× Cookies are disabled! This site requires cookies to be enabled to work properly
SHA256: 82e45ce96907eb055c8e09b51560698ac23a9e68970fad283ee6290b45cc1fc2
File name: 09936b0c6f691810018eda23da53d4eee42ea951
Detection ratio: 20 / 55
Analysis date: 2016-07-25 18:53:34 UTC ( 2 years, 9 months ago )
Antivirus Result Update
Ad-Aware Trojan.GenericKD.3426283 20160725
AegisLab Troj.W32.Swizzor.lA5F 20160725
ALYac Trojan.GenericKD.3426283 20160725
Arcabit Trojan.Generic.D3447EB 20160725
AVG Downloader.VB.AJCO 20160725
Avira (no cloud) TR/Dldr.Agent.tdqj 20160725
AVware Trojan.Win32.Generic!BT 20160725
BitDefender Trojan.GenericKD.3426283 20160725
Cyren W32/Trojan.TIQQ-0462 20160725
Emsisoft Trojan.GenericKD.3426283 (B) 20160725
ESET-NOD32 Win32/TrojanDownloader.VB.QZA 20160725
F-Secure Trojan.GenericKD.3426283 20160725
GData Trojan.GenericKD.3426283 20160725
Kaspersky UDS:DangerousObject.Multi.Generic 20160725
McAfee Artemis!C213433991FE 20160721
McAfee-GW-Edition BehavesLike.Win32.BadFile.ch 20160725
eScan Trojan.GenericKD.3426283 20160725
nProtect Trojan.GenericKD.3426283 20160725
Symantec Heur.AdvML.C 20160725
VIPRE Trojan.Win32.Generic!BT 20160725
AhnLab-V3 20160725
Alibaba 20160725
Antiy-AVL 20160725
Avast 20160725
Baidu 20160725
Bkav 20160725
CAT-QuickHeal 20160725
ClamAV 20160725
CMC 20160725
Comodo 20160725
DrWeb 20160725
F-Prot 20160725
Fortinet 20160725
Ikarus 20160725
Jiangmin 20160725
K7AntiVirus 20160725
K7GW 20160725
Kingsoft 20160725
Malwarebytes 20160725
Microsoft 20160725
NANO-Antivirus 20160725
Panda 20160725
Qihoo-360 20160725
Sophos AV 20160725
SUPERAntiSpyware 20160725
Tencent 20160725
TheHacker 20160724
TotalDefense 20160725
TrendMicro 20160725
TrendMicro-HouseCall 20160725
VBA32 20160725
ViRobot 20160725
Yandex 20160724
Zillya 20160724
Zoner 20160725
The file being studied is a Portable Executable file! More specifically, it is a Win32 EXE file for the Windows GUI subsystem.
PE header basic information
Target machine Intel 386 or later processors and compatible processors
Compilation timestamp 2016-07-20 11:26:55
Entry Point 0x0001043B
Number of sections 4
PE sections
PE imports
RegDeleteKeyA
RegOpenKeyA
RegCloseKey
RegQueryValueA
RegQueryValueExA
RegSetValueExA
RegCreateKeyExA
RegOpenKeyExA
RegEnumKeyA
SetMapMode
SaveDC
TextOutA
GetClipBox
GetDeviceCaps
OffsetViewportOrgEx
DeleteDC
RestoreDC
SelectObject
SetTextColor
GetObjectA
CreateBitmap
RectVisible
GetStockObject
SetViewportOrgEx
ScaleWindowExtEx
ExtTextOutA
PtVisible
ScaleViewportExtEx
DeleteObject
SetWindowExtEx
Escape
SetBkColor
SetViewportExtEx
GetStdHandle
GetConsoleOutputCP
HeapDestroy
FreeEnvironmentStringsA
DeleteCriticalSection
GetCurrentProcess
GetConsoleMode
GetLocaleInfoA
LocalAlloc
SetErrorMode
FreeEnvironmentStringsW
SetStdHandle
GetCPInfo
GetStringTypeA
InterlockedExchange
WriteFile
GetSystemTimeAsFileTime
EnumResourceLanguagesA
HeapReAlloc
GetStringTypeW
FreeLibrary
LocalFree
InitializeCriticalSection
LoadResource
GlobalHandle
TlsGetValue
FormatMessageA
SetLastError
GetModuleFileNameW
GlobalFindAtomA
HeapAlloc
FlushFileBuffers
GetModuleFileNameA
UnhandledExceptionFilter
InterlockedDecrement
MultiByteToWideChar
SetFilePointer
GlobalAddAtomA
SetUnhandledExceptionFilter
ConvertDefaultLocale
MulDiv
TerminateProcess
WriteConsoleA
GlobalAlloc
GetCurrentThreadId
InterlockedIncrement
WriteConsoleW
HeapFree
EnterCriticalSection
SetHandleCount
GetOEMCP
QueryPerformanceCounter
GetTickCount
TlsAlloc
GetVersionExA
LoadLibraryA
RtlUnwind
GetStartupInfoA
GlobalDeleteAtom
GlobalLock
GetProcessHeap
GlobalReAlloc
lstrcmpA
CompareStringA
lstrcmpW
GetProcAddress
IsDebuggerPresent
GetFileType
TlsSetValue
CreateFileA
ExitProcess
LeaveCriticalSection
GetLastError
LocalReAlloc
LCMapStringW
lstrlenA
GlobalFree
GetConsoleCP
LCMapStringA
GlobalGetAtomNameA
GetThreadLocale
GetEnvironmentStringsW
GlobalUnlock
GetEnvironmentStrings
WritePrivateProfileStringA
GetCurrentProcessId
LockResource
WideCharToMultiByte
HeapSize
GetCommandLineA
GetCurrentThread
RaiseException
TlsFree
GetModuleHandleA
ReadFile
GlobalFlags
CloseHandle
GetACP
GetVersion
FreeResource
SizeofResource
HeapCreate
VirtualFree
Sleep
FindResourceA
VirtualAlloc
VariantChangeType
VariantInit
VariantClear
PathFindFileNameA
PathFindExtensionA
SetFocus
GetForegroundWindow
SetMenuItemBitmaps
DestroyMenu
PostQuitMessage
GetMessagePos
LoadBitmapA
SetWindowPos
IsWindow
DispatchMessageA
EndPaint
GrayStringA
GetMessageTime
SetActiveWindow
GetDC
GetCursorPos
DrawTextA
GetDlgCtrlID
GetClassInfoA
GetMenu
UnregisterClassA
SendMessageA
GetClientRect
GetNextDlgTabItem
CallNextHookEx
GetActiveWindow
GetTopWindow
GetWindowTextA
PtInRect
GetMessageA
GetParent
UpdateWindow
SetPropA
GetClassInfoExA
ShowWindow
GetPropA
ValidateRect
EnableWindow
PeekMessageA
TranslateMessage
IsWindowEnabled
GetWindow
GetWindowPlacement
EnableMenuItem
RegisterClassA
TabbedTextOutA
GetWindowLongA
CreateWindowExA
CopyRect
GetSysColorBrush
DestroyWindow
IsDialogMessageA
MapWindowPoints
BeginPaint
RegisterWindowMessageA
DefWindowProcA
SendDlgItemMessageA
GetSystemMetrics
IsIconic
GetWindowRect
PostMessageA
SetWindowLongA
RemovePropA
SetWindowTextA
CheckMenuItem
GetSubMenu
GetLastActivePopup
GetDlgItem
GetMenuCheckMarkDimensions
ClientToScreen
GetClassLongA
GetCapture
LoadCursorA
LoadIconA
SetWindowsHookExA
GetMenuItemCount
GetMenuState
GetMenuItemID
SetForegroundWindow
ReleaseDC
EndDialog
CreateDialogIndirectParamA
DrawTextExA
GetWindowThreadProcessId
UnhookWindowsHookEx
RegisterClipboardFormatA
MessageBoxA
AdjustWindowRectEx
GetSysColor
GetKeyState
SystemParametersInfoA
IsWindowVisible
GetDesktopWindow
WinHelpA
wsprintfA
CallWindowProcA
GetClassNameA
GetFocus
ModifyMenuA
SetCursor
OpenPrinterA
DocumentPropertiesA
ClosePrinter
Number of PE resources by type
RNG 2
Number of PE resources by language
NEUTRAL 2
PE resources
ExifTool file metadata
MIMEType
application/octet-stream

