× Cookies are disabled! This site requires cookies to be enabled to work properly
SHA256: 95ee10927c229a825ea934a054bd786a0226d20ae16a6207f8422129cb6bca76
File name: 5eccd40fe6382531b0522356d636b29f
Detection ratio: 14 / 57
Analysis date: 2016-10-03 06:51:28 UTC ( 2 years, 5 months ago )
Antivirus Result Update
AhnLab-V3 Backdoor/Win32.Vawtrak.N2119823149 20161002
AVG PSW.Generic13.OQR 20161003
Avira (no cloud) TR/Crypt.Xpack.ynkeh 20161002
CrowdStrike Falcon (ML) malicious_confidence_100% (D) 20160725
DrWeb Trojan.PWS.Papras.2370 20161003
ESET-NOD32 Win32/PSW.Papras.EJ 20161003
Sophos ML ddos.win32.nitol.b 20160928
Kaspersky Backdoor.Win32.Vawtrak.cq 20161003
Malwarebytes Backdoor.VawTrak 20161003
Microsoft Backdoor:Win32/Vawtrak.E 20161003
Panda Generic Suspicious 20161002
Qihoo-360 HEUR/QVM07.1.0000.Malware.Gen 20161003
Rising Malware.Generic!XhBW7bXglWH@5 (thunder) 20161003
Sophos AV Mal/Generic-S 20161003
Ad-Aware 20161003
AegisLab 20161003
Alibaba 20160930
ALYac 20160930
Antiy-AVL 20161003
Arcabit 20161003
Avast 20161003
AVware 20161003
Baidu 20161001
BitDefender 20161003
Bkav 20161002
CAT-QuickHeal 20161003
ClamAV 20161003
CMC 20160930
Comodo 20161003
Cyren 20161003
Emsisoft 20161003
F-Prot 20160926
F-Secure 20161003
Fortinet 20161003
GData 20161003
Ikarus 20161002
Jiangmin 20161003
K7AntiVirus 20161002
K7GW 20161003
Kingsoft 20161003
McAfee 20161003
McAfee-GW-Edition 20161003
eScan 20161003
NANO-Antivirus 20161003
nProtect 20161003
SUPERAntiSpyware 20161002
Symantec 20161003
Tencent 20161003
TheHacker 20161001
TrendMicro 20161003
TrendMicro-HouseCall 20161003
VBA32 20161001
VIPRE 20161003
ViRobot 20161003
Yandex 20161002
Zillya 20161001
Zoner 20161003
The file being studied is a Portable Executable file! More specifically, it is a Win32 EXE file for the Windows GUI subsystem.
FileVersionInfo properties
Copyright
Copyright ? 2016

