× Cookies are disabled! This site requires cookies to be enabled to work properly
SHA256: 9c905f11e7dd24f6074128ce8bbe53b266e9682da8d6a0359895e3f86f47dfda
File name: soft4fun
Detection ratio: 48 / 57
Analysis date: 2017-02-13 03:35:08 UTC ( 2 months, 1 week ago )
Antivirus Result Update
Ad-Aware Trojan.GenericKD.3431441 20170213
AegisLab Troj.W32.Yakes!c 20170213
AhnLab-V3 Trojan/Win32.Inject.C1511411 20170212
ALYac Trojan.GenericKD.3431441 20170213
Antiy-AVL Trojan/Win32.Yakes 20170213
Arcabit Trojan.Generic.D345C11 20170213
Avast Win32:Malware-gen 20170213
AVG Agent5.ARVG 20170213
Avira (no cloud) TR/Crypt.Xpack.oteg 20170212
AVware Trojan.Win32.Generic!BT 20170213
Baidu Win32.Trojan.Kryptik.avl 20170210
BitDefender Trojan.GenericKD.3431441 20170213
CAT-QuickHeal Trojan.CeeInject 20170211
ClamAV Win.Malware.Yakes-1912 20170213
Comodo TrojWare.Win32.Genome.vtmf 20170212
CrowdStrike Falcon (ML) malicious_confidence_100% (D) 20170130
Cyren W32/Agent.BPSA-1341 20170213
Emsisoft Trojan.GenericKD.3431441 (B) 20170213
Endgame malicious (high confidence) 20170208
ESET-NOD32 Win64/Agent.FF 20170213
F-Prot W32/Agent.KZY 20170213
F-Secure Trojan.GenericKD.3431441 20170213
Fortinet W32/Malicious_Behavior.VEX 20170213
GData Trojan.GenericKD.3431441 20170213
Ikarus Trojan.Win64.Agent 20170212
Invincea trojan.win32.lethic.i 20170203
Jiangmin Trojan.Yakes.ntj 20170212
K7AntiVirus Trojan ( 004f4f9c1 ) 20170210
K7GW Trojan ( 004f4f9c1 ) 20170212
Kaspersky Trojan.Win32.Yakes.qicc 20170213
Malwarebytes Trojan.Crypt 20170213
McAfee Generic.zi 20170213
McAfee-GW-Edition Generic.zi 20170213
Microsoft VirTool:Win32/CeeInject.GF 20170212
eScan Trojan.GenericKD.3431441 20170213
NANO-Antivirus Trojan.Win32.Xpack.efysqm 20170212
Panda Trj/WLT.C 20170212
Qihoo-360 HEUR/QVM10.1.BD31.Malware.Gen 20170213
Rising Trojan.Kryptik!8.8-G1nCm0UtHsS (cloud) 20170213
Sophos Troj/Agent-ASQH 20170213
Symantec Downloader 20170212
Tencent Win32.Trojan.Yakes.Sxom 20170213
TrendMicro-HouseCall Ransom_LOCKY.DLDVEL 20170213
VIPRE Trojan.Win32.Generic!BT 20170213
ViRobot Trojan.Win32.Z.Yakes.178688.V[h] 20170212
Yandex Trojan.Yakes!l68YLJUItm0 20170212
Zillya Trojan.Yakes.Win32.59907 20170210
Zoner Trojan.Yakes 20170213
Alibaba 20170122
Bkav 20170211
CMC 20170212
DrWeb 20170213
Kingsoft 20170213
nProtect 20170213
SUPERAntiSpyware 20170213
TheHacker 20170211
TotalDefense 20170212
Trustlook 20170213
VBA32 20170210
WhiteArmor 20170202
The file being studied is a Portable Executable file! More specifically, it is a Win32 EXE file for the Windows GUI subsystem.
FileVersionInfo properties
Copyright
Copyright (C) 2006 Macrovision Corporation

