× Cookies are disabled! This site requires cookies to be enabled to work properly
SHA256: 7eb0cad2294b1e1484cc3dc8a7ad531dea2d4a9cc48ec4884a207183147c36f8
File name: b4443026dc9c72a003b98702a92fa11c.dec
Detection ratio: 17 / 56
Analysis date: 2015-07-26 02:38:14 UTC ( 2 years, 12 months ago )
Antivirus Result Update
Antiy-AVL Trojan[Backdoor]/Win32.Caphaw 20150726
Avast Win32:Malware-gen 20150726
AVG Ransomer.JIK 20150726
AVware Trojan-Downloader.Win32.Waski.mf (v) 20150726
DrWeb Trojan.DownLoader14.58563 20150726
ESET-NOD32 Win32/Battdil.AG 20150725
Fortinet W32/Waski.B!tr 20150726
Jiangmin Backdoor/Caphaw.cbv 20150725
K7AntiVirus Trojan ( 004c88761 ) 20150726
K7GW Trojan ( 004c88761 ) 20150725
McAfee Downloader-FAWW!13DCD25A82A2 20150726
McAfee-GW-Edition Downloader-FAWW!13DCD25A82A2 20150726
Microsoft TrojanDownloader:Win32/Upatre 20150726
NANO-Antivirus Trojan.Win32.Caphaw.dudiph 20150725
Sophos AV Mal/Wonton-BD 20150725
VIPRE Trojan-Downloader.Win32.Waski.mf (v) 20150726
Zillya Backdoor.Caphaw.Win32.897 20150725
Ad-Aware 20150726
AegisLab 20150725
Yandex 20150725
AhnLab-V3 20150725
Alibaba 20150724
ALYac 20150725
Arcabit 20150726
Avira (no cloud) 20150725
Baidu-International 20150725
BitDefender 20150726
Bkav 20150724
ByteHero 20150726
CAT-QuickHeal 20150725
ClamAV 20150726
Comodo 20150726
Cyren 20150726
Emsisoft 20150726
F-Prot 20150726
F-Secure 20150725
GData 20150726
Ikarus 20150725
Kaspersky 20150726
Kingsoft 20150726
Malwarebytes 20150724
eScan 20150726
nProtect 20150723
Panda 20150725
Qihoo-360 20150726
Rising 20150722
SUPERAntiSpyware 20150725
Symantec 20150726
Tencent 20150726
TheHacker 20150723
TotalDefense 20150723
TrendMicro 20150726
TrendMicro-HouseCall 20150726
VBA32 20150725
ViRobot 20150726
Zoner 20150726
The file being studied is a Portable Executable file! More specifically, it is a Win32 EXE file for the Windows GUI subsystem.
PE header basic information
Target machine Intel 386 or later processors and compatible processors
Compilation timestamp 2015-07-15 08:46:22
Entry Point 0x00002234
Number of sections 4
PE sections
PE imports
CreateBitmap
SelectObject
GetLastError
HeapFree
GetStdHandle
LCMapStringW
SetHandleCount
GetFileAttributesA
GetOEMCP
LCMapStringA
HeapDestroy
GetTickCount
GetEnvironmentStringsW
FlushFileBuffers
RemoveDirectoryA
RtlUnwind
LoadLibraryA
FreeEnvironmentStringsA
HeapAlloc
GetStartupInfoA
GetEnvironmentStrings
GetCPInfo
UnhandledExceptionFilter
MultiByteToWideChar
HeapSize
FreeEnvironmentStringsW
GetCommandLineA
GetProcAddress
GetCurrentThread
SetStdHandle
SetFilePointer
WideCharToMultiByte
GetStringTypeA
GetModuleHandleA
InterlockedExchange
WriteFile
GetCurrentProcess
CloseHandle
GetACP
HeapReAlloc
GetStringTypeW
GetModuleHandleW
TerminateProcess
GetModuleFileNameA
CreateEventW
HeapCreate
OpenEventW
VirtualFree
FindClose
Sleep
GetFileType
ExitProcess
GetVersion
OpenEventA
VirtualAlloc
MessageBoxW
LoadIconA
SCardForgetReaderW
CoUninitialize
ExifTool file metadata
MIMEType
application/octet-stream

Subsystem
Windows GUI

MachineType
Intel 386 or later, and compatibles

FileTypeExtension
exe

TimeStamp
2015:07:15 09:46:22+01:00

FileType
Win32 EXE

PEType
PE32

CodeSize
20480

LinkerVersion
6.0

Warning
Error processing PE data dictionary

EntryPoint
0x2234

InitializedDataSize
475136

SubsystemVersion
4.0

ImageVersion
8.2

OSVersion
4.0

UninitializedDataSize
0

File identification
MD5 13dcd25a82a2e13e4d2687a4db6f72d8
SHA1 11d980cdceb60d336d01e0a04fe5a26cce955d47
SHA256 7eb0cad2294b1e1484cc3dc8a7ad531dea2d4a9cc48ec4884a207183147c36f8
ssdeep
12288:fy8y/qKzxxq/UldojVD5QKjUPfNfy68ezTVY0bT:fy8QqKzxxflO5QtU6lTVXbT

authentihash dcb928a43fd08ec618deb6ef1c6de16c0f56d0bf87752b2909689c785b2e10e7
imphash 1fd8a01bfe9c224f5804e727b956c42f
File size 480.0 KB ( 491520 bytes )
File type Win32 EXE
Magic literal
PE32 executable for MS Windows (GUI) Intel 80386 32-bit

TrID Win32 Executable MS Visual C++ (generic) (67.3%)
Win32 Dynamic Link Library (generic) (14.2%)
Win32 Executable (generic) (9.7%)
Generic Win/DOS Executable (4.3%)
DOS Executable Generic (4.3%)
Tags
peexe

VirusTotal metadata
First submission 2015-07-26 02:38:14 UTC ( 2 years, 12 months ago )
Last submission 2015-07-26 02:38:14 UTC ( 2 years, 12 months ago )
File names b4443026dc9c72a003b98702a92fa11c.dec
Advanced heuristic and reputation engines
Symantec reputation Suspicious.Insight
No comments. No VirusTotal Community member has commented on this item yet, be the first one to do so!

Leave your comment...

?
Post comment

You have not signed in. Only registered users can leave comments, sign in and have a voice!

No votes. No one has voted on this item yet, be the first one to do so!