× Cookies are disabled! This site requires cookies to be enabled to work properly
SHA256: 89546df8028480e9fe13d2a661a5560f58e54a176de32009e72664c0a2f60c23
File name: d98517c5f64ba3946848fb1d0997696b.virus
Detection ratio: 41 / 56
Analysis date: 2016-08-24 16:45:46 UTC ( 2 years, 6 months ago ) View latest
Antivirus Result Update
Ad-Aware Trojan.Generic.17570126 20160824
AhnLab-V3 Malware/Win32.Generic.N2039360518 20160824
ALYac Trojan.Generic.17570126 20160824
Antiy-AVL Trojan[Downloader]/Win32.Gootkit 20160824
Arcabit Trojan.Generic.D10C194E 20160824
Avast Win32:Trojan-gen 20160824
AVG Generic_r.KVD 20160824
Avira (no cloud) TR/Crypt.ZPACK.pywb 20160824
AVware Trojan.Win32.Generic.pak!cobra 20160824
Baidu Win32.Trojan.Kryptik.anp 20160824
BitDefender Trojan.Generic.17570126 20160824
Comodo TrojWare.Win32.Kryptik.FBWM 20160824
Cyren W32/Trojan.JYHD-7792 20160824
DrWeb Trojan.Siggen6.58358 20160824
Emsisoft Trojan.Generic.17570126 (B) 20160824
ESET-NOD32 Win32/TrojanDownloader.Agent.CFH 20160824
F-Secure Trojan.Generic.17570126 20160824
Fortinet W32/Generic.AP.44240 20160824
GData Trojan.Generic.17570126 20160824
Ikarus PUA.Downloader 20160824
Jiangmin TrojanDownloader.Gootkit.fw 20160824
K7AntiVirus Trojan-Downloader ( 004e141d1 ) 20160824
K7GW Trojan-Downloader ( 004e141d1 ) 20160824
Kaspersky HEUR:Trojan.Win32.Generic 20160824
McAfee RDN/Generic Downloader.x 20160824
McAfee-GW-Edition BehavesLike.Win32.PackedAP.dt 20160824
Microsoft TrojanDownloader:Win32/Talalpek.A 20160824
eScan Trojan.Generic.17570126 20160824
NANO-Antivirus Trojan.Win32.Siggen6.efchwh 20160824
Panda Trj/GdSda.A 20160824
Qihoo-360 HEUR/QVM20.1.0000.Malware.Gen 20160824
Rising Downloader.Talalpek!8.848F-3jevPYLslp (Cloud) 20160824
Sophos AV Mal/Generic-S 20160824
Symantec Packed.Generic.459 20160824
Tencent Win32.Trojan-downloader.Gootkit.Wstp 20160824
TrendMicro TROJ_GEN.R028C0DG516 20160824
TrendMicro-HouseCall TROJ_GEN.R028C0DG516 20160824
VBA32 TrojanDownloader.Gootkit 20160824
VIPRE Trojan.Win32.Generic.pak!cobra 20160824
Yandex Trojan.DL.Gootkit! 20160823
Zillya Downloader.Agent.Win32.313249 20160824
AegisLab 20160824
Alibaba 20160824
Bkav 20160824
CAT-QuickHeal 20160824
ClamAV 20160824
CMC 20160824
F-Prot 20160824
Kingsoft 20160824
Malwarebytes 20160824
nProtect 20160824
SUPERAntiSpyware 20160823
TheHacker 20160824
TotalDefense 20160824
ViRobot 20160824
Zoner 20160824
The file being studied is a Portable Executable file! More specifically, it is a Win32 EXE file for the Windows GUI subsystem.
PE header basic information
Target machine Intel 386 or later processors and compatible processors
Compilation timestamp 2016-07-03 19:50:47
Entry Point 0x000016C0
Number of sections 4
PE sections
PE imports
RegQueryValueExW
RegOpenKeyW
GetEnhMetaFileA
SetMetaRgn
PathToRegion
GetBkMode
SaveDC
GetTextCharset
GetEnhMetaFileW
GetROP2
UnrealizeObject
UpdateColors
GetObjectType
GetLayout
GetMapMode
GetPixelFormat
GetSystemPaletteUse
GetFontLanguageInfo
RealizePalette
GetDCBrushColor
GetColorSpace
GetStockObject
GetPolyFillMode
StrokePath
GetDCPenColor
GetGraphicsMode
GetTextAlign
SwapBuffers
GetTextColor
GetStretchBltMode
WidenPath
GetBkColor
GetTextCharacterExtra
GetStdHandle
GetDriveTypeW
ReleaseMutex
FileTimeToSystemTime
WaitForSingleObject
EncodePointer
GetFileAttributesW
GetLocalTime
DeleteCriticalSection
GetCurrentProcess
GetConsoleMode
EnumSystemLocalesW
GetFileInformationByHandle
lstrcatW
GetLocaleInfoW
SetStdHandle
WideCharToMultiByte
WriteFile
GetSystemTimeAsFileTime
HeapReAlloc
GetStringTypeW
GetOEMCP
CreateEventW
OutputDebugStringW
FindClose
TlsGetValue
SetFileAttributesW
SetLastError
PeekNamedPipe
InterlockedDecrement
CopyFileW
LoadResource
GetModuleFileNameW
IsDebuggerPresent
HeapAlloc
GetModuleFileNameA
LoadLibraryA
UnhandledExceptionFilter
LoadLibraryExW
MultiByteToWideChar
SystemTimeToTzSpecificLocalTime
SetFilePointerEx
GetFullPathNameW
CreateThread
MoveFileExW
SetUnhandledExceptionFilter
CreateMutexW
MulDiv
IsProcessorFeaturePresent
DecodePointer
SetEnvironmentVariableA
TerminateProcess
GetModuleHandleExW
SetCurrentDirectoryW
GlobalAlloc
SetEndOfFile
GetCurrentThreadId
GetProcAddress
WriteConsoleW
InitializeCriticalSectionAndSpinCount
HeapFree
EnterCriticalSection
LoadLibraryW
GetVersionExW
SetEvent
QueryPerformanceCounter
TlsAlloc
FlushFileBuffers
lstrcmpiW
RtlUnwind
FreeLibrary
GlobalSize
GetDateFormatW
GetStartupInfoW
CreateDirectoryW
DeleteFileW
GetUserDefaultLCID
GetProcessHeap
GetTimeFormatW
lstrcpyW
FreeEnvironmentStringsW
FindNextFileW
ResetEvent
FindFirstFileW
IsValidLocale
lstrcmpW
FindFirstFileExW
GlobalLock
ReadConsoleW
GetTimeZoneInformation
CreateFileW
GetFileType
TlsSetValue
ExitProcess
LeaveCriticalSection
GetLastError
LCMapStringW
GetSystemInfo
GlobalFree
GetConsoleCP
OpenEventW
CompareStringW
GetEnvironmentStringsW
GlobalUnlock
lstrlenW
FileTimeToLocalFileTime
SizeofResource
GetCurrentDirectoryW
GetCurrentProcessId
LockResource
GetCommandLineW
GetCPInfo
HeapSize
GetCommandLineA
lstrcpynW
ExpandEnvironmentStringsW
RaiseException
TlsFree
FindResourceW
ReadFile
CloseHandle
GetACP
GetModuleHandleW
GetLongPathNameW
IsValidCodePage
GetTempPathW
Sleep
CountClipboardFormats
AnyPopup
LoadCursorFromFileA
GetDialogBaseUnits
LoadIconW
CloseClipboard
GetClipboardSequenceNumber
Number of PE resources by type
RT_ICON 9
RT_GROUP_ICON 1
Number of PE resources by language
ENGLISH US 10
PE resources
ExifTool file metadata
MIMEType
application/octet-stream

