× Cookies are disabled! This site requires cookies to be enabled to work properly
SHA256: 92b449d5932fd42a5040b26e2a849aea3deb04ae0c4e400e6ddf13acd12a94e3
File name: s1a_dump_SCY.exe
Detection ratio: 34 / 59
Analysis date: 2017-03-13 17:08:19 UTC ( 1 week, 5 days ago ) View latest
Antivirus Result Update
Ad-Aware Gen:Trojan.Heur.GM.0184030182 20170313
AhnLab-V3 Worm/Win32.VBNA.C1740072 20170313
Arcabit Trojan.Heur.GM.DAF813E6 20170313
AVG Dropper.Generic9.AKJN 20170313
Avira (no cloud) TR/Dropper.Gen 20170313
AVware Packed.Win32.PePatch.a (v) 20170313
Baidu Win32.Trojan.WisdomEyes.16070401.9500.9999 20170313
BitDefender Gen:Trojan.Heur.GM.0184030182 20170313
CAT-QuickHeal (Suspicious) - DNAScan 20170313
Comodo Packed.Win32.MUPX.Gen 20170313
CrowdStrike Falcon (ML) malicious_confidence_100% (D) 20170130
Cyren W32/new-malware!Maximus 20170313
DrWeb Trojan.DiamondFox.1 20170313
Emsisoft Gen:Trojan.Heur.GM.0184030182 (B) 20170313
Endgame malicious (high confidence) 20170222
ESET-NOD32 a variant of Win32/VB.OGM 20170313
F-Prot W32/new-malware!Maximus 20170313
F-Secure Gen:Trojan.Heur.GM.0184030182 20170313
GData Gen:Trojan.Heur.GM.0184030182 20170313
Invincea generic.a 20170203
Kaspersky Worm.Win32.VBNA.c 20170313
McAfee-GW-Edition BehavesLike.Win32.StartPage.qm 20170313
Microsoft VirTool:Win32/VBInject.gen!FA 20170313
eScan Gen:Trojan.Heur.GM.0184030182 20170313
NANO-Antivirus Trojan.Win32.VB.elqcav 20170313
Panda Trj/GdSda.A 20170313
Qihoo-360 HEUR/QVM03.0.0000.Malware.Gen 20170313
Rising Malware.Generic.4!tfe (thunder:4:bBujDNv0cQS) 20170313
Sophos Mal/VB-GI 20170313
Symantec ML.Attribute.HighConfidence 20170313
VBA32 Worm.VBNA 20170313
VIPRE Packed.Win32.PePatch.a (v) 20170313
ViRobot Trojan.Win32.Agent.57856.AW[h] 20170313
ZoneAlarm by Check Point Worm.Win32.VBNA.c 20170313
AegisLab 20170313
Alibaba 20170228
ALYac 20170313
Antiy-AVL 20170313
Avast 20170313
Bkav 20170313
ClamAV 20170313
CMC 20170313
Fortinet 20170311
Ikarus 20170313
Jiangmin 20170313
K7AntiVirus 20170313
K7GW 20170313
Kingsoft 20170313
Malwarebytes 20170313
McAfee 20170313
nProtect 20170313
Palo Alto Networks (Known Signatures) 20170313
SUPERAntiSpyware 20170313
Tencent 20170313
TheHacker 20170311
TrendMicro 20170313
Trustlook 20170313
Webroot 20170313
WhiteArmor 20170303
Yandex 20170312
Zillya 20170310
Zoner 20170313
The file being studied is a Portable Executable file! More specifically, it is a Win32 EXE file for the Windows GUI subsystem.
PE header basic information
Target machine Intel 386 or later processors and compatible processors
Compilation timestamp 2016-06-02 19:59:10
Entry Point 0x000012D4
Number of sections 5
PE sections
PE imports
CreateMutexA
CreateProcessW
Sleep
GetStartupInfoW
GetTickCount
GetModuleFileNameA
LoadLibraryA
rtcMidCharBstr
rtcFileLen
rtcLowerCaseBstr
rtcGetPresentDate
rtcGetMonthOfYear
rtcSplit
rtcStrFromVar
rtcMakeDir
rtcErrObj
rtcStringBstr
rtcDeleteSetting
rtcRightCharBstr
rtcArray
ThunRTMain
rtcGetDateValue
rtcGetYear
__vbaExceptHandler
rtcBstrFromAnsi
DllFunctionCall
rtcAnsiValueBstr
rtcFileCopy
rtcBstrFromChar
rtcGetFileAttr
rtcTan
rtcShell
rtcSpaceBstr
rtcDoEvents
rtcRound
rtcRandomize
rtcSaveSetting
rtcFileLength
ProcCallEngine
rtcStringVar
rtcLeftCharBstr
rtcCos
rtcStrConvVar2
rtcReplace
rtcSqr
rtcFormatNumber
rtcCharValueBstr
rtcSetFileAttr
rtcCreateObject2
rtcRandomNext
VarPtr
rtcGetSetting
rtcEnvironBstr
rtcDir
rtcGetObject
rtcTrimBstr
rtcHexBstrFromVar
rtcKillFiles
rtcGetDayOfMonth
NtWriteVirtualMemory
NtGetContextThread
NtSetContextThread
NtUnmapViewOfSection
NtAllocateVirtualMemory
NtResumeThread
IsUserAnAdmin
InternetOpenUrlA
InternetOpenA
InternetCheckConnectionA
DeleteUrlCacheEntryA
ExifTool file metadata
MIMEType
application/octet-stream

