× Cookies are disabled! This site requires cookies to be enabled to work properly
SHA256: 81af849b00fdaa2e504a750e028dba24dbd2f9db3f53ff8df851ec5ea46f0c2a
File name: s_1.exe
Detection ratio: 38 / 60
Analysis date: 2017-03-13 17:07:26 UTC ( 2 months, 1 week ago ) View latest
Antivirus Result Update
Ad-Aware GenPack:Generic.Malware.Sdld.877F7900 20170313
AhnLab-V3 Trojan/Win32.VBInject.C1722137 20170313
ALYac GenPack:Generic.Malware.Sdld.877F7900 20170313
Antiy-AVL Trojan/Win32.SGeneric 20170313
Arcabit GenPack:Generic.Malware.Sdld.877F7900 20170313
Avast Win32:Evo-gen [Susp] 20170313
AVG VB2.AKIF 20170313
Avira (no cloud) TR/Crypt.ULPM.Gen 20170313
AVware Packed.Win32.PePatch.a (v) 20170313
Baidu Win32.Trojan.WisdomEyes.16070401.9500.9760 20170313
BitDefender GenPack:Generic.Malware.Sdld.877F7900 20170313
Bkav HW32.Packed.BBF6 20170313
CAT-QuickHeal (Suspicious) - DNAScan 20170313
Comodo Packed.Win32.MUPX.Gen 20170313
CrowdStrike Falcon (ML) malicious_confidence_100% (D) 20170130
DrWeb Trojan.DiamondFox.2 20170313
Emsisoft GenPack:Generic.Malware.Sdld.877F7900 (B) 20170313
Endgame malicious (high confidence) 20170222
ESET-NOD32 a variant of Win32/VB.OGM 20170313
F-Secure GenPack:Generic.Malware.Sdld.877F7900 20170313
Fortinet W32/PEPactch.VBP!tr 20170311
GData GenPack:Generic.Malware.Sdld.877F7900 20170313
Ikarus Trojan.Win32.VB 20170313
Invincea worm.win32.kufgal.a 20170203
Kaspersky HEUR:Trojan.Win32.Generic 20170313
Malwarebytes Backdoor.Bot 20170313
McAfee New Malware.mp 20170313
McAfee-GW-Edition BehavesLike.Win32.VTFlooder.lc 20170313
Microsoft VirTool:Win32/VBInject.gen!FA 20170313
eScan GenPack:Generic.Malware.Sdld.877F7900 20170313
NANO-Antivirus Trojan.Win32.VB.elqcav 20170313
Qihoo-360 HEUR/QVM11.1.0000.Malware.Gen 20170313
Rising Trojan.Win32.Obfuscator.hp (classic) 20170313
Sophos Mal/VB-GI 20170313
Symantec Packed.Generic.114 20170313
VBA32 Worm.VBNA 20170313
VIPRE Packed.Win32.PePatch.a (v) 20170313
ZoneAlarm by Check Point HEUR:Trojan.Win32.Generic 20170313
AegisLab 20170313
Alibaba 20170228
ClamAV 20170313
CMC 20170313
Cyren 20170313
F-Prot 20170313
Jiangmin 20170313
K7AntiVirus 20170313
K7GW 20170313
Kingsoft 20170313
nProtect 20170313
Palo Alto Networks (Known Signatures) 20170313
Panda 20170313
SUPERAntiSpyware 20170313
Tencent 20170313
TheHacker 20170311
TrendMicro 20170313
TrendMicro-HouseCall 20170313
Trustlook 20170313
ViRobot 20170313
Webroot 20170313
WhiteArmor 20170303
Yandex 20170312
Zillya 20170310
Zoner 20170313
The file being studied is a Portable Executable file! More specifically, it is a Win32 EXE file for the Windows GUI subsystem.
PE header basic information
Target machine Intel 386 or later processors and compatible processors
Compilation timestamp 2016-06-02 19:59:10
Number of sections 4
PE sections
PE imports
VirtualFree
ExitProcess
VirtualProtect
LoadLibraryA
VirtualAlloc
GetProcAddress
Ord(580)
NtResumeThread
IsUserAnAdmin
InternetOpenA
ExifTool file metadata
MIMEType
application/octet-stream

Subsystem
Windows GUI

MachineType
Intel 386 or later, and compatibles

FileTypeExtension
exe

TimeStamp
2016:06:02 20:59:10+01:00

FileType
Win32 EXE

PEType
PE32

CodeSize
16384

LinkerVersion
6.0

EntryPoint
0x0000

InitializedDataSize
4096

SubsystemVersion
5.1

ImageVersion
0.0

OSVersion
4.0

UninitializedDataSize
40960

Compressed bundles
File identification
MD5 05ce32843c7271464b48283fe8f179cc
SHA1 c9e40a931298402a82ddda29579d374a2fc19558
SHA256 81af849b00fdaa2e504a750e028dba24dbd2f9db3f53ff8df851ec5ea46f0c2a
ssdeep
384:JJE1O9JBp+U2CYf00mrtWivKSmSggQmUWgVhkXHQPRB:JFI0/XvdJUVhgHMH

authentihash 2f16f460a2b41fcd400bdbdede197e8843340fef6657ae418774ee181706408a
imphash f7a84ae10111cfc66a25452b2872f12d
File size 18.5 KB ( 18944 bytes )
File type Win32 EXE
Magic literal
PE32 executable for MS Windows (GUI) Intel 80386 32-bit

TrID Win32 Executable (generic) (47.2%)
Generic Win/DOS Executable (20.9%)
DOS Executable Generic (20.9%)
Maple Common Binary file (generic) (10.4%)
VXD Driver (0.3%)
Tags
peexe

VirusTotal metadata
First submission 2017-03-13 17:07:26 UTC ( 2 months, 1 week ago )
Last submission 2017-03-20 22:40:22 UTC ( 2 months ago )
File names s_1.exe
worm
No comments. No VirusTotal Community member has commented on this item yet, be the first one to do so!

Leave your comment...

?
Post comment

You have not signed in. Only registered users can leave comments, sign in and have a voice!

No votes. No one has voted on this item yet, be the first one to do so!
Condensed report! The following is a condensed report of the behaviour of the file when executed in a controlled environment. The actions and events described were either performed by the file itself or by any other process launched by the executed file or subjected to code injection by the executed file.
Opened files
Read files
Written files
Deleted files
Created processes
Created mutexes
Opened mutexes
Opened service managers
Opened services
Hooking activity
Runtime DLLs
Additional details
The file installs an application-defined hook procedure into a hook chain. You would install a hook procedure to monitor the system for certain types of events. These events are associated either with a specific thread or with all threads in the same desktop as the calling thread. This is done making use of the SetWindowsHook Windows API function.
HTTP requests
DNS requests
TCP connections
UDP communications