× Cookies are disabled! This site requires cookies to be enabled to work properly
SHA256: 9c15efc3f1dd4f1ac36b14afd6d92fae6b60f23ff44cd72e56f1b59caed31d38
File name: 9c15efc3f1dd4f1ac36b14afd6d92fae6b60f23ff44cd72e56f1b59caed31d38
Detection ratio: 7 / 55
Analysis date: 2016-02-11 03:17:39 UTC ( 3 years ago ) View latest
Antivirus Result Update
AegisLab Troj.Crypt.Zpack!c 20160211
Avira (no cloud) TR/Crypt.ZPACK.213903 20160211
ESET-NOD32 Win32/Qadars.AO 20160211
Microsoft Trojan:Win32/Qadars.A 20160211
Qihoo-360 Win32/Trojan.f6b 20160211
Rising PE:Malware.XPACK-HIE/Heur!1.9C48 [F] 20160210
Sophos AV Mal/Generic-S 20160211
Ad-Aware 20160211
Yandex 20160210
AhnLab-V3 20160210
Alibaba 20160204
ALYac 20160211
Antiy-AVL 20160211
Arcabit 20160211
Avast 20160211
AVG 20160211
Baidu-International 20160210
BitDefender 20160211
Bkav 20160204
ByteHero 20160211
CAT-QuickHeal 20160210
ClamAV 20160210
CMC 20160205
Comodo 20160211
Cyren 20160211
DrWeb 20160211
Emsisoft 20160211
F-Prot 20160211
F-Secure 20160211
Fortinet 20160211
GData 20160211
Ikarus 20160211
Jiangmin 20160211
K7AntiVirus 20160210
K7GW 20160211
Kaspersky 20160210
Malwarebytes 20160211
McAfee 20160211
McAfee-GW-Edition 20160211
eScan 20160211
NANO-Antivirus 20160210
nProtect 20160205
Panda 20160210
SUPERAntiSpyware 20160211
Symantec 20160210
Tencent 20160211
TheHacker 20160210
TotalDefense 20160210
TrendMicro 20160211
TrendMicro-HouseCall 20160211
VBA32 20160210
VIPRE 20160211
ViRobot 20160210
Zillya 20160210
Zoner 20160210
The file being studied is a Portable Executable file! More specifically, it is a Win32 EXE file for the Windows GUI subsystem.
FileVersionInfo properties
Copyright
Copyright © 2007-2014 AIS

Product Himcook
File version 14.2.1408.8550
Description Himcook Meatfair
Comments Logsend childrenbell
PE header basic information
Target machine Intel 386 or later processors and compatible processors
Compilation timestamp 2007-02-07 19:29:20
Entry Point 0x0001C610
Number of sections 4
PE sections
PE imports
RegOpenKeyExA
RegCreateKeyA
RegQueryValueExA
RegCloseKey
SetBkMode
MoveToEx
LineTo
IntersectClipRect
GetLastError
HeapFree
GetStdHandle
EnterCriticalSection
LCMapStringW
FindFirstChangeNotificationA
GlobalFree
HeapDestroy
QueryPerformanceCounter
IsDebuggerPresent
HeapAlloc
TlsAlloc
GetEnvironmentStringsW
GetVersionExA
GetModuleFileNameA
RtlUnwind
LoadLibraryA
FreeEnvironmentStringsA
DeleteCriticalSection
GetStartupInfoA
FileTimeToLocalFileTime
GetEnvironmentStrings
GetLocaleInfoA
GetCurrentProcessId
SetHandleCount
LCMapStringA
GetCPInfo
UnhandledExceptionFilter
InterlockedDecrement
MultiByteToWideChar
HeapSize
FreeEnvironmentStringsW
GetCommandLineA
GlobalLock
TlsFree
GetProcessHeap
WideCharToMultiByte
GetStringTypeA
GetModuleHandleA
GetCurrentThreadId
WaitNamedPipeA
WriteFile
GetCurrentProcess
GetSystemTimeAsFileTime
GetACP
HeapReAlloc
GetStringTypeW
GetProcAddress
GetOEMCP
TerminateProcess
SetUnhandledExceptionFilter
InitializeCriticalSection
HeapCreate
GlobalAlloc
VirtualFree
CreateEventA
TlsGetValue
Sleep
GetFileType
GetTickCount
TlsSetValue
ExitProcess
GetVersion
LeaveCriticalSection
VirtualAlloc
SetLastError
InterlockedIncrement
GetWindowLongA
ReleaseDC
EnumWindows
GetClassInfoExA
DefWindowProcA
CallNextHookEx
socket
ntohl
inet_addr
send
WSACleanup
WSAStartup
inet_ntoa
ioctlsocket
recv
listen
Number of PE resources by type
RT_VERSION 1
Number of PE resources by language
NEUTRAL 1
PE resources
Debug information
ExifTool file metadata
UninitializedDataSize
0