Product ChatClient
Original name ChatClient.exe
Internal name ChatClient
File version 1, 0, 0, 1
Description ChatClient
PE header basic information
Target machine Intel 386 or later processors and compatible processors
Compilation timestamp 2016-09-26 17:40:13
Entry Point 0x00001874
Number of sections 4
PE sections
PE imports
GetStartupInfoA
GetModuleHandleA
GetModuleFileNameW
CreateFileW
Ord(1775)
Ord(4080)
Ord(4710)
Ord(3597)
Ord(3136)
Ord(6375)
Ord(755)
Ord(3798)
Ord(2621)
Ord(3259)
Ord(2446)
Ord(2915)
Ord(815)
Ord(641)
Ord(5277)
Ord(2514)
Ord(4425)
Ord(5199)
Ord(4441)
Ord(1134)
Ord(4465)
Ord(5300)
Ord(4627)
Ord(1168)
Ord(3738)
Ord(4853)
Ord(2982)
Ord(4234)
Ord(825)
Ord(3081)
Ord(5307)
Ord(4424)
Ord(540)
Ord(4078)
Ord(2554)
Ord(6376)
Ord(1727)
Ord(2379)
Ord(2725)
Ord(4998)
Ord(800)
Ord(3749)
Ord(1199)
Ord(2512)
Ord(470)
Ord(4274)
Ord(5261)
Ord(4079)
Ord(3147)
Ord(2124)
Ord(535)
Ord(6052)
Ord(3262)
Ord(1576)
Ord(4353)
Ord(5065)
Ord(4407)
Ord(3346)
Ord(2396)
Ord(3831)
Ord(6374)
Ord(5280)
Ord(3825)
Ord(2976)
Ord(1089)
Ord(2985)
Ord(3922)
Ord(1247)
Ord(4376)
Ord(324)
Ord(3830)
Ord(2385)
Ord(3079)
Ord(6334)
Ord(2055)
Ord(4837)
Ord(5241)
Ord(2648)
Ord(5714)
Ord(5289)
Ord(4622)
Ord(561)
Ord(4486)
Ord(4698)
Ord(5163)
Ord(5265)
Ord(4673)
Ord(5302)
Ord(5731)
_except_handler3
__p__fmode
__CxxFrameHandler
_acmdln
_ftol
_exit
__p__commode
__setusermatherr
_setmbcp
__dllonexit
_onexit
exit
_XcptFilter
__getmainargs
_initterm
_controlfp
_adjust_fdiv
__set_app_type
GetSystemMetrics
EnableWindow
DrawIcon
FindWindowW
SendMessageA
GetClientRect
IsIconic
ExifTool file metadata
SubsystemVersion
4.0

LinkerVersion
6.0

ImageVersion
0.0

FileSubtype
0

FileVersionNumber
1.0.0.1

UninitializedDataSize
0

LanguageCode
Icelandic

FileFlagsMask
0x003f

CharacterSet
Windows, Turkish

InitializedDataSize
212992

EntryPoint
0x1874

OriginalFileName
ChatClient.exe

MIMEType
application/octet-stream

LegalCopyright
Copyright ? 2016

FileVersion
1, 0, 0, 1

TimeStamp
2016:09:26 18:40:13+01:00

FileType
Win32 EXE

PEType
PE32

InternalName
ChatClient

ProductVersion
1, 0, 0, 1

FileDescription
ChatClient

OSVersion
4.0

FileOS
Windows NT 32-bit

Subsystem
Windows GUI

MachineType
Intel 386 or later, and compatibles

CodeSize
4096

ProductName
ChatClient

ProductVersionNumber
1.0.0.1

FileTypeExtension
exe

ObjectFileType
Executable application

File identification
MD5 5eccd40fe6382531b0522356d636b29f
SHA1 1a475ab6b9fa4758069de969f78e9897a883b817
SHA256 95ee10927c229a825ea934a054bd786a0226d20ae16a6207f8422129cb6bca76
ssdeep
6144:pP0shkkXoLTaPiJdD+KdSregSskJ7URb/TVs5ac:lpq8oTaKJdD+KdSagSskWV/psb

authentihash 791acf4cad50441fb28e298fb6157742a1cbdd82015cc974afc70dd2fc48ddc2
imphash 486fce4e826fff2c3edc7f1f36c09daf
File size 216.0 KB ( 221184 bytes )
File type Win32 EXE
Magic literal
PE32 executable for MS Windows (GUI) Intel 80386 32-bit

TrID Win32 Dynamic Link Library (generic) (43.5%)
Win32 Executable (generic) (29.8%)
Generic Win/DOS Executable (13.2%)
DOS Executable Generic (13.2%)
Tags
peexe

VirusTotal metadata
First submission 2016-10-03 06:51:28 UTC ( 2 years, 5 months ago )
Last submission 2016-10-03 06:51:28 UTC ( 2 years, 5 months ago )
File names ChatClient
ChatClient.exe
Advanced heuristic and reputation engines
No comments. No VirusTotal Community member has commented on this item yet, be the first one to do so!

Leave your comment...

?
Post comment

You have not signed in. Only registered users can leave comments, sign in and have a voice!

No votes. No one has voted on this item yet, be the first one to do so!