Subsystem
Windows GUI

MachineType
Intel 386 or later, and compatibles

FileTypeExtension
exe

TimeStamp
2016:07:03 20:50:47+01:00

FileType
Win32 EXE

PEType
PE32

CodeSize
105472

LinkerVersion
9.0

EntryPoint
0x16c0

InitializedDataSize
190976

SubsystemVersion
5.0

ImageVersion
0.0

OSVersion
5.0

UninitializedDataSize
0

File identification
MD5 d98517c5f64ba3946848fb1d0997696b
SHA1 5b75d1a11e7b69a23657dbf9ca064c3f136ff1ce
SHA256 89546df8028480e9fe13d2a661a5560f58e54a176de32009e72664c0a2f60c23
ssdeep
3072:GWD/fpJQKP1EmGIXCK+LfCJudnPJ+vDGzLENc0HFP/dKBMhQ6:trP1gI/QtPm6EaQ1KBMh

authentihash bd5c1f6cc5fa594cda4334152c4d4cb1bb77fc2cbb017b72c95a285baa4bacf7
imphash 9971eda66457d3f68517a1aaf0c0b151
File size 290.5 KB ( 297472 bytes )
File type Win32 EXE
Magic literal
PE32 executable for MS Windows (GUI) Intel 80386 32-bit

TrID Win32 Executable MS Visual C++ (generic) (42.2%)
Win64 Executable (generic) (37.3%)
Win32 Dynamic Link Library (generic) (8.8%)
Win32 Executable (generic) (6.0%)
Generic Win/DOS Executable (2.7%)
Tags
peexe

VirusTotal metadata
First submission 2016-08-24 16:45:46 UTC ( 2 years, 6 months ago )
Last submission 2016-08-24 16:45:46 UTC ( 2 years, 6 months ago )
File names d98517c5f64ba3946848fb1d0997696b.virus
No comments. No VirusTotal Community member has commented on this item yet, be the first one to do so!

Leave your comment...

?
Post comment

You have not signed in. Only registered users can leave comments, sign in and have a voice!

No votes. No one has voted on this item yet, be the first one to do so!
Condensed report! The following is a condensed report of the behaviour of the file when executed in a controlled environment. The actions and events described were either performed by the file itself or by any other process launched by the executed file or subjected to code injection by the executed file.
Created processes
Created mutexes
Opened mutexes
Runtime DLLs
DNS requests
UDP communications