× Cookies are disabled! This site requires cookies to be enabled to work properly
SHA256: 77599bae6d9388cd4eb54fbd4355645a1f32ccf05c57133f282f6d7da132fee5
File name: a662206706807571fadfcafb45acf7bb
Detection ratio: 25 / 56
Analysis date: 2016-05-05 20:40:07 UTC ( 2 years, 10 months ago ) View latest
Antivirus Result Update
Ad-Aware Trojan.Generic.16673397 20160505
ALYac Trojan.Generic.16673397 20160505
Antiy-AVL Trojan[Ransom]/Win32.Foreign 20160505
Arcabit Trojan.Generic.DFE6A75 20160505
Avast Win32:Malware-gen 20160505
AVG Crypt_s.LHZ 20160505
Avira (no cloud) TR/Crypt.Xpack.wyde 20160505
BitDefender Trojan.Generic.16673397 20160505
Cyren W32/Trojan.XSJJ-4916 20160505
DrWeb Trojan.DownLoader21.35905 20160505
ESET-NOD32 Win32/TrojanDownloader.Agent.CEF 20160505
F-Secure Trojan.Generic.16673397 20160505
Fortinet W32/Kryptik.DUGQ!tr 20160505
GData Trojan.Generic.16673397 20160505
Ikarus Trojan-Downloader.Win32.Agent 20160505
Kaspersky Trojan-Ransom.Win32.Foreign.nbfu 20160505
McAfee Artemis!A66220670680 20160505
McAfee-GW-Edition BehavesLike.Win32.Downloader.ch 20160505
Microsoft Trojan:Win32/Dynamer!ac 20160505
eScan Trojan.Generic.16673397 20160505
Panda Generic Suspicious 20160505
Qihoo-360 Win32/Trojan.790 20160505
Sophos AV Mal/Generic-S 20160505
Symantec Trojan.Gen 20160505
Tencent Win32.Trojan.Foreign.Lmak 20160505
AegisLab 20160505
AhnLab-V3 20160505
Alibaba 20160505
AVware 20160505
Baidu 20160505
Baidu-International 20160505
CAT-QuickHeal 20160505
ClamAV 20160504
CMC 20160504
Comodo 20160505
Emsisoft 20160503
F-Prot 20160505
Jiangmin 20160505
K7AntiVirus 20160505
K7GW 20160505
Kingsoft 20160505
Malwarebytes 20160505
NANO-Antivirus 20160505
nProtect 20160504
Rising 20160505
SUPERAntiSpyware 20160505
TheHacker 20160505
TotalDefense 20160505
TrendMicro 20160505
TrendMicro-HouseCall 20160505
VBA32 20160505
VIPRE 20160505
ViRobot 20160505
Yandex 20160502
Zillya 20160505
Zoner 20160505
The file being studied is a Portable Executable file! More specifically, it is a Win32 EXE file for the Windows GUI subsystem.
PE header basic information
Target machine Intel 386 or later processors and compatible processors
Compilation timestamp 2016-05-02 21:28:35
Entry Point 0x000089AA
Number of sections 4
PE sections
PE imports
CreateMetaFileA
SetMapMode
GetStockObject
StretchDIBits
GetLastError
InitializeCriticalSectionAndSpinCount
HeapFree
GetStdHandle
EnterCriticalSection
LCMapStringW
SetHandleCount
GetSystemInfo
lstrlenA
GetConsoleCP
GetOEMCP
LCMapStringA
HeapAlloc
GetTickCount
TlsAlloc
GlobalUnlock
GetEnvironmentStringsW
FlushFileBuffers
GetModuleFileNameA
RtlUnwind
LoadLibraryA
FreeEnvironmentStringsA
DeleteCriticalSection
GetStartupInfoA
CreateThread
GetEnvironmentStrings
GetConsoleMode
GetLocaleInfoA
GetCurrentProcessId
GetConsoleOutputCP
lstrcatA
GetModuleHandleW
WideCharToMultiByte
UnhandledExceptionFilter
TlsGetValue
MultiByteToWideChar
HeapSize
FreeEnvironmentStringsW
GetCommandLineA
GetProcAddress
TlsFree
GetCurrentThread
SetStdHandle
GetModuleHandleA
RaiseException
GetCPInfo
GetStringTypeA
SetFilePointer
ReadFile
SetLastError
SetUnhandledExceptionFilter
lstrcpyA
GetCurrentProcess
GetProfileStringA
CloseHandle
GetSystemTimeAsFileTime
GetACP
HeapReAlloc
GetStringTypeW
GlobalLock
ExitProcess
SetEvent
IsDebuggerPresent
TerminateProcess
QueryPerformanceCounter
WriteConsoleA
IsValidCodePage
HeapCreate
WriteFile
GlobalAlloc
VirtualFree
CreateEventA
InterlockedDecrement
Sleep
GetFileType
TlsSetValue
CreateFileA
SetThreadPriority
GetCurrentThreadId
InterlockedIncrement
VirtualAlloc
WriteConsoleW
LeaveCriticalSection
WNetGetConnectionA
GradientFill
AlphaBlend
VariantChangeType
VariantClear
SHGetFileInfoA
SHGetSpecialFolderLocation
SHGetMalloc
SHGetFolderPathA
StrFormatByteSizeA
PathFileExistsA
EmptyClipboard
GetParent
UpdateWindow
PostQuitMessage
FindWindowW
keybd_event
ShowWindow
DefWindowProcA
FindWindowA
GetClipboardData
GetSystemMetrics
MessageBoxW
SetWindowLongA
DispatchMessageA
RegisterClipboardFormatA
SetWindowPos
TranslateMessage
GetWindow
GetDC
RegisterClassExA
SetClipboardData
SendMessageA
CloseClipboard
GetClientRect
GetDlgItem
SetForegroundWindow
IsWindow
EnableMenuItem
RegisterClassA
FindWindowExA
CreateWindowExA
LoadCursorA
LoadIconA
EnumThreadWindows
AttachThreadInput
GetMessageA
OpenClipboard
DestroyWindow
StartPagePrinter
StartDocPrinterA
OpenPrinterA
GetPrinterDataA
EndDocPrinter
ClosePrinter
Ord(144)
CoInitializeEx
CoUninitialize
CoInitialize
StgCreateDocfileOnILockBytes
ReleaseStgMedium
CoCreateGuid
OleCreateStaticFromData
CoInitializeSecurity
StringFromCLSID
OleGetClipboard
OleSetContainedObject
CreateILockBytesOnHGlobal
SnmpUtilVarBindCpy
Number of PE resources by type
RT_STRING 7
RT_BITMAP 5
RT_MANIFEST 1
Number of PE resources by language
ENGLISH US 13
PE resources
ExifTool file metadata
MIMEType
application/octet-stream

