× Cookies are disabled! This site requires cookies to be enabled to work properly
SHA256: 8a42499d7ec575088a04ac28d050dfa881351db7b8f4f69bfaa6687a013fb5c5
Detection ratio: 52 / 56
Analysis date: 2015-07-07 16:48:37 UTC ( 3 years, 10 months ago )
Antivirus Result Update
Ad-Aware Win32.Ramnit.N 20150707
Yandex Win32.Nimnul.Gen.2 20150707
AhnLab-V3 Win32/Ramnit.G 20150707
ALYac Win32.Ramnit.N 20150707
Antiy-AVL Virus/Win32.Nimnul.a 20150707
Arcabit Win32.Ramnit.N 20150707
Avast Win32:RmnDrp 20150707
AVG Win32/Zbot.F 20150707
Avira (no cloud) W32/Ramnit.C 20150707
AVware Virus.Win32.Ramnit.b (v) 20150707
Baidu-International Virus.Win32.Nimnul.$a 20150707
BitDefender Win32.Ramnit.N 20150707
Bkav HW32.Packed.D3CD 20150706
ByteHero Virus.Win32.Heur.d 20150707
CAT-QuickHeal W32.Ramnit.BA 20150707
ClamAV W32.Ramnit-1 20150707
Comodo Virus.Win32.Ramnit.K 20150707
Cyren W32/Ramnit.E 20150707
DrWeb Win32.Rmnet.12 20150707
Emsisoft Win32.Ramnit.N (B) 20150707
ESET-NOD32 Win32/Ramnit.H 20150707
F-Prot W32/Ramnit.E 20150707
F-Secure Win32.Ramnit.N 20150707
Fortinet W32/Ramnit.C 20150707
GData Win32.Ramnit.N 20150707
Ikarus Virus.Win32.Ramnit 20150707
Jiangmin Win32/IRCNite.wi 20150706
K7AntiVirus Virus ( 002fe95d1 ) 20150707
K7GW Virus ( 002fe95d1 ) 20150707
Kaspersky Virus.Win32.Nimnul.a 20150707
Kingsoft Win32.Ramnit.lx.30720 20150707
Malwarebytes Virus.Ramnit 20150707
McAfee W32/Ramnit.a 20150707
McAfee-GW-Edition BehavesLike.Win32.Ramnit.cc 20150706
Microsoft Virus:Win32/Ramnit.J 20150707
eScan Win32.Ramnit.N 20150707
NANO-Antivirus Virus.Win32.Nimnul.bqjjnb 20150707
nProtect Win32.Ramnit.N 20150707
Panda W32/Cosmu.E 20150707
Qihoo-360 HEUR/QVM19.1.Malware.Gen 20150707
Rising PE:Win32.Mgr.b!1594784 20150707
Sophos AV W32/Ramnit-A 20150707
Symantec W32.Ramnit.B!inf 20150707
Tencent Virus.Win32.Dropper.k 20150707
TotalDefense Win32/Ramnit.C 20150707
TrendMicro PE_RAMNIT.DEN 20150707
TrendMicro-HouseCall PE_RAMNIT.DEN 20150707
VBA32 Virus.Win32.Nimnul.b 20150707
VIPRE Virus.Win32.Ramnit.b (v) 20150707
ViRobot Win32.Nimnul.A[h] 20150707
Zillya Virus.Nimnul.Win32.1 20150707
Zoner Win32.Ramnit.H 20150707
AegisLab 20150707
Alibaba 20150630
SUPERAntiSpyware 20150707
TheHacker 20150707
The file being studied is a Portable Executable file! More specifically, it is a Win32 EXE file for the Windows GUI subsystem.
PE header basic information
Target machine Intel 386 or later processors and compatible processors
Compilation timestamp 2011-08-29 10:11:56
Entry Point 0x0000E000
Number of sections 5
PE sections
Overlays
MD5 469a04151582c0cef18146b442f14928
File type data
Offset 114688
Size 368
Entropy 7.39
PE imports
RegOpenKeyExA
GetLastError
InitializeCriticalSection
HeapFree
GetStdHandle
EnterCriticalSection
LCMapStringW
SetHandleCount
GetOEMCP
QueryPerformanceCounter
IsDebuggerPresent
HeapAlloc
TlsAlloc
GetEnvironmentStringsW
GetVersionExA
GetModuleFileNameA
RtlUnwind
LoadLibraryA
FreeEnvironmentStringsA
DeleteCriticalSection
GetCurrentProcess
GetEnvironmentStrings
GetLocaleInfoA
GetCurrentProcessId
WideCharToMultiByte
UnhandledExceptionFilter
TlsGetValue
MultiByteToWideChar
HeapSize
FreeEnvironmentStringsW
GetCommandLineA
GetProcAddress
GetStringTypeA
GetProcessHeap
RaiseException
GetCPInfo
TlsFree
GetModuleHandleA
SetUnhandledExceptionFilter
WriteFile
GetStartupInfoA
GetSystemTimeAsFileTime
GetACP
HeapReAlloc
GetStringTypeW
HeapDestroy
TerminateProcess
LCMapStringA
IsValidCodePage
HeapCreate
VirtualFree
InterlockedDecrement
Sleep
GetFileType
GetTickCount
TlsSetValue
ExitProcess
GetCurrentThreadId
LeaveCriticalSection
VirtualAlloc
SetLastError
InterlockedIncrement
Number of PE resources by type
RT_MANIFEST 1
Number of PE resources by language
ENGLISH US 1
PE resources
ExifTool file metadata
MIMEType
application/octet-stream