Subsystem
Windows GUI

MachineType
Intel 386 or later, and compatibles

TimeStamp
2016:06:02 20:59:10+01:00

FileType
Win32 EXE

PEType
PE32

CodeSize
16384

LinkerVersion
6.0

FileTypeExtension
exe

InitializedDataSize
4096

SubsystemVersion
5.1

EntryPoint
0x12d4

OSVersion
4.0

ImageVersion
0.0

UninitializedDataSize
40960

File identification
MD5 988e9fa903cc2fbb80e7221072fb2221
SHA1 a69963cf1b22edc9f3a7f86380ed3d6627ff174b
SHA256 92b449d5932fd42a5040b26e2a849aea3deb04ae0c4e400e6ddf13acd12a94e3
ssdeep
768:EbBuCExED5DDwP1yByU0yylKdwnYoKCVjL8G4ZZfJUVhgCDHjV:EbsDuD5Ds410FKKQtG4vxUQCD

authentihash 30ceb8eb65e287f7307ce64f3ce2e338f93943b559806a3f604bfe741402a14a
imphash 1fc36489c3358d5ba6ddbb85da923de4
File size 56.5 KB ( 57856 bytes )
File type Win32 EXE
Magic literal
PE32 executable for MS Windows (GUI) Intel 80386 32-bit

TrID Win32 Executable (generic) (47.2%)
Generic Win/DOS Executable (20.9%)
DOS Executable Generic (20.9%)
Maple Common Binary file (generic) (10.4%)
VXD Driver (0.3%)
Tags
peexe

VirusTotal metadata
First submission 2017-03-13 17:08:19 UTC ( 1 week, 5 days ago )
Last submission 2017-03-20 12:29:14 UTC ( 5 days, 9 hours ago )
File names s1a_dump_SCY.exe
No comments. No VirusTotal Community member has commented on this item yet, be the first one to do so!

Leave your comment...

?
Post comment

You have not signed in. Only registered users can leave comments, sign in and have a voice!

No votes. No one has voted on this item yet, be the first one to do so!
Condensed report! The following is a condensed report of the behaviour of the file when executed in a controlled environment. The actions and events described were either performed by the file itself or by any other process launched by the executed file or subjected to code injection by the executed file.
Opened files
Read files
Written files
Created processes
Opened mutexes
Hooking activity
Runtime DLLs
Additional details
The file installs an application-defined hook procedure into a hook chain. You would install a hook procedure to monitor the system for certain types of events. These events are associated either with a specific thread or with all threads in the same desktop as the calling thread. This is done making use of the SetWindowsHook Windows API function.
UDP communications