× Cookies are disabled! This site requires cookies to be enabled to work properly
SHA256: 7610d17920f734025b470d2638d2bfe596198cd39d936751b59f891fae32d92d
File name: a29e65ea83c52ab494af61c285b15050.virus
Detection ratio: 44 / 58
Analysis date: 2017-01-13 04:56:13 UTC ( 2 years, 3 months ago ) View latest
Antivirus Result Update
Ad-Aware Trojan.GenericKD.4155111 20170113
AegisLab Backdoor.W32.Ruskill!c 20170113
AhnLab-V3 Trojan/Win32.Upbot.R193274 20170112
ALYac Trojan.GenericKD.4155111 20170113
Antiy-AVL Trojan[Backdoor]/Win32.Ruskill 20170113
Arcabit Trojan.Generic.D3F66E7 20170112
Avast Win32:Trojan-gen 20170113
AVG Generic_r.QRG 20170112
Avira (no cloud) TR/Crypt.Xpack.gveze 20170112
AVware Trojan.Win32.Generic!BT 20170113
Baidu Win32.Trojan.WisdomEyes.16070401.9500.9998 20170113
BitDefender Trojan.GenericKD.4155111 20170113
Bkav W32.FamVT.RazyNHmA.Trojan 20170112
CrowdStrike Falcon (ML) malicious_confidence_100% (W) 20161024
Cyren W32/S-e2e07e9d!Eldorado 20170113
DrWeb Trojan.DownLoader23.43457 20170113
Emsisoft Trojan.GenericKD.4155111 (B) 20170113
ESET-NOD32 a variant of Win32/Kryptik.FMSO 20170113
F-Prot W32/S-e2e07e9d!Eldorado 20170113
F-Secure Trojan.GenericKD.4155111 20170113
Fortinet W32/GenKryptik.QNA!tr 20170113
GData Trojan.GenericKD.4155111 20170113
Ikarus Trojan.Win32.Crypt 20170112
Sophos ML trojan.win32.lethic.b 20170111
Jiangmin Trojan.Generic.aqtps 20170113
K7AntiVirus Trojan ( 005023aa1 ) 20170113
K7GW Trojan ( 005023aa1 ) 20170113
Kaspersky Backdoor.Win32.Ruskill.aeyi 20170113
Malwarebytes Backdoor.Andromeda 20170113
McAfee Artemis!A29E65EA83C5 20170108
McAfee-GW-Edition Trojan-FKTK!A29E65EA83C5 20170113
Microsoft Worm:Win32/Dorkbot 20170113
eScan Trojan.GenericKD.4155111 20170113
NANO-Antivirus Trojan.Win32.Ruskill.ekjjwj 20170113
Panda Trj/GdSda.A 20170112
Qihoo-360 Win32/Backdoor.d7e 20170113
Rising Malware.Generic!oiqr3VZJn1G@5 (thunder) 20170113
Sophos AV Mal/Generic-S 20170112
Symantec Trojan.Gen 20170112
Tencent Win32.Backdoor.Ruskill.Llra 20170113
TrendMicro TROJ_GEN.R021C0DAB17 20170113
TrendMicro-HouseCall TROJ_GEN.R021C0DAB17 20170113
VIPRE Trojan.Win32.Generic!BT 20170113
Yandex Backdoor.Ruskill!pYHJc7TzTm0 20170112
Alibaba 20170113
CAT-QuickHeal 20170113
ClamAV 20170113
CMC 20170113
Comodo 20170113
Kingsoft 20170113
nProtect 20170113
SUPERAntiSpyware 20170113
TheHacker 20170111
TotalDefense 20170113
Trustlook 20170113
VBA32 20170112
ViRobot 20170113
WhiteArmor 20170111
Zillya 20170113
Zoner 20170113
The file being studied is a Portable Executable file! More specifically, it is a Win32 EXE file for the Windows GUI subsystem.
FileVersionInfo properties
Copyright
Miss you much

