× Cookies are disabled! This site requires cookies to be enabled to work properly
SHA256: 83b1b46a6ae8c6bc7f30d63cb20e9ad9769dd57dfc5509df52e320f2abae8c31
File name: 680a02bdae6724c537053f0590b731fd.virus
Detection ratio: 32 / 56
Analysis date: 2016-10-19 08:21:30 UTC ( 2 years, 6 months ago )
Antivirus Result Update
Ad-Aware Trojan.Generic.19357936 20161019
AhnLab-V3 Downloader/Win32.Dagozill.N2133106323 20161018
ALYac Trojan.Generic.19357936 20161019
Antiy-AVL Trojan[Downloader]/Win32.Dagozill 20161019
Avast Win32:Trojan-gen 20161019
AVG Ransomer.MDQ 20161018
Avira (no cloud) TR/Crypt.ZPACK.xtkne 20161019
BitDefender Trojan.Generic.19357936 20161019
CrowdStrike Falcon (ML) malicious_confidence_100% (D) 20160725
Emsisoft Trojan.Generic.19357936 (B) 20161019
ESET-NOD32 Win32/TrojanDownloader.Dagozill.B 20161019
F-Secure Trojan.Generic.19357936 20161019
Fortinet W32/Dagozill.EQ!tr.dldr 20161019
GData Trojan.Generic.19357936 20161019
Sophos ML generic.a 20161018
K7AntiVirus Trojan-Downloader ( 004f6c671 ) 20161019
K7GW Trojan-Downloader ( 004f6c671 ) 20161019
Kaspersky Trojan-Downloader.Win32.Dagozill.eq 20161018
Malwarebytes Trojan.Crypt 20161019
McAfee Artemis!680A02BDAE67 20161019
McAfee-GW-Edition BehavesLike.Win32.Ramnit.lh 20161018
Microsoft Trojan:Win32/Dynamer!ac 20161019
eScan Trojan.Generic.19357936 20161019
Panda Trj/Genetic.gen 20161018
Qihoo-360 HEUR/QVM05.1.0000.Malware.Gen 20161019
Rising Malware.Generic!2sfqgWrEoJC@4 (thunder) 20161019
Sophos AV Mal/Generic-S 20161019
Symantec Heur.AdvML.B 20161019
TotalDefense Win32/Inject.C!generic 20161018
TrendMicro Ransom_HPLOCKY.SMBOS3 20161019
TrendMicro-HouseCall Ransom_HPLOCKY.SMBOS3 20161019
VIPRE Trojan.Win32.Generic!BT 20161019
AegisLab 20161019
Alibaba 20161019
Arcabit 20161019
Baidu 20161018
Bkav 20161019
CAT-QuickHeal 20161018
ClamAV 20161019
CMC 20161019
Comodo 20161019
Cyren 20161019
DrWeb 20161019
F-Prot 20161019
Ikarus 20161018
Jiangmin 20161019
Kingsoft 20161019
NANO-Antivirus 20161019
nProtect 20161019
SUPERAntiSpyware 20161019
Tencent 20161019
TheHacker 20161018
VBA32 20161018
ViRobot 20161019
Yandex 20161018
Zillya 20161018
Zoner 20161019
The file being studied is a Portable Executable file! More specifically, it is a Win32 EXE file for the Windows GUI subsystem.
FileVersionInfo properties
Copyright
Snowbelt Demineralizing

