× Cookies are disabled! This site requires cookies to be enabled to work properly
SHA256: 786b4cd6f8ba69b694dcf444a3fa40f5a65d427cee70f3ae1cbe0ef0401d3e20
File name: 20E4327F2D4EEFE1C4DFD7BFFB8D9DA4
Detection ratio: 30 / 56
Analysis date: 2016-07-01 05:57:44 UTC ( 2 years, 8 months ago ) View latest
Antivirus Result Update
Ad-Aware Trojan.GenericKD.3356349 20160701
AhnLab-V3 Trojan/Win32.XPack.N2035655405 20160701
ALYac Trojan.GenericKD.3356349 20160701
Avast Win32:Trojan-gen 20160701
AVG Generic_s.IEQ 20160701
Avira (no cloud) TR/Crypt.Xpack.moxk 20160701
AVware Trojan.Win32.Generic.pak!cobra 20160701
BitDefender Trojan.GenericKD.3356349 20160701
DrWeb Trojan.Siggen6.58358 20160701
Emsisoft Trojan.GenericKD.3356349 (B) 20160701
ESET-NOD32 Win32/TrojanDownloader.Agent.CFH 20160701
F-Secure Trojan.GenericKD.3356349 20160701
GData Trojan.GenericKD.3356349 20160701
Ikarus Trojan.Inject 20160701
K7AntiVirus Trojan-Downloader ( 004e141d1 ) 20160701
K7GW Trojan-Downloader ( 004e141d1 ) 20160701
Kaspersky Trojan-Downloader.Win32.Agent.hgyg 20160701
McAfee RDN/Generic.grp 20160701
McAfee-GW-Edition BehavesLike.Win32.PackedAP.dm 20160701
Microsoft TrojanDownloader:Win32/Talalpek.A 20160701
eScan Trojan.GenericKD.3356349 20160701
nProtect Trojan.GenericKD.3356349 20160701
Panda Trj/GdSda.A 20160630
Qihoo-360 QVM20.1.Malware.Gen 20160701
Sophos AV Troj/Agent-ASJD 20160701
Symantec Packed.Generic.459 20160701
Tencent Win32.Trojan-downloader.Agent.Hrfg 20160701
TrendMicro Ransom_WALTRIX.BYX 20160701
TrendMicro-HouseCall Ransom_WALTRIX.BYX 20160701
VIPRE Trojan.Win32.Generic.pak!cobra 20160701
AegisLab 20160701
Yandex 20160630
Alibaba 20160701
Antiy-AVL 20160701
Arcabit 20160701
Baidu 20160701
Bkav 20160701
CAT-QuickHeal 20160701
ClamAV 20160701
CMC 20160630
Comodo 20160701
Cyren 20160701
F-Prot 20160701
Fortinet 20160701
Jiangmin 20160701
Kingsoft 20160701
Malwarebytes 20160701
NANO-Antivirus 20160701
SUPERAntiSpyware 20160701
TheHacker 20160630
TotalDefense 20160701
VBA32 20160701
ViRobot 20160701
Yandex 20160630
Zillya 20160701
Zoner 20160701
The file being studied is a Portable Executable file! More specifically, it is a Win32 EXE file for the Windows GUI subsystem.
FileVersionInfo properties
Copyright
© 2006 Microsoft Corporation. All rights reserved.

