× Cookies are disabled! This site requires cookies to be enabled to work properly
SHA256: 89d17e9c9ab25e837970bc6ef953dfb7b528265e633864aaefe18d4f7cd33218
File name: a1c925136b8b831915363b1f92dd758e.virus
Detection ratio: 40 / 57
Analysis date: 2016-04-22 09:17:09 UTC ( 2 years, 10 months ago ) View latest
Antivirus Result Update
Ad-Aware Trojan.Agent.BSJZ 20160422
AegisLab Troj.W32.Gen.lMJ4 20160422
AhnLab-V3 Malware/Gen.Generic 20160421
ALYac Trojan.Agent.BSJZ 20160422
Antiy-AVL Trojan[Backdoor]/Win32.Qakbot 20160422
Arcabit Trojan.Agent.BSJZ 20160422
Avast Win32:Trojan-gen 20160422
AVG Crypt5.AVNP 20160422
Avira (no cloud) TR/Crypt.Xpack.wrrv 20160422
Baidu Win32.Trojan.Kryptik.zd 20160422
BitDefender Trojan.Agent.BSJZ 20160422
Bkav HW32.Packed.B7CB 20160421
Cyren W32/S-11ee5b68!Eldorado 20160422
Emsisoft Trojan.Agent.BSJZ (B) 20160422
ESET-NOD32 a variant of Win32/Kryptik.ETIW 20160422
F-Prot W32/S-11ee5b68!Eldorado 20160422
F-Secure Trojan.Agent.BSJZ 20160422
Fortinet W32/Kryptik.ETIW!tr 20160422
GData Trojan.Agent.BSJZ 20160422
Ikarus Trojan.Win32.Crypt 20160422
Jiangmin KVBASE 20160422
K7AntiVirus Trojan ( 004e24591 ) 20160422
K7GW Trojan ( 004e24591 ) 20160422
Kaspersky Backdoor.Win32.Qakbot.b 20160422
Malwarebytes Trojan.Qakbot 20160422
McAfee W32/PinkSbot-BS!A1C925136B8B 20160422
McAfee-GW-Edition BehavesLike.Win32.Backdoor.dc 20160422
Microsoft Backdoor:Win32/Qakbot!rfn 20160422
eScan Trojan.Agent.BSJZ 20160422
NANO-Antivirus Trojan.Win32.Xpack.ebjqpq 20160422
nProtect Trojan.Agent.BSJZ 20160421
Panda Trj/Genetic.gen 20160421
Qihoo-360 QVM20.1.Malware.Gen 20160422
Rising PE:Malware.Generic/QRS!1.9E2D [F] 20160422
Sophos AV Mal/Qbot-N 20160422
Symantec W32.Qakbot 20160422
Tencent Win32.Backdoor.Qakbot.Lmkn 20160422
TrendMicro-HouseCall TROJ_KRYPTIK_FD1101EA.UVPM 20160422
Yandex Backdoor.Qakbot!ApjoY+pXlMQ 20160421
Zillya Backdoor.Qakbot.Win32.36 20160422
Alibaba 20160422
AVware 20160422
Baidu-International 20160422
CAT-QuickHeal 20160422
ClamAV 20160422
CMC 20160421
Comodo 20160422
DrWeb 20160422
Kingsoft 20160422
SUPERAntiSpyware 20160422
TheHacker 20160421
TotalDefense 20160421
TrendMicro 20160422
VBA32 20160421
VIPRE 20160422
ViRobot 20160422
Zoner 20160422
The file being studied is a Portable Executable file! More specifically, it is a Win32 EXE file for the Windows command line subsystem.
PE header basic information
Target machine Intel 386 or later processors and compatible processors
Compilation timestamp 2016-04-05 14:47:26
Entry Point 0x00007570
Number of sections 5
PE sections
PE imports
PlayMetaFileRecord
GdiComment
SelectObject
SetStretchBltMode
CreateBrushIndirect
SetICMProfileA
ExtTextOutA
GetGraphicsMode
SetViewportOrgEx
GetLogColorSpaceW
CreateRoundRectRgn
BeginPath
LineDDA
RealizePalette
SetSystemPaletteUse
StretchDIBits
lstrcatA
lstrlenA
GetModuleFileNameW
CompareStringA
FreeConsole
MprInfoBlockQuerySize
MprAdminIsDomainRasServer
MprAdminInterfaceGetCredentialsEx
MprAdminMIBEntryCreate
MprAdminInterfaceTransportRemove
MprInfoBlockSet
MprAdminMIBServerConnect
MprAdminTransportCreate
RpcBindingToStringBindingA
NdrFullPointerXlatFree
NdrNonConformantStringMarshall
NdrConformantVaryingStructMemorySize
NdrNonEncapsulatedUnionFree
RpcProtseqVectorFreeW
NdrConformantStringMarshall
NdrPointerUnmarshall
RpcNetworkIsProtseqValidA
RpcStringBindingParseA
RpcMgmtEpEltInqBegin
SetupDiOpenDeviceInterfaceA
SetupDiGetDeviceInstallParamsA
SetupDiOpenDeviceInfoA
SetupCopyErrorA
SetupGetSourceFileSizeA
SetupDiInstallClassW
SetupScanFileQueueW
SetupDiGetDriverInstallParamsA
SetupQueueCopyA
SetupDiGetDeviceInterfaceAlias
SetupInitializeFileLogA
EndDeferWindowPos
GetMessageA
GetSystemMetrics
GetWindowModuleFileNameA
AppendMenuA
SendMessageW
PaintDesktop
FillRect
CreateAcceleratorTableW
ModifyMenuW
GetCapture
CascadeWindows
RegisterDeviceNotificationW
GetThreadDesktop
DragDetect
PrintDlgA
CommDlgExtendedError
PageSetupDlgW
PageSetupDlgA
GetOpenFileNameW
SetColorProfileElementReference
CreateColorTransformA
DisassociateColorProfileFromDeviceW
CloseColorProfile
OpenColorProfileA
CreateMultiProfileTransform
GetColorProfileHeader
EnumColorProfilesW
UnregisterCMMW
UninstallColorProfileA
SetColorProfileHeader
GetStandardColorSpaceProfileA
GetNamedProfileInfo
ZwProtectVirtualMemory
NtOpenEvent
NtQueryVolumeInformationFile
RtlGetLongestNtPathLength
ZwQueryInformationThread
NtSetInformationProcess
LdrDisableThreadCalloutsForDll
NtQueryDirectoryFile
RtlNtStatusToDosError
NtQueryInformationFile
RtlExtendedLargeIntegerDivide
RtlLargeIntegerSubtract
RtlCopyUnicodeString
ZwAllocateVirtualMemory
ZwMapViewOfSection
NtQueryInformationProcess
RtlQueryProcessDebugInformation
CoGetInstanceFromFile
MonikerCommonPrefixWith
OleGetAutoConvert
DoDragDrop
CoEnableCallCancellation
STGMEDIUM_UserFree
StgGetIFillLockBytesOnFile
OleSetContainedObject
CoRegisterMallocSpy
StringFromCLSID
CreateOleAdviseHolder
CoGetClassObject
CoRegisterClassObject
HBITMAP_UserFree
StgOpenStorage
CoQueryAuthenticationServices
CoRevertToSelf
StgIsStorageFile
HMENU_UserSize
HDC_UserSize
CoSuspendClassObjects
StgOpenAsyncDocfileOnIFillLockBytes
BindMoniker
PdhComputeCounterStatistics
PdhOpenQueryA
PdhExpandCounterPathW
PdhExpandWildCardPathA
PdhSetCounterScaleFactor
PdhParseCounterPathA
PdhGetFormattedCounterArrayW
PdhUpdateLogW
PdhGetDataSourceTimeRangeW
PdhGetDefaultPerfCounterA
PdhEnumObjectsW
PdhSetDefaultRealTimeDataSource
PdhParseInstanceNameW
PdhParseCounterPathW
PdhValidatePathW
PdhCollectQueryData
ExifTool file metadata
MIMEType
application/octet-stream

