× Cookies are disabled! This site requires cookies to be enabled to work properly
SHA256: 849bcc270b987a4bfeac70fa94672a8f202ae34479cb4f962fd0e4d3ebe8fee9
File name: 8c4e9399c0ae912be177320188594179
Detection ratio: 13 / 57
Analysis date: 2016-05-19 08:31:23 UTC ( 2 years, 11 months ago ) View latest
Antivirus Result Update
Ad-Aware Trojan.GenericKD.3243311 20160519
AegisLab Troj.W32.Gen.lt1a 20160519
Antiy-AVL Trojan/Win32.TSGeneric 20160519
Avast Win32:Malware-gen 20160519
Avira (no cloud) TR/Crypt.ZPACK.gowk 20160519
Baidu Win32.Trojan.WisdomEyes.151026.9950.9989 20160519
BitDefender Trojan.GenericKD.3243311 20160519
Emsisoft Trojan.GenericKD.3243311 (B) 20160519
ESET-NOD32 a variant of Win32/Kryptik.EVBG 20160519
F-Secure Trojan.GenericKD.3243311 20160519
GData Trojan.GenericKD.3243311 20160519
eScan Trojan.GenericKD.3243311 20160519
Qihoo-360 QVM07.1.Malware.Gen 20160519
AhnLab-V3 20160519
Alibaba 20160516
ALYac 20160519
Arcabit 20160519
AVG 20160519
AVware 20160518
Baidu-International 20160518
Bkav 20160518
CAT-QuickHeal 20160518
ClamAV 20160519
CMC 20160516
Comodo 20160519
Cyren 20160519
DrWeb 20160519
F-Prot 20160519
Fortinet 20160519
Ikarus 20160519
Jiangmin 20160519
K7AntiVirus 20160519
K7GW 20160519
Kaspersky 20160519
Kingsoft 20160519
Malwarebytes 20160519
McAfee 20160519
McAfee-GW-Edition 20160519
Microsoft 20160518
NANO-Antivirus 20160519
nProtect 20160518
Panda 20160518
Rising 20160519
Sophos AV 20160519
SUPERAntiSpyware 20160519
Symantec 20160519
Tencent 20160519
TheHacker 20160519
TotalDefense 20160519
TrendMicro 20160519
TrendMicro-HouseCall 20160519
VBA32 20160518
VIPRE 20160519
ViRobot 20160519
Yandex 20160518
Zillya 20160518
Zoner 20160519
The file being studied is a Portable Executable file! More specifically, it is a Win32 EXE file for the Windows GUI subsystem.
FileVersionInfo properties
Product Soft
File version 1.0
Description Soft
PE header basic information
Target machine Intel 386 or later processors and compatible processors
Compilation timestamp 2016-05-17 05:22:52
Entry Point 0x0004499C
Number of sections 3
PE sections
PE imports
GetLastError
HeapFree
GetStdHandle
EnterCriticalSection
SetHandleCount
GetModuleFileNameW
FreeLibrary
QueryPerformanceCounter
HeapDestroy
HeapAlloc
IsBadWritePtr
TlsAlloc
GetEnvironmentStringsW
LoadLibraryA
WaitForSingleObjectEx
RtlUnwind
GetModuleFileNameA
FreeEnvironmentStringsA
DeleteCriticalSection
GetCurrentProcess
GetEnvironmentStrings
GetCommandLineW
UnhandledExceptionFilter
MultiByteToWideChar
GetStartupInfoW
FreeEnvironmentStringsW
GetCommandLineA
GetProcAddress
InterlockedCompareExchange
GetCurrentThread
WideCharToMultiByte
TlsFree
GetModuleHandleA
GetCurrentThreadId
InterlockedExchange
WriteFile
GetStartupInfoA
CloseHandle
HeapReAlloc
GetModuleHandleW
TerminateProcess
InitializeCriticalSection
HeapCreate
VirtualFree
FatalAppExitA
TlsGetValue
GetFileType
TlsSetValue
ExitProcess
GetVersion
VirtualAlloc
SetLastError
LeaveCriticalSection
GetSubMenu
LoadIconA
DestroyIcon
ReleaseDC
GetMenuItemCount
OffsetRect
DefWindowProcW
LoadStringW
GetClientRect
DestroyMenu
AdjustWindowRectEx
PostMessageW
PtInRect
GetClipboardData
DestroyWindow
Number of PE resources by type
RT_STRING 1
RT_VERSION 1
Number of PE resources by language
ENGLISH US 2
PE resources
ExifTool file metadata
SubsystemVersion
4.0

LinkerVersion
7.1

ImageVersion
0.0

FileSubtype
0

FileVersionNumber
1.0.0.0

UninitializedDataSize
0

LanguageCode
English (U.S.)

FileFlagsMask
0x0017

CharacterSet
Windows, Latin1

InitializedDataSize
12288

EntryPoint
0x4499c

MIMEType
application/octet-stream

FileVersion
1.0

TimeStamp
2016:05:17 06:22:52+01:00

FileType
Win32 EXE

PEType
PE32

ProductVersion
2, 0

FileDescription
Soft

OSVersion
4.0

FileOS
Win32

Subsystem
Windows GUI

MachineType
Intel 386 or later, and compatibles

CompanyName
Soft

CodeSize
290816

ProductName
Soft

ProductVersionNumber
1.9.0.0

FileTypeExtension
exe

ObjectFileType
Executable application

File identification
MD5 8c4e9399c0ae912be177320188594179
SHA1 a32c116452871f318e718e99ce20be871ff3aa94
SHA256 849bcc270b987a4bfeac70fa94672a8f202ae34479cb4f962fd0e4d3ebe8fee9
ssdeep
6144:mq2oWL9XnXZe6Anf6wcHXzoY5I5HIAOvaBdS0:mlb9XZenf1kRkIhvw

authentihash d083e24d49a850d172adb360964d03dff2757c37bbd8392cfee384b085fd64e3
imphash 6eb7d84b7d7f9b0886cde6b8199edb88
File size 300.0 KB ( 307200 bytes )
File type Win32 EXE
Magic literal
PE32 executable for MS Windows (GUI) Intel 80386 32-bit

TrID Win32 Executable MS Visual C++ (generic) (41.0%)
Win64 Executable (generic) (36.3%)
Win32 Dynamic Link Library (generic) (8.6%)
Win32 Executable (generic) (5.9%)
OS/2 Executable (generic) (2.6%)
Tags
peexe

VirusTotal metadata
First submission 2016-05-19 08:31:23 UTC ( 2 years, 11 months ago )
Last submission 2016-05-19 08:31:23 UTC ( 2 years, 11 months ago )
No comments. No VirusTotal Community member has commented on this item yet, be the first one to do so!

Leave your comment...

?
Post comment

You have not signed in. Only registered users can leave comments, sign in and have a voice!

No votes. No one has voted on this item yet, be the first one to do so!
Condensed report! The following is a condensed report of the behaviour of the file when executed in a controlled environment. The actions and events described were either performed by the file itself or by any other process launched by the executed file or subjected to code injection by the executed file.
Opened files
Read files
Written files
Deleted files
Created processes
Code injections in the following processes
Created mutexes
Opened mutexes
Opened service managers
Opened services
Runtime DLLs
HTTP requests
DNS requests
TCP connections
UDP communications