× Cookies are disabled! This site requires cookies to be enabled to work properly
SHA256: 7f3179e775e517765b5450282c77d94f39ba5492b5118ee60b2b8ade5afaede2
File name: 7f3179e775e517765b5450282c77d94f39ba5492b5118ee60b2b8ade5afaede2
Detection ratio: 23 / 57
Analysis date: 2016-05-30 22:23:32 UTC ( 2 years, 10 months ago ) View latest
Antivirus Result Update
Ad-Aware Gen:Variant.Razy.61162 20160530
AegisLab Troj.Downloader.W32.Agent.l3NC 20160530
ALYac Gen:Variant.Razy.61162 20160530
Arcabit Trojan.Razy.DEEEA 20160530
Avast Win32:Malware-gen 20160530
Avira (no cloud) TR/Crypt.ZPACK.jxrc 20160530
Baidu Win32.Trojan.WisdomEyes.151026.9950.9999 20160530
BitDefender Gen:Variant.Razy.61162 20160530
Emsisoft Gen:Variant.Razy.61162 (B) 20160530
ESET-NOD32 Win32/TrojanDownloader.Agent.CFH 20160530
F-Secure Gen:Variant.Razy.61162 20160530
Fortinet W32/Agent.CFH!tr.dldr 20160530
GData Gen:Variant.Razy.61162 20160530
K7GW Hacktool ( 655367771 ) 20160530
Malwarebytes Backdoor.Qadars 20160530
McAfee Artemis!B7BC1A3AD999 20160530
McAfee-GW-Edition BehavesLike.Win32.Backdoor.cc 20160530
eScan Gen:Variant.Razy.61162 20160530
Panda Trj/GdSda.A 20160530
Qihoo-360 QVM20.1.Malware.Gen 20160530
Rising Malware.Generic!bN38VXjOoUO@3 (Thunder) 20160530
Symantec Suspicious.Cloud.7.L 20160530
Tencent Win32.Trojan-downloader.Agent.Phgm 20160530
AhnLab-V3 20160530
Alibaba 20160530
Antiy-AVL 20160530
AVG 20160530
AVware 20160530
Baidu-International 20160530
Bkav 20160528
CAT-QuickHeal 20160530
ClamAV 20160530
CMC 20160530
Comodo 20160530
Cyren 20160530
DrWeb 20160530
F-Prot 20160530
Ikarus 20160530
Jiangmin 20160530
K7AntiVirus 20160530
Kaspersky 20160530
Kingsoft 20160530
Microsoft 20160530
NANO-Antivirus 20160530
nProtect 20160530
Sophos AV 20160530
SUPERAntiSpyware 20160530
TheHacker 20160530
TotalDefense 20160530
TrendMicro 20160530
TrendMicro-HouseCall 20160530
VBA32 20160530
VIPRE 20160530
ViRobot 20160530
Yandex 20160530
Zillya 20160528
Zoner 20160530
The file being studied is a Portable Executable file! More specifically, it is a Win32 EXE file for the Windows GUI subsystem.
PE header basic information
Target machine Intel 386 or later processors and compatible processors
Compilation timestamp 2012-07-14 08:37:33
Entry Point 0x0001B32E
Number of sections 4
PE sections
PE imports
ClusterControl
CloseClusterNode
ConnectionRead
ConnectionVer
ConnectionClose
ConnectionWrite
ConnectionError
EapHostPeerFreeMemory
EapHostPeerFreeErrorMemory
ReplaceFileA
FileTimeToSystemTime
GetDriveTypeA
CopyFileA
GetTickCount
WaitForSingleObjectEx
lstrlenW
GetACP
HeapReAlloc
GetLocaleInfoA
Heap32First
lstrcatA
CreateDirectoryA
DeleteFileW
GetProcAddress
GetProcessHeap
lstrcpynW
CompareStringW
GetModuleHandleA
ReadFile
WriteFile
GetStartupInfoA
CreateMutexW
CloseHandle
FindNextFileA
GetSystemDirectoryA
GetDiskFreeSpaceA
MoveFileExA
SetEnvironmentVariableA
GetLongPathNameW
GetLogicalDriveStringsA
GetExpandedNameW
GetNumberFormatA
OpenEventW
InterlockedDecrement
MoveFileW
CreateFileA
GetVersion
WTSVirtualChannelPurgeInput
WTSUnRegisterSessionNotification
WTSQuerySessionInformationA
WTSLogoffSession
WTSVirtualChannelWrite
WTSVirtualChannelRead
WTSSetSessionInformationA
WTSSendMessageA
WTSWaitSystemEvent
WTSVirtualChannelQuery
Number of PE resources by type
RT_RCDATA 4
Number of PE resources by language
ENGLISH US 4
PE resources
Debug information
ExifTool file metadata
MIMEType
application/octet-stream

Subsystem
Windows GUI

MachineType
Intel 386 or later, and compatibles

FileTypeExtension
exe

TimeStamp
2012:07:14 09:37:33+01:00

FileType
Win32 EXE

PEType
PE32

CodeSize
122880

LinkerVersion
6.0

EntryPoint
0x1b32e

InitializedDataSize
8192

SubsystemVersion
4.0

ImageVersion
0.0

OSVersion
4.0

UninitializedDataSize
0

File identification
MD5 b7bc1a3ad99971ed16f480895dbd8f11
SHA1 f0bd443687fc973565e783bb91c0f9c23437eef1
SHA256 7f3179e775e517765b5450282c77d94f39ba5492b5118ee60b2b8ade5afaede2
ssdeep
3072:2f5XrLwHY/QZWwslei4Pk3jfPC74x/0k/hukXz:if7GsQf2PCu06EkX

authentihash 8bf974b8a0d628f3c66758e2039bfa43a76a3ae40aed36ba56de4aade8b696e9
imphash 75fef842dfad0acfc88770701136fecb
File size 129.0 KB ( 132096 bytes )
File type Win32 EXE
Magic literal
PE32 executable for MS Windows (GUI) Intel 80386 32-bit

TrID Win32 Dynamic Link Library (generic) (43.5%)
Win32 Executable (generic) (29.8%)
Generic Win/DOS Executable (13.2%)
DOS Executable Generic (13.2%)
Tags
peexe

VirusTotal metadata
First submission 2016-05-30 22:23:32 UTC ( 2 years, 10 months ago )
Last submission 2016-05-30 22:23:32 UTC ( 2 years, 10 months ago )
No comments. No VirusTotal Community member has commented on this item yet, be the first one to do so!

Leave your comment...

?
Post comment

You have not signed in. Only registered users can leave comments, sign in and have a voice!

No votes. No one has voted on this item yet, be the first one to do so!