× Cookies are disabled! This site requires cookies to be enabled to work properly
SHA256: 90ca6c3dd8c01d5409f7bdec9535d6af8b81c6931601cad79c3f3ae93af42166
File name: 226ddwqqwdqw54q5w45q4.exe
Detection ratio: 47 / 56
Analysis date: 2016-10-12 20:16:34 UTC ( 2 years, 5 months ago )
Antivirus Result Update
Ad-Aware Trojan.Agent.BXRQ 20161012
AegisLab Troj.W32.Garrun!c 20161012
AhnLab-V3 Trojan/Win32.Garrun.N2084638254 20161012
ALYac Trojan.Agent.BXRQ 20161012
Antiy-AVL Trojan/Win32.Garrun 20161012
Arcabit Trojan.Agent.BXRQ 20161012
Avast Win32:Malware-gen 20161012
AVG Generic_r.MNX 20161012
Avira (no cloud) TR/Crypt.ZPACK.tjmf 20161012
AVware Trojan.Win32.Generic!BT 20161012
BitDefender Trojan.Agent.BXRQ 20161012
Bkav W32.FamVT.RazyNHmA.Trojan 20161012
CAT-QuickHeal Trojan.Lethic 20161012
CrowdStrike Falcon (ML) malicious_confidence_100% (W) 20160725
Cyren W32/S-178758b5!Eldorado 20161012
DrWeb BackDoor.Siggen2.921 20161012
Emsisoft Trojan.Agent.BXRQ (B) 20161012
ESET-NOD32 a variant of Win32/Kryptik.FEUT 20161012
F-Prot W32/S-178758b5!Eldorado 20161012
F-Secure Trojan.Agent.BXRQ 20161012
Fortinet W32/KRYPTIK.COK!tr 20161012
GData Trojan.Agent.BXRQ 20161012
Ikarus Trojan.Win32.Crypt 20161012
Sophos ML virus.win32.virut.bn 20160928
Jiangmin Trojan.Generic.ahqoy 20161012
K7AntiVirus Trojan ( 004f68241 ) 20161012
K7GW Trojan ( 004f68241 ) 20161012
Kaspersky HEUR:Trojan.Win32.Generic 20161012
Malwarebytes Backdoor.Andromeda 20161012
McAfee RDN/Generic.grp 20161012
McAfee-GW-Edition BehavesLike.Win32.Downloader.ch 20161012
Microsoft Trojan:Win32/Lethic.B 20161012
eScan Trojan.Agent.BXRQ 20161012
NANO-Antivirus Trojan.Win32.Garrun.egiuil 20161012
Panda Trj/GdSda.A 20161012
Qihoo-360 Win32/Sorter.AVE.CryptLocker.O 20161012
Rising Malware.Generic!J2hw9N06LxK@5 (thunder) 20161012
Sophos AV Mal/Lethic-I 20161012
SUPERAntiSpyware Trojan.Agent/Gen-Multi 20161012
Symantec Trojan.Gen 20161012
Tencent Win32.Trojan.Garrun.Sysh 20161012
TrendMicro TROJ_GEN.R00XC0DHN16 20161012
TrendMicro-HouseCall TROJ_GEN.R00XC0DHN16 20161012
VBA32 Trojan.Garrun 20161012
VIPRE Trojan.Win32.Generic!BT 20161012
ViRobot Trojan.Win32.Z.Lethic.129536.I[h] 20161012
Yandex Trojan.Garrun! 20161011
Alibaba 20161012
Baidu 20161012
ClamAV 20161012
CMC 20161012
Comodo 20161012
Kingsoft 20161012
nProtect 20161012
TheHacker 20161011
Zillya 20161012
Zoner 20161012
The file being studied is a Portable Executable file! More specifically, it is a Win32 EXE file for the Windows GUI subsystem.
PE header basic information
Target machine Intel 386 or later processors and compatible processors
Compilation timestamp 2016-08-19 18:18:56
Entry Point 0x000043B4
Number of sections 4
PE sections
PE imports
RegOpenKeyExA
LookupPrivilegeValueA
RegQueryValueExA
RegCloseKey
OpenProcessToken
GetLastError
TlsGetValue
HeapFree
GetStdHandle
EnterCriticalSection
LCMapStringW
SetHandleCount
GetConsoleCP
GetOEMCP
QueryPerformanceCounter
IsDebuggerPresent
HeapAlloc
TlsAlloc
FlushFileBuffers
GetEnvironmentStringsW
GetVersionExA
GetModuleFileNameA
RtlUnwind
LoadLibraryA
FreeEnvironmentStringsA
DeleteCriticalSection
GetCurrentProcess
GetEnvironmentStrings
GetConsoleMode
GetLocaleInfoA
GetCurrentProcessId
GetConsoleOutputCP
WriteConsoleW
DeleteFileA
GetCPInfo
UnhandledExceptionFilter
InterlockedDecrement
MultiByteToWideChar
HeapSize
GetTickCount
FreeEnvironmentStringsW
GetCommandLineA
GlobalLock
TlsFree
GetProcessHeap
SetStdHandle
SetFilePointer
WideCharToMultiByte
GetStringTypeA
GetModuleHandleA
ReadFile
SetUnhandledExceptionFilter
WriteFile
GetStartupInfoA
CloseHandle
GetSystemTimeAsFileTime
GetACP
HeapReAlloc
GetStringTypeW
GetProcAddress
TerminateProcess
LCMapStringA
WriteConsoleA
InitializeCriticalSection
HeapCreate
VirtualFree
FindClose
HeapDestroy
Sleep
GetFileType
SetEndOfFile
TlsSetValue
CreateFileA
ExitProcess
GetCurrentThreadId
InterlockedIncrement
VirtualAlloc
SetLastError
LeaveCriticalSection
GetWindowLongA
GetSystemMetrics
ReleaseDC
DispatchMessageA
PeekMessageA
TranslateMessage
ExifTool file metadata
MIMEType
application/octet-stream

