× Cookies are disabled! This site requires cookies to be enabled to work properly
SHA256: 8ee87a4be02c7b985c3713295862ebbe469db64c70ca8f8bfe471408aff98dba
File name: 678129a67898174fdb7e8c70ebcca6c3.virus
Detection ratio: 39 / 56
Analysis date: 2016-02-28 11:21:17 UTC ( 3 years ago )
Antivirus Result Update
Ad-Aware Gen:Variant.Razy.6232 20160228
Yandex Trojan.DR.Injector!b5Mgggc3q/k 20160227
AhnLab-V3 Trojan/Win32.MDA 20160227
ALYac Gen:Variant.Razy.6232 20160228
Antiy-AVL Trojan[Dropper]/Win32.Injector 20160228
Arcabit Trojan.Razy.D1858 20160228
Avast Win32:Malware-gen 20160228
AVG FileCryptor.GAC 20160228
Avira (no cloud) TR/Crypt.Xpack.399931 20160227
AVware Trojan.Win32.Generic.pak!cobra 20160228
BitDefender Gen:Variant.Razy.6232 20160228
CAT-QuickHeal Ransom.Criakl.DB8 20160227
Comodo TrojWare.Win32.Ransom.Criakl.D 20160228
Cyren W32/Papras.ZBAS-6381 20160228
DrWeb Trojan.Packed.61961 20160228
Emsisoft Gen:Variant.Razy.6232 (B) 20160228
ESET-NOD32 a variant of Win32/Injector.CQNE 20160228
F-Prot W32/Papras.AP 20160228
F-Secure Gen:Variant.Razy.6232 20160227
Fortinet W32/Injector.CQDP!tr 20160228
GData Gen:Variant.Razy.6232 20160228
Jiangmin TrojanDropper.Injector.besx 20160228
K7AntiVirus Trojan ( 004dbcc11 ) 20160228
K7GW Trojan ( 004dbcc11 ) 20160228
Kaspersky Trojan.Win32.Inject.vrxq 20160228
McAfee Ransomware-FCR!678129A67898 20160228
McAfee-GW-Edition BehavesLike.Win32.MultiPlug.cc 20160228
Microsoft Trojan:Win32/Bagsu!rfn 20160228
eScan Gen:Variant.Razy.6232 20160228
NANO-Antivirus Trojan.Win32.DownLoader18.dzpqic 20160228
Panda Trj/Genetic.gen 20160227
Qihoo-360 Win32/Trojan.3d7 20160228
Rising PE:Malware.RDM.42!5.30 [F] 20160225
Sophos AV Mal/Isda-A 20160228
Tencent Win32.Trojan.Inject.Wpjl 20160228
TheHacker Trojan/Filecoder.eq 20160227
TrendMicro TROJ_GEN.R0C1C0DAI16 20160228
VIPRE Trojan.Win32.Generic.pak!cobra 20160228
Zillya Worm.Kido.Win32.3210 20160227
AegisLab 20160228
Alibaba 20160228
Baidu-International 20160227
Bkav 20160227
ByteHero 20160228
ClamAV 20160228
CMC 20160225
Ikarus 20160228
Malwarebytes 20160228
nProtect 20160226
SUPERAntiSpyware 20160228
Symantec 20160227
TotalDefense 20160228
TrendMicro-HouseCall 20160228
VBA32 20160226
ViRobot 20160228
Zoner 20160228
The file being studied is a Portable Executable file! More specifically, it is a Win32 EXE file for the Windows GUI subsystem.
PE header basic information
Target machine Intel 386 or later processors and compatible processors
Compilation timestamp 2016-01-14 13:52:06
Entry Point 0x0000DA47
Number of sections 5
PE sections
Overlays
MD5 22fbfc6e1a8d10f7a13360b8dbcc5638
File type data
Offset 119296
Size 37658
Entropy 7.99
PE imports
GetLastError
InitializeCriticalSectionAndSpinCount
HeapFree
GetStdHandle
EnterCriticalSection
LCMapStringW
SetHandleCount
GetModuleFileNameW
GetOEMCP
QueryPerformanceCounter
IsDebuggerPresent
HeapAlloc
CallNamedPipeA
GetEnvironmentStringsW
GetModuleFileNameA
RtlUnwind
HeapSetInformation
GetCurrentProcess
GetStringTypeW
GetCurrentProcessId
GetCPInfo
UnhandledExceptionFilter
InterlockedDecrement
MultiByteToWideChar
GetStartupInfoW
FreeEnvironmentStringsW
GetCommandLineA
GetProcAddress
EncodePointer
HeapSize
RaiseException
WideCharToMultiByte
LoadLibraryW
TlsFree
GetSystemTimeAsFileTime
DeleteCriticalSection
SetUnhandledExceptionFilter
WriteFile
IsProcessorFeaturePresent
GetACP
HeapReAlloc
DecodePointer
GetModuleHandleW
TerminateProcess
IsValidCodePage
HeapCreate
TlsAlloc
TlsGetValue
Sleep
GetFileType
GetTickCount
TlsSetValue
BackupSeek
ExitProcess
GetCurrentThreadId
LeaveCriticalSection
SetLastError
InterlockedIncrement
Number of PE resources by type
RT_ICON 3
RT_DIALOG 2
RT_GROUP_ICON 1
Number of PE resources by language
FRENCH 4
ENGLISH US 2
PE resources
ExifTool file metadata
MIMEType
application/octet-stream

