× Cookies are disabled! This site requires cookies to be enabled to work properly
SHA256: 9c6ff427114a72da9bc394f753ff1f28e854f43c3ead1fa4acc1e71083f1a2a9
File name: 26f380a6248976101.png
Detection ratio: 42 / 55
Analysis date: 2014-08-30 11:03:45 UTC ( 4 years ago ) View latest
Antivirus Result Update
Ad-Aware Gen:Variant.Kazy.380198 20140830
Yandex Trojan.Inject!k7g38qIjx3M 20140829
AhnLab-V3 Trojan/Win32.Ransomlock 20140829
AntiVir TR/Crypt.ZPACK.80202 20140830
Antiy-AVL Trojan[Backdoor]/Win32.Napolar 20140830
Avast Win32:Rootkit-gen [Rtk] 20140830
AVG Zbot.IPP 20140830
AVware Trojan.Win32.Generic!BT 20140830
Baidu-International Trojan.Win32.Injector.BBDNG 20140830
BitDefender Gen:Variant.Kazy.380198 20140830
CAT-QuickHeal TrojanDownloader.Upatre.A4 20140830
Comodo UnclassifiedMalware 20140830
Cyren W32/Trojan.OJRT-8480 20140829
DrWeb Trojan.Siggen4.40328 20140830
Emsisoft Gen:Variant.Kazy.380198 (B) 20140830
ESET-NOD32 a variant of Win32/Injector.BDNG 20140830
F-Secure Gen:Variant.Kazy.380198 20140830
Fortinet W32/Inject.BDNG!tr 20140830
GData Gen:Variant.Kazy.380198 20140830
Ikarus Virus.Win32.Zbot 20140830
Jiangmin TrojanSpy.Zbot.hfzz 20140829
K7AntiVirus Trojan ( 0049a0c21 ) 20140828
K7GW Trojan ( 050000001 ) 20140828
Kaspersky Trojan.Win32.Inject.nafd 20140830
Kingsoft Win32.Heur.KVMH015.a.(kcloud) 20140830
Malwarebytes Spyware.Zbot.ED 20140830
McAfee RDN/Generic.dx!db3 20140830
McAfee-GW-Edition RDN/Generic.dx!db3 20140829
Microsoft VirTool:Win32/Injector.gen!ET 20140830
eScan Gen:Variant.Kazy.380198 20140830
NANO-Antivirus Trojan.Win32.Siggen4.cxtjbc 20140830
Norman Suspicious_Gen4.GIDWM 20140829
Panda Trj/Genetic.gen 20140829
Qihoo-360 HEUR/Malware.QVM19.Gen 20140830
Sophos AV Mal/Generic-S 20140830
Symantec Trojan.Zbot 20140829
Tencent Win32.Trojan.Inject.Wpjv 20140830
TrendMicro TROJ_SPNR.11F514 20140830
TrendMicro-HouseCall TROJ_SPNR.11F514 20140830
VBA32 TrojanPSW.Fareit 20140829
VIPRE Trojan.Win32.Generic!BT 20140830
Zillya Trojan.Sharik.Win32.635 20140829
AegisLab 20140830
Bkav 20140829
ByteHero 20140830
ClamAV 20140830
CMC 20140828
F-Prot 20140830
nProtect 20140829
Rising 20140830
SUPERAntiSpyware 20140830
TheHacker 20140829
TotalDefense 20140829
ViRobot 20140830
Zoner 20140829
The file being studied is a Portable Executable file! More specifically, it is a Win32 EXE file for the Windows GUI subsystem.
PE header basic information
Target machine Intel 386 or later processors and compatible processors
Compilation timestamp 1988-10-23 16:21:40
Entry Point 0x000036A4
Number of sections 4
PE sections
PE imports
_TrackMouseEvent
RoundRect
DeleteDC
SelectObject
CreatePen
CreateSolidBrush
DeleteObject
CreateCompatibleDC
GetTextExtentPoint32W
CreateCompatibleBitmap
GetModuleFileNameW
LoadLibraryW
CreateFileW
lstrlenW
GetStartupInfoW
CreateFileA
GetProcAddress
GetModuleHandleW
Ord(3820)
Ord(2406)
Ord(6871)
Ord(2438)
Ord(4621)
Ord(5298)
Ord(1634)
Ord(4292)
Ord(6371)
Ord(5237)
Ord(4073)
Ord(3948)
Ord(6048)
Ord(5257)
Ord(3733)
Ord(755)
Ord(5727)
Ord(3744)
Ord(4616)
Ord(3917)
Ord(6370)
Ord(815)
Ord(3257)
Ord(2546)
Ord(641)
Ord(4155)
Ord(2980)
Ord(2506)
Ord(2388)
Ord(4532)
Ord(3341)
Ord(567)
Ord(3076)
Ord(609)
Ord(5285)
Ord(3569)
Ord(3688)
Ord(825)
Ord(5710)
Ord(5276)
Ord(4401)
Ord(540)
Ord(2858)
Ord(5273)
Ord(1767)
Ord(2371)
Ord(3568)
Ord(4480)
Ord(4229)
Ord(2294)
Ord(823)
Ord(3087)
Ord(2047)
Ord(3074)
Ord(2504)
Ord(3142)
Ord(3131)
Ord(800)
Ord(5157)
Ord(1569)
Ord(470)
Ord(6051)
Ord(5261)
Ord(2859)
Ord(2613)
Ord(3592)
Ord(4269)
Ord(2977)
Ord(2116)
Ord(4418)
Ord(5784)
Ord(4831)
Ord(5783)
Ord(4992)
Ord(4459)
Ord(2377)
Ord(3825)
Ord(4419)
Ord(4074)
Ord(2640)
Ord(1089)
Ord(3254)
Ord(1165)
Ord(4128)
Ord(4390)
Ord(4692)
Ord(5871)
Ord(2971)
Ord(4347)
Ord(324)
Ord(5296)
Ord(1768)
Ord(4704)
Ord(3793)
Ord(4667)
Ord(3826)
Ord(5193)
Ord(4847)
Ord(1720)
Ord(4075)
Ord(2854)
Ord(1131)
Ord(4435)
Ord(5303)
Ord(2717)
Ord(561)
Ord(1143)
Ord(3658)
Ord(6372)
Ord(6451)
Ord(4279)
Ord(5059)
Ord(3397)
Ord(2855)
Ord(4294)
Ord(4370)
Ord(4270)
Ord(2567)
Ord(5286)
Ord(3621)
__p__fmode
__wgetmainargs
fread
fclose
strcat
__dllonexit
fopen
_except_handler3
?terminate@@YAXXZ
fseek
_onexit
ftell
exit
_XcptFilter
rewind
__setusermatherr
_adjust_fdiv
_wcmdln
__CxxFrameHandler
_exit
__p__commode
_wfopen
_controlfp
_initterm
__set_app_type
GetParent
DrawStateW
GetSystemMetrics
SetWindowLongW
GetWindowRect
InflateRect
EnableWindow
LoadIconW
DrawIcon
AppendMenuW
PostMessageW
GetDC
ReleaseDC
SendMessageW
GetClientRect
SystemParametersInfoW
IsIconic
SetRect
InvalidateRect
DrawFocusRect
FillRect
CopyRect
GetWindowTextW
GetSystemMenu
GetWindowLongW
GdipCloneBrush
GdiplusShutdown
GdipDeleteFontFamily
GdiplusStartup
GdipFree
GdipDrawString
GdipCreateFontFamilyFromName
GdipDeleteBrush
GdipAlloc
GdipReleaseDC
GdipDrawImageRectRectI
GdipGetImageWidth
GdipDrawImageI
GdipCreateSolidFill
GdipCreateFromHDC
GdipDeleteGraphics
GdipCreateFont
GdipSetTextRenderingHint
GdipDeleteFont
Number of PE resources by type
\x90NG 2
RT_ICON 1
Number of PE resources by language
NEUTRAL 1
CHINESE *unknown* 1
CHINESE SIMPLIFIED 1
PE resources
ExifTool file metadata
MIMEType
application/octet-stream

