× Cookies are disabled! This site requires cookies to be enabled to work properly
SHA256: 811362882d73f4aa52a6a37888e749ed656c7795ffacbe1857352407562114d5
File name: 9a347a42bce9f95bf309aaa64b3f4765.virus
Detection ratio: 24 / 56
Analysis date: 2016-10-18 04:26:20 UTC ( 2 years, 4 months ago ) View latest
Antivirus Result Update
AegisLab W32.W.Ngrbot.mDuH 20161018
AhnLab-V3 Trojan/Win32.Bublik.N2132223439 20161017
Avast Win32:Trojan-gen 20161018
AVG BackDoor.Generic19.AXUD 20161017
Avira (no cloud) TR/Crypt.Xpack.elvhz 20161017
AVware Trojan.Win32.Generic!BT 20161018
Baidu Win32.Trojan.WisdomEyes.16070401.9500.9986 20161017
Bkav HW32.Packed.4000 20161018
CrowdStrike Falcon (ML) malicious_confidence_100% (D) 20160725
ESET-NOD32 a variant of Win32/Kryptik.FIBP 20161018
Fortinet W32/Bublik.ESKH!tr 20161018
GData Win32.Trojan.Agent.9YLW6B 20161018
Ikarus Backdoor.Win32.Vawtrak 20161017
Sophos ML trojan.win32.lethic.b 20160928
Kaspersky Trojan.Win32.Bublik.eskh 20161018
McAfee Artemis!9A347A42BCE9 20161018
McAfee-GW-Edition BehavesLike.Win32.PWSZbot.dh 20161018
Microsoft Backdoor:Win32/Vawtrak.E 20161018
Panda Trj/GdSda.A 20161017
Qihoo-360 HEUR/QVM10.1.0000.Malware.Gen 20161018
Sophos AV Mal/Generic-S 20161018
Symantec Heur.AdvML.B 20161018
TrendMicro-HouseCall TROJ_GEN.R072H01JH16 20161018
VIPRE Trojan.Win32.Generic!BT 20161018
Ad-Aware 20161018
Alibaba 20161018
ALYac 20161018
Antiy-AVL 20161018
Arcabit 20161018
BitDefender 20161018
CAT-QuickHeal 20161018
ClamAV 20161018
CMC 20161017
Comodo 20161018
Cyren 20161018
DrWeb 20161018
Emsisoft 20161018
F-Prot 20161018
F-Secure 20161018
Jiangmin 20161018
K7AntiVirus 20161017
K7GW 20161018
Kingsoft 20161018
Malwarebytes 20161018
eScan 20161018
NANO-Antivirus 20161017
nProtect 20161018
Rising 20161018
SUPERAntiSpyware 20161018
Tencent 20161018
TheHacker 20161018
TrendMicro 20161018
VBA32 20161017
ViRobot 20161018
Yandex 20161017
Zillya 20161016
Zoner 20161018
The file being studied is a Portable Executable file! More specifically, it is a Win32 EXE file for the Windows GUI subsystem.
PE header basic information
Target machine Intel 386 or later processors and compatible processors
Compilation timestamp 2016-09-06 21:22:18
Entry Point 0x00003838
Number of sections 4
PE sections
PE imports
RegCreateKeyExW
RegCloseKey
OpenServiceW
AdjustTokenPrivileges
ControlService
InitializeAcl
LookupPrivilegeValueW
RegEnumKeyW
RegDeleteKeyW
InitiateSystemShutdownExW
RegQueryValueExW
SetSecurityDescriptorDacl
CloseServiceHandle
OpenProcessToken
QueryServiceStatus
RegOpenKeyExW
CreateServiceW
GetTokenInformation
RegEnumKeyExW
OpenThreadToken
GetLengthSid
RegDeleteValueW
StartServiceW
RegSetValueExW
FreeSid
OpenSCManagerW
AllocateAndInitializeSid
InitializeSecurityDescriptor
EqualSid
AddAce
SelectObject
LineTo
SetBkMode
MoveToEx
CreatePen
GetStockObject
CreateSolidBrush
PatBlt
CreateRoundRectRgn
DeleteObject
SetTextColor
GetStdHandle
GetDriveTypeW
GetConsoleOutputCP
FileTimeToSystemTime
WaitForSingleObject
GetFileAttributesW
FreeEnvironmentStringsA
DeleteCriticalSection
GetCurrentProcess
GetConsoleMode
GetLocaleInfoA
LocalAlloc
LoadLibraryExW
FreeEnvironmentStringsW
GetLocaleInfoW
SetStdHandle
WideCharToMultiByte
LoadLibraryW
GetStringTypeA
WriteFile
GetSystemTimeAsFileTime
GlobalMemoryStatusEx
HeapReAlloc
GetStringTypeW
GetOEMCP
LocalFree
FormatMessageW
ResumeThread
GetTimeZoneInformation
OutputDebugStringW
FindClose
TlsGetValue
QueryDosDeviceW
FormatMessageA
SetFileAttributesW
GetEnvironmentVariableW
SetLastError
DeviceIoControl
InitializeCriticalSection
WriteProcessMemory
LoadResource
GetModuleFileNameW
IsDebuggerPresent
ExitProcess
GetModuleFileNameA
EnumSystemLocalesA
UnhandledExceptionFilter
InterlockedDecrement
MultiByteToWideChar
LeaveCriticalSection
GetModuleHandleA
CreateThread
SetEnvironmentVariableW
MoveFileExW
GetSystemDirectoryW
SetUnhandledExceptionFilter
ExitThread
SetEnvironmentVariableA
TerminateProcess
CreateSemaphoreW
WriteConsoleA
GlobalAlloc
LocalFileTimeToFileTime
SetEndOfFile
GetCurrentThreadId
GetProcAddress
WriteConsoleW
InitializeCriticalSectionAndSpinCount
HeapFree
EnterCriticalSection
SetHandleCount
TerminateThread
lstrcmpiA
GetVersionExW
GetExitCodeProcess
QueryPerformanceCounter
GetTickCount
TlsAlloc
VirtualProtect
FlushFileBuffers
LoadLibraryA
RtlUnwind
FreeLibrary
GetStartupInfoA
GetWindowsDirectoryW
GetFileSize
SetErrorMode
GetStartupInfoW
SetEvent
DeleteFileW
GlobalLock
GetProcessHeap
CreateFileMappingW
CompareStringW
RemoveDirectoryW
GetFileInformationByHandle
FindNextFileW
CreateDirectoryW
ResetEvent
FindFirstFileW
IsValidLocale
DuplicateHandle
GetUserDefaultLCID
GetProcessAffinityMask
CreateEventW
CreateFileW
CreateEventA
GetFileType
TlsSetValue
CreateFileA
HeapAlloc
InterlockedIncrement
GetLastError
SystemTimeToFileTime
LCMapStringW
GetShortPathNameW
UnmapViewOfFile
GetSystemInfo
GlobalFree
GetConsoleCP
LCMapStringA
GetEnvironmentStringsW
GlobalUnlock
CreateProcessW
GetEnvironmentStrings
GetCurrentDirectoryW
GetCurrentProcessId
LockResource
SetFileTime
GetCommandLineW
GetCPInfo
HeapSize
GetCommandLineA
GetCurrentThread
ExpandEnvironmentStringsW
RaiseException
CompareStringA
ReleaseSemaphore
MapViewOfFile
TlsFree
SetFilePointer
ReadFile
CloseHandle
GetACP
GetModuleHandleW
FreeResource
SizeofResource
IsValidCodePage
HeapCreate
FindResourceW
VirtualFree
Sleep
VirtualAlloc
CreateHardLinkW
SHGetSpecialFolderPathW
SHCreateDirectoryExW
SetWindowRgn
BeginPaint
DefWindowProcW
KillTimer
GetMessageW
PostQuitMessage
GetSystemMetrics
MessageBoxW
EndPaint
MoveWindow
TranslateMessage
PostMessageW
DispatchMessageW
SendMessageW
UnregisterClassW
SetWindowTextW
AllowSetForegroundWindow
DrawTextW
InvalidateRect
SetTimer
GetClientRect
LoadCursorW
LoadIconW
CreateWindowExW
RegisterClassExW
Number of PE resources by type
RT_MANIFEST 1
Number of PE resources by language
NEUTRAL 1
PE resources
ExifTool file metadata
MIMEType
application/octet-stream

