× Cookies are disabled! This site requires cookies to be enabled to work properly
SHA256: 990b424915cfe4bd859543145ed272f53d14de956ca19f767ca49732c7c429d2
File name: a2a4dd53f72625c6f6ad48ca421d5693
Detection ratio: 45 / 68
Analysis date: 2017-11-26 17:15:58 UTC ( 1 year, 3 months ago ) View latest
Antivirus Result Update
Ad-Aware Gen:Variant.Razy.96233 20171126
AhnLab-V3 Trojan/Win32.Tuhkit.R191026 20171126
ALYac Gen:Variant.Razy.96233 20171126
Antiy-AVL Trojan/Win32.AGeneric 20171126
Arcabit Trojan.Razy.D177E9 20171126
Avast Win32:Cryptor 20171126
AVG Win32:Cryptor 20171126
Avira (no cloud) TR/Crypt.ZPACK.lsunz 20171126
Baidu Win32.Trojan.Elenoocka.a 20171124
BitDefender Gen:Variant.Razy.96233 20171126
CAT-QuickHeal Trojan.Zenshirsh.SL7 20171125
CrowdStrike Falcon (ML) malicious_confidence_100% (D) 20171016
Cybereason malicious.1b8fb7 20171103
Cylance Unsafe 20171126
Cyren W32/Nymaim.BZ.gen!Eldorado 20171126
DrWeb Trojan.Siggen6.58358 20171126
eGambit Unsafe.AI_Score_92% 20171126
Emsisoft Gen:Variant.Razy.96233 (B) 20171126
Endgame malicious (high confidence) 20171024
ESET-NOD32 a variant of Win32/Kryptik.FGQX 20171126
F-Prot W32/Nymaim.BZ.gen!Eldorado 20171126
F-Secure Gen:Variant.Razy.96233 20171126
Fortinet W32/Kryptik.FHWB!tr 20171126
GData Gen:Variant.Razy.96233 20171126
Sophos ML heuristic 20170914
K7AntiVirus Trojan ( 004f91f01 ) 20171124
K7GW Trojan ( 004f91f01 ) 20171126
Kaspersky HEUR:Trojan.Win32.Generic 20171126
Malwarebytes Trojan.Boaxxe 20171126
MAX malware (ai score=86) 20171126
McAfee PWSZbot-FAVV!A2A4DD53F726 20171126
McAfee-GW-Edition BehavesLike.Win32.Ransomware.cc 20171126
Microsoft Trojan:Win32/CeeInject.MJ!bit 20171126
eScan Gen:Variant.Razy.96233 20171126
Qihoo-360 HEUR/QVM20.1.72A3.Malware.Gen 20171126
Rising Malware.XPACK-LNR/Heur!1.5594 (CLASSIC) 20171126
SentinelOne (Static ML) static engine - malicious 20171113
Sophos AV Mal/Elenoocka-E 20171126
Symantec Packed.Generic.493 20171125
Tencent Suspicious.Heuristic.Gen.b.0 20171126
TrendMicro Ransom_CERBER.SM37 20171126
TrendMicro-HouseCall Ransom_CERBER.SM37 20171126
WhiteArmor Malware.HighConfidence 20171104
Yandex Trojan.Agent!IUIfPhuucHA 20171120
ZoneAlarm by Check Point HEUR:Trojan.Win32.Generic 20171126
AegisLab 20171126
Alibaba 20171124
Avast-Mobile 20171126
AVware 20171126
Bkav 20171124
ClamAV 20171126
CMC 20171126
Comodo 20171126
Ikarus 20171126
Jiangmin 20171126
Kingsoft 20171126
NANO-Antivirus 20171126
nProtect 20171126
Palo Alto Networks (Known Signatures) 20171126
Panda 20171126
SUPERAntiSpyware 20171126
Symantec Mobile Insight 20171124
TheHacker 20171126
TotalDefense 20171126
Trustlook 20171126
VBA32 20171124
VIPRE 20171126
ViRobot 20171126
Webroot 20171126
Zillya 20171124
Zoner 20171126
The file being studied is a Portable Executable file! More specifically, it is a Win32 EXE file for the Windows GUI subsystem.
Packers identified
PEiD Ste@lth PE 1.01 -> BGCorp
PE header basic information
Target machine Intel 386 or later processors and compatible processors
Compilation timestamp 2012-07-14 10:54:05
Entry Point 0x00003CBD
Number of sections 3
PE sections
PE imports
AuthzFreeResourceManager
AuthzFreeContext
WaitForSingleObject
GetOEMCP
GetTickCount
CreateMailslotA
LoadLibraryA
lstrcmpW
GetAtomNameA
GetCurrentProcessId
GetWindowsDirectoryA
DeleteFileW
GetProcAddress
CreateMutexA
GetFullPathNameW
GlobalAddAtomW
ReleaseSemaphore
MapViewOfFile
GetProcessVersion
GetACP
GetStringTypeW
GetGeoInfoW
GetThreadPriority
RemoveDirectoryA
SetEndOfFile
CreateFileA
GetCurrentThreadId
FindResourceA
lstrcpyn
InterlockedIncrement
PathCompactPathW
UrlCanonicalizeA
UrlGetPartW
UrlIsA
UrlGetLocationW
PathCombineA
UrlCombineW
UrlIsNoHistoryA
PathCommonPrefixA
PathAppendW
UrlUnescapeA
UrlCreateFromPathW
PathIsRootW
UrlCompareW
Number of PE resources by type
GHAR 1
RT_DIALOG 1
Number of PE resources by language
NEUTRAL 2
PE resources
Debug information
ExifTool file metadata
MIMEType
application/octet-stream

