× Cookies are disabled! This site requires cookies to be enabled to work properly
SHA256: 8319bb2a85ace443958d86a1185432b4a3cc05226c52dc991a8aaed06622cb14
File name: 8319bb2a85ace443958d86a1185432b4a3cc05226c52dc991a8aaed06622cb14.vir
Detection ratio: 2 / 55
Analysis date: 2016-01-12 01:51:19 UTC ( 2 years, 3 months ago )
Antivirus Result Update
Fortinet PossibleThreat 20160111
TheHacker Trojan/Hacktool.Kiser.aqu 20160107
Ad-Aware 20160112
AegisLab 20160111
Yandex 20160111
AhnLab-V3 20160111
Alibaba 20160112
ALYac 20160112
Antiy-AVL 20160112
Arcabit 20160112
Avast 20160112
AVG 20160112
Avira (no cloud) 20160112
AVware 20160111
Baidu-International 20160111
BitDefender 20160112
Bkav 20160111
ByteHero 20160112
CAT-QuickHeal 20160111
ClamAV 20160111
CMC 20160111
Comodo 20160112
Cyren 20160112
DrWeb 20160112
Emsisoft 20160112
ESET-NOD32 20160112
F-Prot 20160111
GData 20160112
Ikarus 20160112
Jiangmin 20160112
K7AntiVirus 20160111
K7GW 20160111
Kaspersky 20160112
Malwarebytes 20160112
McAfee 20160112
McAfee-GW-Edition 20160112
Microsoft 20160111
eScan 20160112
NANO-Antivirus 20160112
nProtect 20160111
Panda 20160111
Qihoo-360 20160112
Rising 20160111
Sophos AV 20160112
SUPERAntiSpyware 20160112
Symantec 20160111
Tencent 20160112
TotalDefense 20160111
TrendMicro 20160112
TrendMicro-HouseCall 20160112
VBA32 20160111
VIPRE 20160112
ViRobot 20160112
Zillya 20160112
Zoner 20160112
The file being studied is a Portable Executable file! More specifically, it is a Win32 EXE file for the Windows GUI subsystem.
Packers identified
F-PROT RAR
PE header basic information
Target machine Intel 386 or later processors and compatible processors
Compilation timestamp 2010-03-15 06:27:50
Entry Point 0x0000A7B1
Number of sections 5
PE sections
Overlays
MD5 13b8b0d7b439729a3d3f8422a37e6fc7
File type application/x-rar
Offset 92672
Size 2838643
Entropy 8.00
PE imports
LookupPrivilegeValueA
RegCloseKey
OpenProcessToken
AdjustTokenPrivileges
RegQueryValueExA
SetFileSecurityW
RegSetValueExA
RegCreateKeyExA
RegOpenKeyExA
SetFileSecurityA
GetOpenFileNameA
GetSaveFileNameA
CommDlgExtendedError
GetDeviceCaps
GetObjectA
DeleteDC
SelectObject
StretchBlt
CreateCompatibleDC
DeleteObject
CreateCompatibleBitmap
GetSystemTime
GetLastError
HeapFree
GetStdHandle
SystemTimeToFileTime
ReadFile
FileTimeToSystemTime
lstrlenA
lstrcmpiA
WaitForSingleObject
LoadLibraryA
FreeLibrary
FindNextFileA
HeapAlloc
SetFileTime
GetVersionExA
GetModuleFileNameA
IsDBCSLeadByte
GetCPInfo
GetCurrentProcess
GetDateFormatA
FileTimeToLocalFileTime
GetCurrentDirectoryA
CreateFileMappingA
GetLocaleInfoA
CreateDirectoryA
DeleteFileA
OpenFileMappingA
ExitProcess
MultiByteToWideChar
CreateDirectoryW
DeleteFileW
GetProcAddress
GetProcessHeap
SetFileAttributesA
GetModuleFileNameW
SetFilePointer
GetTempPathA
SetEndOfFile
DosDateTimeToFileTime
CloseHandle
WideCharToMultiByte
MapViewOfFile
GetModuleHandleA
FindNextFileW
GetFileAttributesA
WriteFile
FindFirstFileA
GetTimeFormatA
GetCommandLineA
FindFirstFileW
HeapReAlloc
MoveFileExA
ExpandEnvironmentStringsA
SetEnvironmentVariableA
GetFullPathNameA
MoveFileA
GetFileAttributesW
GetNumberFormatA
UnmapViewOfFile
CreateFileW
GlobalAlloc
LocalFileTimeToFileTime
FindClose
Sleep
GetFileType
SetFileAttributesW
CreateFileA
GetTickCount
FindResourceA
SetCurrentDirectoryA
SetLastError
CompareStringA
VariantInit
SHGetFileInfoA
ShellExecuteExA
SHChangeNotify
SHGetSpecialFolderLocation
SHBrowseForFolderA
SHGetPathFromIDListA
SHGetMalloc
SHFileOperationA
SetFocus
MapWindowPoints
GetParent
UpdateWindow
EndDialog
DefWindowProcA
ShowWindow
GetSystemMetrics
LoadBitmapA
SetWindowPos
SendDlgItemMessageA
CharToOemBuffA
IsWindow
GetWindowRect
DispatchMessageA
EnableWindow
SetMenu
SetDlgItemTextA
PostMessageA
GetDlgItemTextA
MessageBoxA
PeekMessageA
SetWindowLongA
wvsprintfA
TranslateMessage
DialogBoxParamA
GetWindow
CharUpperA
GetDC
RegisterClassExA
ReleaseDC
SetWindowTextA
DestroyIcon
GetWindowLongA
IsWindowVisible
SendMessageA
GetWindowTextA
GetClientRect
CreateWindowExA
GetDlgItem
OemToCharBuffA
LoadIconA
wsprintfA
FindWindowExA
GetSysColor
LoadCursorA
OemToCharA
LoadStringA
CopyRect
WaitForInputIdle
GetClassNameA
GetMessageA
DestroyWindow
CharToOemA
CreateStreamOnHGlobal
OleUninitialize
CoCreateInstance
OleInitialize
CLSIDFromString
Number of PE resources by type
RT_DIALOG 6
RT_STRING 5
RT_ICON 4
RT_MANIFEST 1
RT_BITMAP 1
RT_GROUP_ICON 1
Number of PE resources by language
RUSSIAN NEUTRAL 18
PE resources
Debug information
ExifTool file metadata
MIMEType
application/octet-stream

