× Cookies are disabled! This site requires cookies to be enabled to work properly
SHA256: 9995fe6ff112efb6de6498ace23f42b8d3689f3c890959728cbc888462b9ea0d
File name: pisload2
Detection ratio: 37 / 56
Analysis date: 2016-06-20 10:30:42 UTC ( 2 years, 7 months ago )
Antivirus Result Update
Ad-Aware Gen:Variant.Symmi.33154 20160620
AegisLab Troj.Ransom.W32.Blocker!c 20160620
ALYac Gen:Variant.Symmi.33154 20160620
Antiy-AVL Trojan[Ransom]/Win32.Blocker 20160620
Arcabit Trojan.Symmi.D8182 20160620
Avast Win32:Malware-gen 20160620
Avira (no cloud) TR/Symmi.33154 20160620
AVware Trojan.Win32.Generic!BT 20160620
Baidu-International Trojan.Win32.Ransomlock.crmb 20160614
BitDefender Gen:Variant.Symmi.33154 20160620
CAT-QuickHeal TrojanRansom.Blocker.r4 20160620
Cyren W32/Ransom.LHQB-2409 20160620
DrWeb Trojan.DownLoader10.41968 20160620
Emsisoft Gen:Variant.Symmi.33154 (B) 20160620
ESET-NOD32 a variant of Win32/Roseam.B 20160620
F-Secure Gen:Variant.Symmi.33154 20160620
Fortinet W32/Blocker.CRMB!tr 20160620
GData Gen:Variant.Symmi.33154 20160620
Ikarus Trojan-Ransom.Win32.Blocker 20160620
Kaspersky Trojan-Ransom.Win32.Blocker.crmb 20160620
Kingsoft Win32.Troj.Undef.(kcloud) 20160620
McAfee Artemis!52C63EFDA472 20160620
McAfee-GW-Edition Artemis!Trojan 20160619
Microsoft Trojan:Win32/Dynamer!ac 20160620
eScan Gen:Variant.Symmi.33154 20160620
NANO-Antivirus Trojan.Win32.Blocker.cxuuff 20160620
Panda Trj/CI.A 20160619
Qihoo-360 Win32/Trojan.Ransom.10f 20160620
Sophos AV Troj/Mdrop-HGX 20160620
Symantec Trojan.Ransomlock.V 20160620
Tencent Win32.Trojan.Blocker.Swbe 20160620
TrendMicro TROJ_GEN.R002C0DEU16 20160620
VBA32 BScope.Trojan.IRCbot 20160617
VIPRE Trojan.Win32.Generic!BT 20160620
ViRobot Trojan.Win32.Z.Blocker.98304.H[h] 20160620
Yandex Trojan.Blocker!QazTI4OOzKg 20160616
Zillya Trojan.Blocker.Win32.34532 20160618
AhnLab-V3 20160619
Alibaba 20160620
AVG 20160620
Baidu 20160620
Bkav 20160618
ClamAV 20160620
CMC 20160620
Comodo 20160620
F-Prot 20160620
Jiangmin 20160620
K7AntiVirus 20160620
K7GW 20160620
Malwarebytes 20160620
nProtect 20160617
SUPERAntiSpyware 20160620
TheHacker 20160620
TotalDefense 20160620
TrendMicro-HouseCall 20160620
Zoner 20160620
The file being studied is a Portable Executable file! More specifically, it is a Win32 EXE file for the Windows GUI subsystem.
FileVersionInfo properties
Copyright
Copyright (C) 2001

