× Cookies are disabled! This site requires cookies to be enabled to work properly
SHA256: 998b76e64bccd64ac26f48d34ffa377738be6470803b36124d3615cd8a80aa6d
File name: 5452135c880f2125ce213166a13931ddde72e538
Detection ratio: 32 / 56
Analysis date: 2016-10-09 13:19:22 UTC ( 2 years, 4 months ago )
Antivirus Result Update
Ad-Aware Trojan.Generic.19207977 20161009
AhnLab-V3 Backdoor/Win32.Androm.N2124605015 20161009
ALYac Trojan.Generic.19207977 20161009
Antiy-AVL Trojan[Backdoor]/Win32.Androm 20161009
Arcabit Trojan.Generic.D1251729 20161009
Avast Win32:Trojan-gen 20161009
Avira (no cloud) TR/Crypt.Xpack.qgacz 20161009
AVware Trojan.Win32.Generic!BT 20161009
BitDefender Trojan.Generic.19207977 20161009
CrowdStrike Falcon (ML) malicious_confidence_100% (D) 20160725
DrWeb Trojan.PWS.Papras.2354 20161009
Emsisoft Trojan.Generic.19207977 (B) 20161009
ESET-NOD32 Win32/PSW.Papras.EJ 20161009
F-Secure Trojan.Generic.19207977 20161009
Fortinet W32/Androm.EJ!tr.bdr 20161009
GData Trojan.Generic.19207977 20161009
Ikarus Trojan.Win32.PSW 20161009
Sophos ML virtool.win32.ceeinject.gf 20160928
Kaspersky Backdoor.Win32.Androm.lbqu 20161009
McAfee Artemis!16B691B9C412 20161009
McAfee-GW-Edition BehavesLike.Win32.Mabezat.dh 20161009
Microsoft Backdoor:Win32/Vawtrak.E 20161009
eScan Trojan.Generic.19207977 20161009
Panda Trj/CI.A 20161009
Qihoo-360 HEUR/QVM10.1.0000.Malware.Gen 20161009
Rising Malware.Heuristic!ET (rdm+) 20161009
Sophos AV Mal/Generic-S 20161009
Symantec Heur.AdvML.B 20161009
Tencent Win32.Backdoor.Androm.Dzkg 20161009
TrendMicro TROJ_GEN.R011C0DJ816 20161009
TrendMicro-HouseCall TROJ_GEN.R011C0DJ816 20161009
VIPRE Trojan.Win32.Generic!BT 20161009
AegisLab 20161009
Alibaba 20161009
AVG 20161009
Baidu 20161001
Bkav 20161008
CAT-QuickHeal 20161008
ClamAV 20161009
CMC 20161003
Comodo 20161007
Cyren 20161009
F-Prot 20161009
Jiangmin 20161009
K7AntiVirus 20161009
K7GW 20161009
Kingsoft 20161009
Malwarebytes 20161009
NANO-Antivirus 20161009
nProtect 20161009
SUPERAntiSpyware 20161009
TheHacker 20161008
VBA32 20161007
ViRobot 20161009
Yandex 20161008
Zillya 20161007
Zoner 20161009
The file being studied is a Portable Executable file! More specifically, it is a Win32 EXE file for the Windows GUI subsystem.
PE header basic information
Target machine Intel 386 or later processors and compatible processors
Compilation timestamp 2016-09-18 09:34:27
Entry Point 0x00003068
Number of sections 4
PE sections
PE imports
RegOpenKeyA
RegCloseKey
RegQueryValueExA
RegSetValueExA
RegOpenKeyExA
RegCreateKeyA
GetStdHandle
GetFileAttributesA
WaitForSingleObject
HeapDestroy
FreeEnvironmentStringsA
DeleteCriticalSection
GetCurrentProcess
GetLocaleInfoA
SetErrorMode
FreeEnvironmentStringsW
FindResourceExA
WideCharToMultiByte
GetStringTypeA
WriteFile
GetSystemTimeAsFileTime
HeapReAlloc
GetStringTypeW
SetFileAttributesA
SetEvent
LocalFree
LoadResource
TlsGetValue
FormatMessageA
SetLastError
GetUserDefaultLangID
CopyFileA
HeapAlloc
GetModuleFileNameA
GetPrivateProfileStringA
UnhandledExceptionFilter
InterlockedDecrement
MultiByteToWideChar
SetUnhandledExceptionFilter
TerminateProcess
GlobalAlloc
GetCurrentThreadId
InterlockedIncrement
InitializeCriticalSectionAndSpinCount
HeapFree
EnterCriticalSection
SetHandleCount
GetOEMCP
QueryPerformanceCounter
GetTickCount
TlsAlloc
GetVersionExA
LoadLibraryA
RtlUnwind
GetStartupInfoA
AddAtomA
GetPrivateProfileIntA
CreateDirectoryA
DeleteFileA
GetWindowsDirectoryA
GlobalLock
CompareStringW
lstrcpyA
CompareStringA
GetTempFileNameA
GetProcAddress
RemoveDirectoryA
IsDebuggerPresent
GetFileType
TlsSetValue
CreateFileA
ExitProcess
LeaveCriticalSection
GetLastError
LCMapStringW
lstrlenA
GlobalFree
LCMapStringA
GetEnvironmentStringsW
GlobalUnlock
lstrlenW
GetShortPathNameA
GetAtomNameA
GetEnvironmentStrings
GetCurrentProcessId
LockResource
GetCPInfo
HeapSize
GetCommandLineA
GetTempPathA
RaiseException
TlsFree
GetModuleHandleA
CloseHandle
GetACP
GetModuleHandleW
OpenEventA
CreateProcessA
IsValidCodePage
HeapCreate
VirtualFree
Sleep
FindResourceA
VirtualAlloc
EndDialog
BeginPaint
CreateDialogIndirectParamA
CharLowerA
GetWindowRect
DispatchMessageA
EndPaint
SetDlgItemTextA
MoveWindow
MessageBoxA
PeekMessageA
SetWindowLongA
TranslateMessage
CharUpperA
GetDC
ReleaseDC
wsprintfA
SendMessageA
GetClientRect
GetDlgItem
CreateDialogParamA
GetWindowLongA
CharNextA
GetDesktopWindow
LoadImageA
DialogBoxIndirectParamA
IsDialogMessageA
DestroyWindow
Number of PE resources by type
RT_ICON 1
RT_GROUP_ICON 1
Number of PE resources by language
NEUTRAL 2
PE resources
ExifTool file metadata
MIMEType
application/octet-stream

