× Cookies are disabled! This site requires cookies to be enabled to work properly
SHA256: 79ec4932c16ea3dc505d347ecb8cacedb836e0969baf74fc22130d7f1fe7c7c0
File name: 5f8046a6a15f2b126eca4bf57343c377.virus
Detection ratio: 30 / 56
Analysis date: 2016-06-22 08:40:57 UTC ( 2 years, 10 months ago )
Antivirus Result Update
Ad-Aware Gen:Variant.Razy.63839 20160622
AegisLab Backdoor.W32.Agent.lnci 20160622
ahnlab Trojan/Win32.Skidlo.N2021161403 20160621
ALYac Gen:Variant.Razy.63839 20160622
Arcabit Trojan.Razy.DF95F 20160622
Avast Win32:Malware-gen 20160622
AVG Atros3.BIDO 20160622
Avira (no cloud) TR/Crypt.ZPACK.rgsn 20160622
AVware Trojan.Win32.Generic!BT 20160622
Baidu Win32.Trojan.WisdomEyes.151026.9950.9975 20160622
BitDefender Gen:Variant.Razy.63839 20160622
Cyren W32/Trojan.ZOHN-3890 20160622
DrWeb Trojan.DownLoader21.58380 20160622
Emsisoft Gen:Variant.Razy.63839 (B) 20160622
ESET-NOD32 Win32/Zlader.L 20160622
F-Secure Gen:Variant.Razy.63839 20160622
Fortinet W32/Zlader.L!tr 20160622
GData Gen:Variant.Razy.63839 20160622
Jiangmin Trojan.Agent.acng 20160622
Kaspersky Trojan.Win32.Agent.nevxpu 20160622
McAfee RDN/Suspicious.bfr 20160622
McAfee-GW-Edition BehavesLike.Win32.Dropper.qm 20160622
Microsoft TrojanDownloader:Win32/Skidlo 20160622
eScan Gen:Variant.Razy.63839 20160622
NANO-Antivirus Trojan.Win32.DownLoader21.edlckj 20160622
Panda Trj/GdSda.A 20160621
Sophos AV Mal/Generic-S 20160622
Tencent Win32.Trojan.Agent.Szlo 20160622
TrendMicro TROJ_GEN.R011C0DFD16 20160622
VIPRE Trojan.Win32.Generic!BT 20160622
Alibaba 20160622
Antiy-AVL 20160622
Baidu-International 20160614
Bkav 20160621
CAT-QuickHeal 20160622
ClamAV 20160622
CMC 20160620
Comodo 20160622
F-Prot 20160622
Ikarus 20160622
K7AntiVirus 20160622
K7GW 20160622
Kingsoft 20160622
Malwarebytes 20160622
nProtect 20160622
Qihoo-360 20160622
SUPERAntiSpyware 20160622
Symantec 20160622
TheHacker 20160621
TotalDefense 20160622
TrendMicro-HouseCall 20160622
VBA32 20160621
ViRobot 20160622
Yandex 20160621
Zillya 20160622
Zoner 20160622
The file being studied is a Portable Executable file! More specifically, it is a Win32 EXE file for the Windows GUI subsystem.
PE header basic information
Target machine Intel 386 or later processors and compatible processors
Compilation timestamp 2014-03-15 14:21:52
Entry Point 0x00001825
Number of sections 4
PE sections
PE imports
CAEnumFirstCA
CADeleteCA
CACloseCA
CACloseCertType
GetSystemTime
DeviceIoControl
HeapFree
GetDriveTypeW
GetShortPathNameW
FileTimeToSystemTime
GetLastError
WaitForSingleObject
GetOEMCP
CopyFileA
GetTickCount
LoadLibraryA
GetStartupInfoA
GetDateFormatA
GetFileSize
CopyFileExA
CreateDirectoryA
GetProcAddress
lstrcpynW
MapViewOfFile
lstrcmpA
ReadFile
FindFirstFileA
CompareStringA
OpenMutexW
OpenEventW
SearchPathA
WriteConsoleW
InterlockedIncrement
CPGenKey
CPCreateHash
SetFocus
GetMessageA
CreateWindowExA
MessageBoxW
PeekMessageW
LoadStringA
PostMessageA
IsCharLowerA
FindWindowW
GetClassInfoA
LoadImageA
GetCursor
wsprintfW
LoadCursorA
CreateDesktopW
IsDialogMessageA
IsThemeActive
DrawThemeBackground
DrawThemeEdge
GetWindowTheme
GetThemeBool
GetThemeTextExtent
OpenThemeData
GetThemeInt
GetThemeSysSize
GetThemeTextMetrics
WTSVirtualChannelPurgeInput
WTSQuerySessionInformationA
WTSQueryUserToken
WTSVirtualChannelWrite
WTSVirtualChannelRead
WTSSetSessionInformationA
WTSFreeMemory
WTSRegisterSessionNotification
WTSSendMessageA
WTSVirtualChannelOpen
WTSEnumerateServersA
Number of PE resources by type
RT_RCDATA 7
Number of PE resources by language
NEUTRAL 7
PE resources
ExifTool file metadata
MIMEType
application/octet-stream

Subsystem
Windows GUI

MachineType
Intel 386 or later, and compatibles

TimeStamp
2014:03:15 15:21:52+01:00

FileType
Win32 EXE

PEType
PE32

CodeSize
16384

LinkerVersion
6.0

FileTypeExtension
exe

InitializedDataSize
36864

SubsystemVersion
4.0

EntryPoint
0x1825

OSVersion
4.0

ImageVersion
0.0

UninitializedDataSize
0

File identification
MD5 5f8046a6a15f2b126eca4bf57343c377
SHA1 706c7f1256071b41687e1ed6cc42c6eb81e7e829
SHA256 79ec4932c16ea3dc505d347ecb8cacedb836e0969baf74fc22130d7f1fe7c7c0
ssdeep
768:C/74Vew5vVme75ZuGl4Ve724Vew5vVXNw79H:C/8A9eShABAmGZ

authentihash 912cdc971df1bec4aca330d66392ed1b8f696d9ff572df2015037b386e65e780
imphash 7adab4ab531fe33209e40f01ada89721
File size 56.0 KB ( 57344 bytes )
File type Win32 EXE
Magic literal
PE32 executable for MS Windows (GUI) Intel 80386 32-bit

TrID Win32 Dynamic Link Library (generic) (43.5%)
Win32 Executable (generic) (29.8%)
Generic Win/DOS Executable (13.2%)
DOS Executable Generic (13.2%)
Tags
peexe

VirusTotal metadata
First submission 2016-06-22 08:40:57 UTC ( 2 years, 10 months ago )
Last submission 2016-06-22 08:40:57 UTC ( 2 years, 10 months ago )
File names 5f8046a6a15f2b126eca4bf57343c377.virus
No comments. No VirusTotal Community member has commented on this item yet, be the first one to do so!

Leave your comment...

?
Post comment

You have not signed in. Only registered users can leave comments, sign in and have a voice!

No votes. No one has voted on this item yet, be the first one to do so!
Condensed report! The following is a condensed report of the behaviour of the file when executed in a controlled environment. The actions and events described were either performed by the file itself or by any other process launched by the executed file or subjected to code injection by the executed file.
Opened files
Copied files
Created processes
Opened mutexes
Runtime DLLs