Subsystem
Windows GUI

MachineType
Intel 386 or later, and compatibles

FileTypeExtension
exe

TimeStamp
2016:09:06 22:22:18+01:00

FileType
Win32 EXE

PEType
PE32

CodeSize
37888

LinkerVersion
9.0

EntryPoint
0x3838

InitializedDataSize
281088

SubsystemVersion
5.0

ImageVersion
0.0

OSVersion
5.0

UninitializedDataSize
0

File identification
MD5 9a347a42bce9f95bf309aaa64b3f4765
SHA1 285889204be6103a50c5df8d642c91d4ca4aeba1
SHA256 811362882d73f4aa52a6a37888e749ed656c7795ffacbe1857352407562114d5
ssdeep
6144:3CwzZWeclli3kKoHBr2gezSj4xMW0EH4U:3CwtzjkTLECA

authentihash a05f9e75160290f223f4132c716dfadefe2b37e07caa4bdd5fdea802cddcbe81
imphash 00d1762c53c425141d896dfbe3a2f117
File size 237.5 KB ( 243200 bytes )
File type Win32 EXE
Magic literal
PE32 executable for MS Windows (GUI) Intel 80386 32-bit

TrID Win32 Executable MS Visual C++ (generic) (67.4%)
Win32 Dynamic Link Library (generic) (14.2%)
Win32 Executable (generic) (9.7%)
Generic Win/DOS Executable (4.3%)
DOS Executable Generic (4.3%)
Tags
peexe

VirusTotal metadata
First submission 2016-10-18 04:26:20 UTC ( 2 years, 4 months ago )
Last submission 2016-10-18 04:26:20 UTC ( 2 years, 4 months ago )
File names 9a347a42bce9f95bf309aaa64b3f4765.virus
Advanced heuristic and reputation engines
No comments. No VirusTotal Community member has commented on this item yet, be the first one to do so!

Leave your comment...

?
Post comment

You have not signed in. Only registered users can leave comments, sign in and have a voice!

No votes. No one has voted on this item yet, be the first one to do so!
Condensed report! The following is a condensed report of the behaviour of the file when executed in a controlled environment. The actions and events described were either performed by the file itself or by any other process launched by the executed file or subjected to code injection by the executed file.
Opened files
Read files
Written files
Created mutexes
Runtime DLLs
UDP communications