× Cookies are disabled! This site requires cookies to be enabled to work properly
SHA256: 773a916dcb80fd9d299e6dffbcba72bff9a2330f1d16af4398fe5f193d1e6689
File name: 9380.tmp
Detection ratio: 4 / 57
Analysis date: 2015-05-10 22:31:44 UTC ( 3 years, 10 months ago ) View latest
Antivirus Result Update
ByteHero Trojan.Malware.Obscu.Gen.004 20150510
ESET-NOD32 a variant of Win32/Kryptik.DHRA 20150510
Malwarebytes Trojan.Agent 20150510
VBA32 Malware-Cryptor.Limpopo 20150508
Ad-Aware 20150510
AegisLab 20150510
Yandex 20150510
AhnLab-V3 20150510
Alibaba 20150510
ALYac 20150510
Antiy-AVL 20150508
Avast 20150510
AVG 20150510
Avira (no cloud) 20150510
AVware 20150510
Baidu-International 20150510
BitDefender 20150510
Bkav 20150509
CAT-QuickHeal 20150509
ClamAV 20150510
CMC 20150508
Comodo 20150510
Cyren 20150510
DrWeb 20150510
Emsisoft 20150510
F-Prot 20150510
F-Secure 20150510
Fortinet 20150510
GData 20150510
Ikarus 20150510
Jiangmin 20150506
K7AntiVirus 20150510
K7GW 20150510
Kaspersky 20150510
Kingsoft 20150510
McAfee 20150510
McAfee-GW-Edition 20150510
Microsoft 20150510
eScan 20150510
NANO-Antivirus 20150510
Norman 20150510
nProtect 20150508
Panda 20150510
Qihoo-360 20150510
Rising 20150510
Sophos AV 20150510
SUPERAntiSpyware 20150509
Symantec 20150510
Tencent 20150510
TheHacker 20150508
TotalDefense 20150510
TrendMicro 20150510
TrendMicro-HouseCall 20150510
VIPRE 20150510
ViRobot 20150510
Zillya 20150510
Zoner 20150507
The file being studied is a Portable Executable file! More specifically, it is a Win32 EXE file for the Windows GUI subsystem.
PE header basic information
Target machine Intel 386 or later processors and compatible processors
Compilation timestamp 2011-10-29 06:28:53
Entry Point 0x0002263B
Number of sections 5
PE sections
Overlays
MD5 e3d785879a32bfcb8a3a34a00c65fb2b
File type data
Offset 444416
Size 16040
Entropy 7.42
PE imports
GetCurrentProcess
TerminateProcess
GetCommandLineW
SetUnhandledExceptionFilter
UnhandledExceptionFilter
IsDebuggerPresent
UuidFromStringA
CommandLineToArgvW
ReleaseDC
GetDialogBaseUnits
GetDoubleClickTime
wcsncpy
memcpy
CoUninitialize
Number of PE resources by type
RT_MANIFEST 1
Number of PE resources by language
ENGLISH US 1
PE resources
ExifTool file metadata
MIMEType
application/octet-stream

Subsystem
Windows GUI

MachineType
Intel 386 or later, and compatibles

FileTypeExtension
exe

TimeStamp
2011:10:29 07:28:53+01:00

FileType
Win32 EXE

PEType
PE32

CodeSize
221696

LinkerVersion
11.0

EntryPoint
0x2263b

InitializedDataSize
221696

SubsystemVersion
5.1

ImageVersion
0.0

OSVersion
5.1

UninitializedDataSize
0

File identification
MD5 9b8fd725aeb919113f3de7cd328ecc02
SHA1 a806929575c8dbf8ae62955b40c7fa22233704a9
SHA256 773a916dcb80fd9d299e6dffbcba72bff9a2330f1d16af4398fe5f193d1e6689
ssdeep
6144:8LpZH9Zg76hHtE3KCZ0MsnOSNX7+5TBJWjuNIYs9ybFO1ZRG5/w/+I9P/SafdS8g:AH4cuam0ESV6tBJySIYs85ERGWf9nPu

authentihash 1e085d0b627fe3884e03c05ae7d424d51b30d131f9abb88c44ead5a6dc29e360
imphash 3ebb1951ea3e0bcab0d99f0e6cd0239e
File size 449.7 KB ( 460456 bytes )
File type Win32 EXE
Magic literal
PE32 executable for MS Windows (GUI) Intel 80386 32-bit

TrID Win32 Dynamic Link Library (generic) (43.5%)
Win32 Executable (generic) (29.8%)
Generic Win/DOS Executable (13.2%)
DOS Executable Generic (13.2%)
Autodesk FLIC Image File (extensions: flc, fli, cel) (0.0%)
Tags
peexe overlay

VirusTotal metadata
First submission 2015-05-10 22:29:12 UTC ( 3 years, 10 months ago )
Last submission 2015-05-18 12:32:33 UTC ( 3 years, 10 months ago )
File names 9380.tmp
9380.tmp.bin
9380.tmp
Advanced heuristic and reputation engines
TrendMicro-HouseCall
TrendMicro's heuristic engine has flagged this file as: TROJ_GEN.R01TC0EEM15.

Symantec reputation Suspicious.Insight
No comments. No VirusTotal Community member has commented on this item yet, be the first one to do so!

Leave your comment...

?
Post comment

You have not signed in. Only registered users can leave comments, sign in and have a voice!

No votes. No one has voted on this item yet, be the first one to do so!
Condensed report! The following is a condensed report of the behaviour of the file when executed in a controlled environment. The actions and events described were either performed by the file itself or by any other process launched by the executed file or subjected to code injection by the executed file.
Opened files
Deleted files
Runtime DLLs