× Cookies are disabled! This site requires cookies to be enabled to work properly
SHA256: 889f175b3c8bde5f8bebb5830773decc16288b5be43168d6bea385352417af7d
File name: AFP_case.exe
Detection ratio: 35 / 56
Analysis date: 2016-03-10 00:09:50 UTC ( 3 years, 1 month ago ) View latest
Antivirus Result Update
Ad-Aware Trojan.GenericKD.3088251 20160310
AegisLab Troj.Dropper.Gen!c 20160309
AhnLab-V3 Trojan/Win32.Filecoder 20160309
ALYac Trojan.GenericKD.3088251 20160310
Arcabit Trojan.Generic.D2F1F7B 20160310
Avast Win32:Malware-gen 20160310
AVG Generic37.AQGH 20160310
Avira (no cloud) TR/Dropper.Gen 20160310
Baidu Win32.Trojan.Kryptik.qb 20160225
BitDefender Trojan.GenericKD.3088251 20160309
Bkav HW32.Packed.841C 20160309
Comodo TrojWare.Win32.Agent 20160309
DrWeb Trojan.Encoder.4113 20160309
Emsisoft Trojan-Ransom.Win32.Agent (A) 20160309
ESET-NOD32 Win32/Filecoder.DI 20160309
F-Secure Trojan.GenericKD.3088251 20160309
Fortinet W32/Ransom.CLR!tr 20160309
GData Trojan.GenericKD.3088251 20160309
Ikarus Trojan-Ransom.CryptoWall3 20160309
K7AntiVirus Trojan ( 004aa0281 ) 20160309
K7GW Trojan ( 004aa0281 ) 20160309
Kaspersky Backdoor.Win32.Androm.jfqj 20160309
Malwarebytes Ransom.CryptoWall 20160309
McAfee Artemis!16233D1F5DB4 20160309
McAfee-GW-Edition BehavesLike.Win32.FakeSecTool.hh 20160309
Microsoft Ransom:Win32/Teerac.A 20160309
eScan Trojan.GenericKD.3088251 20160309
nProtect Trojan.GenericKD.3088251 20160309
Panda Trj/GdSda.A 20160309
Qihoo-360 HEUR/QVM07.1.Malware.Gen 20160310
Rising PE:Malware.FakePDF@CV!1.9E05 [F] 20160309
Sophos AV Troj/Ransom-CLR 20160309
Symantec Suspicious.Cloud.9 20160309
Tencent Win32.Trojan.Dropper.Dvzn 20160310
VIPRE Trojan.Win32.Generic!BT 20160310
Yandex 20160308
Alibaba 20160309
Antiy-AVL 20160310
AVware 20160309
Baidu-International 20160309
ByteHero 20160310
CAT-QuickHeal 20160309
ClamAV 20160308
CMC 20160307
Cyren 20160309
F-Prot 20160309
Jiangmin 20160309
NANO-Antivirus 20160309
SUPERAntiSpyware 20160309
TheHacker 20160309
TrendMicro 20160309
TrendMicro-HouseCall 20160309
VBA32 20160309
ViRobot 20160310
Zillya 20160309
Zoner 20160309
The file being studied is a Portable Executable file! More specifically, it is a Win32 EXE file for the Windows GUI subsystem.
PE header basic information
Target machine Intel 386 or later processors and compatible processors
Compilation timestamp 2008-11-24 04:15:10
Entry Point 0x0000F016
Number of sections 4
PE sections
PE imports
CreateFileMappingW
CreatePipe
GetStartupInfoA
GetModuleHandleA
GetConsoleTitleW
GlobalHandle
FindResourceExW
HeapAlloc
GetFileType
LZOpenFileW
Ord(324)
Ord(3825)
Ord(3147)
Ord(2124)
Ord(1775)
Ord(3830)
Ord(4627)
Ord(3597)
Ord(1168)
Ord(4853)
Ord(3136)
Ord(2982)
Ord(1013)
Ord(3079)
Ord(3262)
Ord(4234)
Ord(1576)
Ord(4079)
Ord(2055)
Ord(5065)
Ord(5307)
Ord(4353)
Ord(3798)
Ord(1053)
Ord(1042)
Ord(3259)
Ord(3081)
Ord(2648)
Ord(1051)
Ord(5280)
Ord(4407)
Ord(2446)
Ord(4078)
Ord(2725)
Ord(2554)
Ord(1077)
Ord(5289)
Ord(1093)
Ord(2396)
Ord(6376)
Ord(561)
Ord(4837)
Ord(3831)
Ord(6374)
Ord(3346)
Ord(5302)
Ord(1727)
Ord(4486)
Ord(1008)
Ord(2976)
Ord(2985)
Ord(4998)
Ord(2385)
Ord(815)
Ord(1089)
Ord(1099)
Ord(5300)
Ord(4698)
Ord(1063)
Ord(5163)
Ord(3922)
Ord(5277)
Ord(2514)
Ord(5265)
Ord(3749)
Ord(2512)
Ord(5199)
Ord(4441)
Ord(4274)
Ord(1036)
Ord(5261)
Ord(4465)
Ord(1015)
Ord(5731)
Ord(1060)
__p__fmode
_mbsdup
_mbsnbcoll
_spawnlpe
_acmdln
_adjust_fdiv
__setusermatherr
_strdate
_setmbcp
__dllonexit
_onexit
labs
__getmainargs
_initterm
_controlfp
_yn
__p__commode
__set_app_type
IsCharUpperA
Number of PE resources by type
RT_ICON 11
RT_GROUP_ICON 6
RT_DIALOG 1
RT_VERSION 1
Number of PE resources by language
NEUTRAL 11
ENGLISH US 8
PE resources
ExifTool file metadata
SubsystemVersion
4.0

