× Cookies are disabled! This site requires cookies to be enabled to work properly
SHA256: 7e97b4c9fd92d0563b999743bc3c278c59d9d065b2d9c9b9bd2002200801a435
File name: 97f91188f282c9a7a0154ce0703e8dc5.virus
Detection ratio: 31 / 57
Analysis date: 2016-04-07 21:12:51 UTC ( 2 years, 10 months ago ) View latest
Antivirus Result Update
Ad-Aware Trojan.Agent.BSJZ 20160407
AegisLab Troj.W32.Gen.lMJ4 20160407
AhnLab-V3 Malware/Gen.Generic 20160407
ALYac Trojan.Agent.BSJZ 20160407
Antiy-AVL Trojan[Backdoor]/Win32.Qakbot 20160407
Arcabit Trojan.Agent.BSJZ 20160407
Avast Win32:Malware-gen 20160407
AVG Crypt5.AVNP 20160407
Avira (no cloud) TR/Crypt.Xpack.pvce 20160407
Baidu Win32.Trojan.WisdomEyes.151026.9950.9972 20160407
BitDefender Trojan.Agent.BSJZ 20160407
Bkav HW32.Packed.B7CB 20160406
Cyren W32/Trojan.NPTF-0563 20160407
Emsisoft Trojan.Agent.BSJZ (B) 20160407
ESET-NOD32 a variant of Win32/Kryptik.ETIW 20160407
F-Secure Trojan.Agent.BSJZ 20160407
GData Trojan.Agent.BSJZ 20160407
Kaspersky Backdoor.Win32.Qakbot.b 20160407
Malwarebytes Trojan.Qakbot 20160407
McAfee W32/PinkSbot-BS!97F91188F282 20160407
McAfee-GW-Edition BehavesLike.Win32.VTFlooder.dc 20160407
Microsoft Backdoor:Win32/Qakbot!rfn 20160407
eScan Trojan.Agent.BSJZ 20160407
NANO-Antivirus Trojan.Win32.Xpack.ebjqpq 20160407
nProtect Trojan.Agent.BSJZ 20160407
Panda Trj/GdSda.A 20160407
Qihoo-360 HEUR/QVM20.1.0000.Malware.Gen 20160407
Rising PE:Malware.XPACK-LNR/Heur!1.5594 [F] 20160407
Sophos AV Mal/Qbot-N 20160407
Symantec W32.Qakbot 20160407
TrendMicro TROJ_GEN.R00JC0ED716 20160407
Alibaba 20160407
AVware 20160407
Baidu-International 20160407
CAT-QuickHeal 20160407
ClamAV 20160405
CMC 20160407
Comodo 20160407
DrWeb 20160407
F-Prot 20160407
Fortinet 20160404
Ikarus 20160407
Jiangmin 20160407
K7AntiVirus 20160407
K7GW 20160404
Kingsoft 20160407
SUPERAntiSpyware 20160407
Tencent 20160407
TheHacker 20160407
TotalDefense 20160406
TrendMicro-HouseCall 20160407
VBA32 20160407
VIPRE 20160407
ViRobot 20160407
Yandex 20160406
Zillya 20160407
Zoner 20160407
The file being studied is a Portable Executable file! More specifically, it is a Win32 EXE file for the Windows command line subsystem.
PE header basic information
Target machine Intel 386 or later processors and compatible processors
Compilation timestamp 2016-04-05 14:47:26
Entry Point 0x00007570
Number of sections 5
PE sections
PE imports
PlayMetaFileRecord
GdiComment
SelectObject
SetStretchBltMode
CreateBrushIndirect
SetICMProfileA
ExtTextOutA
GetGraphicsMode
SetViewportOrgEx
GetLogColorSpaceW
CreateRoundRectRgn
BeginPath
LineDDA
RealizePalette
SetSystemPaletteUse
StretchDIBits
lstrcatA
lstrlenA
GetModuleFileNameW
CompareStringA
FreeConsole
MprInfoBlockQuerySize
MprAdminIsDomainRasServer
MprAdminInterfaceGetCredentialsEx
MprAdminMIBEntryCreate
MprAdminInterfaceTransportRemove
MprInfoBlockSet
MprAdminMIBServerConnect
MprAdminTransportCreate
RpcBindingToStringBindingA
NdrFullPointerXlatFree
NdrNonConformantStringMarshall
NdrConformantVaryingStructMemorySize
NdrNonEncapsulatedUnionFree
RpcProtseqVectorFreeW
NdrConformantStringMarshall
NdrPointerUnmarshall
RpcNetworkIsProtseqValidA
RpcStringBindingParseA
RpcMgmtEpEltInqBegin
SetupDiOpenDeviceInterfaceA
SetupDiGetDeviceInstallParamsA
SetupDiOpenDeviceInfoA
SetupCopyErrorA
SetupGetSourceFileSizeA
SetupDiInstallClassW
SetupScanFileQueueW
SetupDiGetDriverInstallParamsA
SetupQueueCopyA
SetupDiGetDeviceInterfaceAlias
SetupInitializeFileLogA
EndDeferWindowPos
GetMessageA
GetSystemMetrics
GetWindowModuleFileNameA
AppendMenuA
SendMessageW
PaintDesktop
FillRect
CreateAcceleratorTableW
ModifyMenuW
GetCapture
CascadeWindows
RegisterDeviceNotificationW
GetThreadDesktop
DragDetect
PrintDlgA
CommDlgExtendedError
PageSetupDlgW
PageSetupDlgA
GetOpenFileNameW
SetColorProfileElementReference
CreateColorTransformA
DisassociateColorProfileFromDeviceW
CloseColorProfile
OpenColorProfileA
CreateMultiProfileTransform
GetColorProfileHeader
EnumColorProfilesW
UnregisterCMMW
UninstallColorProfileA
SetColorProfileHeader
GetStandardColorSpaceProfileA
GetNamedProfileInfo
ZwProtectVirtualMemory
NtOpenEvent
NtQueryVolumeInformationFile
RtlGetLongestNtPathLength
ZwQueryInformationThread
NtSetInformationProcess
LdrDisableThreadCalloutsForDll
NtQueryDirectoryFile
RtlNtStatusToDosError
NtQueryInformationFile
RtlExtendedLargeIntegerDivide
RtlLargeIntegerSubtract
RtlCopyUnicodeString
ZwAllocateVirtualMemory
ZwMapViewOfSection
NtQueryInformationProcess
RtlQueryProcessDebugInformation
CoGetInstanceFromFile
MonikerCommonPrefixWith
OleGetAutoConvert
DoDragDrop
CoEnableCallCancellation
STGMEDIUM_UserFree
StgGetIFillLockBytesOnFile
OleSetContainedObject
CoRegisterMallocSpy
StringFromCLSID
CreateOleAdviseHolder
CoGetClassObject
CoRegisterClassObject
HBITMAP_UserFree
StgOpenStorage
CoQueryAuthenticationServices
CoRevertToSelf
StgIsStorageFile
HMENU_UserSize
HDC_UserSize
CoSuspendClassObjects
StgOpenAsyncDocfileOnIFillLockBytes
BindMoniker
PdhComputeCounterStatistics
PdhOpenQueryA
PdhExpandCounterPathW
PdhExpandWildCardPathA
PdhSetCounterScaleFactor
PdhParseCounterPathA
PdhGetFormattedCounterArrayW
PdhUpdateLogW
PdhGetDataSourceTimeRangeW
PdhGetDefaultPerfCounterA
PdhEnumObjectsW
PdhSetDefaultRealTimeDataSource
PdhParseInstanceNameW
PdhParseCounterPathW
PdhValidatePathW
PdhCollectQueryData
ExifTool file metadata
MIMEType
application/octet-stream

