× Cookies are disabled! This site requires cookies to be enabled to work properly
SHA256: 9c0e17f241deadba878a65597c04b8c4db9abb71ea57fd467a98293aafde0f8f
File name: MemManDev4.exe
Detection ratio: 30 / 61
Analysis date: 2017-04-06 12:47:56 UTC ( 1 year, 6 months ago )
Antivirus Result Update
AegisLab Backdoor.W32.DarkKomet.tntk 20170406
Antiy-AVL RiskWare[RiskTool]/Win32.AGeneric 20170406
AVG Generic38.XWG 20170406
Avira (no cloud) APPL/Cmdow.88576 20170406
AVware Trojan.Win32.Generic!BT 20170406
Baidu Win32.Trojan.WisdomEyes.16070401.9500.9999 20170406
CAT-QuickHeal RiskTool.Generic 20170406
Comodo Application.Win32.CMDOW.a 20170406
Cyren W64/Trojan.DQKG-9285 20170406
DrWeb Tool.BtcMine.569 20170406
ESET-NOD32 a variant of Win64/BitCoinMiner.BX potentially unsafe 20170406
F-Secure Application.BitcoinMiner.HO 20170406
Fortinet Riskware/Generic 20170406
GData Win64.Trojan.Agent.16F44F 20170406
Ikarus Trojan.Win64.CoinMiner 20170406
Sophos ML virus.win32.sality.r 20170203
K7AntiVirus Unwanted-Program ( 004fc8691 ) 20170406
K7GW Unwanted-Program ( 004fc8691 ) 20170406
Kaspersky not-a-virus:RiskTool.Win32.Generic 20170406
McAfee Artemis!79858AF64B0D 20170406
NANO-Antivirus Trojan.Win32.Cmdow.dmjuol 20170406
Panda Trj/CI.A 20170406
Rising Trojan.Generic (cloud:Qt9wJ7JS2VD) 20170406
Sophos AV Bitcoin Miner (PUA) 20170406
Symantec ML.Attribute.HighConfidence 20170405
TrendMicro TROJ_GE.9962F82B 20170406
TrendMicro-HouseCall TROJ_GE.9962F82B 20170406
VBA32 Trojan.Win64.BitMiner 20170406
Yandex Riskware.Agent! 20170404
ZoneAlarm by Check Point not-a-virus:RiskTool.Win32.Generic 20170406
Ad-Aware 20170406
AhnLab-V3 20170406
Alibaba 20170406
ALYac 20170406
Arcabit 20170406
Avast 20170406
BitDefender 20170406
Bkav 20170405
ClamAV 20170406
CMC 20170406
CrowdStrike Falcon (ML) 20170130
Emsisoft 20170406
Endgame 20170406
F-Prot 20170406
Jiangmin 20170406
Kingsoft 20170406
Malwarebytes 20170406
McAfee-GW-Edition 20170406
Microsoft 20170406
eScan 20170406
nProtect 20170406
Palo Alto Networks (Known Signatures) 20170406
Qihoo-360 20170406
SentinelOne (Static ML) 20170330
SUPERAntiSpyware 20170406
Symantec Mobile Insight 20170406
Tencent 20170406
TheHacker 20170406
Trustlook 20170406
VIPRE 20170406
ViRobot 20170406
Webroot 20170406
WhiteArmor 20170327
Zillya 20170406
Zoner 20170406
The file being studied is a Portable Executable file! More specifically, it is a Win32 EXE file for the Windows GUI subsystem.
Packers identified
F-PROT RAR
PE header basic information
Target machine Intel 386 or later processors and compatible processors
Compilation timestamp 2016-08-14 19:15:49
Entry Point 0x0001CAB5
Number of sections 6
PE sections
Overlays
MD5 dab04c9e582b81d4534d0722fb95e716
File type application/x-rar
Offset 259072
Size 33915346
Entropy 8.00
PE imports
GetStdHandle
FileTimeToSystemTime
WaitForSingleObject
FindNextFileA
EncodePointer
GetFileAttributesW
SystemTimeToTzSpecificLocalTime
DeleteCriticalSection
GetCurrentProcess
OpenFileMappingW
GetConsoleMode
FreeEnvironmentStringsW
InitializeSListHead
GetLocaleInfoW
SetStdHandle
SetFilePointerEx
GetCPInfo
WriteFile
GetSystemTimeAsFileTime
HeapReAlloc
GetStringTypeW
GetExitCodeProcess
InitializeCriticalSection
AllocConsole
TlsGetValue
MoveFileW
SetFileAttributesW
SetLastError
GetSystemTime
DeviceIoControl
RemoveDirectoryW
IsDebuggerPresent
ExitProcess
GetModuleFileNameA
QueryPerformanceFrequency
LoadLibraryExA
SetThreadPriority
FindClose
UnhandledExceptionFilter
LoadLibraryExW
MultiByteToWideChar
GetLocalTime
FoldStringW
GetFullPathNameW
CreateThread
SetEnvironmentVariableW
MoveFileExW
GetSystemDirectoryW
CreateSemaphoreW
IsProcessorFeaturePresent
TzSpecificLocalTimeToSystemTime
TerminateProcess
SetUnhandledExceptionFilter
GetModuleHandleExW
SetCurrentDirectoryW
GlobalAlloc
LocalFileTimeToFileTime
SetEndOfFile
GetCurrentThreadId
GetNumberFormatW
WriteConsoleW
InitializeCriticalSectionAndSpinCount
HeapFree
EnterCriticalSection
LoadLibraryW
GetVersionExW
FreeLibrary
QueryPerformanceCounter
GetTickCount
TlsAlloc
VirtualProtect
FlushFileBuffers
RtlUnwind
DecodePointer
GetDateFormatW
GetStartupInfoW
CreateDirectoryW
DeleteFileW
GetProcAddress
GetProcessHeap
CreateFileMappingW
GetTimeFormatW
GetModuleFileNameW
ExpandEnvironmentStringsW
FindFirstFileExA
FindNextFileW
ResetEvent
FreeConsole
FindFirstFileW
SetEvent
GetProcessAffinityMask
CreateEventW
CreateFileW
GetFileType
TlsSetValue
HeapAlloc
LeaveCriticalSection
GetLastError
AttachConsole
SystemTimeToFileTime
LCMapStringW
GetShortPathNameW
GetSystemInfo
GetConsoleCP
FindResourceW
CompareStringW
GetEnvironmentStringsW
IsDBCSLeadByte
VirtualQuery
FileTimeToLocalFileTime
GetCurrentDirectoryW
GetCurrentProcessId
SetFileTime
GetCommandLineW
WideCharToMultiByte
HeapSize
GetCommandLineA
RaiseException
ReleaseSemaphore
MapViewOfFile
TlsFree
SetFilePointer
ReadFile
CloseHandle
GetACP
GetModuleHandleW
SetThreadExecutionState
GetLongPathNameW
IsValidCodePage
UnmapViewOfFile
GetTempPathW
Sleep
GetOEMCP
CreateHardLinkW
Number of PE resources by type
RT_STRING 10
RT_DIALOG 6
RT_ICON 4
RT_MANIFEST 1
RT_BITMAP 1
RT_GROUP_ICON 1
Number of PE resources by language
RUSSIAN NEUTRAL 23
PE resources
Debug information
ExifTool file metadata
MIMEType
application/octet-stream

