× Cookies are disabled! This site requires cookies to be enabled to work properly
SHA256: 84d49cf3ea94ac6249ecc3ad5bf4eb2fa51c0bbd161e0f78fa9955cb22bd6790
File name: 2e5d5566734445b6f31ebd055049ec7ffe6d9df2
Detection ratio: 11 / 55
Analysis date: 2016-06-24 23:14:35 UTC ( 2 years, 8 months ago ) View latest
Antivirus Result Update
Antiy-AVL Trojan/Win32.Agent 20160624
Avast Win32:Malware-gen 20160624
Avira (no cloud) TR/Crypt.ZPACK.rsuj 20160624
Baidu Win32.Trojan.WisdomEyes.151026.9950.9999 20160624
Bkav HW32.Packed.D458 20160623
ESET-NOD32 Win32/TrojanDownloader.Agent.CFH 20160625
McAfee Artemis!A328D62C8A17 20160624
McAfee-GW-Edition BehavesLike.Win32.FakeAlert.cc 20160624
Microsoft TrojanDownloader:Win32/Talalpek.A 20160624
Panda Trj/Genetic.gen 20160624
Qihoo-360 HEUR/QVM20.1.0000.Malware.Gen 20160625
Ad-Aware 20160624
AegisLab 20160624
AhnLab-V3 20160624
Alibaba 20160624
ALYac 20160624
Arcabit 20160624
AVG 20160624
AVware 20160624
Baidu-International 20160614
BitDefender 20160624
CAT-QuickHeal 20160623
ClamAV 20160624
CMC 20160620
Comodo 20160624
Cyren 20160624
DrWeb 20160624
Emsisoft 20160624
F-Prot 20160624
F-Secure 20160624
Fortinet 20160624
GData 20160624
Ikarus 20160624
Jiangmin 20160624
K7AntiVirus 20160624
K7GW 20160624
Kaspersky 20160624
Kingsoft 20160625
Malwarebytes 20160624
eScan 20160624
NANO-Antivirus 20160625
nProtect 20160624
Sophos AV 20160625
SUPERAntiSpyware 20160624
Symantec 20160624
Tencent 20160625
TheHacker 20160624
TotalDefense 20160625
TrendMicro 20160624
TrendMicro-HouseCall 20160624
VBA32 20160624
VIPRE 20160624
ViRobot 20160624
Yandex 20160624
Zillya 20160624
Zoner 20160624
The file being studied is a Portable Executable file! More specifically, it is a Win32 EXE file for the Windows GUI subsystem.
PE header basic information
Target machine Intel 386 or later processors and compatible processors
Compilation timestamp 2012-07-14 07:29:17
Entry Point 0x00017231
Number of sections 4
PE sections
PE imports
CopyFileW
FileTimeToSystemTime
CreateWaitableTimerA
GetTickCount
ReplaceFileW
RemoveDirectoryA
WaitForSingleObjectEx
GetStartupInfoA
GetDateFormatA
CreateDirectoryW
DeleteFileW
GetProcAddress
GetProcessHeap
lstrcpyW
GetModuleHandleA
WriteFile
CreateMutexW
GetComputerNameExW
lstrcpynA
FindNextFileA
GetACP
MoveFileExA
GetBinaryTypeA
GetLogicalDriveStringsA
GetNumberFormatA
OpenSemaphoreA
InterlockedDecrement
OneXInitialize
OneXFreeMemory
OneXAddTLV
SHGetFileInfoA
ShellAboutA
DragFinish
DragAcceptFiles
DuplicateIcon
SHChangeNotify
DllRegisterServer
ShellMessageBoxA
SHFileOperationA
SHGetMalloc
FindExecutableA
UrlCreateFromPathA
UrlCombineA
UrlCanonicalizeW
UrlIsA
UrlCompareA
UrlGetLocationW
PathIsRootA
PathCombineA
UrlHashA
PathCommonPrefixA
UrlUnescapeA
PathCompactPathA
UrlGetPartA
GetThemeFont
DrawThemeEdge
GetThemeColor
GetCurrentThemeName
IsThemeActive
OpenThemeData
GetThemeInt
GetThemeSysSize
GetThemeEnumValue
CloseThemeData
Number of PE resources by type
RT_VERSION 1
Number of PE resources by language
NEUTRAL 1
PE resources
Debug information
ExifTool file metadata
MIMEType
application/octet-stream

Subsystem
Windows GUI

MachineType
Intel 386 or later, and compatibles

FileTypeExtension
exe

TimeStamp
2012:07:14 08:29:17+01:00

FileType
Win32 EXE

PEType
PE32

CodeSize
94208

LinkerVersion
6.0

Warning
Possibly corrupt Version resource

EntryPoint
0x17231

InitializedDataSize
12800

SubsystemVersion
4.0

ImageVersion
0.0

OSVersion
4.0

UninitializedDataSize
0

File identification
MD5 a328d62c8a1724be5fdd6697f201bdb0
SHA1 f93546d44271fefeb3aa96fd60e38385d8fde764
SHA256 84d49cf3ea94ac6249ecc3ad5bf4eb2fa51c0bbd161e0f78fa9955cb22bd6790
ssdeep
1536:UYEcifXxm0bcruEhOd0FI/o30CQSRXH2pGQQsVxpMLeyOIbn83qpoMXvMie5d:idXGPuw3dQK2pGmxOLe283q+z

authentihash 8e4f8b2c6a81d8d08c3e6ab06901a15b5c03e19027e60263f049412c1416d422
imphash 398cb79c5fc55c94a133d944bfae3fea
File size 105.5 KB ( 108032 bytes )
File type Win32 EXE
Magic literal
PE32 executable for MS Windows (GUI) Intel 80386 32-bit

TrID Win32 Executable (generic) (52.9%)
Generic Win/DOS Executable (23.5%)
DOS Executable Generic (23.5%)
Tags
peexe

VirusTotal metadata
First submission 2016-06-23 23:04:22 UTC ( 2 years, 8 months ago )
Last submission 2017-10-20 00:41:32 UTC ( 1 year, 4 months ago )
File names a328d62c8a1724be5fdd6697f201bdb0.virobj
virussign.com_a328d62c8a1724be5fdd6697f201bdb0.vir
k1.exe
84d49cf3ea94ac6249ecc3ad5bf4eb2fa51c0bbd161e0f78fa9955cb22bd6790.exe
2e5d5566734445b6f31ebd055049ec7ffe6d9df2
No comments. No VirusTotal Community member has commented on this item yet, be the first one to do so!

Leave your comment...

?
Post comment

You have not signed in. Only registered users can leave comments, sign in and have a voice!

No votes. No one has voted on this item yet, be the first one to do so!
Condensed report! The following is a condensed report of the behaviour of the file when executed in a controlled environment. The actions and events described were either performed by the file itself or by any other process launched by the executed file or subjected to code injection by the executed file.
Opened files
Read files
Written files
Deleted files
Created processes
Code injections in the following processes
Created mutexes
Opened mutexes
Opened service managers
Opened services
Runtime DLLs
HTTP requests
DNS requests
TCP connections
UDP communications