Product Microsoft Office Program Recovery
Original name offlb.exe
PE header basic information
Target machine Intel 386 or later processors and compatible processors
Compilation timestamp 2016-06-29 14:30:27
Entry Point 0x00002250
Number of sections 4
PE sections
PE imports
RegOpenKeyW
RegQueryValueExW
ImageList_GetImageCount
ImageList_BeginDrag
ImageList_Destroy
_TrackMouseEvent
ImageList_AddMasked
ImageList_Draw
ImageList_GetImageInfo
ImageList_DragShowNolock
ImageList_DragMove
ImageList_Create
ImageList_SetIconSize
InitCommonControlsEx
ImageList_ReplaceIcon
ImageList_DragEnter
ImageList_EndDrag
SetMetaRgn
AddFontResourceA
GetTextMetricsW
CreateFontIndirectW
PatBlt
CreatePen
SaveDC
CreateHalftonePalette
GdiFlush
GetTextCharset
GetROP2
DeleteEnhMetaFile
GetPixel
Rectangle
GetDeviceCaps
LineTo
DeleteDC
GdiGetBatchLimit
RestoreDC
SetBkMode
StretchBlt
CreateFontW
EndDoc
CreateSolidBrush
StartPage
DeleteObject
GetObjectW
BitBlt
SetTextColor
GetTextExtentPointW
CreatePatternBrush
ExtTextOutW
FillPath
CreateBitmap
MoveToEx
DeleteColorSpace
GetStockObject
EnumFontFamiliesExW
AbortPath
SetTextAlign
SetBrushOrgEx
CreateCompatibleDC
StartDocW
CloseEnhMetaFile
CreateHatchBrush
SetROP2
EndPage
BeginPath
SelectObject
CloseFigure
AbortDoc
CloseMetaFile
CancelDC
SetWindowOrgEx
DPtoLP
SetBkColor
OffsetWindowOrgEx
GetTextExtentPoint32W
CreateCompatibleBitmap
DeleteMetaFile
EndPath
GetStdHandle
GetDriveTypeW
ReleaseMutex
FileTimeToSystemTime
WaitForSingleObject
EncodePointer
GetFileAttributesW
SystemTimeToTzSpecificLocalTime
DeleteCriticalSection
GetCurrentProcess
GetConsoleMode
FreeEnvironmentStringsW
UnhandledExceptionFilter
GetFileInformationByHandle
lstrcatW
GetLocaleInfoW
SetStdHandle
WideCharToMultiByte
GetProcAddress
WriteFile
GetSystemTimeAsFileTime
HeapReAlloc
GetStringTypeW
GetOEMCP
GetTimeZoneInformation
OutputDebugStringW
FindClose
InterlockedDecrement
GetFullPathNameW
SetLastError
PeekNamedPipe
TlsGetValue
CopyFileW
LoadResource
GetModuleFileNameW
IsDebuggerPresent
ExitProcess
GetModuleFileNameA
LoadLibraryA
EnumSystemLocalesW
LoadLibraryExW
MultiByteToWideChar
GetLocalTime
SetFilePointerEx
SetFileAttributesW
CreateThread
MoveFileExW
SetUnhandledExceptionFilter
CreateMutexW
MulDiv
IsProcessorFeaturePresent
DecodePointer
SetEnvironmentVariableA
TerminateProcess
GetModuleHandleExW
SetCurrentDirectoryW
GlobalAlloc
SetEndOfFile
GetCurrentThreadId
LeaveCriticalSection
WriteConsoleW
InitializeCriticalSectionAndSpinCount
HeapFree
EnterCriticalSection
LoadLibraryW
GetVersionExW
SetEvent
QueryPerformanceCounter
TlsAlloc
FlushFileBuffers
lstrcmpiW
RtlUnwind
FreeLibrary
GlobalSize
GetDateFormatW
GetStartupInfoW
CreateDirectoryW
DeleteFileW
GetUserDefaultLCID
GetProcessHeap
GetTimeFormatW
lstrcpyW
ExpandEnvironmentStringsW
FindNextFileW
ResetEvent
FindFirstFileW
IsValidLocale
lstrcmpW
FindFirstFileExW
GlobalLock
ReadConsoleW
CreateEventW
CreateFileW
GetFileType
TlsSetValue
HeapAlloc
InterlockedIncrement
GetLastError
LCMapStringW
GetSystemInfo
GlobalFree
GetConsoleCP
OpenEventW
CompareStringW
GetEnvironmentStringsW
GlobalUnlock
lstrlenW
FileTimeToLocalFileTime
SizeofResource
GetCurrentDirectoryW
GetCurrentProcessId
LockResource
GetCommandLineW
GetCPInfo
HeapSize
GetCommandLineA
lstrcpynW
RaiseException
TlsFree
FindResourceW
ReadFile
CloseHandle
GetACP
GetModuleHandleW
GetLongPathNameW
IsValidCodePage
GetTempPathW
Sleep
GetClipboardViewer
CreateMenu
GetDoubleClickTime
CountClipboardFormats
EndMenu
GetCapture
GetDialogBaseUnits
LoadIconW
GetClipboardOwner
GetClipboardSequenceNumber
GetCursor
Number of PE resources by type
RT_ICON 9
RT_MANIFEST 1
RT_VERSION 1
RT_GROUP_ICON 1
Number of PE resources by language
ENGLISH US 12
PE resources
ExifTool file metadata
UninitializedDataSize
0

