× Cookies are disabled! This site requires cookies to be enabled to work properly
VirusTotal
SHA256: 7de0daac62dc23fd101791441cc8db42e5811ff9a4fcaf502b037aa1e4f8b3c2
File name: b7b96531452af8f7a1bc10e0a8e2fa6c.virus
Detection ratio: 18 / 57
Analysis date: 2016-10-31 01:26:15 UTC ( 2 years, 3 months ago )
Antivirus Result Update
Avast Win32:Malware-gen 20161031
AVG Downloader.Generic14.BGSA 20161031
Avira (no cloud) TR/Crypt.ZPACK.gvqyt 20161030
Baidu Win32.Trojan.WisdomEyes.16070401.9500.9928 20161029
CrowdStrike Falcon (ML) malicious_confidence_89% (D) 20161024
DrWeb Trojan.Siggen6.58358 20161031
ESET-NOD32 Win32/TrojanDownloader.Agent.CFH 20161030
Fortinet W32/Agent.CFH!tr.dldr 20161031
GData Win32.Trojan.Agent.TNIOED 20161031
Ikarus Trojan-Downloader.Win32.Agent 20161030
Sophos ML trojan.win32.lethic.i 20161018
Kaspersky Trojan.Win32.Yakes.rkks 20161031
McAfee Artemis!B7B96531452A 20161031
McAfee-GW-Edition BehavesLike.Win32.Downloader.fz 20161031
Qihoo-360 HEUR/QVM10.1.0000.Malware.Gen 20161031
Sophos AV Mal/Generic-S 20161030
Symantec Trojan.Gen 20161031
Tencent Win32.Trojan.Yakes.Phgj 20161031
Ad-Aware 20161031
AegisLab 20161031
AhnLab-V3 20161030
Alibaba 20161028
ALYac 20161031
Antiy-AVL 20161102
Arcabit 20161030
AVware 20161031
BitDefender 20161031
Bkav 20161030
CAT-QuickHeal 20161029
ClamAV 20161031
CMC 20161030
Comodo 20161030
Cyren 20161031
Emsisoft 20161031
F-Prot 20161031
F-Secure 20161031
Jiangmin 20161030
K7AntiVirus 20161030
K7GW 20161031
Kingsoft 20161031
Malwarebytes 20161031
Microsoft 20161031
eScan 20161031
NANO-Antivirus 20161031
nProtect 20161028
Panda 20161030
Rising 20161031
SUPERAntiSpyware 20161030
TheHacker 20161029
TotalDefense 20161028
TrendMicro 20161102
TrendMicro-HouseCall 20161030
VBA32 20161101
VIPRE 20161031
ViRobot 20161030
Yandex 20161030
Zillya 20161028
Zoner 20161030
The file being studied is a Portable Executable file! More specifically, it is a Win32 EXE file for the Windows GUI subsystem.
PE header basic information
Target machine Intel 386 or later processors and compatible processors
Compilation timestamp 2016-09-22 14:34:39
Entry Point 0x0000337B
Number of sections 5
PE sections
PE imports
[+] KERNEL32.dll
GetStdHandle
GetDriveTypeW
ReleaseMutex
FileTimeToSystemTime
WaitForSingleObject
GetFileAttributesW
FreeEnvironmentStringsA
DeleteCriticalSection
GetCurrentProcess
GetLocaleInfoA
LocalAlloc
UnhandledExceptionFilter
SetErrorMode
FreeEnvironmentStringsW
GetLocaleInfoW
EnumResourceLanguagesW
GetCPInfo
GetStringTypeA
WriteFile
GetSystemTimeAsFileTime
HeapReAlloc
GetStringTypeW
FreeLibrary
LocalFree
FormatMessageW
BeginUpdateResourceW
LoadResource
GlobalHandle
FindClose
InterlockedDecrement
SetFileAttributesW
GetCurrentThread
GetEnvironmentVariableW
SetLastError
TlsGetValue
CopyFileW
UpdateResourceW
GetModuleFileNameW
IsDebuggerPresent
ExitProcess
GetModuleFileNameA
GetSystemDefaultLCID
LoadLibraryExW
MultiByteToWideChar
SetFilePointerEx
GetPrivateProfileStringW
GetFullPathNameW
CreateThread
GetSystemDirectoryW
GetExitCodeThread
SetUnhandledExceptionFilter
ConvertDefaultLocale
CreateMutexW
MulDiv
TerminateProcess
GetVersion
SetCurrentDirectoryW
GlobalAlloc
GetDiskFreeSpaceExW
SetEndOfFile
GetCurrentThreadId
LeaveCriticalSection
InitializeCriticalSectionAndSpinCount
HeapFree
EnterCriticalSection
SetHandleCount
LoadLibraryW
EndUpdateResourceW
GetVersionExW
GetOEMCP
QueryPerformanceCounter
GetTickCount
TlsAlloc
LoadLibraryA
RtlUnwind
GetStartupInfoA
GetWindowsDirectoryW
GlobalDeleteAtom
CreateDirectoryW
DeleteFileW
GetProcAddress
GlobalReAlloc
RemoveDirectoryW
FindNextFileW
CompareStringA
FindFirstFileW
lstrcmpW
GetUserDefaultLCID
SetEvent
GetTempPathW
CreateEventW
CreateFileW
GetFileType
TlsSetValue
HeapAlloc
InterlockedIncrement
GetLastError
InitializeCriticalSection
LocalReAlloc
LCMapStringW
lstrlenA
GlobalFree
FindResourceW
LCMapStringA
GetThreadLocale
GetEnvironmentStringsW
GlobalUnlock
lstrlenW
FileTimeToLocalFileTime
GetEnvironmentStrings
GetCurrentDirectoryW
GetCurrentProcessId
LockResource
GetCommandLineW
WideCharToMultiByte
HeapSize
GetCommandLineA
WritePrivateProfileStringW
GetSystemDefaultLangID
TlsFree
GetModuleHandleA
ReadFile
CloseHandle
GetACP
GlobalLock
GetModuleHandleW
FreeResource
SizeofResource
IsValidCodePage
HeapCreate
FindResourceExW
VirtualFree
Sleep
VirtualAlloc
[+] SHELL32.dll
SHGetFolderPathW
ShellExecuteW
[+] USER32.dll
GetParent
DrawTextExW
EqualRect
DefWindowProcW
GetMessageW
PostQuitMessage
ShowWindow
SetWindowPos
GetWindowThreadProcessId
GetMenuState
SetWindowLongW
PeekMessageW
GrayStringW
RegisterClassExW
TranslateMessage
IsWindowEnabled
GetWindow
PostMessageW
DispatchMessageW
MapDialogRect
LoadBitmapW
SendMessageW
UnregisterClassA
GetLastActivePopup
IsWindowVisible
SetWindowTextW
BringWindowToTop
GetMenuItemCount
GetSubMenu
EnableWindow
SetWindowContextHelpId
ValidateRect
LoadCursorW
LoadIconW
CreateWindowExW
TabbedTextOutW
GetWindowLongW
GetMenuItemID
ExitWindowsEx
DestroyWindow
[+] VERSION.dll
VerQueryValueW
GetFileVersionInfoW
GetFileVersionInfoSizeW
Number of PE resources by type
RT_ICON 4
RT_GROUP_ICON 1
RT_MANIFEST 1
Number of PE resources by language
ENGLISH US 5
NEUTRAL 1
PE resources
ExifTool file metadata
MIMEType
application/octet-stream

