× Cookies are disabled! This site requires cookies to be enabled to work properly
SHA256: 8f4e3bedc84abce903473a8290578ea7e51e7bba5024031c12378329cdeb5d23
File name: 8F4E3BEDC84ABCE903473A8290578EA7E51E7BBA5024031C12378329CDEB5D23
Detection ratio: 44 / 57
Analysis date: 2017-01-05 17:16:49 UTC ( 2 years, 1 month ago )
Antivirus Result Update
Ad-Aware Gen:Variant.Symmi.66738 20170105
AegisLab Troj.Proxy.W32.Lethic!c 20170105
AhnLab-V3 Trojan/Win32.Upbot.C1493435 20170105
ALYac Gen:Variant.Symmi.66738 20170105
Arcabit Trojan.Symmi.D104B2 20170105
Avast Win32:Malware-gen 20170105
AVG Generic_r.KVP 20170105
Avira (no cloud) TR/AD.CeeInject.M.wwdw 20170105
AVware Trojan.Win32.Generic!BT 20170105
Baidu Win32.Trojan.Kryptik.adj 20170105
BitDefender Gen:Variant.Symmi.66738 20170105
Bkav W32.FamVT.RazyNHmA.Trojan 20170104
CAT-QuickHeal Trojan.Lethic 20170105
CrowdStrike Falcon (ML) malicious_confidence_97% (W) 20161024
Cyren W32/Trojan.BYZQ-1306 20170105
Emsisoft Gen:Variant.Symmi.66738 (B) 20170105
ESET-NOD32 a variant of Win32/Kryptik.FEKT 20170105
F-Secure Gen:Variant.Symmi.66738 20170105
Fortinet W32/Kryptik.FBNP!tr 20170105
GData Gen:Variant.Symmi.66738 20170105
Ikarus Trojan-Downloader.Win32.Wauchos 20170105
Sophos ML trojan.win32.lethic.i 20161216
K7AntiVirus Trojan ( 004f38af1 ) 20170105
K7GW Trojan ( 004f38af1 ) 20170105
Kaspersky HEUR:Trojan.Win32.Generic 20170105
Malwarebytes Backdoor.Andromeda 20170105
McAfee RDN/Generic.grp 20170105
McAfee-GW-Edition BehavesLike.Win32.MultiPlug.cm 20170105
Microsoft Trojan:Win32/Lethic!rfn 20170105
eScan Gen:Variant.Symmi.66738 20170105
NANO-Antivirus Trojan.Win32.DownLoader22.eeinmr 20170105
Panda Trj/GdSda.A 20170105
Qihoo-360 HEUR/QVM09.0.3872.Malware.Gen 20170105
Rising Trojan.Proxy-Lethic!8.1D1C-Ujnxk7hXY1K (cloud) 20170105
Sophos AV Mal/Generic-S 20170105
SUPERAntiSpyware Trojan.Agent/Gen-Kryptik 20170105
Symantec Trojan Horse 20170105
Tencent Win32.Trojan-proxy.Lethic.Eaml 20170105
TrendMicro TROJ_GEN.R034E01JI16 20170105
TrendMicro-HouseCall TROJ_GEN.R034E01JI16 20170105
VBA32 TrojanProxy.Lethic 20170103
VIPRE Trojan.Win32.Generic!BT 20170105
Yandex Trojan.PR.Lethic!ur8Vf/9Fs0A 20170105
Zillya Trojan.Lethic.Win32.2845 20170104
Alibaba 20170105
Antiy-AVL 20170105
ClamAV 20170105
CMC 20170105
Comodo 20170105
DrWeb 20170105
F-Prot 20170105
Jiangmin 20170105
Kingsoft 20170105
nProtect 20170105
TheHacker 20170104
TotalDefense 20170105
Trustlook 20170105
ViRobot 20170105
WhiteArmor 20161221
Zoner 20170105
The file being studied is a Portable Executable file! More specifically, it is a Win32 EXE file for the Windows GUI subsystem.
FileVersionInfo properties
Copyright
Copyright (C) 2009 Sun Microsystems, Inc.

