× Cookies are disabled! This site requires cookies to be enabled to work properly
SHA256: 9c289d9426d6f565cb640d2ccb49ee0af989463cbdb7cbdab6110997808c4061
File name: 87.exe
Detection ratio: 6 / 55
Analysis date: 2015-12-11 10:18:54 UTC ( 3 years, 5 months ago ) View latest
Antivirus Result Update
ESET-NOD32 a variant of Win32/Injector.COFK 20151211
Kaspersky UDS:DangerousObject.Multi.Generic 20151211
McAfee-GW-Edition BehavesLike.Win32.PWSZbot.gc 20151211
Qihoo-360 HEUR/QVM07.1.Malware.Gen 20151211
Rising PE:Trojan.Ransom-Tesla!1.A322 [F] 20151210
ViRobot Trojan.Win32.R.Agent.425984.E[h] 20151211
Ad-Aware 20151211
AegisLab 20151211
Yandex 20151210
AhnLab-V3 20151211
Alibaba 20151208
ALYac 20151211
Antiy-AVL 20151211
Arcabit 20151211
Avast 20151211
AVG 20151211
Avira (no cloud) 20151211
AVware 20151211
Baidu-International 20151211
BitDefender 20151211
Bkav 20151210
ByteHero 20151211
CAT-QuickHeal 20151209
ClamAV 20151211
CMC 20151211
Comodo 20151209
Cyren 20151211
DrWeb 20151211
Emsisoft 20151211
F-Prot 20151211
F-Secure 20151211
Fortinet 20151211
GData 20151211
Ikarus 20151211
Jiangmin 20151210
K7AntiVirus 20151211
K7GW 20151211
Malwarebytes 20151211
McAfee 20151211
Microsoft 20151211
eScan 20151211
NANO-Antivirus 20151211
nProtect 20151211
Panda 20151210
Sophos AV 20151211
SUPERAntiSpyware 20151211
Symantec 20151210
Tencent 20151211
TheHacker 20151209
TrendMicro 20151211
TrendMicro-HouseCall 20151211
VBA32 20151210
VIPRE 20151211
Zillya 20151211
Zoner 20151211
The file being studied is a Portable Executable file! More specifically, it is a Win32 EXE file for the Windows GUI subsystem.
FileVersionInfo properties
PE header basic information
Target machine Intel 386 or later processors and compatible processors
Compilation timestamp 2005-02-14 16:49:59
Entry Point 0x0003AC06
Number of sections 4
PE sections
PE imports
CopySid
PrivilegedServiceAuditAlarmA
InitializeAcl
RegSetKeySecurity
RegCreateKeyA
LookupAccountNameA
RegFlushKey
GetSecurityDescriptorGroup
RegOpenKeyExW
ObjectDeleteAuditAlarmW
BuildImpersonateTrusteeW
SetTokenInformation
DecryptFileA
LsaEnumerateAccountsWithUserRight
CloseEventLog
LsaQueryTrustedDomainInfo
GetSecurityDescriptorDacl
CreateRestrictedToken
SetSecurityInfo
LsaRetrievePrivateData
GetServiceDisplayNameW
SetKernelObjectSecurity
SetSecurityDescriptorOwner
LookupPrivilegeValueA
GetSidLengthRequired
RegQueryValueExA
LookupPrivilegeValueW
RegNotifyChangeKeyValue
RegSetValueW
UnlockServiceDatabase
RegQueryValueExW
CloseServiceHandle
GetFileSecurityW
AddAccessAllowedAce
AreAnyAccessesGranted
RegisterEventSourceA
GetFileSecurityA
ClearEventLogA
ChangeServiceConfigA
AbortSystemShutdownA
RegLoadKeyA
CreateProcessAsUserA
BuildExplicitAccessWithNameW
AccessCheckAndAuditAlarmA
RegSetValueExW
GetEffectiveRightsFromAclA
SetNamedSecurityInfoW
CreateServiceA
ReadEventLogW
LsaDeleteTrustedDomain
GetServiceKeyNameW
RegCloseKey
SetPrivateObjectSecurity
AccessCheck
GetNumberOfEventLogRecords
OpenBackupEventLogA
GetSecurityDescriptorLength