Product Application
Internal name pisload2
File version 1, 0, 1, 3
Description pisload2 MFC Application
Packers identified
PEiD Armadillo v1.71
PE header basic information
Target machine Intel 386 or later processors and compatible processors
Compilation timestamp 2013-10-23 10:11:23
Entry Point 0x00001DB0
Number of sections 4
PE sections
PE imports
GetStartupInfoA
CreateThread
LoadLibraryA
GetModuleHandleA
ReadFile
WriteFile
Sleep
CloseHandle
CreateFileA
SetFilePointer
GetProcAddress
ExpandEnvironmentStringsA
Ord(1775)
Ord(4080)
Ord(4710)
Ord(3597)
Ord(3136)
Ord(6375)
Ord(755)
Ord(3798)
Ord(6052)
Ord(3259)
Ord(2446)
Ord(815)
Ord(641)
Ord(5277)
Ord(2514)
Ord(4425)
Ord(5199)
Ord(4441)
Ord(1134)
Ord(4465)
Ord(2863)
Ord(5300)
Ord(4627)
Ord(1168)
Ord(3738)
Ord(4853)
Ord(2982)
Ord(4234)
Ord(825)
Ord(3081)
Ord(5307)
Ord(4424)
Ord(540)
Ord(4078)
Ord(2554)
Ord(6376)
Ord(1727)
Ord(823)
Ord(2379)
Ord(2725)
Ord(4998)
Ord(800)
Ord(3749)
Ord(2512)
Ord(470)
Ord(4274)
Ord(5261)
Ord(4079)
Ord(1146)
Ord(3147)
Ord(2124)
Ord(2621)
Ord(3262)
Ord(1576)
Ord(4353)
Ord(5065)
Ord(4407)
Ord(3346)
Ord(2396)
Ord(3831)
Ord(6374)
Ord(5280)
Ord(4486)
Ord(2976)
Ord(1089)
Ord(2985)
Ord(3922)
Ord(4160)
Ord(4376)
Ord(324)
Ord(3830)
Ord(2385)
Ord(3079)
Ord(2055)
Ord(4837)
Ord(5241)
Ord(2648)
Ord(5714)
Ord(5289)
Ord(4622)
Ord(561)
Ord(3825)
Ord(4698)
Ord(5163)
Ord(5265)
Ord(4673)
Ord(5302)
Ord(5731)
_except_handler3
_acmdln
_snprintf
__p__fmode
_adjust_fdiv
__CxxFrameHandler
_exit
__p__commode
_setmbcp
__dllonexit
_onexit
exit
_XcptFilter
__getmainargs
_initterm
_controlfp
__setusermatherr
__set_app_type
GetSystemMetrics
AppendMenuA
EnableWindow
DrawIcon
SendMessageA
GetClientRect
GetSystemMenu
IsIconic
LoadIconA
Number of PE resources by type
RT_ICON 2
RT_DIALOG 2
RT_STRING 1
RT_VERSION 1
RT_GROUP_ICON 1
Number of PE resources by language
ENGLISH US 4
CHINESE SIMPLIFIED 3
PE resources
ExifTool file metadata
SubsystemVersion
4.0

LinkerVersion
6.0

ImageVersion
0.0

FileSubtype
0

FileVersionNumber
1.0.1.3

UninitializedDataSize
0

LanguageCode
English (U.S.)

FileFlagsMask
0x003f

CharacterSet
Unicode

InitializedDataSize
90112

EntryPoint
0x1db0

MIMEType
application/octet-stream

LegalCopyright
Copyright (C) 2001

FileVersion
1, 0, 1, 3

TimeStamp
2013:10:23 11:11:23+01:00

FileType
Win32 EXE

PEType
PE32

InternalName
pisload2

ProductVersion
1, 0, 1, 3

FileDescription
pisload2 MFC Application

OSVersion
4.0

FileOS
Win32

Subsystem
Windows GUI

MachineType
Intel 386 or later, and compatibles

CodeSize
4096

ProductName
Application

ProductVersionNumber
1.0.1.3

FileTypeExtension
exe

ObjectFileType
Executable application

File identification
MD5 52c63efda472415eb3f6b89ee4a95173
SHA1 b71efd594b45a853c0ed603a5caa53c86d08bb7d
SHA256 9995fe6ff112efb6de6498ace23f42b8d3689f3c890959728cbc888462b9ea0d
ssdeep
768:llqaa68vg0o/ts+XZeLT39a1z7CtbYsLAuD4yW8e0wUE3Z6X7xe:Gdrg0o/1XZeQetksEu5WywUE3I7xe

authentihash 706804c9401cbcc53f5f6833ad60c04603ae178e97afd506e0c1e3d5dc1be60b
imphash 740be175e153c9009b2e1ce3b0ce4614
File size 96.0 KB ( 98304 bytes )
File type Win32 EXE
Magic literal
PE32 executable for MS Windows (GUI) Intel 80386 32-bit

TrID Win32 Executable MS Visual C++ (generic) (67.4%)
Win32 Dynamic Link Library (generic) (14.2%)
Win32 Executable (generic) (9.7%)
Generic Win/DOS Executable (4.3%)
DOS Executable Generic (4.3%)
Tags
peexe armadillo

VirusTotal metadata
First submission 2013-10-31 14:15:29 UTC ( 5 years, 2 months ago )
Last submission 2016-06-16 16:14:57 UTC ( 2 years, 7 months ago )
File names 52c63efda472415eb3f6b89ee4a95173_INFC368.tmp
pisload2
CirtixReceiverWeb_6.5.exe
Advanced heuristic and reputation engines
TrendMicro-HouseCall
TrendMicro's heuristic engine has flagged this file as: TROJ_GEN.R002C0DEU16.

Symantec reputation Suspicious.Insight
No comments. No VirusTotal Community member has commented on this item yet, be the first one to do so!

Leave your comment...

?
Post comment

You have not signed in. Only registered users can leave comments, sign in and have a voice!

No votes. No one has voted on this item yet, be the first one to do so!
Condensed report! The following is a condensed report of the behaviour of the file when executed in a controlled environment. The actions and events described were either performed by the file itself or by any other process launched by the executed file or subjected to code injection by the executed file.
Opened files
Read files
Opened mutexes
Runtime DLLs
Additional details
The file sends control codes directly to certain device drivers making use of the DeviceIoControl Windows API function.