× Cookies are disabled! This site requires cookies to be enabled to work properly
SHA256: 751cd7b5ec51b415b9d4bfd6b6b8c3cee2fbf2e471b82af9327ac720eedfced7
File name: 751cd7b5ec51b415b9d4bfd6b6b8c3cee2fbf2e471b82af9327ac720eedfced7
Detection ratio: 35 / 57
Analysis date: 2016-03-10 22:00:06 UTC ( 3 years, 1 month ago ) View latest
Antivirus Result Update
Ad-Aware Trojan.GenericKD.3076649 20160310
ALYac Trojan.GenericKD.3076649 20160310
Antiy-AVL Trojan[Backdoor]/Win32.Androm 20160310
Arcabit Trojan.Generic.D2EF229 20160310
Avast Win32:GenMalicious-NNC [Trj] 20160310
AVG FileCryptor.HVL 20160310
Avira (no cloud) TR/Crypt.ZPACK.231565 20160310
AVware Trojan.Win32.Generic!BT 20160310
BitDefender Trojan.GenericKD.3076649 20160310
DrWeb Trojan.Encoder.4047 20160310
Emsisoft Trojan.GenericKD.3076649 (B) 20160310
ESET-NOD32 Win32/Filecoder.DI 20160310
F-Secure Trojan.GenericKD.3076649 20160310
Fortinet W32/Filecoder.DI!tr 20160310
GData Trojan.GenericKD.3076649 20160310
Ikarus Trojan.Win32.Filecoder 20160310
Jiangmin Backdoor.Androm.ewg 20160310
K7AntiVirus Trojan ( 004aa0281 ) 20160310
K7GW Trojan ( 004aa0281 ) 20160310
Kaspersky Backdoor.Win32.Androm.jewq 20160310
Malwarebytes Ransom.FileCryptor 20160310
McAfee Ransomware-FGH!EF15E1810708 20160310
McAfee-GW-Edition BehavesLike.Win32.VBObfus.hh 20160310
Microsoft Ransom:Win32/Teerac 20160310
eScan Trojan.GenericKD.3076649 20160310
NANO-Antivirus Trojan.Win32.Androm.eaufmb 20160310
nProtect Trojan.GenericKD.3076649 20160310
Panda Trj/CI.A 20160310
Qihoo-360 HEUR/QVM07.1.Malware.Gen 20160310
Rising PE:Malware.FakePDF@CV!1.9E05 [F] 20160310
Sophos AV Mal/Ransom-EF 20160310
Symantec Suspicious.Cloud.9 20160310
Tencent Win32.Backdoor.Androm.Alij 20160310
TrendMicro TROJ_GEN.R021C0DC416 20160310
VIPRE Trojan.Win32.Generic!BT 20160310
AegisLab 20160310
Yandex 20160308
AhnLab-V3 20160310
Alibaba 20160310
Baidu 20160310
Baidu-International 20160310
Bkav 20160310
ByteHero 20160310
CAT-QuickHeal 20160310
ClamAV 20160310
CMC 20160307
Comodo 20160310
Cyren 20160310
F-Prot 20160310
SUPERAntiSpyware 20160310
TheHacker 20160310
TotalDefense 20160310
TrendMicro-HouseCall 20160310
VBA32 20160310
ViRobot 20160310
Zillya 20160310
Zoner 20160310
The file being studied is a Portable Executable file! More specifically, it is a Win32 EXE file for the Windows GUI subsystem.
PE header basic information
Target machine Intel 386 or later processors and compatible processors
Compilation timestamp 2008-09-02 23:14:53
Entry Point 0x00010E76
Number of sections 4
PE sections
Overlays
MD5 7815313db44f8049b221e96378bb523a
File type data
Offset 540672
Size 1052
Entropy 5.81
PE imports
GetSecurityDescriptorSacl
RevertToSelf
ImpersonateLoggedOnUser
PlayEnhMetaFileRecord
SetPolyFillMode
SetMapMode
CreateFontIndirectW
SetBitmapBits
PatBlt
CreatePen
PolyPolyline
GetROP2
GetEnhMetaFilePaletteEntries
GetPixel
GetGlyphOutlineA
CreateDCA
OffsetViewportOrgEx
GetMapMode
CopyEnhMetaFileW
GetSystemPaletteEntries
EnumMetaFile
OffsetClipRgn
IntersectClipRect
BitBlt
GetKerningPairsA
CreateDIBSection
SetTextColor
GetBkColor
FillRgn
FillPath
SetAbortProc
CreateBitmap
MoveToEx
GetStockObject
SetViewportOrgEx
ExtCreateRegion
ExtSelectClipRgn
CreateRoundRectRgn
EnumFontFamiliesExW
CreateCompatibleDC
SelectClipRgn
CreateFontW
GetTextFaceA
SwapBuffers
RemoveFontResourceA
GetClipRgn
GetTextExtentPoint32A
GetNearestPaletteIndex
Pie
SetDIBColorTable
CancelDC
GetTextColor
Polyline
DPtoLP
ExtCreatePen
SetPixelV
GetFontData
BeginPath
AbortDoc
Ellipse
DeleteCriticalSection
GetStartupInfoA
FileTimeToDosDateTime
FlushConsoleInputBuffer
GetModuleHandleA
ClearCommBreak
FindNextChangeNotification
CreateFileMappingA
GetDefaultCommConfigA
FindCloseChangeNotification
Ord(1080)
Ord(324)
Ord(3825)
Ord(1001)
Ord(3147)
Ord(2124)
Ord(1775)
Ord(3830)
Ord(4627)
Ord(3597)
Ord(1054)
Ord(1168)
Ord(4853)
Ord(3136)
Ord(1002)
Ord(2982)
Ord(3079)
Ord(2512)
Ord(3262)
Ord(4234)
Ord(1576)
Ord(4079)
Ord(1065)
Ord(3081)
Ord(1033)
Ord(4837)
Ord(5307)
Ord(1047)
Ord(3798)
Ord(3259)
Ord(2648)
Ord(5280)
Ord(4407)
Ord(2446)
Ord(4353)
Ord(1064)
Ord(4078)
Ord(2725)
Ord(5065)
Ord(5289)
Ord(2396)
Ord(6376)
Ord(561)
Ord(3831)
Ord(6374)
Ord(3346)
Ord(5302)
Ord(1727)
Ord(4486)
Ord(2976)
Ord(2985)
Ord(4998)
Ord(1087)
Ord(2385)
Ord(815)
Ord(1089)
Ord(2055)
Ord(4698)
Ord(1063)
Ord(5163)
Ord(3922)
Ord(5277)
Ord(2514)
Ord(5265)
Ord(3749)
Ord(5300)
Ord(1011)
Ord(2554)
Ord(5199)
Ord(4441)
Ord(4274)
Ord(1036)
Ord(5261)
Ord(4465)
Ord(5731)
_except_handler3
_acmdln
_mbsnset
_adjust_fdiv
iswctype
_setmbcp
__threadhandle
__p__commode
__dllonexit
mblen
_controlfp
__p__fmode
__getmainargs
_initterm
_onexit
feof
__setusermatherr
__set_app_type
EndPaint
Number of PE resources by type
RT_ICON 10
RT_DIALOG 6
RT_GROUP_ICON 5
g140G74f 1
Y74jH68su 1
p1528oHJ 1
ONF52LBLX 1
I1V81X 1
HP744630 1
OtI7720 1
ky065V4V 1
a5RfeV7107 1
Mc181 1
C58RnMR57j 1
C71alBl 1
RT_VERSION 1
c5jC5Ry5 1
Number of PE resources by language
ENGLISH UK 20
ITALIAN 15
PE resources
ExifTool file metadata
SubsystemVersion
4.0