Product newShield
Original name p.exe
Internal name soft4fun
File version 12.0.58849
Description p.exe
PE header basic information
Target machine Intel 386 or later processors and compatible processors
Compilation timestamp 2016-07-27 06:27:24
Entry Point 0x00003B96
Number of sections 4
PE sections
PE imports
GetLastError
HeapFree
GetStdHandle
EnterCriticalSection
LCMapStringW
SetHandleCount
GetSystemInfo
GetConsoleCP
GetOEMCP
GetEnvironmentStringsW
HeapDestroy
ExitProcess
TlsAlloc
FlushFileBuffers
VirtualProtect
GetVersionExA
GetModuleFileNameA
RtlUnwind
FreeEnvironmentStringsA
DeleteCriticalSection
GetStartupInfoA
LoadLibraryExA
GetEnvironmentStrings
GetConsoleMode
GetLocaleInfoA
GetCurrentProcessId
GetConsoleOutputCP
WriteConsoleW
LCMapStringA
GetCPInfo
UnhandledExceptionFilter
InterlockedDecrement
MultiByteToWideChar
FreeEnvironmentStringsW
GetCommandLineA
GetProcAddress
GetStringTypeA
GetProcessHeap
SetStdHandle
SetFilePointer
RaiseException
WideCharToMultiByte
TlsFree
GetModuleHandleA
ReadFile
GetCurrentThreadId
SetUnhandledExceptionFilter
WriteFile
GetCurrentProcess
CloseHandle
GetSystemTimeAsFileTime
GetACP
HeapReAlloc
GetStringTypeW
GetModuleHandleW
TerminateProcess
QueryPerformanceCounter
WriteConsoleA
InitializeCriticalSection
HeapCreate
VirtualQuery
VirtualFree
TlsGetValue
Sleep
GetFileType
GetTickCount
TlsSetValue
CreateFileA
HeapAlloc
OutputDebugStringA
InterlockedIncrement
VirtualAlloc
SetLastError
LeaveCriticalSection
GetMessagePos
GetParent
DefFrameProcW
GetClassLongW
GetScrollPos
DdeGetData
IsCharAlphaA
GetCaretPos
GetMenuItemID
Number of PE resources by type
RT_MANIFEST 1
RT_VERSION 1
Number of PE resources by language
TURKISH DEFAULT 1
SPANISH PUERTO RICO 1
PE resources
ExifTool file metadata
SubsystemVersion
5.0

LinkerVersion
9.0

ImageVersion
0.0

FileSubtype
0

FileVersionNumber
12.0.0.58849

UninitializedDataSize
0

LanguageCode
English (U.S.)

FileFlagsMask
0x003f

CharacterSet
Unicode

InitializedDataSize
154112

EntryPoint
0x3b96

OriginalFileName
p.exe

MIMEType
application/octet-stream

LegalCopyright
Copyright (C) 2006 Macrovision Corporation

FileVersion
12.0.58849

TimeStamp
2016:07:27 07:27:24+01:00

FileType
Win32 EXE

PEType
PE32

InternalName
soft4fun

ProductVersion
12.0

FileDescription
p.exe

OSVersion
5.0

FileOS
Windows NT 32-bit

Subsystem
Windows GUI

MachineType
Intel 386 or later, and compatibles

CompanyName
Macrovision Corporation

CodeSize
71680

ProductName
newShield

ProductVersionNumber
12.0.0.0

FileTypeExtension
exe

ObjectFileType
Executable application

File identification
MD5 58a45542bc7bc051e2a8f0658ecec636
SHA1 68fe9c3ca07e16a591d4079a5481bd0f09061f63
SHA256 9c905f11e7dd24f6074128ce8bbe53b266e9682da8d6a0359895e3f86f47dfda
ssdeep
3072:RddBGbcJVUpfF2MACOil8Mgb/80/LGQF5HVlqVAzs0BNa5+NP:PQfF2Mmy8Mgb/TiVkX5

authentihash da9505601671f3706d9453bdd977061062a0f1f350a04fa3f68024db804bc65f
imphash 0fcbb1862687f3a08a4ba998d095320f
File size 174.5 KB ( 178688 bytes )
File type Win32 EXE
Magic literal
PE32 executable for MS Windows (GUI) Intel 80386 32-bit

TrID Win32 Executable MS Visual C++ (generic) (42.2%)
Win64 Executable (generic) (37.3%)
Win32 Dynamic Link Library (generic) (8.8%)
Win32 Executable (generic) (6.0%)
Generic Win/DOS Executable (2.7%)
Tags
peexe

VirusTotal metadata
First submission 2016-07-27 09:07:14 UTC ( 9 months ago )
Last submission 2016-12-08 17:27:32 UTC ( 4 months, 2 weeks ago )
File names j988765.txt
j988765
p.exe
9C905F11E7DD24F6074128CE8BBE53B266E9682DA8D6A0359895E3F86F47DFDA.dat
soft4fun
No comments. No VirusTotal Community member has commented on this item yet, be the first one to do so!

Leave your comment...

?
Post comment

You have not signed in. Only registered users can leave comments, sign in and have a voice!

No votes. No one has voted on this item yet, be the first one to do so!
Condensed report! The following is a condensed report of the behaviour of the file when executed in a controlled environment. The actions and events described were either performed by the file itself or by any other process launched by the executed file or subjected to code injection by the executed file.
Opened files
Read files
Written files
Deleted files
Created processes
Shell commands
Code injections in the following processes
Created mutexes
Opened mutexes
Opened service managers
Opened services
Runtime DLLs
DNS requests
TCP connections
UDP communications