Subsystem
Windows GUI

MachineType
Intel 386 or later, and compatibles

FileTypeExtension
exe

TimeStamp
2016:08:14 20:15:49+01:00

FileType
Win32 EXE

PEType
PE32

CodeSize
188416

LinkerVersion
14.0

EntryPoint
0x1cab5

InitializedDataSize
69632

SubsystemVersion
5.1

ImageVersion
0.0

OSVersion
5.1

UninitializedDataSize
0

File identification
MD5 65058582485a505b97c8db1f0f57d102
SHA1 94d050c9035685b7b43863452df058c678ad76b5
SHA256 9c0e17f241deadba878a65597c04b8c4db9abb71ea57fd467a98293aafde0f8f
ssdeep
786432:EyFy79rWGjjDQtetMGvVZW8tGlP8k4SeZ:EgkWGjjDQtetMGNRtVSI

authentihash 899b5af9117b49a61ebe308638550e438e05eabb451b5c8f60705b306c5f19e3
imphash 027ea80e8125c6dda271246922d4c3b0
File size 32.6 MB ( 34174418 bytes )
File type Win32 EXE
Magic literal
PE32 executable for MS Windows (GUI) Intel 80386 32-bit

TrID Win64 Executable (generic) (64.6%)
Win32 Dynamic Link Library (generic) (15.4%)
Win32 Executable (generic) (10.5%)
Generic Win/DOS Executable (4.6%)
DOS Executable Generic (4.6%)
Tags
peexe overlay

VirusTotal metadata
First submission 2017-04-06 12:47:56 UTC ( 1 year, 6 months ago )
Last submission 2017-04-06 12:47:56 UTC ( 1 year, 6 months ago )
File names MemManDev4.exe
No comments. No VirusTotal Community member has commented on this item yet, be the first one to do so!

Leave your comment...

?
Post comment

You have not signed in. Only registered users can leave comments, sign in and have a voice!

No votes. No one has voted on this item yet, be the first one to do so!