× Cookies are disabled! This site requires cookies to be enabled to work properly
SHA256: 8b90dbf85b956eedf9da1818ec6db1e5f68b14733eb6441d48ffa785baa112ca
File name: MEMORY.dmp_0000000000021A18-00026000.bin
Detection ratio: 33 / 56
Analysis date: 2016-10-16 07:18:26 UTC ( 2 years, 5 months ago )
Antivirus Result Update
Ad-Aware Gen:Variant.Graftor.276034 20161016
ALYac Gen:Variant.Graftor.276034 20161016
Antiy-AVL Trojan/Win32.SGeneric 20161016
Arcabit Trojan.Graftor.D43642 20161016
Avast Win32:Alinaos-A [Trj] 20161016
AVG Win32/DH{YYFS?} 20161016
Avira (no cloud) TR/Dropper.Gen 20161015
Baidu Win32.Trojan.WisdomEyes.16070401.9500.9998 20161015
BitDefender Gen:Variant.Graftor.276034 20161016
Bkav W32.eHeur.Malware00 20161015
ClamAV Win.Trojan.Alina-5 20161016
CrowdStrike Falcon (ML) malicious_confidence_100% (D) 20160725
DrWeb Trojan.Click3.17527 20161016
Emsisoft Gen:Variant.Graftor.276034 (B) 20161016
ESET-NOD32 a variant of Win32/Alinaos.B 20161015
F-Secure Gen:Variant.Graftor.276034 20161016
GData Gen:Variant.Graftor.276034 20161016
Sophos ML generic.a 20160928
Jiangmin Trojan.Scar.ekj 20161016
K7AntiVirus Trojan ( 004909e91 ) 20161016
K7GW Trojan ( 004909e91 ) 20161016
Kaspersky Trojan.Win32.Scar.nwsk 20161016
McAfee-GW-Edition BehavesLike.Win32.PWSZbot.ch 20161016
Microsoft TrojanSpy:Win32/Alinaos.gen!B 20161016
eScan Gen:Variant.Graftor.276034 20161016
NANO-Antivirus Trojan.Win32.Click3.eawkke 20161016
Panda Trj/GdSda.A 20161015
Qihoo-360 HEUR/QVM10.1.0000.Malware.Gen 20161016
Sophos AV Mal/Emogen-Y 20161016
Symantec Heur.AdvML.B 20161016
VBA32 suspected of Trojan.Downloader.gen.h 20161014
Yandex Trojan.Alinaos! 20161015
Zillya Trojan.Scar.Win32.98754 20161013
AegisLab 20161016
AhnLab-V3 20161015
Alibaba 20161014
AVware 20161016
CAT-QuickHeal 20161015
CMC 20161016
Comodo 20161016
Cyren 20161016
F-Prot 20161016
Fortinet 20161016
Ikarus 20161015
Kingsoft 20161016
Malwarebytes 20161016
McAfee 20161016
nProtect 20161016
Rising 20161016
SUPERAntiSpyware 20161016
Tencent 20161016
TheHacker 20161014
TrendMicro 20161016
TrendMicro-HouseCall 20161016
VIPRE 20161016
ViRobot 20161016
Zoner 20161016
The file being studied is a Portable Executable file! More specifically, it is a Win32 EXE file for the Windows GUI subsystem.
PE header basic information
Target machine Intel 386 or later processors and compatible processors
Compilation timestamp 2016-03-02 09:41:05
Entry Point 0x0000BC74
Number of sections 4
PE sections
Overlays
MD5 9800e51e1e7dfd68024787f055c3e21f
File type data
Offset 134656
Size 18408
Entropy 1.45
PE imports
RegOpenKeyExA
RegSetValueExA
RegQueryValueExA
RegCloseKey
RegCreateKeyExA
GetStdHandle
GetConsoleOutputCP
GetFileAttributesA
GetProcessId
FreeEnvironmentStringsA
DeleteCriticalSection
GetCurrentProcess
GetConsoleMode
GetLocaleInfoA
FreeEnvironmentStringsW
SetStdHandle
GetCPInfo
GetStringTypeA
WriteFile
GetSystemTimeAsFileTime
HeapReAlloc
GetStringTypeW
IsWow64Process
ConnectNamedPipe
InitializeCriticalSection
InterlockedDecrement
SetLastError
TlsAlloc
CopyFileA
ExitProcess
GetModuleFileNameA
GetVolumeInformationA
SetThreadPriority
SetHandleCount
UnhandledExceptionFilter
TlsGetValue
MultiByteToWideChar
GetModuleHandleA
CreateThread
DisconnectNamedPipe
SetUnhandledExceptionFilter
TerminateProcess
WriteConsoleA
VirtualQueryEx
SetEndOfFile
GetCurrentThreadId
LeaveCriticalSection
WriteConsoleW
CreateToolhelp32Snapshot
InitializeCriticalSectionAndSpinCount
HeapFree
EnterCriticalSection
OpenProcess
TerminateThread
GetOEMCP
QueryPerformanceCounter
GetTickCount
CallNamedPipeA
FlushFileBuffers
LoadLibraryA
RtlUnwind
Process32Next
GetStartupInfoA
GetFileSize
Process32First
CreateDirectoryA
DeleteFileA
ReadProcessMemory
GetProcAddress
GetProcessHeap
WaitNamedPipeA
GetComputerNameA
IsDebuggerPresent
GetFileType
TlsSetValue
CreateFileA
HeapAlloc
InterlockedIncrement
GetLastError
LCMapStringW
GetConsoleCP
LCMapStringA
GetEnvironmentStringsW
CreateNamedPipeA
GetEnvironmentStrings
GetCurrentProcessId
WideCharToMultiByte
HeapSize
GetCommandLineA
RaiseException
TlsFree
SetFilePointer
ReadFile
CloseHandle
GetACP
GetModuleHandleW
CreateProcessA
IsValidCodePage
HeapCreate
VirtualFree
Sleep
VirtualAlloc
SHGetSpecialFolderPathA
SHGetFolderPathA
HttpSendRequestA
HttpOpenRequestA
InternetReadFile
InternetCloseHandle
InternetOpenA
InternetConnectA
HttpQueryInfoA
URLDownloadToFileA
ExifTool file metadata
MIMEType
application/octet-stream

