× Cookies are disabled! This site requires cookies to be enabled to work properly
SHA256: 7ccf63217b0103e410f90f56fd65cec8decdb6a2a82ed7b2151f1df85ab2a0e6
File name: 7ccf63217b0103e410f90f56fd65cec8decdb6a2a82ed7b2151f1df85ab2a0e6.bin
Detection ratio: 23 / 57
Analysis date: 2016-09-07 02:21:15 UTC ( 7 months, 3 weeks ago )
Antivirus Result Update
Antiy-AVL Trojan/Win32.TSGeneric 20160907
Avast Win32:Malware-gen 20160907
AVG Agent4.BDPW 20160907
Avira (no cloud) TR/Agent.24576.1050 20160907
AVware Trojan.Win32.Generic!BT 20160907
Baidu Win32.Trojan.Agent.aol 20160906
Comodo UnclassifiedMalware 20160906
CrowdStrike Falcon (ML) malicious_confidence_75% (D) 20160725
ESET-NOD32 Win32/Agent.VBE 20160907
Fortinet W32/Agent.VBE 20160907
K7AntiVirus Trojan ( 00486b861 ) 20160906
K7GW Trojan ( 00486b861 ) 20160907
Kaspersky UDS:DangerousObject.Multi.Generic 20160907
McAfee Artemis!5F057A03BA1B 20160907
McAfee-GW-Edition BehavesLike.Win32.Backdoor.mz 20160907
NANO-Antivirus Trojan.Win32.Agent.cyofge 20160907
Panda Trj/CI.A 20160906
Qihoo-360 Win32/Trojan.Multi.daf 20160907
Tencent Win32.Trojan.Agent.Swkz 20160907
TheHacker Trojan/Agent.vbe 20160905
TrendMicro-HouseCall TROJ_GEN.R0C1H0CHT16 20160907
VIPRE Trojan.Win32.Generic!BT 20160907
Zillya Trojan.Agent.Win32.567426 20160907
Ad-Aware 20160907
AegisLab 20160906
AhnLab-V3 20160906
Alibaba 20160905
ALYac 20160906
Arcabit 20160907
BitDefender 20160907
Bkav 20160905
CAT-QuickHeal 20160906
ClamAV 20160907
CMC 20160905
Cyren 20160907
DrWeb 20160907
Emsisoft 20160907
F-Prot 20160907
F-Secure 20160907
GData 20160907
Ikarus 20160906
Invincea 20160830
Jiangmin 20160907
Kingsoft 20160907
Malwarebytes 20160907
Microsoft 20160906
eScan 20160907
nProtect 20160907
Rising 20160907
Sophos 20160907
SUPERAntiSpyware 20160907
Symantec 20160907
TrendMicro 20160907
VBA32 20160905
ViRobot 20160906
Yandex 20160906
Zoner 20160907
The file being studied is a Portable Executable file! More specifically, it is a Win32 EXE file for the Windows GUI subsystem.
FileVersionInfo properties
Copyright
版权所有 (C) 2012

Product insta11 应用程序
Original name insta11.EXE
Internal name insta11
File version 1, 0, 0, 1
Description insta11 Microsoft 基础类应用程序
PE header basic information
Target machine Intel 386 or later processors and compatible processors
Compilation timestamp 2013-07-13 16:47:39
Entry Point 0x00001860
Number of sections 5
PE sections
PE imports
GetStartupInfoA
GetFileSize
ReadFile
ExitProcess
CloseHandle
CreateFileA
GetModuleFileNameA
VirtualAlloc
Ord(2379)
Ord(1775)
Ord(3147)
Ord(4080)
Ord(2124)
Ord(324)
Ord(3830)
Ord(470)
Ord(4627)
Ord(2385)
Ord(3597)
Ord(4673)
Ord(3738)
Ord(4853)
Ord(641)
Ord(6376)
Ord(3136)
Ord(2982)
Ord(4274)
Ord(3079)
Ord(2512)
Ord(3262)
Ord(6052)
Ord(4234)
Ord(755)
Ord(825)
Ord(3081)
Ord(4837)
Ord(5307)
Ord(5241)
Ord(3798)
Ord(2621)
Ord(6375)
Ord(3259)
Ord(4424)
Ord(2648)
Ord(5714)
Ord(5289)
Ord(4710)
Ord(4407)
Ord(4078)
Ord(2725)
Ord(3346)
Ord(2446)
Ord(2396)
Ord(4622)
Ord(561)
Ord(5065)
Ord(3831)
Ord(6374)
Ord(5280)
Ord(5261)
Ord(1576)
Ord(1727)
Ord(3825)
Ord(4425)
Ord(2976)
Ord(4486)
Ord(2554)
Ord(2514)
Ord(815)
Ord(1089)
Ord(1168)
Ord(5277)
Ord(2985)
Ord(5731)
Ord(4698)
Ord(4998)
Ord(4353)
Ord(5163)
Ord(2055)
Ord(5265)
Ord(3749)
Ord(3922)
Ord(5300)
Ord(5199)
Ord(4441)
Ord(1134)
Ord(4376)
Ord(5302)
Ord(4465)
Ord(4079)
wsprintfA
GetSystemMetrics
EnableWindow
DrawIcon
SendMessageA
GetClientRect
IsIconic
_cexit
__CxxFrameHandler
_c_exit
_acmdln
_adjust_fdiv
_initterm
__p__fmode
__getmainargs
__p__commode
__setusermatherr
malloc
__dllonexit
_onexit
_setmbcp
exit
_XcptFilter
_except_handler3
strrchr
_controlfp
_exit
__set_app_type
Number of PE resources by type
RT_ICON 2
RT_DIALOG 2
RT_STRING 1
RT_VERSION 1
RT_GROUP_ICON 1
Number of PE resources by language
CHINESE SIMPLIFIED 7
PE resources
ExifTool file metadata
SubsystemVersion
4.0

