× Cookies are disabled! This site requires cookies to be enabled to work properly
SHA256: 97a4fe49309376208670b3ba1e4480498513f11582e056d0261e127df451e1b6
File name: ircsmoke927250.exe
Detection ratio: 17 / 56
Analysis date: 2017-01-22 23:20:58 UTC ( 2 years, 1 month ago ) View latest
Antivirus Result Update
Ad-Aware Gen:Variant.Midie.34651 20170122
AegisLab Gen.Variant.Mikey!c 20170122
Arcabit Trojan.Mikey.DE3E7 20170122
Avast Win32:Malware-gen 20170122
Baidu Win32.Trojan.WisdomEyes.16070401.9500.9990 20170122
BitDefender Gen:Variant.Midie.34651 20170122
Cyren W32/S-e2e07e9d!Eldorado 20170122
DrWeb Trojan.Proxy2.164 20170122
Emsisoft Gen:Variant.Midie.34651 (B) 20170122
ESET-NOD32 a variant of Win32/Kryptik.FNHD 20170122
F-Prot W32/S-e2e07e9d!Eldorado 20170122
F-Secure Gen:Variant.Midie.34651 20170122
GData Gen:Variant.Midie.34651 20170122
Sophos ML worm.win32.dorkbot.i 20170111
McAfee Artemis!EA06D58EB647 20170123
McAfee-GW-Edition BehavesLike.Win32.Gamarue.dh 20170122
eScan Gen:Variant.Midie.34651 20170123
AhnLab-V3 20170122
Alibaba 20170122
ALYac 20170122
Antiy-AVL 20170122
AVG 20170122
Avira (no cloud) 20170122
AVware 20170122
CAT-QuickHeal 20170121
ClamAV 20170122
CMC 20170122
Comodo 20170122
CrowdStrike Falcon (ML) 20161024
Fortinet 20170122
Ikarus 20170122
Jiangmin 20170122
K7AntiVirus 20170122
K7GW 20170123
Kaspersky 20170122
Kingsoft 20170123
Malwarebytes 20170122
Microsoft 20170122
NANO-Antivirus 20170122
nProtect 20170122
Panda 20170122
Qihoo-360 20170123
Rising 20170122
Sophos AV 20170122
SUPERAntiSpyware 20170122
Symantec 20170122
Tencent 20170123
TheHacker 20170117
TotalDefense 20170122
TrendMicro 20170122
TrendMicro-HouseCall 20170122
Trustlook 20170123
VBA32 20170121
VIPRE 20170122
ViRobot 20170122
WhiteArmor 20170122
Yandex 20170122
Zillya 20170120
Zoner 20170122
The file being studied is a Portable Executable file! More specifically, it is a Win32 EXE file for the Windows GUI subsystem.
PE header basic information
Target machine Intel 386 or later processors and compatible processors
Compilation timestamp 2017-01-22 17:45:23
Entry Point 0x000035C7
Number of sections 4
PE sections
PE imports
GetStdHandle
GetConsoleOutputCP
WaitForSingleObject
HeapDestroy
GetLocalTime
FreeEnvironmentStringsA
DeleteCriticalSection
GetCurrentProcess
GetConsoleMode
GetLocaleInfoA
lstrcatA
FreeEnvironmentStringsW
SetStdHandle
FindResourceExA
GetCPInfo
GetStringTypeA
WriteFile
GetSystemTimeAsFileTime
HeapReAlloc
GetStringTypeW
FreeLibrary
LocalFree
GetEnvironmentVariableA
LoadResource
TlsGetValue
FormatMessageA
SetLastError
GetSystemTime
InitializeCriticalSection
IsDebuggerPresent
ExitProcess
FlushFileBuffers
GetModuleFileNameA
UnhandledExceptionFilter
InterlockedDecrement
MultiByteToWideChar
FatalAppExitA
SetFilePointer
CreateThread
SetUnhandledExceptionFilter
MulDiv
ExitThread
TerminateProcess
WriteConsoleA
GlobalAlloc
GetCurrentThreadId
InterlockedIncrement
WriteConsoleW
HeapFree
EnterCriticalSection
SetHandleCount
lstrcmpiA
GetOEMCP
QueryPerformanceCounter
GetTickCount
TlsAlloc
VirtualProtect
GetVersionExA
LoadLibraryA
RtlUnwind
GetSystemDirectoryA
GetStartupInfoA
DeleteFileA
GetProcAddress
GetProcessHeap
lstrcmpA
lstrcpyA
GetTimeZoneInformation
GetFileType
TlsSetValue
CreateFileA
HeapAlloc
LeaveCriticalSection
GetLastError
LCMapStringW
GetConsoleCP
LCMapStringA
GetEnvironmentStringsW
GetTempPathA
GetEnvironmentStrings
GetCurrentProcessId
LockResource
WideCharToMultiByte
HeapSize
GetCommandLineA
RaiseException
TlsFree
GetModuleHandleA
ReadFile
CloseHandle
lstrcpynA
GetACP
GetVersion
SizeofResource
CreateProcessA
HeapCreate
VirtualFree
Sleep
FindResourceA
VirtualAlloc
Number of PE resources by type
RT_DIALOG 48
RT_MANIFEST 1
Number of PE resources by language
ENGLISH US 45
CHINESE SIMPLIFIED 2
SPANISH PARAGUAY 1
DUTCH BELGIAN 1
PE resources
ExifTool file metadata
MIMEType
application/octet-stream