Subsystem
Windows GUI

MachineType
Intel 386 or later, and compatibles

TimeStamp
2016:09:22 15:34:39+01:00

FileType
Win32 EXE

PEType
PE32

CodeSize
35328

LinkerVersion
9.0

FileTypeExtension
exe

InitializedDataSize
462848

SubsystemVersion
5.0

EntryPoint
0x337b

OSVersion
5.0

ImageVersion
0.0

UninitializedDataSize
0

File identification
MD5 b7b96531452af8f7a1bc10e0a8e2fa6c
SHA1 e871120e8798417c1297549086d9dcadb4132f25
SHA256 7de0daac62dc23fd101791441cc8db42e5811ff9a4fcaf502b037aa1e4f8b3c2
ssdeep
3072:C1Qvo///2OEnW+cI0AN0qwOP6dpEgE/k2ON8Ca3tDgcRDJps750m9hJ7IKbUztc/:COwewIvN0zpWOhadDrRlpER9hJ7kZde

authentihash 2233a4f5bcb3a4932f8c59a52a1348414b13ffc71f9ebc15af577ed272c147b4
imphash 46dff3c2b63af0d24d939765305e5fae
File size 396.5 KB ( 406016 bytes )
File type Win32 EXE
Magic literal
PE32 executable for MS Windows (GUI) Intel 80386 32-bit

TrID Win32 Executable MS Visual C++ (generic) (42.2%)
Win64 Executable (generic) (37.3%)
Win32 Dynamic Link Library (generic) (8.8%)
Win32 Executable (generic) (6.0%)
Generic Win/DOS Executable (2.7%)
Tags
peexe

VirusTotal metadata
First submission 2016-10-31 01:26:15 UTC ( 2 years, 3 months ago )
Last submission 2016-10-31 01:26:15 UTC ( 2 years, 3 months ago )
File names b7b96531452af8f7a1bc10e0a8e2fa6c.virus
Advanced heuristic and reputation engines
F-Secure Deepguard Suspicious:W32/Malware!Online
No comments. No VirusTotal Community member has commented on this item yet, be the first one to do so!
More comments

Leave your comment...

?
Post comment

You have not signed in. Only registered users can leave comments, sign in and have a voice!

Sign in Join the community
No votes. No one has voted on this item yet, be the first one to do so!
More votes
Condensed report! The following is a condensed report of the behaviour of the file when executed in a controlled environment. The actions and events described were either performed by the file itself or by any other process launched by the executed file or subjected to code injection by the executed file.
Opened files
Read files
Written files
Deleted files
Created processes
Code injections in the following processes
Created mutexes
Opened mutexes
Opened service managers
Opened services
Runtime DLLs
HTTP requests
DNS requests
TCP connections
UDP communications
Blog | Twitter | Contact us | ToS | Privacy policy