Product VirtualBox
Original name VirtualBox.exe
Internal name VirtualBox
File version 3.0.12.54655
Description VirtualBox
PE header basic information
Target machine Intel 386 or later processors and compatible processors
Compilation timestamp 2016-07-03 19:26:24
Entry Point 0x00011BA0
Number of sections 5
PE sections
PE imports
GetLastError
HeapFree
GetStdHandle
EnterCriticalSection
LCMapStringW
SetHandleCount
GetConsoleCP
HeapDestroy
LCMapStringA
IsDebuggerPresent
HeapAlloc
TlsAlloc
GetVersionExA
GetEnvironmentStringsW
FlushFileBuffers
GetModuleFileNameA
RtlUnwind
LoadLibraryA
FreeEnvironmentStringsA
DeleteCriticalSection
GetCurrentProcess
GetEnvironmentStrings
GetFileType
GetConsoleMode
GetLocaleInfoA
GetCurrentProcessId
GetConsoleOutputCP
GetCPInfo
UnhandledExceptionFilter
InterlockedDecrement
MultiByteToWideChar
HeapSize
FreeEnvironmentStringsW
GetCommandLineA
GetProcAddress
TlsFree
GetProcessHeap
SetStdHandle
GetModuleHandleA
RaiseException
EraseTape
WideCharToMultiByte
GetStringTypeA
SetFilePointer
SetUnhandledExceptionFilter
WriteFile
GetStartupInfoA
CloseHandle
GetSystemTimeAsFileTime
GetACP
HeapReAlloc
GetStringTypeW
GetOEMCP
TerminateProcess
InitAtomTable
QueryPerformanceCounter
WriteConsoleA
InitializeCriticalSection
HeapCreate
VirtualFree
TlsGetValue
Sleep
WriteConsoleW
GetTickCount
TlsSetValue
CreateFileA
ExitProcess
GetCurrentThreadId
InterlockedIncrement
VirtualAlloc
SetLastError
LeaveCriticalSection
MapVirtualKeyExA
GetAltTabInfoA
DrawAnimatedRects
GetKeyboardType
DdeImpersonateClient
Number of PE resources by type
RT_ICON 4
RT_GROUP_ICON 1
RT_VERSION 1
RT_MANIFEST 1
Number of PE resources by language
ENGLISH US 7
PE resources
ExifTool file metadata
UninitializedDataSize
0

InitializedDataSize
94208

ImageVersion
0.0

ProductName
VirtualBox

FileVersionNumber
3.0.12.0

LanguageCode
English (U.S.)

FileFlagsMask
0x003f

FileDescription
VirtualBox

CharacterSet
Unicode

LinkerVersion
9.0

FileTypeExtension
exe

OriginalFileName
VirtualBox.exe

MIMEType
application/octet-stream

Subsystem
Windows GUI

FileVersion
3.0.12.54655

TimeStamp
2016:07:03 20:26:24+01:00

FileType
Win32 EXE

PEType
PE32

InternalName
VirtualBox

ProductVersion
3.0.12.54655

SubsystemVersion
5.0

OSVersion
5.0

FileOS
Windows NT 32-bit

LegalCopyright
Copyright (C) 2009 Sun Microsystems, Inc.

MachineType
Intel 386 or later, and compatibles

CompanyName
Sun Microsystems, Inc.

CodeSize
117760

FileSubtype
0

ProductVersionNumber
3.0.12.0

EntryPoint
0x11ba0

ObjectFileType
Dynamic link library

File identification
MD5 f3334eafadc24aa600c3f2e5b5c07ced
SHA1 4519f2d3f53c40433747559ef359ac05a774b2cb
SHA256 8f4e3bedc84abce903473a8290578ea7e51e7bba5024031c12378329cdeb5d23
ssdeep
3072:uJfqHfSf2T9YMWo1NwHoet8q/FGINwhpOR9oFZRnLir:uuhyRo3E1MIP

authentihash 7f46ab5b2c1be49f29885e56caf46f6ca3f9daaa08057b022078faca5da6c091
imphash cb7aab6271802f9359abc2679811d023
File size 173.0 KB ( 177152 bytes )
File type Win32 EXE
Magic literal
PE32 executable for MS Windows (GUI) Intel 80386 32-bit

TrID Win32 Executable MS Visual C++ (generic) (42.2%)
Win64 Executable (generic) (37.3%)
Win32 Dynamic Link Library (generic) (8.8%)
Win32 Executable (generic) (6.0%)
Generic Win/DOS Executable (2.7%)
Tags
peexe

VirusTotal metadata
First submission 2016-07-09 03:24:30 UTC ( 2 years, 7 months ago )
Last submission 2016-08-27 01:56:17 UTC ( 2 years, 5 months ago )
File names VirtualBox.exe
zla321313.exe
VirtualBox
No comments. No VirusTotal Community member has commented on this item yet, be the first one to do so!

Leave your comment...

?
Post comment

You have not signed in. Only registered users can leave comments, sign in and have a voice!

No votes. No one has voted on this item yet, be the first one to do so!
Condensed report! The following is a condensed report of the behaviour of the file when executed in a controlled environment. The actions and events described were either performed by the file itself or by any other process launched by the executed file or subjected to code injection by the executed file.
Runtime DLLs
Additional details
The file uses the IsDebuggerPresent Windows API function in order to see whether it is being debugged.
UDP communications