LinkerVersion
6.0

ImageVersion
0.0

FileSubtype
0

FileVersionNumber
0.210.8.185

UninitializedDataSize
0

LanguageCode
Unknown (DISI)

FileFlagsMask
0x003f

CharacterSet
Unknown (NCLINED)

InitializedDataSize
462848

EntryPoint
0xf016

MIMEType
application/octet-stream

LegalCopyright
2012 (C) 2010

FileVersion
0.194.208.130

TimeStamp
2008:11:24 05:15:10+01:00

FileType
Win32 EXE

PEType
PE32

InternalName
Efficiencies

ProductVersion
0.224.244.230

FileDescription
Darwin File Duplicated

OSVersion
4.0

FileOS
Win32

Subsystem
Windows GUI

MachineType
Intel 386 or later, and compatibles

CompanyName
SurfControl plc

CodeSize
61440

ProductName
Busting Breach

ProductVersionNumber
0.99.155.244

FileTypeExtension
exe

ObjectFileType
Executable application

File identification
MD5 16233d1f5db46a04f9e9c25f04cade7d
SHA1 f1d322dae904394dc97294dddec48e4f3dac4e99
SHA256 889f175b3c8bde5f8bebb5830773decc16288b5be43168d6bea385352417af7d
ssdeep
12288:00apAL8dXkD+av/fHDPtsDtVjd9v2IDbS+fgSHTFQp+GH1:wzjavnDPtsDjd9OIDbSagRL1

authentihash b8ff4db8e64b6f3e140ec85f7eb5457b94a1222efa2575de4fa0a6faf22cc6fc
imphash ea466aeb382742888fb874490001a744
File size 516.0 KB ( 528384 bytes )
File type Win32 EXE
Magic literal
PE32 executable for MS Windows (GUI) Intel 80386 32-bit

TrID Win32 Dynamic Link Library (generic) (43.5%)
Win32 Executable (generic) (29.8%)
Generic Win/DOS Executable (13.2%)
DOS Executable Generic (13.2%)
Tags
peexe

VirusTotal metadata
First submission 2016-03-07 18:50:30 UTC ( 3 years, 1 month ago )
Last submission 2016-08-09 12:45:54 UTC ( 2 years, 8 months ago )
File names AFP_case.exe
Bolletta.exe
16233d1f5db46a04f9e9c25f04cade7d
No comments. No VirusTotal Community member has commented on this item yet, be the first one to do so!

Leave your comment...

?
Post comment

You have not signed in. Only registered users can leave comments, sign in and have a voice!

No votes. No one has voted on this item yet, be the first one to do so!
Condensed report! The following is a condensed report of the behaviour of the file when executed in a controlled environment. The actions and events described were either performed by the file itself or by any other process launched by the executed file or subjected to code injection by the executed file.
DNS requests
UDP communications