× Cookies are disabled! This site requires cookies to be enabled to work properly
SHA256: 73ac3aa9a5f080d19d84b7e6775697f33f89c35716cde0b27fe762814a40421c
File name: 73ac3aa9a5f080d19d84b7e6775697f33f89c35716cde0b27fe762814a40421c.bin
Detection ratio: 51 / 65
Analysis date: 2017-09-28 06:29:28 UTC ( 1 month, 3 weeks ago )
Antivirus Result Update
Ad-Aware Application.Agent.AFF 20170928
AegisLab Heur.Advml.Gen!c 20170928
Antiy-AVL GrayWare[AdWare]/Win32.StartSurf 20170928
Arcabit Application.Agent.AFF 20170928
Avast FileRepMalware 20170928
AVG FileRepMalware 20170928
AVware Trojan.Win32.Generic.pak!cobra 20170928
Baidu Win32.Trojan.Kryptik.axz 20170928
BitDefender Application.Agent.AFF 20170928
CAT-QuickHeal SoftwareBundler.Prepscram.R7 20170928
Comodo ApplicUnwnt 20170928
CrowdStrike Falcon (ML) malicious_confidence_100% (D) 20170804
Cyren W32/Trojan.VG.gen!Eldorado 20170928
DrWeb Trojan.DownLoader23.7314 20170928
Emsisoft Application.Agent.AFF (B) 20170928
Endgame malicious (moderate confidence) 20170821
ESET-NOD32 a variant of Win32/Kryptik.FICH 20170928
F-Prot W32/Trojan.VG.gen!Eldorado 20170928
F-Secure Application.Agent.AFF 20170928
Fortinet W32/Generic.AC.3793071 20170928
GData Application.Agent.AFF 20170928
Ikarus PUA.IStartSurf 20170927
Sophos ML heuristic 20170914
Jiangmin AdWare.StartSurf.fl 20170928
K7AntiVirus Trojan ( 004fc3761 ) 20170928
K7GW Trojan ( 004fc3761 ) 20170928
Kaspersky not-a-virus:HEUR:AdWare.Win32.Generic 20170927
Malwarebytes PUP.Optional.Amonetize 20170928
MAX malware (ai score=74) 20170928
McAfee PUP-XAN-TP 20170928
McAfee-GW-Edition BehavesLike.Win32.AdwareConvertAd.th 20170928
Microsoft SoftwareBundler:Win32/Prepscram 20170928
eScan Application.Agent.AFF 20170928
NANO-Antivirus Trojan.Win32.Kryptik.eiaqnz 20170928
Palo Alto Networks (Known Signatures) generic.ml 20170928
Panda Trj/Genetic.gen 20170927
Rising Malware.Heuristic!ET#100% (RDM+:cmRtazoCqt39dWXMrhM8961jYJJS) 20170928
SentinelOne (Static ML) static engine - malicious 20170806
Sophos AV Generic PUA NN (PUA) 20170928
Symantec Ransom.Cerber 20170928
Tencent Win32.Trojan.Kryptik.Pbyt 20170928
TheHacker Trojan/Kryptik.fich 20170925
TrendMicro PUA_PREPSCRAM 20170928
TrendMicro-HouseCall PUA_PREPSCRAM 20170928
VBA32 AdWare.StartSurf 20170927
VIPRE Trojan.Win32.Generic.pak!cobra 20170928
ViRobot Trojan.Win32.Z.Startsurf.1293312.J 20170928
Webroot W32.Adware.Gen 20170928
Yandex PUA.StartSurf! 20170908
Zillya Adware.StartSurf.Win32.7227 20170927
ZoneAlarm by Check Point not-a-virus:HEUR:AdWare.Win32.Generic 20170928
AhnLab-V3 20170928
Alibaba 20170911
ALYac 20170927
Avast-Mobile 20170928
Avira (no cloud) 20170928
ClamAV 20170928
CMC 20170928
Cylance 20170928
Kingsoft 20170928
nProtect 20170928
Qihoo-360 20170928
SUPERAntiSpyware 20170928
Symantec Mobile Insight 20170928
TotalDefense 20170928
Trustlook 20170928
WhiteArmor 20170927
Zoner 20170928
The file being studied is a Portable Executable file! More specifically, it is a Win32 EXE file for the Windows command line subsystem.
Packers identified
F-PROT embedded
PE header basic information
Target machine Intel 386 or later processors and compatible processors
Compilation timestamp 2016-11-03 03:50:39
Entry Point 0x00062543
Number of sections 7
PE sections
PE imports
GetStdHandle
EncodePointer
IsValidLocale
GetFileAttributesW
DeleteCriticalSection
GetCurrentProcess
GetConsoleMode
EnumSystemLocalesW
FreeEnvironmentStringsW
InitializeSListHead
GetLocaleInfoW
SetStdHandle
GetCPInfo
WriteFile
GetSystemTimeAsFileTime
HeapReAlloc
GetStringTypeW
FreeLibrary
LocalFree
InterlockedPushEntrySList
GetTimeZoneInformation
FindClose
TlsGetValue
FormatMessageA
SetLastError
DeviceIoControl
IsDebuggerPresent
HeapAlloc
GetModuleFileNameA
QueryPerformanceFrequency
UnhandledExceptionFilter
LoadLibraryExW
MultiByteToWideChar
SetFilePointerEx
SetUnhandledExceptionFilter
IsProcessorFeaturePresent
DecodePointer
SetEnvironmentVariableA
ReleaseSRWLockShared
TerminateProcess
GetModuleHandleExW
SetEndOfFile
GetCurrentThreadId
InitializeSRWLock
WriteConsoleW
AreFileApisANSI
InitializeCriticalSectionAndSpinCount
HeapFree
EnterCriticalSection
SetEvent
QueryPerformanceCounter
AcquireSRWLockShared
TlsAlloc
FlushFileBuffers
RtlUnwind
AcquireSRWLockExclusive
WakeAllConditionVariable
GetDateFormatW
GetStartupInfoW
CreateDirectoryW
GetProcAddress
GetProcessHeap
CompareStringW
FindFirstFileExA
ResetEvent
FreeConsole
FindNextFileA
ReleaseSRWLockExclusive
GetUserDefaultLCID
ReadConsoleW
CreateEventW
CreateFileW
CreateEventA
GetFileType
TlsSetValue
ExitProcess
LeaveCriticalSection
GetLastError
LCMapStringW
GetConsoleCP
GetTimeFormatW
GetEnvironmentStringsW
WaitForSingleObjectEx
GetCurrentDirectoryW
GetCurrentProcessId
GetCommandLineW
WideCharToMultiByte
SleepConditionVariableSRW
HeapSize
GetCommandLineA
RaiseException
ReleaseSemaphore
TlsFree
GetModuleHandleA
ReadFile
CloseHandle
GetACP
GetModuleHandleW
GetFileAttributesExW
IsValidCodePage
OpenEventA
GetOEMCP
OleInitialize
Number of PE resources by type
RT_ICON 1
RT_GROUP_ICON 1
RT_MANIFEST 1
Number of PE resources by language
ENGLISH US 3
PE resources
Debug information
ExifTool file metadata
MIMEType
application/octet-stream