Subsystem
Windows command line

MachineType
Intel 386 or later, and compatibles

FileTypeExtension
exe

TimeStamp
2016:04:05 15:47:26+01:00

FileType
Win32 EXE

PEType
PE32

CodeSize
32768

LinkerVersion
6.0

EntryPoint
0x7570

InitializedDataSize
225280

SubsystemVersion
4.0

ImageVersion
0.0

OSVersion
4.0

UninitializedDataSize
0

File identification
MD5 a1c925136b8b831915363b1f92dd758e
SHA1 8a0fa96e3a368bfd5215180375f5d4671785d522
SHA256 89d17e9c9ab25e837970bc6ef953dfb7b528265e633864aaefe18d4f7cd33218
ssdeep
6144:0E5RrpTvQQ/2vQ0So6a9darbFI1Xqq1SYPlfKbPe:HHtvJF0So7ar5KliP

authentihash 21a524f01f608474f6da6f3aa30a9de0e9fd39eb71667a5e9d27b37bd1a31bc2
imphash f820196f2139b71fed2f41dd8e9b9999
File size 256.0 KB ( 262144 bytes )
File type Win32 EXE
Magic literal
PE32 executable for MS Windows (console) Intel 80386 32-bit

TrID Win32 Dynamic Link Library (generic) (43.5%)
Win32 Executable (generic) (29.8%)
Generic Win/DOS Executable (13.2%)
DOS Executable Generic (13.2%)
Tags
peexe

VirusTotal metadata
First submission 2016-04-22 09:17:09 UTC ( 2 years, 10 months ago )
Last submission 2016-05-27 01:13:16 UTC ( 2 years, 9 months ago )
File names a1c925136b8b831915363b1f92dd758e.virus
No comments. No VirusTotal Community member has commented on this item yet, be the first one to do so!

Leave your comment...

?
Post comment

You have not signed in. Only registered users can leave comments, sign in and have a voice!

No votes. No one has voted on this item yet, be the first one to do so!
Condensed report! The following is a condensed report of the behaviour of the file when executed in a controlled environment. The actions and events described were either performed by the file itself or by any other process launched by the executed file or subjected to code injection by the executed file.
Opened files
Read files
Written files
Copied files
Deleted files
Created processes
Shell commands
Created mutexes
Opened mutexes
Runtime DLLs
UDP communications