Subsystem
Windows GUI

MachineType
Intel 386 or later, and compatibles

FileTypeExtension
exe

TimeStamp
2016:08:19 19:18:56+01:00

FileType
Win32 EXE

PEType
PE32

CodeSize
69120

LinkerVersion
9.0

EntryPoint
0x43b4

InitializedDataSize
59392

SubsystemVersion
5.0

ImageVersion
0.0

OSVersion
5.0

UninitializedDataSize
0

File identification
MD5 5bab3c2af1f6fd9820a1ecd76296e7d5
SHA1 66a3594addab6d04dfbbb38d87676fbd5779aacb
SHA256 90ca6c3dd8c01d5409f7bdec9535d6af8b81c6931601cad79c3f3ae93af42166
ssdeep
1536:aCSAUUba3Qbysk6dbCPffkImtNvUMLfgzIN/xwO+Pl53wQH+rKnsImOd+VcsN9/5:LSAJb9byzfkdHVNeO+PrZH+rxS+V9/wc

authentihash eec5693c1e19b52031f9e0db9ce22ca2dfa10ff5887d511b32f62a726c8c37ca
imphash deec40f3454707df4884b15ec84e7de9
File size 126.5 KB ( 129536 bytes )
File type Win32 EXE
Magic literal
PE32 executable for MS Windows (GUI) Intel 80386 32-bit

TrID Win32 Executable MS Visual C++ (generic) (42.2%)
Win64 Executable (generic) (37.3%)
Win32 Dynamic Link Library (generic) (8.8%)
Win32 Executable (generic) (6.0%)
Generic Win/DOS Executable (2.7%)
Tags
peexe

VirusTotal metadata
First submission 2016-08-19 19:01:30 UTC ( 2 years, 7 months ago )
Last submission 2016-08-19 19:01:30 UTC ( 2 years, 7 months ago )
File names svckost310112.exe
226ddwqqwdqw54q5w45q4.exe
No comments. No VirusTotal Community member has commented on this item yet, be the first one to do so!

Leave your comment...

?
Post comment

You have not signed in. Only registered users can leave comments, sign in and have a voice!

No votes. No one has voted on this item yet, be the first one to do so!
Condensed report! The following is a condensed report of the behaviour of the file when executed in a controlled environment. The actions and events described were either performed by the file itself or by any other process launched by the executed file or subjected to code injection by the executed file.
Opened files
Code injections in the following processes
Runtime DLLs
UDP communications