Comments
Logsend childrenbell

LinkerVersion
8.0

ImageVersion
0.0

FileSubtype
0

FileVersionNumber
14.2.1408.8550

LanguageCode
Neutral

FileFlagsMask
0x0000

CharacterSet
Unicode

InitializedDataSize
57344

EntryPoint
0x1c610

MIMEType
application/octet-stream

LegalCopyright
Copyright 2007-2014 AIS

FileVersion
14.2.1408.8550

TimeStamp
2007:02:07 20:29:20+01:00

FileType
Win32 EXE

PEType
PE32

SubsystemVersion
4.0

FileDescription
Himcook Meatfair

OSVersion
4.0

FileOS
Win32

Subsystem
Windows GUI

MachineType
Intel 386 or later, and compatibles

CompanyName
AIS

CodeSize
139264

ProductName
Himcook

ProductVersionNumber
14.2.1408.8550

FileTypeExtension
exe

ObjectFileType
Executable application

File identification
MD5 80b461e4d86d255d84f3a8c0ed10e413
SHA1 76a2e22c73fc565f585c13676a9714780998563d
SHA256 9c15efc3f1dd4f1ac36b14afd6d92fae6b60f23ff44cd72e56f1b59caed31d38
ssdeep
3072:LqF8ZghB2SWwwwgMqz87GWFL7OFK8kjsYK0y3qVnijV4j/N:LG8ZgvLJw87j8K8V0y

authentihash 306498a4bf365f58e719f9dbf07079ab71086887a5e897fbd580459edb8439b6
imphash 0f20625038076d661acc12e46ce6302a
File size 168.0 KB ( 172032 bytes )
File type Win32 EXE
Magic literal
PE32 executable for MS Windows (GUI) Intel 80386 32-bit

TrID Win32 Executable MS Visual C++ (generic) (67.4%)
Win32 Dynamic Link Library (generic) (14.2%)
Win32 Executable (generic) (9.7%)
Generic Win/DOS Executable (4.3%)
DOS Executable Generic (4.3%)
Tags
peexe

VirusTotal metadata
First submission 2016-02-11 00:19:12 UTC ( 3 years ago )
Last submission 2016-02-11 00:19:12 UTC ( 3 years ago )
Advanced heuristic and reputation engines
TrendMicro-HouseCall
TrendMicro's heuristic engine has flagged this file as: TROJ_GEN.R03EC0DBD16.

No comments. No VirusTotal Community member has commented on this item yet, be the first one to do so!

Leave your comment...

?
Post comment

You have not signed in. Only registered users can leave comments, sign in and have a voice!

No votes. No one has voted on this item yet, be the first one to do so!
Condensed report! The following is a condensed report of the behaviour of the file when executed in a controlled environment. The actions and events described were either performed by the file itself or by any other process launched by the executed file or subjected to code injection by the executed file.
Opened files
Read files
Written files
Deleted files
Created processes
Code injections in the following processes
Created mutexes
Opened mutexes
Opened service managers
Opened services
Runtime DLLs
HTTP requests
DNS requests
TCP connections
UDP communications