× Cookies are disabled! This site requires cookies to be enabled to work properly
SHA256: 78b997c0b08a52dac5f767d3826629f9eda6a863309b0014a97f3d0940b32ade
File name: e49d0a1c524371bdd2236121dbeed7a8 (1)
Detection ratio: 7 / 58
Analysis date: 2016-08-26 20:21:09 UTC ( 2 years, 5 months ago ) View latest
Antivirus Result Update
Avira (no cloud) TR/Crypt.ZPACK.pnkb 20160826
Baidu Win32.Trojan.Elenoocka.a 20160826
CrowdStrike Falcon (ML) malicious_confidence_100% (D) 20160825
Sophos ML trojandownloader.win32.upatre.bn 20160826
McAfee-GW-Edition BehavesLike.Win32.Backdoor.cc 20160826
Qihoo-360 HEUR/QVM20.1.0000.Malware.Gen 20160826
Symantec Heur.AdvML.B 20160826
Ad-Aware 20160826
AegisLab 20160826
AhnLab-V3 20160826
Alibaba 20160826
ALYac 20160826
Antiy-AVL 20160826
Arcabit 20160826
Avast 20160826
AVG 20160826
AVware 20160826
BitDefender 20160826
Bkav 20160826
CAT-QuickHeal 20160826
ClamAV 20160826
CMC 20160824
Comodo 20160826
Cyren 20160826
DrWeb 20160826
Emsisoft 20160826
ESET-NOD32 20160826
F-Prot 20160826
F-Secure 20160826
Fortinet 20160826
GData 20160826
Ikarus 20160826
Jiangmin 20160826
K7AntiVirus 20160826
K7GW 20160826
Kaspersky 20160826
Kingsoft 20160826
Malwarebytes 20160826
McAfee 20160826
Microsoft 20160826
eScan 20160826
NANO-Antivirus 20160826
nProtect 20160826
Panda 20160826
Rising 20160826
Sophos AV 20160826
SUPERAntiSpyware 20160826
Tencent 20160826
TheHacker 20160826
TotalDefense 20160826
TrendMicro 20160826
TrendMicro-HouseCall 20160826
VBA32 20160826
VIPRE 20160826
ViRobot 20160826
Yandex 20160826
Zillya 20160825
Zoner 20160826
The file being studied is a Portable Executable file! More specifically, it is a Win32 EXE file for the Windows GUI subsystem.
Packers identified
PEiD Ste@lth PE 1.01 -> BGCorp
PE header basic information
Target machine Intel 386 or later processors and compatible processors
Compilation timestamp 2012-07-14 10:54:05
Entry Point 0x00003A56
Number of sections 3
PE sections
PE imports
CoCreateActivity
RecycleSurrogate
CoLoadServices
CoEnterServiceDomain
SafeRef
CryptUnprotectData
CryptStringToBinaryA
CryptMsgUpdate
CryptDecodeMessage
CertNameToStrW
CertFindChainInStore
CertFindAttribute
CryptEncodeObject
CryptMsgClose
CertSetStoreProperty
CryptSignMessage
CryptFormatObject
CertGetStoreProperty
JetCloseTable
JetCloseDatabase
JetBeginTransaction
lstrcpynW
OpenSemaphoreW
GetDateFormatA
FileTimeToLocalFileTime
CreateWaitableTimerW
MapViewOfFile
GetEnvironmentVariableA
lstrcpy
GetNumberFormatW
GetLogicalDriveStringsW
InterlockedDecrement
GetTickCount
WaitForSingleObject
CloseHandle
GetProcAddress
HeapReAlloc
GetSystemDirectoryA
GetModuleHandleA
CreateEventA
OneXInitialize
OneXCopyAuthParams
OneXFreeMemory
OneXAddTLV
OneXDeInitialize
SHGetFolderPathW
SHGetDataFromIDListW
SHDefExtractIconA
ExtractIconExA
ShellAboutA
Shell_NotifyIconW
SHGetInstanceExplorer
FindExecutableW
SHGetDesktopFolder
ExtractIconA
SHGetSpecialFolderPathW
UrlCreateFromPathA
UrlCombineA
UrlIsA
UrlCompareA
PathCombineA
PathIsRootA
UrlIsNoHistoryA
PathCommonPrefixA
UrlUnescapeA
UrlCanonicalizeW
UrlEscapeA
UrlHashA
Chkdsk
FormatEx
Recover
Extend
Format
Number of PE resources by type
RT_RCDATA 1
Number of PE resources by language
NEUTRAL 1
PE resources
Debug information
ExifTool file metadata
MIMEType
application/octet-stream

Subsystem
Windows GUI

MachineType
Intel 386 or later, and compatibles

FileTypeExtension
exe

TimeStamp
2012:07:14 11:54:05+01:00

FileType
Win32 EXE

PEType
PE32

CodeSize
20480

LinkerVersion
7.0

EntryPoint
0x3a56

InitializedDataSize
95744

SubsystemVersion
5.1

ImageVersion
5.1

OSVersion
5.1

UninitializedDataSize
0

File identification
MD5 e49d0a1c524371bdd2236121dbeed7a8
SHA1 45787a1b7edd392bebc9634658613c4fcd2c165c
SHA256 78b997c0b08a52dac5f767d3826629f9eda6a863309b0014a97f3d0940b32ade
ssdeep
3072:BXXXXXXXtEpMLLCXXXXYwnCVVwrmiX47hA+iYNqlef54QYfbnUCCNb:BXXXXXXXtEnXXXXViwQ3Tf54QAn

authentihash dce559477391e057d7e73b715a24f6f459d6e9a152457855a298e335ced180e9
imphash 5a8a0454cd09057c8373f321f26e8ead
File size 114.5 KB ( 117248 bytes )
File type Win32 EXE
Magic literal
PE32 executable for MS Windows (GUI) Intel 80386 32-bit

TrID Win32 Executable (generic) (52.9%)
Generic Win/DOS Executable (23.5%)
DOS Executable Generic (23.5%)
Tags
stealth peexe

VirusTotal metadata
First submission 2016-08-26 20:21:09 UTC ( 2 years, 5 months ago )
Last submission 2016-08-26 20:21:09 UTC ( 2 years, 5 months ago )
File names e49d0a1c524371bdd2236121dbeed7a8 (1)
No comments. No VirusTotal Community member has commented on this item yet, be the first one to do so!

Leave your comment...

?
Post comment

You have not signed in. Only registered users can leave comments, sign in and have a voice!

No votes. No one has voted on this item yet, be the first one to do so!
Condensed report! The following is a condensed report of the behaviour of the file when executed in a controlled environment. The actions and events described were either performed by the file itself or by any other process launched by the executed file or subjected to code injection by the executed file.
Created processes
Created mutexes
Opened mutexes
Runtime DLLs
DNS requests
TCP connections
UDP communications