Subsystem
Windows GUI

MachineType
Intel 386 or later, and compatibles

FileTypeExtension
exe

TimeStamp
2012:07:14 11:54:05+01:00

FileType
Win32 EXE

PEType
PE32

CodeSize
191488

LinkerVersion
7.1

ImageFileCharacteristics
No relocs, Executable, No line numbers, No symbols, 32-bit

EntryPoint
0x3cbd

InitializedDataSize
8192

SubsystemVersion
4.0

ImageVersion
5.1

OSVersion
5.1

UninitializedDataSize
0

File identification
MD5 a2a4dd53f72625c6f6ad48ca421d5693
SHA1 5bf20c94020816d89dbc6fe7e60e4a6a631a0b0a
SHA256 990b424915cfe4bd859543145ed272f53d14de956ca19f767ca49732c7c429d2
ssdeep
6144:6nnnnC4bGGo5/m3Y5f1+TejP56WCmcDALG:6nnnndrot+qjPIJ98L

authentihash 59d7113b111779f88fcfd3b0c2a66fa949fc6392a47890d97f0c914d5debe1b0
imphash be0f38de50ecb50ab071f71b324eea62
File size 196.0 KB ( 200704 bytes )
File type Win32 EXE
Magic literal
PE32 executable for MS Windows (GUI) Intel 80386 32-bit

TrID Win32 Dynamic Link Library (generic) (38.4%)
Win32 Executable (generic) (26.3%)
OS/2 Executable (generic) (11.8%)
Generic Win/DOS Executable (11.6%)
DOS Executable Generic (11.6%)
Tags
stealth peexe

VirusTotal metadata
First submission 2017-11-26 17:15:58 UTC ( 1 year, 3 months ago )
Last submission 2017-11-26 17:15:58 UTC ( 1 year, 3 months ago )
File names a2a4dd53f72625c6f6ad48ca421d5693
No comments. No VirusTotal Community member has commented on this item yet, be the first one to do so!

Leave your comment...

?
Post comment

You have not signed in. Only registered users can leave comments, sign in and have a voice!

No votes. No one has voted on this item yet, be the first one to do so!
Condensed report! The following is a condensed report of the behaviour of the file when executed in a controlled environment. The actions and events described were either performed by the file itself or by any other process launched by the executed file or subjected to code injection by the executed file.
Opened files
Read files
Written files
Copied files
Deleted files
Created processes
Shell commands
Code injections in the following processes
Created mutexes
Opened mutexes
Runtime DLLs
DNS requests
TCP connections
UDP communications