Subsystem
Windows GUI

MachineType
Intel 386 or later, and compatibles

FileTypeExtension
exe

TimeStamp
2016:05:02 22:28:35+01:00

FileType
Win32 EXE

PEType
PE32

CodeSize
121856

LinkerVersion
9.0

EntryPoint
0x89aa

InitializedDataSize
66560

SubsystemVersion
5.0

ImageVersion
0.0

OSVersion
5.0

UninitializedDataSize
0

File identification
MD5 a662206706807571fadfcafb45acf7bb
SHA1 7c9ebbc5afe8cf6a21dbe5af7670731e58fbde96
SHA256 77599bae6d9388cd4eb54fbd4355645a1f32ccf05c57133f282f6d7da132fee5
ssdeep
3072:o9ln1038Z8Kvq2mCj9Wqd2tIGrDLjvC2fkn0qX5Jf8Zyy5joD5refxg:o9ln1DZTmqcxacXj7fkNpJf8lW5rP

authentihash e9d6146d2646049ed34c96f068e12291083f2798aa792df9a7485cc04a106d50
imphash f256bd94188a987a26107b3da221ade8
File size 185.0 KB ( 189440 bytes )
File type Win32 EXE
Magic literal
PE32 executable for MS Windows (GUI) Intel 80386 32-bit

TrID Win32 Executable MS Visual C++ (generic) (42.2%)
Win64 Executable (generic) (37.3%)
Win32 Dynamic Link Library (generic) (8.8%)
Win32 Executable (generic) (6.0%)
Generic Win/DOS Executable (2.7%)
Tags
peexe

VirusTotal metadata
First submission 2016-05-05 20:40:07 UTC ( 2 years, 10 months ago )
Last submission 2016-09-12 08:11:11 UTC ( 2 years, 6 months ago )
No comments. No VirusTotal Community member has commented on this item yet, be the first one to do so!

Leave your comment...

?
Post comment

You have not signed in. Only registered users can leave comments, sign in and have a voice!

No votes. No one has voted on this item yet, be the first one to do so!
Condensed report! The following is a condensed report of the behaviour of the file when executed in a controlled environment. The actions and events described were either performed by the file itself or by any other process launched by the executed file or subjected to code injection by the executed file.
Opened files
Created processes
Opened mutexes
Searched windows
Runtime DLLs
UDP communications