× Cookies are disabled! This site requires cookies to be enabled to work properly
SHA256: 80215eabd69b5269fa0d78dd8a034e47a99d4a0eea3493b09c76bc43f6e86f36
File name: 3164e2526f7602b6e975a058424dcb4eea33b648.exe
Detection ratio: 33 / 56
Analysis date: 2016-11-07 11:59:07 UTC ( 2 years, 3 months ago ) View latest
Antivirus Result Update
Ad-Aware Trojan.GenericKD.3536590 20161107
AegisLab Troj.Generickd!c 20161107
ALYac Trojan.GenericKD.3536590 20161107
Arcabit Trojan.Generic.D35F6CE 20161107
Avast Win32:Malware-gen 20161107
AVG Malware.FA2 20161107
Avira (no cloud) TR/Crypt.Xpack.giz 20161107
AVware Trojan.Win32.Generic!BT 20161107
BitDefender Trojan.GenericKD.3536590 20161107
Bkav W32.FamVT.RazyNHmA.Trojan 20161107
Comodo Worm.Win32.Ngrbot.BHQ 20161107
CrowdStrike Falcon (ML) malicious_confidence_69% (D) 20161024
Cyren W32/Trojan.NQNZ-1412 20161107
DrWeb Trojan.PWS.Papras.2354 20161107
Emsisoft Trojan.GenericKD.3536590 (B) 20161107
ESET-NOD32 Win32/PSW.Papras.EJ 20161107
F-Secure Trojan.GenericKD.3536590 20161107
Fortinet W32/Papras.EJ!tr.pws 20161107
GData Trojan.GenericKD.3536590 20161107
Ikarus Trojan.Win32.PSW 20161107
Sophos ML trojan.win32.lethic.k 20161018
K7AntiVirus Password-Stealer ( 004f55321 ) 20161107
K7GW Password-Stealer ( 004f55321 ) 20161107
McAfee Artemis!86AF5B1B003F 20161107
McAfee-GW-Edition Artemis 20161107
eScan Trojan.GenericKD.3536590 20161107
Qihoo-360 Win32/Trojan.974 20161107
Sophos AV Mal/Generic-S 20161107
Symantec Trojan.Gen 20161107
Tencent Win32.Trojan.Inject.Auto 20161107
TrendMicro TROJ_GEN.F0CBC0UJ916 20161107
TrendMicro-HouseCall TROJ_GEN.F0CBC0UJ916 20161107
VIPRE Trojan.Win32.Generic!BT 20161107
AhnLab-V3 20161107
Alibaba 20161107
Antiy-AVL 20161107
Baidu 20161107
CAT-QuickHeal 20161107
ClamAV 20161107
CMC 20161107
F-Prot 20161107
Jiangmin 20161107
Kaspersky 20161107
Kingsoft 20161107
Malwarebytes 20161107
Microsoft 20161107
NANO-Antivirus 20161107
nProtect 20161107
Panda 20161106
Rising 20161107
SUPERAntiSpyware 20161107
TheHacker 20161106
VBA32 20161105
ViRobot 20161107
Yandex 20161106
Zillya 20161107
Zoner 20161107
The file being studied is a Portable Executable file! More specifically, it is a Win32 EXE file for the Windows GUI subsystem.
Authenticode signature block and FileVersionInfo properties
Signature verification A certificate was explicitly revoked by its issuer.
Signing date 9:07 AM 9/14/2016
Signers
[+] Mark Sol
Status Trust for this certificate or one of the certificates in the certificate chain has been revoked.
Issuer COMODO RSA Code Signing CA
Valid from 1:00 AM 9/12/2016
Valid to 12:59 AM 9/13/2017
Valid usage Code Signing
Algorithm sha256RSA
Thumbprint F7E87892F50C37853FDA4B63BDAAFF27FA3AC932
Serial number 38 40 9E DE CB 44 04 84 45 62 FC 44 16 A2 56 08
[+] COMODO RSA Code Signing CA
Status Valid
Issuer COMODO RSA Certification Authority
Valid from 1:00 AM 5/9/2013
Valid to 12:59 AM 5/9/2028
Valid usage Code Signing
Algorithm sha384RSA
Thumbprint B69E752BBE88B4458200A7C0F4F5B3CCE6F35B47
Serial number 2E 7C 87 CC 0E 93 4A 52 FE 94 FD 1C B7 CD 34 AF
[+] COMODO SECURE?
Status Valid
Issuer COMODO RSA Certification Authority
Valid from 1:00 AM 1/19/2010
Valid to 12:59 AM 1/19/2038
Valid usage Server Auth, Client Auth, Email Protection, Code Signing, Timestamp Signing, EFS, IPSEC Tunnel, IPSEC User
Algorithm sha384RSA
Thumbprint AFE5D244A8D1194230FF479FE2F897BBCD7A8CB4
Serial number 4C AA F9 CA DB 63 6F E0 1F F7 4E D8 5B 03 86 9D
Counter signers
[+] Symantec Time Stamping Services Signer - G4
Status Valid
Issuer Symantec Time Stamping Services CA - G2
Valid from 1:00 AM 10/18/2012
Valid to 12:59 AM 12/30/2020
Valid usage Timestamp Signing
Algorithm sha1RSA
Thumbrint 65439929B67973EB192D6FF243E6767ADF0834E4
Serial number 0E CF F4 38 C8 FE BF 35 6E 04 D8 6A 98 1B 1A 50
[+] Symantec Time Stamping Services CA - G2
Status Valid
Issuer Thawte Timestamping CA
Valid from 1:00 AM 12/21/2012
Valid to 12:59 AM 12/31/2020
Valid usage Timestamp Signing
Algorithm sha1RSA
Thumbrint 6C07453FFDDA08B83707C09B82FB3D15F35336B1
Serial number 7E 93 EB FB 7C C6 4E 59 EA 4B 9A 77 D4 06 FC 3B
[+] Thawte Timestamping CA
Status Valid
Issuer Thawte Timestamping CA
Valid from 1:00 AM 1/1/1997
