× Cookies are disabled! This site requires cookies to be enabled to work properly
SHA256: 846d90e44cd044b5f280b6e2bceca210dacd1f0d181773306cef64e8944b7a21
File name: 846d90e44cd044b5f280b6e2bceca210dacd1f0d181773306cef64e8944b7a21
Detection ratio: 40 / 57
Analysis date: 2015-09-26 14:54:34 UTC ( 3 years, 5 months ago ) View latest
Antivirus Result Update
Ad-Aware Trojan.Generic.15016527 20150926
Yandex Trojan.DR.Injector!ET1uOjnWLx8 20150925
AhnLab-V3 Trojan/Win32.MDA 20150926
ALYac Trojan.Generic.15016527 20150926
Antiy-AVL Trojan[Dropper]/Win32.Injector 20150926
Arcabit Trojan.Generic.DE5224F 20150926
Avast Win32:Boaxxe-BO [Cryp] 20150926
AVG Crypt_r.RZ 20150926
Avira (no cloud) TR/AD.Zbot.Y.409 20150926
AVware Trojan.Win32.Generic!BT 20150926
Baidu-International Trojan.Win32.Dropper.njnj 20150926
BitDefender Trojan.Generic.15016527 20150926
Bkav HW32.Packed.DA89 20150925
CAT-QuickHeal TrojanPWS.Zbot.A4 20150926
Cyren W32/Trojan.OKDX-4845 20150926
DrWeb Trojan.Siggen6.27340 20150926
Emsisoft Trojan.Generic.15016527 (B) 20150926
ESET-NOD32 Win32/Spy.Zbot.ACB 20150926
F-Secure Trojan.Generic.15016527 20150925
Fortinet W32/Injector.CIRV!tr 20150926
GData Trojan.Generic.15016527 20150926
Ikarus Trojan-Spy.Agent 20150926
K7AntiVirus Spyware ( 004b89a11 ) 20150926
K7GW Spyware ( 004b89a11 ) 20150926
Kaspersky Trojan-Dropper.Win32.Injector.njnj 20150926
McAfee Generic-FAWT!73A738665314 20150926
McAfee-GW-Edition Artemis!Trojan 20150926
Microsoft VirTool:Win32/Obfuscator.MFT 20150926
eScan Trojan.Generic.15016527 20150926
NANO-Antivirus Trojan.Win32.Injector.dwyuud 20150926
nProtect Trojan.Generic.15016527 20150925
Panda Trj/Genetic.gen 20150926
Qihoo-360 Win32/Trojan.BO.cf1 20150926
Rising PE:Malware.Obscure/Heur!1.9E03[F1] 20150925
Sophos AV Mal/Zbot-UE 20150926
Tencent Win32.Trojan.Ad.Ahop 20150926
TrendMicro TROJ_GEN.R00JC0RII15 20150926
VIPRE Trojan.Win32.Generic!BT 20150926
ViRobot Trojan.Win32.Z.Injector.258560.A[h] 20150926
Zillya Dropper.Injector.Win32.71303 20150926
AegisLab 20150926
Alibaba 20150925
ByteHero 20150926
ClamAV 20150926
CMC 20150925
Comodo 20150926
F-Prot 20150926
Jiangmin 20150925
Kingsoft 20150926
Malwarebytes 20150926
SUPERAntiSpyware 20150925
Symantec 20150925
TheHacker 20150923
TotalDefense 20150926
TrendMicro-HouseCall 20150926
VBA32 20150926
Zoner 20150926
The file being studied is a Portable Executable file! More specifically, it is a Win32 EXE file for the Windows GUI subsystem.
PE header basic information
Target machine Intel 386 or later processors and compatible processors
Compilation timestamp 2015-09-09 14:39:47
Entry Point 0x00001C5E
Number of sections 4
PE sections
Overlays
MD5 44e0052987c0fd800fc76b76dad1782b
File type data
Offset 258048
Size 512
Entropy 7.64
PE imports
SetTextAlign
GetCharWidth32A
GetTextExtentExPointA
GetModuleHandleA
GlobalMemoryStatus
GetEnvironmentStrings
GetTimeZoneInformation
CreateThread
GetStartupInfoA
SetFilePointer
FindNextFileW
HeapDestroy
CompareStringA
CreateFileA
GetModuleFileNameA
GetStringTypeW
GetModuleHandleW
SetCommTimeouts
Ord(1775)
Ord(4080)
Ord(537)
Ord(4710)
Ord(3597)
Ord(3136)
Ord(6375)
Ord(755)
Ord(3798)
Ord(2621)
Ord(3259)
Ord(2446)
Ord(815)
Ord(641)
Ord(5277)
Ord(2514)
Ord(4425)
Ord(5199)
Ord(4441)
Ord(1134)
Ord(4465)
Ord(2863)
Ord(5300)
Ord(4627)
Ord(1168)
Ord(3738)
Ord(4853)
Ord(2982)
Ord(4234)
Ord(825)
Ord(3081)
Ord(5307)
Ord(4424)
Ord(540)
Ord(4078)
Ord(2554)
Ord(6376)
Ord(1727)
Ord(2379)
Ord(2725)
Ord(4998)
Ord(800)
Ord(3749)
Ord(1199)
Ord(2512)
Ord(470)
Ord(4274)
Ord(5261)
Ord(4079)
Ord(1146)
Ord(523)
Ord(3147)
Ord(2124)
Ord(2370)
Ord(3262)
Ord(1576)
Ord(4353)
Ord(5065)
Ord(4407)
Ord(3346)
Ord(2396)
Ord(3831)
Ord(791)
Ord(5280)
Ord(3825)
Ord(2976)
Ord(1089)
Ord(2985)
Ord(3922)
Ord(1247)
Ord(6052)
Ord(5163)
Ord(4160)
Ord(4376)
Ord(324)
Ord(3830)
Ord(2385)
Ord(3079)
Ord(6334)
Ord(2055)
Ord(4837)
Ord(5241)
Ord(2648)
Ord(5714)
Ord(5289)
Ord(6374)
Ord(4622)
Ord(561)
Ord(4486)
Ord(4698)
Ord(5480)
Ord(5265)
Ord(4673)
Ord(5302)
Ord(860)
Ord(5731)
_except_handler3
__p__fmode
__CxxFrameHandler
_acmdln
_ftol
_exit
__p__commode
__setusermatherr
__dllonexit
_setmbcp
exit
_XcptFilter
__getmainargs
_initterm
_controlfp
_onexit
_adjust_fdiv
__set_app_type
DrawEdge
GetSystemMetrics
SetTimer
AppendMenuA
LoadIconA
EnableWindow
DrawIcon
SendMessageA
GetClientRect
GetSystemMenu
SystemParametersInfoW
SetForegroundWindow
MessageBoxIndirectW
IsIconic
OpenClipboard
ExifTool file metadata
MIMEType
application/octet-stream