Subsystem
Windows command line

MachineType
Intel 386 or later, and compatibles

TimeStamp
2016:04:05 15:47:26+01:00

FileType
Win32 EXE

PEType
PE32

CodeSize
32768

LinkerVersion
6.0

FileTypeExtension
exe

InitializedDataSize
225280

SubsystemVersion
4.0

EntryPoint
0x7570

OSVersion
4.0

ImageVersion
0.0

UninitializedDataSize
0

File identification
MD5 97f91188f282c9a7a0154ce0703e8dc5
SHA1 1694c748056611d4d15a48d59c58a5a634bc4ddc
SHA256 7e97b4c9fd92d0563b999743bc3c278c59d9d065b2d9c9b9bd2002200801a435
ssdeep
6144:0E5RrpTvdQ/2vQ0So6a9d7rbFI1Xqq1SYPlfKbPe:HHtvqF0So77r5KliP

authentihash 7cab65d652bbdf7c2c5b2edb4eda007a6f79bf0e57699ba4e0cb0e87be8c3c8d
imphash f820196f2139b71fed2f41dd8e9b9999
File size 256.0 KB ( 262144 bytes )
File type Win32 EXE
Magic literal
PE32 executable for MS Windows (console) Intel 80386 32-bit

TrID Win32 Dynamic Link Library (generic) (43.5%)
Win32 Executable (generic) (29.8%)
Generic Win/DOS Executable (13.2%)
DOS Executable Generic (13.2%)
Tags
peexe

VirusTotal metadata
First submission 2016-04-07 21:12:51 UTC ( 2 years, 10 months ago )
Last submission 2016-04-07 21:12:51 UTC ( 2 years, 10 months ago )
File names 97f91188f282c9a7a0154ce0703e8dc5.virus
No comments. No VirusTotal Community member has commented on this item yet, be the first one to do so!

Leave your comment...

?
Post comment

You have not signed in. Only registered users can leave comments, sign in and have a voice!

No votes. No one has voted on this item yet, be the first one to do so!
Condensed report! The following is a condensed report of the behaviour of the file when executed in a controlled environment. The actions and events described were either performed by the file itself or by any other process launched by the executed file or subjected to code injection by the executed file.
Opened files
Read files
Written files
Copied files
Deleted files
Created processes
Shell commands
Created mutexes
Opened mutexes
Runtime DLLs
UDP communications