Subsystem
Windows GUI

MachineType
Intel 386 or later, and compatibles

TimeStamp
2010:03:15 06:27:50+00:00

FileType
Win32 EXE

PEType
PE32

CodeSize
67584

LinkerVersion
9.0

FileTypeExtension
exe

InitializedDataSize
24064

SubsystemVersion
4.0

EntryPoint
0xa7b1

OSVersion
5.0

ImageVersion
0.0

UninitializedDataSize
0

File identification
MD5 36aa3c3b148eb26b22e6d18c01e29bd9
SHA1 64749de79dcbad89da762ccf9ef7c74798ae4f86
SHA256 8319bb2a85ace443958d86a1185432b4a3cc05226c52dc991a8aaed06622cb14
ssdeep
49152:AuXIHMbXPDgv9Vn6CPlTb7k1YUvOZ7Ldv/5ZSBD/ekX3Qpu0bRLGnYGRg+dO:Au4scjPlTb7k/OddvB62hGo

authentihash 0a58793856a971912d43487279d3ddb334a487f3e74bb9da79323d7322e946be
imphash 9402b48d966c911f0785b076b349b5ef
File size 2.8 MB ( 2931315 bytes )
File type Win32 EXE
Magic literal
PE32 executable for MS Windows (GUI) Intel 80386 32-bit

TrID Win32 Executable MS Visual C++ (generic) (42.2%)
Win64 Executable (generic) (37.3%)
Win32 Dynamic Link Library (generic) (8.8%)
Win32 Executable (generic) (6.0%)
Generic Win/DOS Executable (2.7%)
Tags
peexe overlay

VirusTotal metadata
First submission 2012-05-21 16:12:45 UTC ( 5 years, 11 months ago )
Last submission 2016-01-12 01:51:19 UTC ( 2 years, 3 months ago )
File names UJyp2k.tif
36aa3c3b148eb26b22e6d18c01e29bd9
8319bb2a85ace443958d86a1185432b4a3cc05226c52dc991a8aaed06622cb14.vir
pirc2_2.sfx.exe
_g9N.chm
8319bb2a85ace443958d86a1185432b4a3cc05226c52dc991a8aaed06622cb14
pirc_last.sfx.exe
fileget.php?ad=39192&url=http:%2F%2Fircworld.ru%2Fsoft%2Fpirc%2Fpirc_last.sfx.exe
aa
Advanced heuristic and reputation engines
Symantec reputation Suspicious.Insight
No comments. No VirusTotal Community member has commented on this item yet, be the first one to do so!

Leave your comment...

?
Post comment

You have not signed in. Only registered users can leave comments, sign in and have a voice!

No votes. No one has voted on this item yet, be the first one to do so!