× Cookies are disabled! This site requires cookies to be enabled to work properly
SHA256: 741d09b0a90bce866bd425b0fff514dfe6d8c38de39931702cd96f4903e00dcf
File name: a3c88312a55bfb82fccabe40c7eb2e4e.virus
Detection ratio: 22 / 56
Analysis date: 2016-10-16 16:31:38 UTC ( 2 years, 4 months ago ) View latest
Antivirus Result Update
AhnLab-V3 Backdoor/Win32.Androm.N2131013935 20161016
Avast Win32:Trojan-gen 20161016
AVG Pakes3_c.BLS 20161016
Avira (no cloud) TR/Crypt.ZPACK.khfky 20161016
CrowdStrike Falcon (ML) malicious_confidence_100% (D) 20160725
DrWeb Trojan.PWS.Papras.2370 20161016
ESET-NOD32 a variant of Generik.CXWFCYN 20161016
Fortinet W32/Generik.CXWFCYN!tr 20161016
GData Win32.Trojan.Agent.9YT0D7 20161016
Sophos ML virtool.win32.ceeinject.gf 20160928
Jiangmin Backdoor.Androm.kzj 20161016
Kaspersky Backdoor.Win32.Androm.lcmz 20161016
McAfee Artemis!A3C88312A55B 20161016
McAfee-GW-Edition BehavesLike.Win32.PWSZbot.dh 20161016
Microsoft Backdoor:Win32/Vawtrak.E 20161016
Panda Trj/GdSda.A 20161016
Qihoo-360 HEUR/QVM10.1.0000.Malware.Gen 20161016
Rising Malware.Generic!uzbqiN5RQDJ@5 (thunder) 20161016
Sophos AV Mal/Generic-S 20161016
Symantec Heur.AdvML.B 20161016
Tencent Win32.Backdoor.Androm.Lnee 20161016
TrendMicro-HouseCall TROJ_GEN.R00JH01JF16 20161016
Ad-Aware 20161016
AegisLab 20161016
Alibaba 20161014
ALYac 20161016
Antiy-AVL 20161016
Arcabit 20161016
AVware 20161016
Baidu 20161015
BitDefender 20161016
Bkav 20161015
CAT-QuickHeal 20161015
ClamAV 20161016
CMC 20161016
Comodo 20161016
Cyren 20161016
Emsisoft 20161016
F-Prot 20161016
F-Secure 20161016
Ikarus 20161016
K7AntiVirus 20161016
K7GW 20161016
Kingsoft 20161016
Malwarebytes 20161016
eScan 20161016
NANO-Antivirus 20161016
nProtect 20161016
SUPERAntiSpyware 20161016
TheHacker 20161016
TrendMicro 20161016
VBA32 20161014
VIPRE 20161016
ViRobot 20161016
Yandex 20161015
Zillya 20161016
Zoner 20161016
The file being studied is a Portable Executable file! More specifically, it is a Win32 EXE file for the Windows GUI subsystem.
FileVersionInfo properties
PE header basic information
Target machine Intel 386 or later processors and compatible processors
Compilation timestamp 2016-08-25 00:09:25
Entry Point 0x00003105
Number of sections 4
PE sections
PE imports
CloseHandle
GetLastError
InitializeCriticalSectionAndSpinCount
HeapFree
GetStdHandle
EnterCriticalSection
LCMapStringW
HeapCreate
lstrlenA
WaitForSingleObject
GetExitCodeProcess
LCMapStringA
IsDebuggerPresent
HeapAlloc
TlsAlloc
GetEnvironmentStringsW
FlushFileBuffers
LoadLibraryA
RtlUnwind
GetModuleFileNameA
FreeEnvironmentStringsA
DeleteCriticalSection
LeaveCriticalSection
SizeofResource
GetConsoleMode
GetLocaleInfoA
GetCurrentProcessId
GetConsoleOutputCP
LockResource
DeleteFileA
InitializeCriticalSection
GetCPInfo
FreeEnvironmentStringsW
TlsGetValue
MultiByteToWideChar
HeapSize
SetHandleCount
GetCommandLineA
GetProcAddress
TlsFree
GetProcessHeap
SetStdHandle
GetModuleHandleA
RaiseException
UnhandledExceptionFilter
CreateThread
GetStringTypeA
SetFilePointer
ReadFile
SetUnhandledExceptionFilter
WriteFile
GetCurrentProcess
GetConsoleCP
GetSystemTimeAsFileTime
GetACP
HeapReAlloc
GetStringTypeW
GetModuleHandleW
GetOEMCP
TerminateProcess
GetEnvironmentStrings
CreateProcessA
QueryPerformanceCounter
WriteConsoleA
WideCharToMultiByte
IsValidCodePage
LoadResource
SetLastError
GlobalHandle
VirtualFree
InterlockedDecrement
Sleep
GetFileType
GetTickCount
TlsSetValue
CreateFileA
ExitProcess
GetCurrentThreadId
FindResourceA
VirtualAlloc
GetStartupInfoA
WriteConsoleW
InterlockedIncrement
GetMessageA
SetWindowRgn
SetLayeredWindowAttributes
EndDialog
PostQuitMessage
DefWindowProcA
ShowWindow
LoadBitmapA
SetWindowPos
GetSystemMetrics
GetWindowRect
DispatchMessageA
SetDlgItemTextA
PostMessageA
MoveWindow
GetDlgItemTextA
MessageBoxA
SetWindowLongA
TranslateMessage
DialogBoxParamA
GetDC
SetWindowTextA
SendMessageA
GetDlgItem
CreateDialogParamA
GetWindowLongA
CreateWindowExA
LoadIconA
CallWindowProcA
Number of PE resources by type
RT_MENU 4
RT_MANIFEST 1
Number of PE resources by language
ENGLISH US 4
NEUTRAL 1
PE resources
ExifTool file metadata
MIMEType
application/octet-stream