Subsystem
Windows GUI

MachineType
Intel 386 or later, and compatibles

FileTypeExtension
exe

TimeStamp
2017:01:22 18:45:23+01:00

FileType
Win32 EXE

PEType
PE32

CodeSize
67584

LinkerVersion
9.0

EntryPoint
0x35c7

InitializedDataSize
249344

SubsystemVersion
5.0

ImageVersion
0.0

OSVersion
5.0

UninitializedDataSize
0

File identification
MD5 ea06d58eb647742f254802b5216ab83f
SHA1 5cbdd62eb1c0636b7e64a5cbcd0eb777dc23cbae
SHA256 97a4fe49309376208670b3ba1e4480498513f11582e056d0261e127df451e1b6
ssdeep
3072:DipyL3FbMaY9dG2N2eR2eRumqky3+mcC2KrybiHm0t95Zwk13qeJ8PDRXuJjX2Fz:fVl+dG29keumEMKr04l3qe0VPsf

authentihash bf4915fdbc9086a976d85256cb296cdb1fd9fef736094e2be27bd9c9911309a5
imphash 88eaf2919c314681430ea216a30b9257
File size 251.0 KB ( 257024 bytes )
File type Win32 EXE
Magic literal
PE32 executable for MS Windows (GUI) Intel 80386 32-bit

TrID Win32 Executable MS Visual C++ (generic) (42.2%)
Win64 Executable (generic) (37.3%)
Win32 Dynamic Link Library (generic) (8.8%)
Win32 Executable (generic) (6.0%)
Generic Win/DOS Executable (2.7%)
Tags
peexe

VirusTotal metadata
First submission 2017-01-22 20:58:09 UTC ( 2 years, 1 month ago )
Last submission 2017-01-22 20:58:09 UTC ( 2 years, 1 month ago )
File names ircsmoke927250.exe
smoke927250.exe
No comments. No VirusTotal Community member has commented on this item yet, be the first one to do so!

Leave your comment...

?
Post comment

You have not signed in. Only registered users can leave comments, sign in and have a voice!

No votes. No one has voted on this item yet, be the first one to do so!
Condensed report! The following is a condensed report of the behaviour of the file when executed in a controlled environment. The actions and events described were either performed by the file itself or by any other process launched by the executed file or subjected to code injection by the executed file.
Opened files
Deleted files
Created processes
Created mutexes
Opened mutexes
Runtime DLLs
Additional details
The file uses the IsDebuggerPresent Windows API function in order to see whether it is being debugged.