× Cookies are disabled! This site requires cookies to be enabled to work properly
SHA256: 985de57b68528469056e24584f37fae5d6d2208febf2f913ef1165b508b37a88
File name: 9765c13f2c0b0a00aa6d45ad9ca9ffd4022b9ac1
Detection ratio: 22 / 55
Analysis date: 2016-01-25 05:56:12 UTC ( 3 years ago ) View latest
Antivirus Result Update
ALYac Gen:Variant.Symmi.59911 20160125
Antiy-AVL Trojan/Win32.Waldek 20160125
Arcabit Trojan.Symmi.DEA07 20160125
AVG Downloader.Agent2.BZEJ 20160125
Avira (no cloud) TR/Crypt.Xpack.422848 20160124
BitDefender Gen:Variant.Symmi.59911 20160125
DrWeb BackDoor.Gootkit.207 20160125
Emsisoft Gen:Variant.Symmi.59911 (B) 20160125
ESET-NOD32 Win32/TrojanDownloader.Agent.BXE 20160125
F-Secure Gen:Variant.Symmi.59911 20160125
Fortinet PossibleThreat.P0 20160125
GData Gen:Variant.Symmi.59911 20160125
Ikarus Trojan-Downloader.Win32.Agent 20160125
Kaspersky Trojan.Win32.Waldek.bra 20160125
McAfee Artemis!96A186D43EF4 20160125
McAfee-GW-Edition Artemis 20160125
Microsoft TrojanSpy:Win32/Ursnif.HN 20160125
eScan Gen:Variant.Symmi.59911 20160125
Qihoo-360 QVM07.1.Malware.Gen 20160125
Sophos AV Mal/Generic-S 20160125
Tencent Win32.Trojan-downloader.Agent.Hupd 20160125
VIPRE Trojan.Win32.Generic!BT 20160125
AegisLab 20160122
Yandex 20160124
AhnLab-V3 20160124
Alibaba 20160125
Avast 20160125
AVware 20160111
Baidu-International 20160124
Bkav 20160123
ByteHero 20160125
CAT-QuickHeal 20160125
ClamAV 20160124
CMC 20160111
Comodo 20160125
Cyren 20160125
F-Prot 20160125
Jiangmin 20160125
K7AntiVirus 20160124
K7GW 20160125
Malwarebytes 20160124
NANO-Antivirus 20160125
nProtect 20160122
Panda 20160124
Rising 20160124
SUPERAntiSpyware 20160125
Symantec 20160124
TheHacker 20160124
TotalDefense 20160125
TrendMicro 20160125
TrendMicro-HouseCall 20160125
VBA32 20160123
ViRobot 20160125
Zillya 20160124
Zoner 20160125
The file being studied is a Portable Executable file! More specifically, it is a Win32 EXE file for the Windows GUI subsystem.
PE header basic information
Target machine Intel 386 or later processors and compatible processors
Compilation timestamp 2007-09-28 14:30:48
Entry Point 0x0000642A
Number of sections 4
PE sections
PE imports
GetSidSubAuthorityCount
ImpersonateSelf
GetSecurityDescriptorControl
BuildTrusteeWithNameA
ImpersonateNamedPipeClient
GetTrusteeFormA
ImageList_Duplicate
CreateFontA
CreateBrushIndirect
SetMetaFileBitsEx
CreateEllipticRgnIndirect
GdiSetBatchLimit
GetCharacterPlacementA
GetProfileStringW
GetNamedPipeInfo
GetSystemPowerStatus
GlobalAlloc
Module32Next
GetDiskFreeSpaceExW
AddConsoleAliasW
lstrcpynA
FindNextFileA
GetACP
CreateNamedPipeA
_yn
wcspbrk
__p__fmode
_ftol
realloc
__p__environ
_isatty
_putw
_mkdir
__getmainargs
_controlfp
_initterm
__set_app_type
NetServerEnum
LPSAFEARRAY_UserFree
GetFileVersionInfoSizeA
GetFileVersionInfoA
VerInstallFileA
VerQueryValueW
GetFileVersionInfoW
GetFileVersionInfoSizeW
VerInstallFileW
VerQueryValueA
CommDlgExtendedError
Number of PE resources by type
RT_RCDATA 6
RT_DIALOG 2
RT_ICON 1
RT_GROUP_ICON 1
RT_VERSION 1
Number of PE resources by language
ENGLISH AUS 4
BULGARIAN DEFAULT 4
GERMAN SWISS 3
PE resources
ExifTool file metadata
UninitializedDataSize
0

LinkerVersion
6.0

ImageVersion
0.0

FileSubtype
0

FileVersionNumber
0.33.167.144

LanguageCode
Neutral

FileFlagsMask
0x003f

CharacterSet
Unicode

InitializedDataSize
262144

EntryPoint
0x642a

OriginalFileName
Seascapes.exe

MIMEType
application/octet-stream

FileVersion
0, 104, 88, 23

TimeStamp
2007:09:28 15:30:48+01:00

FileType
Win32 EXE

PEType
PE32

ProductVersion
10, 173, 127, 22

SubsystemVersion
4.0

OSVersion
4.0

FileOS
Windows NT 32-bit

Subsystem
Windows GUI

MachineType
Intel 386 or later, and compatibles

CompanyName
EPIM Ltd

CodeSize
24576

ProductName
Roadblocks Still

ProductVersionNumber
0.30.15.12

FileTypeExtension
exe

ObjectFileType
Executable application

File identification
MD5 96a186d43ef4daaadd08f7fc6f765578
SHA1 9765c13f2c0b0a00aa6d45ad9ca9ffd4022b9ac1
SHA256 985de57b68528469056e24584f37fae5d6d2208febf2f913ef1165b508b37a88
ssdeep
3072:wpwvEF3iiPzGT1fakUgBiBLQYzWivHfPxjFVwAeqDMNFuRqXEhusv1aN+vt:OwvI3iGG5czWgjKCSFzXWcUt

authentihash fa78e928d2b356304fe8c1249503f63979732c41882ba0e03444e05ffb33b37d
imphash cad880e3b0174403d8d5447b864c529f
File size 172.0 KB ( 176128 bytes )
File type Win32 EXE
Magic literal
PE32 executable for MS Windows (GUI) Intel 80386 32-bit

TrID Win32 Dynamic Link Library (generic) (43.5%)
Win32 Executable (generic) (29.8%)
Generic Win/DOS Executable (13.2%)
DOS Executable Generic (13.2%)
Tags
suspicious-dns peexe

VirusTotal metadata
First submission 2016-01-24 00:47:11 UTC ( 3 years ago )
Last submission 2016-08-11 14:51:04 UTC ( 2 years, 6 months ago )
No comments. No VirusTotal Community member has commented on this item yet, be the first one to do so!

Leave your comment...

?
Post comment

You have not signed in. Only registered users can leave comments, sign in and have a voice!

No votes. No one has voted on this item yet, be the first one to do so!
Condensed report! The following is a condensed report of the behaviour of the file when executed in a controlled environment. The actions and events described were either performed by the file itself or by any other process launched by the executed file or subjected to code injection by the executed file.
Opened files
Read files
Written files
Deleted files
Created processes
Shell commands
Opened mutexes
Opened service managers
Opened services
Runtime DLLs
DNS requests
TCP connections
UDP communications