Subsystem
Windows GUI

MachineType
Intel 386 or later, and compatibles

TimeStamp
2016:09:18 10:34:27+01:00

FileType
Win32 EXE

PEType
PE32

CodeSize
54272

LinkerVersion
9.0

FileTypeExtension
exe

InitializedDataSize
289280

SubsystemVersion
5.0

EntryPoint
0x3068

OSVersion
5.0

ImageVersion
0.0

UninitializedDataSize
0

File identification
MD5 16b691b9c41227fb9aaf592d7f49c722
SHA1 5452135c880f2125ce213166a13931ddde72e538
SHA256 998b76e64bccd64ac26f48d34ffa377738be6470803b36124d3615cd8a80aa6d
ssdeep
6144:lMAzMl1DhoHlL1Wv/ZasGVUGfOyeQSstlk:lMAAxsehsaNitlk

authentihash 5f615c68b903322f423335978fb4b088549495079a9701b0a6064f0bd4a1f5ee
imphash fa7a673bb1e126e6e150ba5f0c6f7638
File size 261.5 KB ( 267776 bytes )
File type Win32 EXE
Magic literal
PE32 executable for MS Windows (GUI) Intel 80386 32-bit

TrID Win32 Executable MS Visual C++ (generic) (42.2%)
Win64 Executable (generic) (37.3%)
Win32 Dynamic Link Library (generic) (8.8%)
Win32 Executable (generic) (6.0%)
Generic Win/DOS Executable (2.7%)
Tags
peexe

VirusTotal metadata
First submission 2016-10-09 13:19:22 UTC ( 2 years, 4 months ago )
Last submission 2016-10-09 13:19:22 UTC ( 2 years, 4 months ago )
No comments. No VirusTotal Community member has commented on this item yet, be the first one to do so!

Leave your comment...

?
Post comment

You have not signed in. Only registered users can leave comments, sign in and have a voice!

No votes. No one has voted on this item yet, be the first one to do so!
Condensed report! The following is a condensed report of the behaviour of the file when executed in a controlled environment. The actions and events described were either performed by the file itself or by any other process launched by the executed file or subjected to code injection by the executed file.
Opened files
Read files
Written files
Code injections in the following processes
Created mutexes
Runtime DLLs
UDP communications