× Cookies are disabled! This site requires cookies to be enabled to work properly
SHA256: 925cb839582c68d0433687f6364c8146de07dd610b48719b61906526e841b095
File name: 25f8a2790684a487b929372bd4c4450f779082a2
Detection ratio: 7 / 54
Analysis date: 2015-10-23 23:38:57 UTC ( 3 years, 5 months ago ) View latest
Antivirus Result Update
Ad-Aware Gen:Variant.Kazy.757005 20151024
CAT-QuickHeal (Suspicious) - DNAScan 20151023
DrWeb Trojan.PWS.Panda.7708 20151023
ESET-NOD32 a variant of Win32/Kryptik.DKBB 20151023
K7GW Trojan ( 700001211 ) 20151023
McAfee-GW-Edition BehavesLike.Win32.VirRansom.dm 20151023
Panda Trj/Genetic.gen 20151023
AegisLab 20151023
Yandex 20151023
AhnLab-V3 20151023
Alibaba 20151023
Antiy-AVL 20151023
Arcabit 20151023
Avast 20151023
AVG 20151023
Avira (no cloud) 20151023
Baidu-International 20151023
BitDefender 20151023
Bkav 20151023
ByteHero 20151024
ClamAV 20151023
CMC 20151021
Comodo 20151023
Cyren 20151023
Emsisoft 20151023
F-Prot 20151023
F-Secure 20151023
Fortinet 20151023
GData 20151023
Ikarus 20151023
Jiangmin 20151023
K7AntiVirus 20151023
Kaspersky 20151023
Malwarebytes 20151023
McAfee 20151023
Microsoft 20151023
eScan 20151023
NANO-Antivirus 20151023
nProtect 20151023
Qihoo-360 20151024
Rising 20151023
Sophos AV 20151023
SUPERAntiSpyware 20151023
Symantec 20151023
Tencent 20151024
TheHacker 20151020
TotalDefense 20151023
TrendMicro 20151024
TrendMicro-HouseCall 20151024
VBA32 20151023
VIPRE 20151024
ViRobot 20151024
Zillya 20151023
Zoner 20151023
The file being studied is a Portable Executable file! More specifically, it is a Win32 EXE file for the Windows GUI subsystem.
PE header basic information
Target machine Intel 386 or later processors and compatible processors
Compilation timestamp 2005-02-27 05:11:07
Entry Point 0x00001000
Number of sections 16
PE sections
PE imports
DdeSetQualityOfService
RegisterWindowMessageW
DdeDisconnectList
GetForegroundWindow
GetParent
SendNotifyMessageA
AttachThreadInput
GetPriorityClipboardFormat
DrawIcon
GetCapture
CloseDesktop
FindWindowA
DrawTextExA
GetSysColorBrush
GetWindowRect
GetThreadDesktop
RegisterClipboardFormatA
MoveWindow
GetClipboardFormatNameW
IsWindowEnabled
SetActiveWindow
CharNextExA
GetDlgCtrlID
GetListBoxInfo
PaintDesktop
IsWindowVisible
GetMessageTime
BroadcastSystemMessageA
InvertRect
InSendMessage
AnimateWindow
GetMouseMovePointsEx
GetWindowTextLengthA
LoadIconA
GetKeyboardLayout
GetTopWindow
IsDlgButtonChecked
CharNextA
RegisterClipboardFormatW
GetDesktopWindow
CopyAcceleratorTableW
GetKeyboardType
Number of PE resources by type
RT_MENU 1
RT_VERSION 1
Number of PE resources by language
RUSSIAN 1
ENGLISH US 1
PE resources
ExifTool file metadata
MIMEType
application/octet-stream

Subsystem
Windows GUI

MachineType
Intel 386 or later, and compatibles

FileTypeExtension
exe

TimeStamp
2005:02:27 06:11:07+01:00

FileType
Win32 EXE

PEType
PE32

CodeSize
186368

LinkerVersion
0.0

EntryPoint
0x1000

InitializedDataSize
30720

SubsystemVersion
4.1

ImageVersion
0.0

OSVersion
4.0

UninitializedDataSize
0

File identification
MD5 4f976fef5371ca234712c8cd44ab568c
SHA1 2837244b0c8cea216e4905bbe3810814fc851868
SHA256 925cb839582c68d0433687f6364c8146de07dd610b48719b61906526e841b095
ssdeep
1536:fz4nsYX5/YxBQSSg1B0kkhoHM+g8H+Ai+1RwJylrgi:fUsjxBQSx1k378Hc1QlEi

authentihash 466a9ae1f51c08253106c053abbe2b69ee187aa36d29d489d85e08454dcb8809
imphash 6bf8e12abe43482172c0d278e2bd4ff8
File size 236.0 KB ( 241664 bytes )
File type Win32 EXE
Magic literal
PE32 executable for MS Windows (GUI) Intel 80386 32-bit

TrID Win32 Executable (generic) (52.7%)
Generic Win/DOS Executable (23.4%)
DOS Executable Generic (23.4%)
VXD Driver (0.3%)
Tags
peexe

VirusTotal metadata
First submission 2015-10-23 23:38:57 UTC ( 3 years, 5 months ago )
Last submission 2015-10-23 23:38:57 UTC ( 3 years, 5 months ago )
File names 25f8a2790684a487b929372bd4c4450f779082a2
No comments. No VirusTotal Community member has commented on this item yet, be the first one to do so!

Leave your comment...

?
Post comment

You have not signed in. Only registered users can leave comments, sign in and have a voice!

No votes. No one has voted on this item yet, be the first one to do so!
Condensed report! The following is a condensed report of the behaviour of the file when executed in a controlled environment. The actions and events described were either performed by the file itself or by any other process launched by the executed file or subjected to code injection by the executed file.
Opened files
Read files
Written files
Created processes
Created mutexes
Opened mutexes
Runtime DLLs