LinkerVersion
6.0

ImageVersion
0.0

FileSubtype
0

FileVersionNumber
0.231.58.18

UninitializedDataSize
0

LanguageCode
Unknown (WEEK)

FileFlagsMask
0x003f

CharacterSet
Unknown (LY)

InitializedDataSize
466944

EntryPoint
0x10e76

MIMEType
application/octet-stream

LegalCopyright
2016 (C) 2018

FileVersion
0.195.156.183

TimeStamp
2008:09:03 00:14:53+01:00

FileType
Win32 EXE

PEType
PE32

InternalName
Carapace

ProductVersion
0.91.81.164

FileDescription
Caravans Bonier Suspense

OSVersion
4.0

FileOS
Win32

Subsystem
Windows GUI

MachineType
Intel 386 or later, and compatibles

CompanyName
International Business Machines Corporation

CodeSize
69632

ProductName
Apses Terminates

ProductVersionNumber
0.223.47.183

FileTypeExtension
exe

ObjectFileType
Executable application

File identification
MD5 ef15e1810708709d89626937930c9809
SHA1 3eab2b67cd9376c5077fb0ecfa62f53fc590f32c
SHA256 751cd7b5ec51b415b9d4bfd6b6b8c3cee2fbf2e471b82af9327ac720eedfced7
ssdeep
12288:Kev9jcWbYnFiThCsvUCgwT9boNdkL47vNeGmQw0mnilN76CR5so:LxcsYkTh/rT9Sp1Rw0mnK76Cx

authentihash f7b2b17ac49c74a7c8975aeebdc8f192fbb79a1f34c29566ab3a163d24aab2d4
imphash 7e65998fa90277f3cdd0af2084cd8f09
File size 529.0 KB ( 541724 bytes )
File type Win32 EXE
Magic literal
PE32 executable for MS Windows (GUI) Intel 80386 32-bit

TrID Win32 Executable MS Visual C++ (generic) (67.4%)
Win32 Dynamic Link Library (generic) (14.2%)
Win32 Executable (generic) (9.7%)
Generic Win/DOS Executable (4.3%)
DOS Executable Generic (4.3%)
Tags
peexe overlay

VirusTotal metadata
First submission 2016-03-02 00:39:23 UTC ( 3 years, 1 month ago )
Last submission 2016-03-02 00:39:23 UTC ( 3 years, 1 month ago )
No comments. No VirusTotal Community member has commented on this item yet, be the first one to do so!

Leave your comment...

?
Post comment

You have not signed in. Only registered users can leave comments, sign in and have a voice!

No votes. No one has voted on this item yet, be the first one to do so!