× Cookies are disabled! This site requires cookies to be enabled to work properly
SHA256: 88c5557b400cfc4aca32d27049f67e0e45ad39749e41876a480d4ace7eaa651f
File name: 206c8894322ca5359119df020677329e98f30052
Detection ratio: 40 / 56
Analysis date: 2016-10-10 14:09:30 UTC ( 2 years, 4 months ago )
Antivirus Result Update
Ad-Aware Gen:Variant.Razy.96573 20161010
AhnLab-V3 Trojan/Win32.Tuhkit.C1575588 20161010
ALYac Gen:Variant.Razy.96573 20161010
Antiy-AVL Trojan[Banker]/Win32.Tuhkit 20161010
Arcabit Trojan.Razy.D1793D 20161010
Avast Win32:Trojan-gen 20161010
AVG Crypt6.BIU 20161010
Avira (no cloud) TR/Crypt.ZPACK.whesb 20161010
AVware Trojan.Win32.Generic!BT 20161010
BitDefender Gen:Variant.Razy.96573 20161010
Bkav HW32.Packed.6F54 20161008
CrowdStrike Falcon (ML) malicious_confidence_100% (D) 20160725
DrWeb Trojan.Siggen6.58358 20161010
Emsisoft Gen:Variant.Razy.96573 (B) 20161010
ESET-NOD32 a variant of Win32/Kryptik.FGOM 20161010
F-Secure Gen:Variant.Razy.96573 20161010
Fortinet W32/Tuhkit.CD!tr 20161010
GData Gen:Variant.Razy.96573 20161010
Ikarus Trojan.Win32.Crypt 20161010
Sophos ML worm.win32.allaple.a 20160928
Jiangmin Trojan.Banker.Tuhkit.az 20161010
K7AntiVirus Trojan ( 004f906e1 ) 20161010
K7GW Trojan ( 004f906e1 ) 20161010
Kaspersky Trojan-Banker.Win32.Tuhkit.cd 20161010
Malwarebytes Trojan.Boaxxe 20161010
McAfee RDN/Generic Downloader.x 20161010
McAfee-GW-Edition BehavesLike.Win32.AAEH.cc 20161010
Microsoft TrojanDownloader:Win32/Talalpek.A 20161010
eScan Gen:Variant.Razy.96573 20161010
NANO-Antivirus Trojan.Win32.Tuhkit.egrgri 20161010
Panda Trj/GdSda.A 20161010
Qihoo-360 HEUR/QVM20.1.0000.Malware.Gen 20161010
Rising Malware.Generic!6aukseCqUgU@2 (thunder) 20161010
Sophos AV Mal/Generic-S 20161010
Symantec Trojan.Gen 20161010
Tencent Win32.Trojan-banker.Tuhkit.Ednx 20161010
TrendMicro TROJ_GEN.R021C0DIP16 20161010
TrendMicro-HouseCall TROJ_HPTALAPEK.SMEND 20161010
VIPRE Trojan.Win32.Generic!BT 20161010
Yandex Trojan.PWS.Tuhkit! 20161009
AegisLab 20161010
Alibaba 20161010
Baidu 20161010
CAT-QuickHeal 20161010
ClamAV 20161010
CMC 20161010
Comodo 20161010
Cyren 20161010
F-Prot 20161010
Kingsoft 20161010
nProtect 20161010
SUPERAntiSpyware 20161010
TheHacker 20161009
VBA32 20161010
ViRobot 20161010
Zillya 20161007
Zoner 20161010
The file being studied is a Portable Executable file! More specifically, it is a Win32 EXE file for the Windows GUI subsystem.
Packers identified
PEiD Ste@lth PE 1.01 -> BGCorp
PE header basic information
Target machine Intel 386 or later processors and compatible processors
Compilation timestamp 2012-07-14 10:54:05
Entry Point 0x00003002
Number of sections 3
PE sections
PE imports
AuthzFreeResourceManager
AuthzFreeAuditEvent
GetStdHandle
WaitForSingleObject
GetTickCount
CreateMailslotA
RemoveDirectoryA
LoadLibraryA
GetACP
GetVolumeInformationW
DeleteFileW
GetProcAddress
CreateWaitableTimerW
GetFileTime
SetEndOfFile
ReleaseSemaphore
MapViewOfFile
GlobalAddAtomA
GetProcessVersion
GetCompressedFileSizeA
FindNextFileA
lstrcmpW
GetStringTypeW
GetGeoInfoW
CreateEventW
OpenJobObjectW
InterlockedDecrement
GetFullPathNameW
CreateFileA
GetCurrentThreadId
lstrcpyn
InterlockedIncrement
CPEncrypt
CPDecrypt
UrlCanonicalizeA
UrlHashW
PathAppendA
UrlIsA
UrlGetLocationW
UrlIsNoHistoryA
UrlCombineW
UrlUnescapeA
PathCompactPathA
UrlCreateFromPathW
Number of PE resources by type
RT_DIALOG 1
KURS 1
Number of PE resources by language
NEUTRAL 2
PE resources
Debug information
ExifTool file metadata
MIMEType
application/octet-stream

Subsystem
Windows GUI

MachineType
Intel 386 or later, and compatibles

TimeStamp
2012:07:14 11:54:05+01:00

FileType
Win32 EXE

PEType
PE32

CodeSize
129536

LinkerVersion
7.1

FileTypeExtension
exe

InitializedDataSize
8192

SubsystemVersion
4.0

EntryPoint
0x3002

OSVersion
5.1

ImageVersion
5.1

UninitializedDataSize
0

File identification
MD5 87e5a1470bd969bdeeb83effeca82a76
SHA1 206c8894322ca5359119df020677329e98f30052
SHA256 88c5557b400cfc4aca32d27049f67e0e45ad39749e41876a480d4ace7eaa651f
ssdeep
3072:JnnnnEplkrMfUYWJH6eEeD3ahPFqJ7njMAOpF:JnnnnEYnbaHAIojMA

authentihash 423354abdfed9863ec97b987e1822cde56d52bc74d7036c0d6ec2e0372b8b83d
imphash 832db5c576403569919be0b1d10cb314
File size 135.5 KB ( 138752 bytes )
File type Win32 EXE
Magic literal
PE32 executable for MS Windows (GUI) Intel 80386 32-bit

TrID Win32 Executable (generic) (52.9%)
Generic Win/DOS Executable (23.5%)
DOS Executable Generic (23.5%)
Tags
peexe stealth

VirusTotal metadata
First submission 2016-10-10 14:09:30 UTC ( 2 years, 4 months ago )
Last submission 2016-10-10 14:09:30 UTC ( 2 years, 4 months ago )
No comments. No VirusTotal Community member has commented on this item yet, be the first one to do so!

Leave your comment...

?
Post comment

You have not signed in. Only registered users can leave comments, sign in and have a voice!

No votes. No one has voted on this item yet, be the first one to do so!
Condensed report! The following is a condensed report of the behaviour of the file when executed in a controlled environment. The actions and events described were either performed by the file itself or by any other process launched by the executed file or subjected to code injection by the executed file.
Opened files
Read files
Written files
Deleted files
Created processes
Code injections in the following processes
Created mutexes
Opened mutexes
Opened service managers
Opened services
Runtime DLLs
HTTP requests
DNS requests
TCP connections
UDP communications