Product Traumatizes
File version 51.82.41.391
Description Trainsickness Scratchily
Comments Inseminating Retires
PE header basic information
Target machine Intel 386 or later processors and compatible processors
Compilation timestamp 2016-10-16 18:37:04
Entry Point 0x00001000
Number of sections 4
PE sections
PE imports
InitCommonControlsEx
PrintDlgA
HeapFree
LocalReAlloc
EnterCriticalSection
GlobalFree
WaitForSingleObject
FreeLibrary
HeapDestroy
HeapAlloc
VirtualProtect
GlobalUnlock
LoadLibraryA
GetCurrentProcessId
OpenProcess
VirtualLock
GlobalLock
VirtualProtectEx
GetModuleHandleA
CloseHandle
HeapReAlloc
SetHandleInformation
GetProcAddress
InitializeCriticalSection
HeapCreate
GlobalAlloc
ExitProcess
GetCurrentThreadId
LeaveCriticalSection
memset
strlen
memcpy
CoInitialize
ExtractAssociatedIconA
InsertMenuA
GetWindowThreadProcessId
GetForegroundWindow
GetWindowLongA
EnableWindow
IsWindowVisible
EnumWindows
SendMessageA
CloseClipboard
MessageBoxA
GetWindowDC
GetClipboardData
IsWindowEnabled
SetWindowPos
OpenClipboard
PlaySoundA
midiOutOpen
Number of PE resources by type
RT_VERSION 1
Number of PE resources by language
ENGLISH US 1
PE resources
ExifTool file metadata
fileversion
51.82.41.391

UninitializedDataSize
0

InitializedDataSize
17920

filedescription
Trainsickness Scratchily

ImageVersion
0.0

productname
Traumatizes

FileVersionNumber
62.43.64.8237

LanguageCode
English (U.S.)

FileFlagsMask
0x0000

LinkerVersion
2.5

CharacterSet
Windows, Latin1

comments
Inseminating Retires

FileTypeExtension
exe

MIMEType
application/octet-stream

legalcopyright
Snowbelt Demineralizing

TimeStamp
2016:10:16 19:37:04+01:00

FileType
Win32 EXE

PEType
PE32

productversion
78.82.41.971

SubsystemVersion
4.0

OSVersion
4.0

FileOS
Win32

Subsystem
Windows GUI

MachineType
Intel 386 or later, and compatibles

CodeSize
52736

FileSubtype
0

ProductVersionNumber
79.68.57.3855

EntryPoint
0x1000

ObjectFileType
Executable application

File identification
MD5 680a02bdae6724c537053f0590b731fd
SHA1 026f04fdaf6b20f079f2b24f1d7bb479a3a2a902
SHA256 83b1b46a6ae8c6bc7f30d63cb20e9ad9769dd57dfc5509df52e320f2abae8c31
ssdeep
768:fezktsG4VPJalSWpH6lk5g/afC6qKvW8fQ+gdnQ3qmIpHpuFnPfalC/HHinvqr:6AqoAIH6GfC14TfQDdQ6mMpuNylC/nw

authentihash b865da8b5f6db41839c4f9d2b30c9dca98c84d206c8a4179c5d77c0dcc8121f4
imphash 372165e745f56ff5c5d989f358f57df1
File size 70.0 KB ( 71680 bytes )
File type Win32 EXE
Magic literal
PE32 executable for MS Windows (GUI) Intel 80386 32-bit

TrID Win32 Executable MS Visual C++ (generic) (41.0%)
Win64 Executable (generic) (36.3%)
Win32 Dynamic Link Library (generic) (8.6%)
Win32 Executable (generic) (5.9%)
Win16/32 Executable Delphi generic (2.7%)
Tags
peexe

VirusTotal metadata
First submission 2016-10-19 08:21:30 UTC ( 2 years, 6 months ago )
Last submission 2016-10-19 08:21:30 UTC ( 2 years, 6 months ago )
File names 680a02bdae6724c537053f0590b731fd.virus
No comments. No VirusTotal Community member has commented on this item yet, be the first one to do so!

Leave your comment...

?
Post comment

You have not signed in. Only registered users can leave comments, sign in and have a voice!

No votes. No one has voted on this item yet, be the first one to do so!
Condensed report! The following is a condensed report of the behaviour of the file when executed in a controlled environment. The actions and events described were either performed by the file itself or by any other process launched by the executed file or subjected to code injection by the executed file.
Opened files
Read files
Written files
Deleted files
Created processes
Shell commands
Created mutexes
Opened mutexes
Searched windows
Opened service managers
Opened services
Hooking activity
Runtime DLLs
Additional details
The file installs an application-defined hook procedure into a hook chain. You would install a hook procedure to monitor the system for certain types of events. These events are associated either with a specific thread or with all threads in the same desktop as the calling thread. This is done making use of the SetWindowsHook Windows API function.
HTTP requests
DNS requests
TCP connections
UDP communications