ChangeServiceConfig2W
OpenProcessToken
LsaClose
LsaEnumerateTrustedDomainsEx
SetFileSecurityA
BuildTrusteeWithNameW
InitiateSystemShutdownA
LsaLookupNames
LsaCreateTrustedDomainEx
IsValidSid
RegEnumKeyExW
GetPrivateObjectSecurity
OpenEventLogW
RegReplaceKeyW
MapGenericMask
LsaFreeMemory
RevertToSelf
RegSaveKeyA
StartServiceW
FreeSid
SetNamedSecurityInfoA
LsaSetDomainInformationPolicy
EnumServicesStatusW
SetEntriesInAclA
ObjectOpenAuditAlarmW
RegDeleteKeyA
LsaNtStatusToWinError
QueryServiceConfigA
GetExplicitEntriesFromAclW
GetSecurityDescriptorControl
IsTokenRestricted
AdjustTokenPrivileges
RegDeleteKeyW
GetExplicitEntriesFromAclA
GetNamedSecurityInfoW
AbortSystemShutdownW
GetAclInformation
RegSetValueExA
RegQueryValueA
MakeAbsoluteSD
StartServiceCtrlDispatcherA
RegEnumKeyW
LookupPrivilegeDisplayNameA
GetSecurityDescriptorOwner
GetNamedSecurityInfoA
LsaOpenPolicy
RegConnectRegistryA
AllocateLocallyUniqueId
LsaQueryTrustedDomainInfoByName
DuplicateTokenEx
AreAllAccessesGranted
GetAuditedPermissionsFromAclW
RegQueryInfoKeyW
RegReplaceKeyA
GetSidSubAuthority
EncryptFileW
LookupPrivilegeNameA
LsaEnumerateTrustedDomains
ImpersonateNamedPipeClient
ObjectCloseAuditAlarmA
NotifyChangeEventLog
OpenSCManagerW
ReportEventW
BackupEventLogA
QueryServiceLockStatusW
StartServiceCtrlDispatcherW
ImpersonateLoggedOnUser
OpenSCManagerA
SetSecurityDescriptorGroup
EnumDependentServicesA
ImageList_GetImageCount
ImageList_GetIconSize
GetEnhMetaFileA
GetLogColorSpaceA
TranslateCharsetInfo
GetTextExtentExPointA
GdiGetBatchLimit
CreateBrushIndirect
CombineTransform
SetPaletteEntries
GetCommState
GetStartupInfoA
AddAtomW
GetModuleHandleA
GetLocaleInfoW
Ord(1146)
Ord(3825)
Ord(5265)
Ord(3147)
Ord(4080)
Ord(2124)
Ord(324)
Ord(4425)
Ord(4627)
Ord(1168)
Ord(3738)
Ord(4853)
Ord(6375)
Ord(4622)
Ord(3136)
Ord(2982)
Ord(641)
Ord(5199)
Ord(3079)
Ord(3262)
Ord(4234)
Ord(5241)
Ord(1576)
Ord(1089)
Ord(1775)
Ord(2055)
Ord(5065)
Ord(5307)
Ord(755)
Ord(3798)
Ord(6052)
Ord(3259)
Ord(4424)
Ord(3081)
Ord(2648)
Ord(5714)
Ord(2446)
Ord(4710)
Ord(4079)
Ord(4407)
Ord(4078)
Ord(2725)
Ord(2554)
Ord(5289)
Ord(2396)
Ord(5300)
Ord(6376)
Ord(561)
Ord(3831)
Ord(3346)
Ord(6374)
Ord(5280)
Ord(5302)
Ord(1727)
Ord(3597)
Ord(2976)
Ord(2985)
Ord(5163)
Ord(2385)
Ord(815)
Ord(4486)
Ord(2379)
Ord(3922)
Ord(3830)
Ord(4698)
Ord(4998)
Ord(4353)
Ord(5277)
Ord(2514)
Ord(4837)
Ord(3749)
Ord(4673)
Ord(2512)
Ord(470)
Ord(4441)
Ord(4274)
Ord(4376)
Ord(5261)
Ord(4465)
Ord(5731)
strtol
_setmbcp
_acmdln
_adjust_fdiv
puts
__CxxFrameHandler
acos
__p__commode
__setusermatherr
__dllonexit
_onexit
_ismbcl1
_controlfp
__p__fmode
__getmainargs
_initterm
_yn
_memicmp
__set_app_type
LPSAFEARRAY_UserFree
GetSystemMetrics
LoadIconA
EnableWindow
DrawIcon
SendMessageA
GetClientRect
IsIconic
GetFileTitleA
CommDlgExtendedError
Number of PE resources by type
RT_ICON 2
RT_DIALOG 1
RT_MANIFEST 1
RT_RCDATA 1
RT_VERSION 1
RT_GROUP_ICON 1
Number of PE resources by language
ENGLISH UK 7
PE resources
ExifTool file metadata
UninitializedDataSize
0