Subsystem
Windows GUI

MachineType
Intel 386 or later, and compatibles

FileTypeExtension
exe

TimeStamp
2016:08:25 02:09:25+02:00

FileType
Win32 EXE

PEType
PE32

CodeSize
48128

LinkerVersion
9.0

ImageFileCharacteristics
No relocs, Executable, 32-bit

EntryPoint
0x3105

InitializedDataSize
287232

SubsystemVersion
5.0

ImageVersion
0.0

OSVersion
5.0

UninitializedDataSize
0

File identification
MD5 a3c88312a55bfb82fccabe40c7eb2e4e
SHA1 70a473cbe0379a7ea41258a7edf12643af12ab68
SHA256 741d09b0a90bce866bd425b0fff514dfe6d8c38de39931702cd96f4903e00dcf
ssdeep
3072:O6tRCp1uJJPaICBvkxnuY27LFTRB1eM2uJ7JqmmiHtOvzV7mdJvu/iVGoOkfDDpM:Oee8okxnuY2HxRWMNZNONmLyiV9yX

authentihash c2b0ba642b70f4d18cacbcdd08fb5553d817d5b46d714ac2825edc85b393a89d
imphash 2ea8830054cd85ce4189cdd23f27e638
File size 249.5 KB ( 255488 bytes )
File type Win32 EXE
Magic literal
PE32 executable for MS Windows (GUI) Intel 80386 32-bit

TrID Win32 Executable MS Visual C++ (generic) (41.0%)
Win64 Executable (generic) (36.3%)
Win32 Dynamic Link Library (generic) (8.6%)
Win32 Executable (generic) (5.9%)
OS/2 Executable (generic) (2.6%)
Tags
peexe

VirusTotal metadata
First submission 2016-10-16 16:31:38 UTC ( 2 years, 4 months ago )
Last submission 2016-10-16 16:31:38 UTC ( 2 years, 4 months ago )
File names a3c88312a55bfb82fccabe40c7eb2e4e.virus
Advanced heuristic and reputation engines
No comments. No VirusTotal Community member has commented on this item yet, be the first one to do so!

Leave your comment...

?
Post comment

You have not signed in. Only registered users can leave comments, sign in and have a voice!

No votes. No one has voted on this item yet, be the first one to do so!
Condensed report! The following is a condensed report of the behaviour of the file when executed in a controlled environment. The actions and events described were either performed by the file itself or by any other process launched by the executed file or subjected to code injection by the executed file.
Opened files
Read files
Written files
Code injections in the following processes
Created mutexes
Runtime DLLs