× Cookies are disabled! This site requires cookies to be enabled to work properly
SHA256: 90caf2f2d7a50071e2777ebbca182efad254897cf32ca2d6d9d2984b4a9b9e73
File name: c31b478062da14677593267ee09435bb
Detection ratio: 9 / 56
Analysis date: 2016-11-23 05:45:36 UTC ( 2 years, 2 months ago ) View latest
Antivirus Result Update
AhnLab-V3 Trojan/Win32.Cerber.C1679784 20161123
Avast Win32:Malware-gen 20161123
CrowdStrike Falcon (ML) malicious_confidence_93% (W) 20161024
ESET-NOD32 Win32/Filecoder.Locky.C 20161123
GData Win32.Trojan-Ransom.Locky.K88DGR 20161123
Sophos ML generic.a 20161018
Kaspersky Trojan-Ransom.Win32.Scatter.is 20161123
Qihoo-360 Win32/Trojan.Multi.daf 20161123
Symantec Ransom.Cerber 20161123
Ad-Aware 20161123
AegisLab 20161123
Alibaba 20161123
ALYac 20161123
Antiy-AVL 20161123
Arcabit 20161123
AVG 20161123
Avira (no cloud) 20161122
AVware 20161123
Baidu 20161123
BitDefender 20161123
Bkav 20161123
CAT-QuickHeal 20161122
ClamAV 20161123
CMC 20161123
Comodo 20161122
Cyren 20161123
DrWeb 20161123
Emsisoft 20161123
F-Prot 20161123
F-Secure 20161123
Fortinet 20161123
Ikarus 20161122
Jiangmin 20161123
K7AntiVirus 20161122
K7GW 20161123
Kingsoft 20161123
Malwarebytes 20161123
McAfee 20161123
McAfee-GW-Edition 20161123
Microsoft 20161123
eScan 20161123
NANO-Antivirus 20161123
nProtect 20161123
Panda 20161122
Rising 20161123
Sophos AV 20161123
SUPERAntiSpyware 20161123
Tencent 20161123
TheHacker 20161122
TotalDefense 20161122
TrendMicro 20161123
TrendMicro-HouseCall 20161123
Trustlook 20161123
VBA32 20161122
VIPRE 20161123
ViRobot 20161123
Yandex 20161122
Zillya 20161122
Zoner 20161123
The file being studied is a Portable Executable file! More specifically, it is a Win32 EXE file for the Windows GUI subsystem.
FileVersionInfo properties
Copyright
Copyright 2015 SUPERAntiSpyware

Product Mission 1996
Original name Mission 1996
Internal name Mission 1996
File version 4.8.62.5
Description Soif Beams Nap Explains
Comments Soif Beams Nap Explains
PE header basic information
Target machine Intel 386 or later processors and compatible processors
Compilation timestamp 2016-11-22 11:29:24
Entry Point 0x0000AE7B
Number of sections 4
PE sections
PE imports
OpenThreadToken
PrivilegeCheck
OpenProcessToken
AVIPutFileOnClipboard
GetDeviceCaps
SetMapMode
DeleteDC
DeleteObject
GetTextExtentPoint32A
CreateFontA
GetStockObject
TextOutA
CreateFontIndirectA
SelectObject
BitBlt
CreateCompatibleDC
GetPixel
CreateCompatibleBitmap
SetIfEntry
SetIpForwardEntry
SetIpNetEntry
GetSystemTime
GetLastError
InitializeCriticalSectionAndSpinCount
HeapFree
GetStdHandle
EnterCriticalSection
LCMapStringW
SetHandleCount
FileTimeToSystemTime
lstrlenA
GetConsoleCP
GetOEMCP
LCMapStringA
MulDiv
IsDebuggerPresent
GetTickCount
TlsAlloc
GetDateFormatA
GetEnvironmentStringsW
FlushFileBuffers
GetModuleFileNameA
RtlUnwind
LoadLibraryA
FreeEnvironmentStringsA
DeleteCriticalSection
GetStartupInfoA
EnumSystemLocalesA
GetEnvironmentStrings
GetFileAttributesExA
GetConsoleMode
GetLocaleInfoA
GetCurrentProcessId
GetConsoleOutputCP
GetModuleHandleW
GetCPInfo
UnhandledExceptionFilter
InterlockedDecrement
MultiByteToWideChar
HeapSize
FreeEnvironmentStringsW
GetCommandLineA
GetUserDefaultLCID
TlsFree
GetLocaleInfoW
SetStdHandle
GetModuleHandleA
HeapAlloc
RaiseException
WideCharToMultiByte
GetTimeFormatA
GetStringTypeA
SetFilePointer
SetLastError
SetUnhandledExceptionFilter
WriteFile
InterlockedIncrement
CloseHandle
GetSystemTimeAsFileTime
IsValidLocale
GetACP
HeapReAlloc
GetStringTypeW
GetProcAddress
SetEvent
WaitForMultipleObjectsEx
TerminateProcess
QueryPerformanceCounter
WriteConsoleA
GetCurrentProcess
IsValidCodePage
HeapCreate
lstrcpyA
VirtualFree
CreateEventA
TlsGetValue
Sleep
GetFileType
TlsSetValue
CreateFileA
ExitProcess
GetCurrentThreadId
GetCurrentThread
VirtualAlloc
WriteConsoleW
LeaveCriticalSection
DsListInfoForServerW
ObjectFromLresult
LoadRegTypeLib
UnRegisterTypeLib
SafeArrayUnlock
VariantClear
SafeArrayCreate
VariantInit
SafeArrayLock
VariantChangeTypeEx
SHBrowseForFolderA
SetFocus
GetMessageA
DrawTextA
SetLayeredWindowAttributes
LoadMenuA
OffsetRect
GetMonitorInfoA
PostQuitMessage
DefWindowProcA
ShowWindow
SetWindowPos
GetDesktopWindow
GetSystemMetrics
IsWindow
GetWindowRect
DispatchMessageA
EndPaint
SetMenu
UpdateWindow
SetRectEmpty
RegisterWindowMessageA
SetWindowLongA
TranslateMessage
MsgWaitForMultipleObjectsEx
CheckMenuRadioItem
GetDC
RegisterClassExA
SystemParametersInfoA
BeginPaint
CreatePopupMenu
GetMenu
UnregisterClassA
EnumDisplaySettingsExA
SendMessageA
GetWindowTextA
GetClientRect
GetDlgItem
SetRect
LoadIconA
GetWindowLongA
SendMessageTimeoutA
CreateWindowExA
LoadCursorA
GetLayeredWindowAttributes
EnumDisplaySettingsA
FillRect
MonitorFromPoint
CopyRect
GetSysColorBrush
ReleaseDC
SetForegroundWindow
InsertMenuItemA
DestroyWindow
UnregisterGPNotification
GetFileVersionInfoW
CoUnmarshalInterface
CreateStreamOnHGlobal
CoUninitialize
CoInitialize
CoInitializeEx
StgOpenStorage
Number of PE resources by type
RT_DIALOG 7
IMG 6
AFX_DIALOG_LAYOUT 5
RT_MANIFEST 1
RT_VERSION 1
Number of PE resources by language
ENGLISH US 20
PE resources
ExifTool file metadata
CodeSize
251392