Subsystem
Windows GUI

MachineType
Intel 386 or later, and compatibles

TimeStamp
2011:08:29 11:11:56+01:00

FileType
Win32 EXE

PEType
PE32

CodeSize
28672

LinkerVersion
8.0

FileTypeExtension
exe

InitializedDataSize
20480

SubsystemVersion
4.0

EntryPoint
0xe000

OSVersion
4.0

ImageVersion
0.0

UninitializedDataSize
0

File identification
MD5 1a52c7ae4cc287c5fba84dbd044fed54
SHA1 123d9d5ed4dcdf4388b291a3c7e790fdd0254f81
SHA256 8a42499d7ec575088a04ac28d050dfa881351db7b8f4f69bfaa6687a013fb5c5
ssdeep
3072:zphXGtNYYYYtzldHf5mc755EwRB7dJseQGO:z8zrH1lFvg/

authentihash 5d1ce21417f95eafaff6b0c57edeb9f4727ad850427653d4adce683952b496fd
imphash 1ac8582b7628ee28ea8949f34139346a
File size 112.4 KB ( 115056 bytes )
File type Win32 EXE
Magic literal
PE32 executable for MS Windows (GUI) Intel 80386 32-bit

TrID Win32 Executable MS Visual C++ (generic) (42.2%)
Win64 Executable (generic) (37.3%)
Win32 Dynamic Link Library (generic) (8.8%)
Win32 Executable (generic) (6.0%)
Generic Win/DOS Executable (2.7%)
Tags
peexe overlay

VirusTotal metadata
First submission 2015-07-07 16:48:37 UTC ( 3 years, 10 months ago )
Last submission 2015-07-07 16:48:37 UTC ( 3 years, 10 months ago )
No comments. No VirusTotal Community member has commented on this item yet, be the first one to do so!

Leave your comment...

?
Post comment

You have not signed in. Only registered users can leave comments, sign in and have a voice!

No votes. No one has voted on this item yet, be the first one to do so!
Condensed report! The following is a condensed report of the behaviour of the file when executed in a controlled environment. The actions and events described were either performed by the file itself or by any other process launched by the executed file or subjected to code injection by the executed file.
Opened files
Written files
Created processes
Opened mutexes
Runtime DLLs
DNS requests
TCP connections
UDP communications