× Cookies are disabled! This site requires cookies to be enabled to work properly
SHA256: 81e84cf9c97c56af454ad5ed2dbfaa35791972860d5f70896c1611a2e42616bb
File name: 81e84cf9c97c56af454ad5ed2dbfaa35791972860d5f70896c1611a2e42616bb
Detection ratio: 15 / 57
Analysis date: 2016-06-10 22:02:03 UTC ( 2 years, 10 months ago ) View latest
Antivirus Result Update
AegisLab Backdoor.W32.Agent.lnci 20160610
Avast Win32:Malware-gen 20160610
AVG Generic37.BYUC 20160610
Avira (no cloud) TR/Crypt.ZPACK.vzwk 20160610
Baidu Win32.Trojan.WisdomEyes.151026.9950.9989 20160608
ESET-NOD32 Win32/Zlader.L 20160610
Fortinet W32/Agent.L!tr 20160610
Kaspersky Trojan.Win32.Agent.nevozx 20160610
McAfee Artemis!DA50262884CC 20160610
McAfee-GW-Edition BehavesLike.Win32.Rimecud.qm 20160610
Microsoft TrojanDownloader:Win32/Skidlo 20160610
Panda Trj/Genetic.gen 20160610
Qihoo-360 QVM20.1.Malware.Gen 20160610
Sophos AV Mal/Generic-S 20160610
Tencent Win32.Trojan.Inject.Auto 20160610
Ad-Aware 20160610
AhnLab-V3 20160610
Alibaba 20160608
ALYac 20160610
Antiy-AVL 20160610
Arcabit 20160610
AVware 20160610
Baidu-International 20160606
BitDefender 20160610
Bkav 20160610
CAT-QuickHeal 20160610
ClamAV 20160610
CMC 20160607
Comodo 20160610
Cyren 20160610
DrWeb 20160610
Emsisoft 20160610
F-Prot 20160610
F-Secure 20160610
GData 20160610
Ikarus 20160610
Jiangmin 20160610
K7AntiVirus 20160610
K7GW 20160610
Kingsoft 20160610
Malwarebytes 20160610
eScan 20160610
NANO-Antivirus 20160610
nProtect 20160610
Rising 20160610
SUPERAntiSpyware 20160610
Symantec 20160610
TheHacker 20160610
TotalDefense 20160610
TrendMicro 20160610
TrendMicro-HouseCall 20160610
VBA32 20160610
VIPRE 20160610
ViRobot 20160610
Yandex 20160609
Zillya 20160610
Zoner 20160610
The file being studied is a Portable Executable file! More specifically, it is a Win32 EXE file for the Windows GUI subsystem.
PE header basic information
Target machine Intel 386 or later processors and compatible processors
Compilation timestamp 2014-03-15 14:21:52
Entry Point 0x00001825
Number of sections 4
PE sections
PE imports
CAEnumFirstCA
CADeleteCA
CACloseCA
CACloseCertType
GetSystemTime
DeviceIoControl
HeapFree
GetDriveTypeW
GetShortPathNameW
FileTimeToSystemTime
GetLastError
WaitForSingleObject
GetOEMCP
GetTickCount
LoadLibraryA
GetStartupInfoA
GetDateFormatA
GetFileSize
CopyFileExA
CreateDirectoryA
GetProcAddress
lstrcpynW
MapViewOfFile
lstrcmpA
ReadFile
FindFirstFileA
CompareStringA
OpenMutexW
GetLongPathNameW
OpenEventW
SearchPathA
WriteConsoleW
InterlockedIncrement
CPGenKey
CPCreateHash
SetFocus
GetMessageA
CreateWindowExA
MessageBoxW
PeekMessageW
LoadStringA
PostMessageA
IsCharLowerA
FindWindowW
GetClassInfoA
LoadImageA
GetCursor
wsprintfW
LoadCursorA
CreateDesktopW
IsDialogMessageA
IsThemeActive
DrawThemeBackground
DrawThemeEdge
GetWindowTheme
GetThemeBool
GetThemeTextExtent
OpenThemeData
GetThemeInt
GetThemeSysSize
GetThemeTextMetrics
WTSVirtualChannelPurgeInput
WTSQuerySessionInformationA
WTSQueryUserToken
WTSVirtualChannelWrite
WTSVirtualChannelRead
WTSSetSessionInformationA
WTSFreeMemory
WTSRegisterSessionNotification
WTSSendMessageA
WTSVirtualChannelOpen
WTSEnumerateServersA
Number of PE resources by type
RT_RCDATA 7
Number of PE resources by language
NEUTRAL 7
PE resources
ExifTool file metadata
MIMEType
application/octet-stream

Subsystem
Windows GUI

MachineType
Intel 386 or later, and compatibles

TimeStamp
2014:03:15 15:21:52+01:00

FileType
Win32 EXE

PEType
PE32

CodeSize
16384

LinkerVersion
6.0

FileTypeExtension
exe

InitializedDataSize
36864

SubsystemVersion
4.0

EntryPoint
0x1825

OSVersion
4.0

ImageVersion
0.0

UninitializedDataSize
0

File identification
MD5 da50262884cc99f7f5dd94d5429fdbef
SHA1 4bfa20d3205d1f9347861e01f274c0f634bedcb4
SHA256 81e84cf9c97c56af454ad5ed2dbfaa35791972860d5f70896c1611a2e42616bb
ssdeep
768:W6pxXZ4Vew5vVmObOU5ZuGa4Ve7D4Vew5vVXNw79H:W6pxX+A9ObOh2AYAmGZ

authentihash a435a6600c7746e7fa1c943f53d462fafe7824d6d007f8972e2613ec05eb0214
imphash edf2a15d1a98d38a8842a7a1d472c4a6
File size 56.0 KB ( 57344 bytes )
File type Win32 EXE
Magic literal
PE32 executable for MS Windows (GUI) Intel 80386 32-bit

TrID Win32 Dynamic Link Library (generic) (43.5%)
Win32 Executable (generic) (29.8%)
Generic Win/DOS Executable (13.2%)
DOS Executable Generic (13.2%)
Tags
peexe

VirusTotal metadata
First submission 2016-06-10 22:02:03 UTC ( 2 years, 10 months ago )
Last submission 2016-06-10 22:02:03 UTC ( 2 years, 10 months ago )
File names sc-service-start_81e84cf9c97c56af454ad5ed2dbfaa35791972860d5f70896c1611a2e42616bb
Advanced heuristic and reputation engines
No comments. No VirusTotal Community member has commented on this item yet, be the first one to do so!

Leave your comment...

?
Post comment

You have not signed in. Only registered users can leave comments, sign in and have a voice!

No votes. No one has voted on this item yet, be the first one to do so!
Condensed report! The following is a condensed report of the behaviour of the file when executed in a controlled environment. The actions and events described were either performed by the file itself or by any other process launched by the executed file or subjected to code injection by the executed file.
Opened files
Created processes
Opened mutexes
Runtime DLLs
UDP communications