Subsystem
Windows GUI

MachineType
Intel 386 or later, and compatibles

FileTypeExtension
exe

TimeStamp
2015:09:09 15:39:47+01:00

FileType
Win32 EXE

PEType
PE32

CodeSize
9441280

LinkerVersion
6.0

EntryPoint
0x1c5e

InitializedDataSize
249856

SubsystemVersion
4.0

ImageVersion
0.0

OSVersion
4.0

UninitializedDataSize
0

File identification
MD5 73a738665314600a693684455f2aa8be
SHA1 6cd045efe8c5a72d54227401660883e68012a7f1
SHA256 846d90e44cd044b5f280b6e2bceca210dacd1f0d181773306cef64e8944b7a21
ssdeep
3072:maUTFMYr/7ByGS/4olm/IGKjPEA6KL0SUiyzYfDIgTQaR38Wt2nqXqP9:hUmYb79CmJKl6KASpfDIgTt80XqV

authentihash 16bcb87f6bf8056c0b29bcd73cbdb41e8668cb2b0e6ea891eb6cfdbc3493898c
imphash d3b81cefd47641985611ba5d9b1bcfc7
File size 252.5 KB ( 258560 bytes )
File type Win32 EXE
Magic literal
PE32 executable for MS Windows (GUI) Intel 80386 32-bit

TrID Win32 Executable MS Visual C++ (generic) (67.3%)
Win32 Dynamic Link Library (generic) (14.2%)
Win32 Executable (generic) (9.7%)
Generic Win/DOS Executable (4.3%)
DOS Executable Generic (4.3%)
Tags
peexe overlay

VirusTotal metadata
First submission 2015-09-18 14:37:45 UTC ( 3 years, 6 months ago )
Last submission 2015-09-18 14:37:45 UTC ( 3 years, 6 months ago )
No comments. No VirusTotal Community member has commented on this item yet, be the first one to do so!

Leave your comment...

?
Post comment

You have not signed in. Only registered users can leave comments, sign in and have a voice!

No votes. No one has voted on this item yet, be the first one to do so!
Condensed report! The following is a condensed report of the behaviour of the file when executed in a controlled environment. The actions and events described were either performed by the file itself or by any other process launched by the executed file or subjected to code injection by the executed file.
Opened files
Read files
Written files
Created processes
Code injections in the following processes
Opened mutexes
Runtime DLLs