Subsystem
Windows command line

MachineType
Intel 386 or later, and compatibles

TimeStamp
2016:11:03 04:50:39+01:00

FileType
Win32 EXE

PEType
PE32

CodeSize
623104

LinkerVersion
14.0

FileTypeExtension
exe

InitializedDataSize
678400

SubsystemVersion
6.0

EntryPoint
0x62543

OSVersion
6.0

ImageVersion
0.0

UninitializedDataSize
0

File identification
MD5 b31ffd2e19fe04aa789309e790cc1948
SHA1 dd115a474ccab0dba240b933e0a51267b2b96ee9
SHA256 73ac3aa9a5f080d19d84b7e6775697f33f89c35716cde0b27fe762814a40421c
ssdeep
24576:xmlxYYYAsoDOW23bvYkbVTkLnlRHPIdMsGpCPr2oJpfv9dN66tJ6A6nZ7LXvZU6F:xBYYDoDOW23bvYkbyRgdMsGwPmTU6vB3

authentihash 158a5b33f91e7151ba0af4ca81cb28871913b96f2e82f25ef66e812e9c9997c9
imphash c9646216e8dd38b3e02fef0df1cc6b21
File size 1.2 MB ( 1293312 bytes )
File type Win32 EXE
Magic literal
PE32 executable for MS Windows (console) Intel 80386 32-bit

TrID Win32 Executable (generic) (52.9%)
Generic Win/DOS Executable (23.5%)
DOS Executable Generic (23.5%)
Tags
peexe

VirusTotal metadata
First submission 2016-11-03 09:51:08 UTC ( 1 year ago )
Last submission 2017-01-23 03:01:13 UTC ( 10 months ago )
File names 73ac3aa9a5f080d19d84b7e6775697f33f89c35716cde0b27fe762814a40421c
1 (12).exe
bla.exe
73ac3aa9a5f080d19d84b7e6775697f33f89c35716cde0b27fe762814a40421c.bin
b31ffd2e19fe04aa789309e790cc1948.exe
b31ffd2e19fe04aa789309e790cc1948.exe
dd115a474ccab0dba240b933e0a51267b2b96ee9
b31ffd2e19fe04aa789309e790cc1948
No comments. No VirusTotal Community member has commented on this item yet, be the first one to do so!

Leave your comment...

?
Post comment

You have not signed in. Only registered users can leave comments, sign in and have a voice!

No votes. No one has voted on this item yet, be the first one to do so!