Subsystem
Windows GUI

MachineType
Intel 386 or later, and compatibles

FileTypeExtension
exe

TimeStamp
1988:10:23 17:21:40+01:00

FileType
Win32 EXE

PEType
PE32

CodeSize
12288

LinkerVersion
6.0

EntryPoint
0x36a4

InitializedDataSize
299008

SubsystemVersion
4.0

ImageVersion
0.0

OSVersion
4.0

UninitializedDataSize
0

PCAP parents
File identification
MD5 65ab2741fe1369336622c446224eb72e
SHA1 75d780bf2311906d9bd1b080aaa100ec6f566e27
SHA256 9c6ff427114a72da9bc394f753ff1f28e854f43c3ead1fa4acc1e71083f1a2a9
ssdeep
6144:HERqdgtok9Q1BpxGdXIGWI/rU51uD4jNCODYwsDc19/YWtXViZJRZ1K4Bxlqo:kRqkuBLGdXpWv5gD43YwsDc1JrV6N1Ko

authentihash b790ef08ae69ad3bedf021ad98d2ba8ad44b2210072ea53d9eb7a15eb91b08c1
imphash cc6c241fe69af1af9279761001f8318b
File size 308.0 KB ( 315392 bytes )
File type Win32 EXE
Magic literal
PE32 executable for MS Windows (GUI) Intel 80386 32-bit

TrID Win32 Executable MS Visual C++ (generic) (42.2%)
Win64 Executable (generic) (37.3%)
Win32 Dynamic Link Library (generic) (8.8%)
Win32 Executable (generic) (6.0%)
Generic Win/DOS Executable (2.7%)
Tags
peexe usb-autorun

VirusTotal metadata
First submission 2014-05-14 07:52:45 UTC ( 4 years, 4 months ago )
Last submission 2017-10-12 07:55:04 UTC ( 11 months, 2 weeks ago )
File names 75d780bf2311906d9bd1b080aaa100ec6f566e27
1014-sVF1vK
945-GwQe4Q
26f380a6248976101.png
No comments. No VirusTotal Community member has commented on this item yet, be the first one to do so!

Leave your comment...

?
Post comment

You have not signed in. Only registered users can leave comments, sign in and have a voice!

No votes. No one has voted on this item yet, be the first one to do so!