Subsystem
Windows GUI

MachineType
Intel 386 or later, and compatibles

TimeStamp
2016:01:14 14:52:06+01:00

FileType
Win32 EXE

PEType
PE32

CodeSize
89088

LinkerVersion
10.0

FileTypeExtension
exe

InitializedDataSize
33280

SubsystemVersion
5.1

EntryPoint
0xda47

OSVersion
5.1

ImageVersion
0.0

UninitializedDataSize
0

File identification
MD5 678129a67898174fdb7e8c70ebcca6c3
SHA1 60278bc13bc367c0453de68383a4eddf2f37988c
SHA256 8ee87a4be02c7b985c3713295862ebbe469db64c70ca8f8bfe471408aff98dba
ssdeep
3072:c2MfgvP+lyd5qZX7RGk4mpM2lKdw9MEPM:c21+MArRG1IKmpM

authentihash 1b010f823a41e3ca6c5bf57a99a7f8088d54d63b9aab78319654bcd3a879a19b
imphash 67a928738c75b9f8513b3b15ae14044a
File size 153.3 KB ( 156954 bytes )
File type Win32 EXE
Magic literal
PE32 executable for MS Windows (GUI) Intel 80386 32-bit

TrID Win32 Executable MS Visual C++ (generic) (42.2%)
Win64 Executable (generic) (37.3%)
Win32 Dynamic Link Library (generic) (8.8%)
Win32 Executable (generic) (6.0%)
Generic Win/DOS Executable (2.7%)
Tags
peexe overlay

VirusTotal metadata
First submission 2016-02-28 11:21:17 UTC ( 3 years ago )
Last submission 2016-02-28 11:21:17 UTC ( 3 years ago )
File names 678129a67898174fdb7e8c70ebcca6c3.virus
No comments. No VirusTotal Community member has commented on this item yet, be the first one to do so!

Leave your comment...

?
Post comment

You have not signed in. Only registered users can leave comments, sign in and have a voice!

No votes. No one has voted on this item yet, be the first one to do so!
Condensed report! The following is a condensed report of the behaviour of the file when executed in a controlled environment. The actions and events described were either performed by the file itself or by any other process launched by the executed file or subjected to code injection by the executed file.
Opened files
Read files
Created processes
Opened mutexes
Runtime DLLs