× Cookies are disabled! This site requires cookies to be enabled to work properly
SHA256: 7c1a62c32fba49a5bb55ec1bf732f45e470099825dc662162126e33a2011fa40
File name: 50156842ec3ed14f00346b387eeee39b9e842b17
Detection ratio: 8 / 53
Analysis date: 2014-10-07 17:20:51 UTC ( 4 years, 5 months ago )
Antivirus Result Update
AhnLab-V3 Dropper/Win32.Necurs 20141007
Avira (no cloud) TR/Crypt.Xpack.98309 20141007
ESET-NOD32 a variant of Win32/Injector.BNCA 20141007
Fortinet W32/BMZR!tr 20141007
Malwarebytes Trojan.Agent.ED 20141007
McAfee Artemis!9A8B2A44E3BB 20141007
McAfee-GW-Edition BehavesLike.Win32.PWSQQPass.dh 20141007
Qihoo-360 Malware.QVM10.Gen 20141007
Ad-Aware 20141007
Yandex 20141007
Antiy-AVL 20141007
Avast 20141007
AVG 20141007
AVware 20141007
Baidu-International 20141007
BitDefender 20141007
ByteHero 20141007
CAT-QuickHeal 20141007
ClamAV 20141007
CMC 20141004
Comodo 20141007
Cyren 20141007
DrWeb 20141004
Emsisoft 20141007
F-Prot 20141007
F-Secure 20141007
GData 20141007
Ikarus 20141007
Jiangmin 20141006
K7AntiVirus 20141007
K7GW 20141007
Kaspersky 20141007
Kingsoft 20141007
Microsoft 20141007
eScan 20141007
NANO-Antivirus 20141007
Norman 20141007
nProtect 20141007
Panda 20141007
Rising 20141007
Sophos AV 20141007
SUPERAntiSpyware 20141007
Symantec 20141007
Tencent 20141007
TheHacker 20141006
TotalDefense 20141007
TrendMicro 20141007
TrendMicro-HouseCall 20141007
VBA32 20141007
VIPRE 20141007
ViRobot 20141007
Zillya 20141006
Zoner 20141007
The file being studied is a Portable Executable file! More specifically, it is a Win32 EXE file for the Windows GUI subsystem.
PE header basic information
Target machine Intel 386 or later processors and compatible processors
Compilation timestamp 1989-09-21 05:40:44
Entry Point 0x001CDC23
Number of sections 5
PE sections
PE imports
GetLastError
InitializeCriticalSectionAndSpinCount
HeapFree
GetStdHandle
EnterCriticalSection
LCMapStringW
SetHandleCount
GetModuleFileNameW
GetConsoleCP
GetOEMCP
QueryPerformanceCounter
IsDebuggerPresent
ExitProcess
TlsAlloc
GetEnvironmentStringsW
FlushFileBuffers
RtlUnwind
IsProcessorFeaturePresent
HeapSetInformation
GetCurrentProcess
GetConsoleMode
GetStringTypeW
GetCurrentProcessId
WriteConsoleW
GetCommandLineW
GetCPInfo
UnhandledExceptionFilter
InterlockedDecrement
MultiByteToWideChar
GetStartupInfoW
FreeEnvironmentStringsW
GetProcAddress
HeapSize
SetStdHandle
WideCharToMultiByte
LoadLibraryW
TlsFree
SetFilePointer
DeleteCriticalSection
GetCurrentThreadId
SetUnhandledExceptionFilter
WriteFile
CloseHandle
GetSystemTimeAsFileTime
GetACP
HeapReAlloc
DecodePointer
GetModuleHandleW
HeapAlloc
TerminateProcess
IsValidCodePage
HeapCreate
CreateFileW
TlsGetValue
Sleep
GetFileType
GetTickCount
TlsSetValue
EncodePointer
OutputDebugStringA
LeaveCriticalSection
SetLastError
InterlockedIncrement
ExifTool file metadata
MIMEType
application/octet-stream

Subsystem
Windows GUI

MachineType
Intel 386 or later, and compatibles

TimeStamp
1989:09:21 06:40:44+01:00

FileType
Win32 EXE

PEType
PE32

CodeSize
16807424

LinkerVersion
10.0

FileAccessDate
2014:10:07 18:20:06+01:00

EntryPoint
0x1cdc23

InitializedDataSize
239104

SubsystemVersion
5.1

ImageVersion
0.0

OSVersion
0.257

FileCreateDate
2014:10:07 18:20:06+01:00

UninitializedDataSize
0

File identification
MD5 9a8b2a44e3bb1c306c8ead53ddeb4aaa
SHA1 7a4e8fc09f5998cfb14e493e152b4cbcccbe58e4
SHA256 7c1a62c32fba49a5bb55ec1bf732f45e470099825dc662162126e33a2011fa40
ssdeep
6144:XhtP2t4GMyKZ6PGTfE/kysfH4xr7sb8PHi9qb2cm9Cuzs:XPet4GMySXTM/2v4xrobuHiQacEo

authentihash 438c19c3c4b610de266bb4053007cf13de576a1e67df32b7075bc3ef710c7227
imphash 759b3c70e49933144be33f6ac33937c7
File size 264.5 KB ( 270848 bytes )
File type Win32 EXE
Magic literal
PE32 executable for MS Windows (GUI) Intel 80386

TrID Win32 Executable (generic) (52.9%)
Generic Win/DOS Executable (23.5%)
DOS Executable Generic (23.4%)
Autodesk FLIC Image File (extensions: flc, fli, cel) (0.0%)
Tags
peexe

VirusTotal metadata
First submission 2014-10-07 17:20:51 UTC ( 4 years, 5 months ago )
Last submission 2014-10-07 17:20:51 UTC ( 4 years, 5 months ago )
File names 50156842ec3ed14f00346b387eeee39b9e842b17
Advanced heuristic and reputation engines
Symantec reputation Suspicious.Insight
No comments. No VirusTotal Community member has commented on this item yet, be the first one to do so!

Leave your comment...

?
Post comment

You have not signed in. Only registered users can leave comments, sign in and have a voice!

No votes. No one has voted on this item yet, be the first one to do so!
Condensed report! The following is a condensed report of the behaviour of the file when executed in a controlled environment. The actions and events described were either performed by the file itself or by any other process launched by the executed file or subjected to code injection by the executed file.
Opened files
Read files
Written files
Copied files
Deleted files
Created processes
Code injections in the following processes
Created mutexes
Opened mutexes
Searched windows
Opened service managers
Opened services
Runtime DLLs
Additional details
The file sends control codes directly to certain device drivers making use of the DeviceIoControl Windows API function.