Valid to 12:59 AM 1/1/2021
Valid usage Timestamp Signing
Algorithm md5RSA
Thumbrint BE36A4562FB2EE05DBB3D32323ADF445084ED656
Serial number 00
PE header basic information
Target machine Intel 386 or later processors and compatible processors
Compilation timestamp 2016-08-19 05:47:43
Entry Point 0x000042B0
Number of sections 4
PE sections
Overlays
MD5 4abf6e0c69beb80ddf260afdb151c4bb
File type data
Offset 240128
Size 6384
Entropy 7.41
PE imports
AdjustTokenPrivileges
RegDeleteKeyA
RegDeleteValueW
RegOpenKeyA
RegCloseKey
GetUserNameW
OpenProcessToken
RegSetValueExW
RegQueryValueA
RegQueryValueExA
LookupPrivilegeValueA
RegSetValueA
RegCreateKeyW
RegSetValueExA
RegDeleteKeyW
RegOpenKeyExA
RegCreateKeyA
RegSetValueW
RegQueryValueExW
RegQueryValueW
SaveDC
GetStdHandle
FileTimeToDosDateTime
TerminateProcess
FileTimeToSystemTime
GetFileAttributesA
SetEvent
GetDriveTypeA
FindFirstFileW
HeapDestroy
GetFileAttributesW
VirtualAllocEx
FreeEnvironmentStringsA
DeleteCriticalSection
HeapReAlloc
GetLocaleInfoA
LocalAlloc
lstrcatA
OpenFileMappingA
FreeEnvironmentStringsW
lstrcatW
GetFileTime
GetCPInfo
lstrcmpiA
GetStringTypeA
QueryDosDeviceA
_hwrite
GetTempPathW
MoveFileA
WaitForSingleObject
GetSystemTimeAsFileTime
GetDiskFreeSpaceA
GetStringTypeW
SetFileAttributesA
FreeLibrary
LocalFree
FormatMessageW
ResumeThread
InitializeCriticalSection
LoadResource
GlobalHandle
FindClose
InterlockedDecrement
FormatMessageA
SetFileAttributesW
GetStringTypeExA
lstrcpynW
SetLastError
GetSystemTime
DeviceIoControl
CopyFileW
WriteProcessMemory
GetModuleFileNameW
IsDebuggerPresent
ExitProcess
GetVersionExA
GetModuleFileNameA
lstrcmpiW
RaiseException
EnumCalendarInfoA
GetVolumeInformationA
SetThreadPriority
UnhandledExceptionFilter
TlsGetValue
MultiByteToWideChar
FlushInstructionCache
MoveFileW
GetModuleHandleA
CreateThread
MoveFileExW
GlobalAddAtomA
SetUnhandledExceptionFilter
GetCurrentProcess
MulDiv
SetEnvironmentVariableA
SetPriorityClass
GetDiskFreeSpaceExA
SetCurrentDirectoryW
GlobalAlloc
LocalFileTimeToFileTime
VirtualQueryEx
SetEndOfFile
GetCurrentThreadId
LeaveCriticalSection
HeapFree
EnterCriticalSection
SetHandleCount
TerminateThread
LoadLibraryW
GetOEMCP
QueryPerformanceCounter
GetTickCount
IsBadWritePtr
TlsAlloc
VirtualProtect
FlushFileBuffers
LoadLibraryA
RtlUnwind
LocalLock
GlobalSize
GetStartupInfoA
GetDateFormatA
SystemTimeToFileTime
WinExec
GetFileSize
GlobalDeleteAtom
OpenProcess
DeleteFileA
ReadProcessMemory
CreateDirectoryW
DeleteFileW
GetProcAddress
_lread
VirtualProtectEx
GetProcessHeap
GetTempFileNameW
CompareStringW
lstrcpyW
GlobalReAlloc
RemoveDirectoryW
_hread
lstrcmpA
FindNextFileW
lstrcpyA
GetProfileStringA
CompareStringA
ResetEvent
FindNextFileA
GlobalMemoryStatus
lstrcmpW
GlobalLock
GetTimeZoneInformation
CreateFileW
CreateEventA
GetFileType
TlsSetValue
CreateFileA
HeapAlloc
LocalUnlock
InterlockedIncrement
GetLastError
DosDateTimeToFileTime
LCMapStringW
UnmapViewOfFile
GetSystemInfo
lstrlenA
GlobalFree
LCMapStringA
GetThreadLocale
GetEnvironmentStringsW
GlobalUnlock
VirtualQuery
lstrlenW
GetShortPathNameA
VirtualFree
FileTimeToLocalFileTime
GetEnvironmentStrings
GetCurrentDirectoryW
VirtualFreeEx
GetCurrentProcessId
LockResource
SetFileTime
GetCommandLineW
GetCurrentDirectoryA
HeapSize
GetCommandLineA
GetCurrentThread
SuspendThread
_lcreat
QueryPerformanceFrequency
MapViewOfFile
TlsFree
SetFilePointer
ReadFile
GlobalFlags
FindFirstFileA
CloseHandle
EnumSystemCodePagesA
lstrcpynA
GetACP
CreateProcessA
WideCharToMultiByte
HeapCreate
WriteFile
CreateProcessW
_lopen
Sleep
IsBadReadPtr
FindResourceA
VirtualAlloc
GetTimeFormatA
BeginPaint
DefWindowProcW
CheckRadioButton
CreateCaret
DestroyMenu
CharUpperA
DefWindowProcA
CharLowerA
DestroyIcon
LoadStringA
CharUpperBuffA
MessageBoxA
AppendMenuW
CharLowerW
CharUpperBuffW
DestroyCaret
CheckDlgButton
CharLowerBuffW
CreatePopupMenu
CheckMenuItem
DefFrameProcW
CreateMDIWindowW
CharToOemBuffA
CreateMenu
DefMDIChildProcW
CharLowerBuffA
BringWindowToTop
AppendMenuA
DeleteMenu
CallNextHookEx
CreateWindowExA
CallWindowProcW
CountClipboardFormats
CharNextA
CallWindowProcA
CreateWindowExW
CloseClipboard
CharNextW
GetKeyboardType
CharToOemA
ExifTool file metadata
MIMEType
application/octet-stream