SubsystemVersion
5.0

Comments
Soif Beams Nap Explains

Languages
English

InitializedDataSize
83968

ImageVersion
0.0

FileSubtype
0

FileVersionNumber
4.8.62.5

LanguageCode
English (U.S.)

FileFlagsMask
0x003f

FileDescription
Soif Beams Nap Explains

ImageFileCharacteristics
No relocs, Executable, 32-bit

CharacterSet
Unicode

LinkerVersion
9.0

EntryPoint
0xae7b

OriginalFileName
Mission 1996

MIMEType
application/octet-stream

LegalCopyright
Copyright 2015 SUPERAntiSpyware

FileVersion
4.8.62.5

TimeStamp
2016:11:22 12:29:24+01:00

FileType
Win32 EXE

PEType
PE32

InternalName
Mission 1996

ProductVersion
4.8.62.5

UninitializedDataSize
0

OSVersion
5.0

FileOS
Windows NT 32-bit

Subsystem
Windows GUI

MachineType
Intel 386 or later, and compatibles

CompanyName
SUPERAntiSpyware

LegalTrademarks
Copyright 2015 SUPERAntiSpyware

ProductName
Mission 1996

ProductVersionNumber
4.8.62.5

FileTypeExtension
exe

ObjectFileType
Executable application

Compressed bundles
File identification
MD5 c31b478062da14677593267ee09435bb
SHA1 852a04727b66c4cc1f51b0dc5dc95f34fd390eea
SHA256 90caf2f2d7a50071e2777ebbca182efad254897cf32ca2d6d9d2984b4a9b9e73
ssdeep
6144:wMJhZNIuhKQ8gO6Hd4OhbznOWqb9WXALg9hP73/kquiG+4tKcOP:wunAgO6bbznOdbYXAc9F7sziG5NOP

authentihash 2cbc6e155a1f9fe49248ec4ed05a712be0de94e462d4350d7161ccf70e3a1ad1
imphash b3332844beb477950af662a5db9077a0
File size 328.5 KB ( 336384 bytes )
File type Win32 EXE
Magic literal
PE32 executable for MS Windows (GUI) Intel 80386 32-bit

TrID Win32 Executable MS Visual C++ (generic) (41.0%)
Win64 Executable (generic) (36.3%)
Win32 Dynamic Link Library (generic) (8.6%)
Win32 Executable (generic) (5.9%)
OS/2 Executable (generic) (2.6%)
Tags
peexe

VirusTotal metadata
First submission 2016-11-22 21:32:39 UTC ( 2 years, 2 months ago )
Last submission 2018-07-12 19:42:39 UTC ( 7 months, 1 week ago )
File names TEMP.EXE
Mission 1996
Temp.exe
566.exe
No comments. No VirusTotal Community member has commented on this item yet, be the first one to do so!

Leave your comment...

?
Post comment

You have not signed in. Only registered users can leave comments, sign in and have a voice!

No votes. No one has voted on this item yet, be the first one to do so!
Condensed report! The following is a condensed report of the behaviour of the file when executed in a controlled environment. The actions and events described were either performed by the file itself or by any other process launched by the executed file or subjected to code injection by the executed file.
Opened files
Read files
Runtime DLLs