Subsystem
Windows GUI

MachineType
Intel 386 or later, and compatibles

TimeStamp
2016:07:20 12:26:55+01:00

FileType
Win32 EXE

PEType
PE32

CodeSize
135168

LinkerVersion
8.0

FileTypeExtension
exe

InitializedDataSize
53248

SubsystemVersion
4.0

EntryPoint
0x1043b

OSVersion
4.0

ImageVersion
0.0

UninitializedDataSize
0

File identification
MD5 c213433991fe828b64fa9a2995d3e995
SHA1 1cb6b1e1c7ec25c98ec1ce4c7341a8098f236b0f
SHA256 82e45ce96907eb055c8e09b51560698ac23a9e68970fad283ee6290b45cc1fc2
ssdeep
3072:I/tCWJbKEuVpRlWoJDqYLYenlVgrd4S97d/x3nSbDPtLPtspk:1AbKECpRf5fVGh9pxWD5tsm

authentihash 1dce2edf0aba61cb56c1a98b91a70058cc1c0ed3017b9be39092e7fc035bb4b6
imphash 9b46f4e3f7dc1c76976a40f9a397f2aa
File size 188.0 KB ( 192512 bytes )
File type Win32 EXE
Magic literal
PE32 executable for MS Windows (GUI) Intel 80386 32-bit

TrID Win32 Executable MS Visual C++ (generic) (42.2%)
Win64 Executable (generic) (37.3%)
Win32 Dynamic Link Library (generic) (8.8%)
Win32 Executable (generic) (6.0%)
Generic Win/DOS Executable (2.7%)
Tags
peexe

VirusTotal metadata
First submission 2016-07-25 18:53:34 UTC ( 2 years, 9 months ago )
Last submission 2016-07-25 18:53:34 UTC ( 2 years, 9 months ago )
File names 82e45ce96907eb055c8e09b51560698ac23a9e68970fad283ee6290b45cc1fc2.exe
09936b0c6f691810018eda23da53d4eee42ea951
codecfix16.exe
Behaviour characterization
Zemana
dll-injection

No comments. No VirusTotal Community member has commented on this item yet, be the first one to do so!

Leave your comment...

?
Post comment

You have not signed in. Only registered users can leave comments, sign in and have a voice!

No votes. No one has voted on this item yet, be the first one to do so!
Condensed report! The following is a condensed report of the behaviour of the file when executed in a controlled environment. The actions and events described were either performed by the file itself or by any other process launched by the executed file or subjected to code injection by the executed file.
Created processes
Opened mutexes
Hooking activity
Runtime DLLs
Additional details
The file installs an application-defined hook procedure into a hook chain. You would install a hook procedure to monitor the system for certain types of events. These events are associated either with a specific thread or with all threads in the same desktop as the calling thread. This is done making use of the SetWindowsHook Windows API function.