LinkerVersion
9.0

ImageVersion
0.0

ProductName
Microsoft Office Program Recovery

FileVersionNumber
12.0.6606.1000

LanguageCode
Neutral

FileFlagsMask
0x003f

ImageFileCharacteristics
No relocs, Executable, 32-bit

CharacterSet
Windows, Latin1

InitializedDataSize
123904

FileTypeExtension
exe

OriginalFileName
offlb.exe

MIMEType
application/octet-stream

Subsystem
Windows GUI

PEType
PE32

LegalTrademarks1
Microsoft is a registered trademark of Microsoft Corporation.

TimeStamp
2016:06:29 16:30:27+02:00

FileType
Win32 EXE

LegalTrademarks2
Windows is a registered trademark of Microsoft Corporation.

ProductVersion
12.0.6606.1000

SubsystemVersion
5.0

OSVersion
5.0

FileOS
Windows NT 32-bit

LegalCopyright
2006 Microsoft Corporation. All rights reserved.

MachineType
Intel 386 or later, and compatibles

CodeSize
113664

FileSubtype
0

ProductVersionNumber
12.0.6606.0

EntryPoint
0x2250

ObjectFileType
Executable application

File identification
MD5 20e4327f2d4eefe1c4dfd7bffb8d9da4
SHA1 2498a04a897d3ac5debf3c99ea3cee1ff4674721
SHA256 786b4cd6f8ba69b694dcf444a3fa40f5a65d427cee70f3ae1cbe0ef0401d3e20
ssdeep
3072:2rMkqJRrlgWJfaYiMMH2OoQKOBFIGhP/dKBMjQ6c:jxg8ONKOPN1KBML

authentihash 316d3694d50f8d6ff9e3ee5d7e50f6460c81250fff88abda8e9a9a1b6167d86c
imphash 5a8c23823a9ec1f72b1ee059a237cf54
File size 233.0 KB ( 238592 bytes )
File type Win32 EXE
Magic literal
PE32 executable for MS Windows (GUI) Intel 80386 32-bit

TrID Win32 Executable MS Visual C++ (generic) (35.0%)
Win64 Executable (generic) (31.0%)
Windows screen saver (14.7%)
Win32 Dynamic Link Library (generic) (7.3%)
Win32 Executable (generic) (5.0%)
Tags
peexe

VirusTotal metadata
First submission 2016-06-29 09:40:36 UTC ( 2 years, 8 months ago )
Last submission 2018-05-22 17:43:51 UTC ( 10 months ago )
File names 786b4cd6f8ba69b694dcf444a3fa40f5a65d427cee70f3ae1cbe0ef0401d3e20.exe.bin
2016-06-28-Neutrino-EK-payload-gootkit-after-tonwyattwood.com.au.exe_
Neutrino-EK-payload-gootkit-after-tonwyattwood.com.au.exe
2016-06-28-Neutrino-EK-payload-gootkit-after-tonwyattwood.com.au.exe
2016-06-28-Neutrino-EK-payload-gootkit-after-tonwyattwood.com.au.exe
offlb.exe
786b4cd6f8ba69b694dcf444a3fa40f5a65d427cee70f3ae1cbe0ef0401d3e20.exe
CryptXXX.exe_
PE-20E4327F2D4EEFE1C4DFD7BFFB8D9DA4
No comments. No VirusTotal Community member has commented on this item yet, be the first one to do so!

Leave your comment...

?
Post comment

You have not signed in. Only registered users can leave comments, sign in and have a voice!

No votes. No one has voted on this item yet, be the first one to do so!
Condensed report! The following is a condensed report of the behaviour of the file when executed in a controlled environment. The actions and events described were either performed by the file itself or by any other process launched by the executed file or subjected to code injection by the executed file.
Opened files
Read files
Written files
Deleted files
Created processes
Code injections in the following processes
Created mutexes
Opened mutexes
Opened service managers
Opened services
Runtime DLLs
HTTP requests
DNS requests
TCP connections
UDP communications