Product Miss you much
Original name miss.exe
Internal name Miss you much
File version 4.0.0.3
Description Miss you much
Comments Miss you much
PE header basic information
Target machine Intel 386 or later processors and compatible processors
Compilation timestamp 2017-01-09 14:50:55
Entry Point 0x00005DDB
Number of sections 4
PE sections
PE imports
RegCloseKey
GetUserNameW
GetSidIdentifierAuthority
RegQueryValueExA
GetUserNameA
GetSecurityDescriptorOwner
RegOpenKeyExA
InitCommonControlsEx
GetOpenFileNameW
GetSaveFileNameW
GetOpenFileNameA
ChooseColorA
CommDlgExtendedError
GetSaveFileNameA
SelectPalette
TranslateCharsetInfo
SetROP2
SetMapMode
TextOutW
SetBkMode
SetPolyFillMode
TextOutA
SetBkColor
SetPaletteEntries
SelectObject
SetTextAlign
SetBrushOrgEx
UpdateColors
SetRectRgn
SetTextColor
StretchDIBits
GetStdHandle
GetConsoleOutputCP
HeapDestroy
GetFileAttributesW
FreeEnvironmentStringsA
DeleteCriticalSection
GetCurrentProcess
GetConsoleMode
GetLocaleInfoA
LocalAlloc
FreeEnvironmentStringsW
SetStdHandle
GetCPInfo
GetStringTypeA
WriteFile
GetSystemTimeAsFileTime
HeapReAlloc
GetStringTypeW
InitializeCriticalSection
InterlockedDecrement
SetFileAttributesW
SetLastError
IsDebuggerPresent
HeapAlloc
GetVersionExA
GetModuleFileNameA
EnumSystemLocalesA
UnhandledExceptionFilter
TlsGetValue
MultiByteToWideChar
FatalAppExitA
SetFilePointer
LockFileEx
SetEnvironmentVariableW
SetUnhandledExceptionFilter
GetDateFormatA
SetEnvironmentVariableA
TerminateProcess
WriteConsoleA
VirtualQuery
SetEndOfFile
GetCurrentThreadId
LeaveCriticalSection
WriteConsoleW
HeapFree
EnterCriticalSection
SetHandleCount
GetOEMCP
QueryPerformanceCounter
GetTickCount
IsBadWritePtr
TlsAlloc
FlushFileBuffers
LoadLibraryA
RtlUnwind
GetStartupInfoA
UnlockFile
GetFileSize
DeleteFileW
GetUserDefaultLCID
GetProcessHeap
GetFileInformationByHandle
GetTimeFormatA
IsValidLocale
GetProcAddress
CreateFileW
GetFileType
TlsSetValue
CreateFileA
ExitProcess
InterlockedIncrement
GetLastError
LCMapStringW
GetSystemInfo
GetConsoleCP
LCMapStringA
GetEnvironmentStringsW
GetEnvironmentStrings
GetCurrentProcessId
SetFileTime
WideCharToMultiByte
HeapSize
GetCommandLineA
RaiseException
TlsFree
GetModuleHandleA
ReadFile
CloseHandle
GetACP
GetModuleHandleW
IsValidCodePage
HeapCreate
VirtualFree
Sleep
VirtualAlloc
Number of PE resources by type
RT_DIALOG 16
RT_MANIFEST 1
RT_VERSION 1
Number of PE resources by language
ENGLISH US 17
SPANISH PARAGUAY 1
PE resources
ExifTool file metadata
LegalTrademarks
Miss you much

SubsystemVersion
5.0

Comments
Miss you much

LinkerVersion
9.0

ImageVersion
0.0

FileSubtype
0

FileVersionNumber
1.0.0.51123

LanguageCode
English (U.S.)

FileFlagsMask
0x003f

FileDescription
Miss you much

CharacterSet
Unicode

InitializedDataSize
381440

PrivateBuild
2016-2017

EntryPoint
0x5ddb

OriginalFileName
miss.exe

MIMEType
application/octet-stream

LegalCopyright
Miss you much

FileVersion
4.0.0.3

TimeStamp
2017:01:09 15:50:55+01:00

FileType
Win32 EXE

PEType
PE32

InternalName
Miss you much

ProductVersion
4.0.0.3

UninitializedDataSize
0

OSVersion
5.0

FileOS
Windows NT 32-bit

Subsystem
Windows GUI

MachineType
Intel 386 or later, and compatibles

CompanyName
Miss you much

CodeSize
79360

ProductName
Miss you much

ProductVersionNumber
1.0.0.51123

FileTypeExtension
exe

ObjectFileType
Executable application

File identification
MD5 a29e65ea83c52ab494af61c285b15050
SHA1 830ff2be3b44f3dad6efcb94ab1d4c191a1182d1
SHA256 7610d17920f734025b470d2638d2bfe596198cd39d936751b59f891fae32d92d
ssdeep
6144:f5dI3Er6rdFDCZCKX/SvgyiqRw6qJ0/caK4wA:njSz2cKX/SvFji6i0we

authentihash f7303a4244e5dbcf1395b9924652f6fe0b13cd469de50c1b4ebd4725de00f891
imphash 807c27c89ff46a847853ff63ca6c8d39
File size 323.5 KB ( 331264 bytes )
File type Win32 EXE
Magic literal
PE32 executable for MS Windows (GUI) Intel 80386 32-bit

TrID Win32 Executable MS Visual C++ (generic) (41.0%)
Win64 Executable (generic) (36.3%)
Win32 Dynamic Link Library (generic) (8.6%)
Win32 Executable (generic) (5.9%)
OS/2 Executable (generic) (2.6%)
Tags
peexe

VirusTotal metadata
First submission 2017-01-12 02:38:12 UTC ( 2 years, 3 months ago )
Last submission 2017-01-12 02:38:12 UTC ( 2 years, 3 months ago )
File names miss.exe
Miss you much
a29e65ea83c52ab494af61c285b15050.virus
No comments. No VirusTotal Community member has commented on this item yet, be the first one to do so!

Leave your comment...

?
Post comment

You have not signed in. Only registered users can leave comments, sign in and have a voice!

No votes. No one has voted on this item yet, be the first one to do so!
Condensed report! The following is a condensed report of the behaviour of the file when executed in a controlled environment. The actions and events described were either performed by the file itself or by any other process launched by the executed file or subjected to code injection by the executed file.
Opened files
Created processes
Code injections in the following processes
Created mutexes
Opened mutexes
Runtime DLLs