources by type
RT_STRING 6
RT_RCDATA 2
Number of PE resources by language
NEUTRAL 8
PE resources
ExifTool file metadata
MIMEType
application/octet-stream

Subsystem
Windows GUI

MachineType
Intel 386 or later, and compatibles

FileTypeExtension
exe

TimeStamp
1992:06:19 23:22:17+01:00

FileType
Win32 EXE

PEType
PE32

CodeSize
71680

LinkerVersion
2.25

ImageFileCharacteristics
Executable, No line numbers, No symbols, Bytes reversed lo, 32-bit, Bytes reversed hi

EntryPoint
0xf9a0

InitializedDataSize
14336

SubsystemVersion
4.0

ImageVersion
0.0

OSVersion
4.0

UninitializedDataSize
0

File identification
MD5 acb81bccaa336b0344942c76171f4f63
SHA1 ba3243b93c44c1a85944ab14c21f5eb0231fe0cd
SHA256 735abbb3b5a1e7eeb625696c92c08ca4cfda110c1f6627524ade4f368a311bc0
ssdeep
1536:ukqUqQw584lYiPteTmXu1qWTvCSe7Lb1po4Dq+5FfPiCt6QK:TqZVljo4u0Wpcvw4++5Fy66QK

authentihash 69c30ff8b1b5b34a876ddc4020cb9195bbe66247196521a2cb9ac0fc9346a9df
imphash d6b16fe7f8bb1c20f715d06f9dc69648
File size 85.0 KB ( 87040 bytes )
File type Win32 EXE
Magic literal
PE32 executable for MS Windows (GUI) Intel 80386 32-bit

TrID Win32 Executable Borland Delphi 7 (95.2%)
Win32 Executable Delphi generic (2.0%)
Win32 Dynamic Link Library (generic) (0.9%)
Win32 Executable (generic) (0.6%)
Win16/32 Executable Delphi generic (0.2%)
Tags
peexe

VirusTotal metadata
First submission 2018-03-06 20:54:12 UTC ( 9 months, 2 weeks ago )
Last submission 2018-05-03 17:47:20 UTC ( 7 months, 2 weeks ago )
File names VYCFJMPTWZ.exe
dorisfix.exe
RCNXJUEOXI.exe-
735abbb3b5a1e7eeb625696c92c08ca4cfda110c1f6627524ade4f368a311bc0
UZDINSWBFJ.exe
CL1.5.1.exe
acb81bccaa336b0344942c76171f4f63.bin
No comments. No VirusTotal Community member has commented on this item yet, be the first one to do so!

Leave your comment...

?
Post comment

You have not signed in. Only registered users can leave comments, sign in and have a voice!

No votes. No one has voted on this item yet, be the first one to do so!
Condensed report! The following is a condensed report of the behaviour of the file when executed in a controlled environment. The actions and events described were either performed by the file itself or by any other process launched by the executed file or subjected to code injection by the executed file.
Opened files
Read files
Written files
Created processes
Shell commands
Created mutexes
Runtime DLLs
Additional details
The file uses the IsDebuggerPresent Windows API function in order to see whether it is being debugged.