Subsystem
Windows GUI

MachineType
Intel 386 or later, and compatibles

TimeStamp
2016:03:02 10:41:05+01:00

FileType
Win32 EXE

PEType
PE32

CodeSize
108032

LinkerVersion
9.0

FileTypeExtension
exe

InitializedDataSize
33280

SubsystemVersion
5.0

EntryPoint
0xbc74

OSVersion
5.0

ImageVersion
0.0

UninitializedDataSize
0

File identification
MD5 36e5f5873af2b3240c98f26ad7c48adf
SHA1 d5f8f5c938817c6eb4908f829b92b8b453e3ac1b
SHA256 8b90dbf85b956eedf9da1818ec6db1e5f68b14733eb6441d48ffa785baa112ca
ssdeep
1536:917wgWA5X9E7ZWEGJBYrnSRbCXzt3NXY72G3/u11KqGKKJ8s9Qzk5gQ3:nZ5X9emn8r1vKJ8sQzk5g

authentihash e7aa6c0c15ea409d343d215e6e10344718abb897d112a46cf9f42d669536e5f0
imphash 166638db067b6be5f7989e9fa36700c6
File size 149.5 KB ( 153064 bytes )
File type Win32 EXE
Magic literal
PE32 executable for MS Windows (GUI) Intel 80386 32-bit

TrID Win32 Executable MS Visual C++ (generic) (42.2%)
Win64 Executable (generic) (37.3%)
Win32 Dynamic Link Library (generic) (8.8%)
Win32 Executable (generic) (6.0%)
Generic Win/DOS Executable (2.7%)
Tags
peexe via-tor overlay

VirusTotal metadata
First submission 2016-10-16 07:18:26 UTC ( 2 years, 5 months ago )
Last submission 2016-10-16 07:18:26 UTC ( 2 years, 5 months ago )
File names MEMORY.dmp_0000000000021A18-00026000.bin
No comments. No VirusTotal Community member has commented on this item yet, be the first one to do so!

Leave your comment...

?
Post comment

You have not signed in. Only registered users can leave comments, sign in and have a voice!

No votes. No one has voted on this item yet, be the first one to do so!
Condensed report! The following is a condensed report of the behaviour of the file when executed in a controlled environment. The actions and events described were either performed by the file itself or by any other process launched by the executed file or subjected to code injection by the executed file.
Opened files
Read files
Copied files
Deleted files
Created processes
Code injections in the following processes
Terminated processes
Opened mutexes
Runtime DLLs