InitializedDataSize
16384

ImageVersion
0.0

ProductName
insta11

FileVersionNumber
1.0.0.1

UninitializedDataSize
0

LanguageCode
Chinese (Simplified)

FileFlagsMask
0x003f

CharacterSet
Unicode

LinkerVersion
6.0

FileTypeExtension
exe

OriginalFileName
insta11.EXE

MIMEType
application/octet-stream

Subsystem
Windows GUI

FileVersion
1, 0, 0, 1

TimeStamp
2013:07:13 17:47:39+01:00

FileType
Win32 EXE

PEType
PE32

InternalName
insta11

ProductVersion
1, 0, 0, 1

FileDescription
insta11 Microsoft

OSVersion
4.0

FileOS
Win32

LegalCopyright
(C) 2012

MachineType
Intel 386 or later, and compatibles

CodeSize
4096

FileSubtype
0

ProductVersionNumber
1.0.0.1

EntryPoint
0x1860

ObjectFileType
Executable application

File identification
MD5 5f057a03ba1b211f00af97259027ad10
SHA1 ffc6bde52f7100f910962d73ef16a15c1c11a8d0
SHA256 7ccf63217b0103e410f90f56fd65cec8decdb6a2a82ed7b2151f1df85ab2a0e6
ssdeep
96:1/w0ZdhRkMfXxC2XHsfD5C0XtQIw2pV0XtQI8YbGdSMMUSJawFLex:rzJfx9MVd7wWs7RGdSMpNB

authentihash 6cd3bff1a2c2407a3c726f6ead1b5639c1576ab83ab950f17776a9523c5371e5
imphash 6228820d7827604ac4ad0e3a8f52c692
File size 24.0 KB ( 24576 bytes )
File type Win32 EXE
Magic literal
PE32 executable for MS Windows (GUI) Intel 80386 32-bit

TrID Win32 Dynamic Link Library (generic) (43.5%)
Win32 Executable (generic) (29.8%)
Generic Win/DOS Executable (13.2%)
DOS Executable Generic (13.2%)
Tags
peexe

VirusTotal metadata
First submission 2013-08-30 04:05:10 UTC ( 3 years, 7 months ago )
Last submission 2016-09-07 02:21:15 UTC ( 7 months, 3 weeks ago )
File names insta11.exe.DNR
insta11.exe
5.exe
7ccf63217b0103e410f90f56fd65cec8decdb6a2a82ed7b2151f1df85ab2a0e6.bin
insta11
insta11.EXE
Advanced heuristic and reputation engines
Symantec reputation Suspicious.Insight
No comments. No VirusTotal Community member has commented on this item yet, be the first one to do so!

Leave your comment...

?
Post comment

You have not signed in. Only registered users can leave comments, sign in and have a voice!

No votes. No one has voted on this item yet, be the first one to do so!
Condensed report! The following is a condensed report of the behaviour of the file when executed in a controlled environment. The actions and events described were either performed by the file itself or by any other process launched by the executed file or subjected to code injection by the executed file.
Opened files
Read files
Opened mutexes
Runtime DLLs
Additional details
The file sends control codes directly to certain device drivers making use of the DeviceIoControl Windows API function.