LinkerVersion
6.0

ImageVersion
0.0

FileSubtype
0

FileVersionNumber
0.131.32.103

LanguageCode
English (U.S.)

FileFlagsMask
0x003f

FileDescription
Anathema Cancelling Brindled

ImageFileCharacteristics
No relocs, Executable, No line numbers, No symbols, 32-bit

CharacterSet
Unicode

InitializedDataSize
2191360

EntryPoint
0x3ac06

OriginalFileName
Barnl.EXE

MIMEType
application/octet-stream

LegalCopyright
Copyright (C) 2018

FileVersion
62, 12, 116, 103

TimeStamp
2005:02:14 17:49:59+01:00

FileType
Win32 EXE

PEType
PE32

InternalName
Boarding

ProductVersion
92, 90, 50, 73

SubsystemVersion
4.0

OSVersion
4.0

FileOS
Win32

Subsystem
Windows GUI

MachineType
Intel 386 or later, and compatibles

CompanyName
Contact Plus Corporation

CodeSize
241664

ProductName
Test Suggests

ProductVersionNumber
0.176.41.85

FileTypeExtension
exe

ObjectFileType
Executable application

File identification
MD5 56214f61a768c64e003b68bae7d67cd2
SHA1 151e13c0a42da190911fe7e0c18414ecf4d12997
SHA256 9c289d9426d6f565cb640d2ccb49ee0af989463cbdb7cbdab6110997808c4061
ssdeep
12288:hLRq3NJhtUj1OZyEY3p8edIDHN3NJhtUj1OZyEY:hI3HhtY3PIDHN3HhtY

authentihash f68fc9796679c59388cbf2d5d70289297a6a486e6c5db41e61cc969dec3e88b5
imphash 8831c17655fc9763af4def35e1a3b4f1
File size 416.0 KB ( 425984 bytes )
File type Win32 EXE
Magic literal
PE32 executable for MS Windows (GUI) Intel 80386 32-bit

TrID Win64 Executable (generic) (45.0%)
Microsoft Visual C++ compiled executable (generic) (26.9%)
Win32 Dynamic Link Library (generic) (10.7%)
Win32 Executable (generic) (7.3%)
OS/2 Executable (generic) (3.3%)
Tags
peexe

VirusTotal metadata
First submission 2015-12-11 07:10:06 UTC ( 3 years, 5 months ago )
Last submission 2016-05-21 14:50:02 UTC ( 3 years ago )
File names 87.exe
cc
9C289D9426D6F565CB640D2CCB49EE0AF989463CBDB7CBDAB6110997808C4061.exe
spnslacroic.exe
87[1].exe
87[1]
tiawracroic.exe_
doskey.exe
87.exe.txt
No comments. No VirusTotal Community member has commented on this item yet, be the first one to do so!

Leave your comment...

?
Post comment

You have not signed in. Only registered users can leave comments, sign in and have a voice!

No votes. No one has voted on this item yet, be the first one to do so!