Subsystem
Windows GUI

MachineType
Intel 386 or later, and compatibles

FileTypeExtension
exe

TimeStamp
2016:08:19 06:47:43+01:00

FileType
Win32 EXE

PEType
PE32

CodeSize
44032

LinkerVersion
9.0

EntryPoint
0x42b0

InitializedDataSize
271872

SubsystemVersion
5.0

ImageVersion
0.0

OSVersion
5.0

UninitializedDataSize
0

File identification
MD5 86af5b1b003fa2a570dc45ca247a6274
SHA1 3164e2526f7602b6e975a058424dcb4eea33b648
SHA256 80215eabd69b5269fa0d78dd8a034e47a99d4a0eea3493b09c76bc43f6e86f36
ssdeep
6144:oj+BTuMGgSiZ6GWIShOkJv6CscEnU1vHVPC6ce:ojtqSiZgpU8OwvHb

authentihash ff48ff10c6eff955b50773adecd5643d0c7f193b539534cadaa7be951f739d30
imphash 1fbe0c0fce3293ce18e7a4940059e1fe
File size 240.7 KB ( 246512 bytes )
File type Win32 EXE
Magic literal
PE32 executable for MS Windows (GUI) Intel 80386 32-bit

TrID Win32 Executable MS Visual C++ (generic) (35.8%)
Win64 Executable (generic) (31.7%)
Windows screen saver (15.0%)
Win32 Dynamic Link Library (generic) (7.5%)
Win32 Executable (generic) (5.1%)
Tags
revoked-cert peexe signed overlay

VirusTotal metadata
First submission 2016-11-04 00:02:01 UTC ( 2 years, 3 months ago )
Last submission 2016-11-07 11:59:07 UTC ( 2 years, 3 months ago )
File names 80215eabd69b5269fa0d78dd8a034e47a99d4a0eea3493b09c76bc43f6e86f36.ex$
3164e2526f7602b6e975a058424dcb4eea33b648.exe
3164e2526f7602b6e975a058424dcb4eea33b648.exe
Dikxi.exe
No comments. No VirusTotal Community member has commented on this item yet, be the first one to do so!

Leave your comment...

?
Post comment

You have not signed in. Only registered users can leave comments, sign in and have a voice!

No votes. No one has voted on this item yet, be the first one to do so!
Condensed report! The following is a condensed report of the behaviour of the file when executed in a controlled environment. The actions and events described were either performed by the file itself or by any other process launched by the executed file or subjected to code injection by the executed file.
Opened files
Read files
Written files
Code injections in the following processes
Created mutexes
Runtime DLLs
UDP communications