× Cookies are disabled! This site requires cookies to be enabled to work properly
SHA256: 9cc213ab2409d49acd4194818501886b533c62060e7edec348be39171e500606
File name: UnpackedDropper.ex_
Detection ratio: 23 / 57
Analysis date: 2015-05-15 08:58:31 UTC ( 3 years, 7 months ago ) View latest
Antivirus Result Update
Ad-Aware Gen:Trojan.Heur.D.yyW@cOgvDzci 20150515
Antiy-AVL Trojan[Ransom]/Win32.Blocker 20150515
Avast Win32:Malware-gen 20150515
Avira (no cloud) TR/Crypt.XPACK.Gen3 20150515
BitDefender Gen:Trojan.Heur.D.yyW@cOgvDzci 20150515
Bkav HW32.Packed.151E 20150514
ByteHero Virus.Win32.Heur.l 20150515
Cyren W32/FakeAlert.FY.gen!Eldorado 20150515
Emsisoft Gen:Trojan.Heur.D.yyW@cOgvDzci (B) 20150515
ESET-NOD32 a variant of Win32/Rovnix.AB 20150515
F-Prot W32/FakeAlert.FY.gen!Eldorado 20150515
F-Secure Gen:Trojan.Heur.D.yyW@cOgvDzci 20150515
GData Gen:Trojan.Heur.D.yyW@cOgvDzci 20150515
Kaspersky Trojan-Ransom.Win32.Blocker.habo 20150515
Malwarebytes Trojan.Cidox.DRP 20150515
McAfee-GW-Edition BehavesLike.Win32.Dropper.fc 20150514
Microsoft TrojanDropper:Win32/Rovnix.P 20150515
eScan Gen:Trojan.Heur.D.yyW@cOgvDzci 20150515
NANO-Antivirus Trojan.Win32.Blocker.drlgzc 20150515
Rising PE:Malware.XPACK-LNR/Heur!1.5594 20150514
Sophos AV Mal/Zbot-HX 20150515
Tencent Trojan.Win32.YY.Gen.1 20150515
VIPRE RiskTool.Win32.ProcessPatcher.Nor!cobra (v) (not malicious) 20150515
AegisLab 20150515
Yandex 20150514
AhnLab-V3 20150515
Alibaba 20150515
ALYac 20150515
AVG 20150515
AVware 20150515
Baidu-International 20150515
CAT-QuickHeal 20150514
ClamAV 20150515
CMC 20150513
Comodo 20150515
DrWeb 20150515
Fortinet 20150515
Ikarus 20150515
Jiangmin 20150513
K7AntiVirus 20150515
K7GW 20150515
Kingsoft 20150515
McAfee 20150515
Norman 20150515
nProtect 20150515
Panda 20150514
Qihoo-360 20150515
SUPERAntiSpyware 20150515
Symantec 20150515
TheHacker 20150514
TotalDefense 20150514
TrendMicro 20150515
TrendMicro-HouseCall 20150515
VBA32 20150514
ViRobot 20150515
Zillya 20150514
Zoner 20150513
The file being studied is a Portable Executable file! More specifically, it is a Win32 EXE file for the Windows GUI subsystem.
PE header basic information
Target machine Intel 386 or later processors and compatible processors
Compilation timestamp 2015-04-29 15:46:19
Entry Point 0x000025C0
Number of sections 6
PE sections
PE imports
RegCreateKeyExW
LookupPrivilegeValueA
RegCloseKey
LookupAccountSidW
ConvertSidToStringSidW
RegOpenCurrentUser
OpenServiceW
AdjustTokenPrivileges
ControlService
LookupPrivilegeValueW
DeleteService
RegQueryValueExW
SetSecurityDescriptorDacl
CloseServiceHandle
RegFlushKey
GetSidSubAuthority
ConvertStringSecurityDescriptorToSecurityDescriptorW
OpenProcessToken
RegOpenKeyExW
SetSecurityDescriptorSacl
CreateServiceW
GetTokenInformation
GetSidSubAuthorityCount
GetSecurityDescriptorSacl
RegDeleteValueW
StartServiceW
RegSetValueExW
OpenSCManagerW
InitializeSecurityDescriptor
ImpersonateLoggedOnUser
FileTimeToSystemTime
CreateFileMappingA
WaitForSingleObject
GetLocalTime
DeleteCriticalSection
GetCurrentProcess
RtlZeroMemory
LocalAlloc
SetErrorMode
GetThreadContext
GetFileTime
WideCharToMultiByte
LoadLibraryW
LocalFree
GetTempPathW
AddVectoredExceptionHandler
GetExitCodeProcess
QueryDosDeviceA
ResumeThread
GetLogicalDriveStringsA
InitializeCriticalSection
FindClose
GetCurrentThread
GetEnvironmentVariableW
SetLastError
DeviceIoControl
CopyFileW
WriteProcessMemory
GetModuleFileNameW
IsDebuggerPresent
HeapAlloc
FlushFileBuffers
GetVolumeInformationW
MultiByteToWideChar
GetPrivateProfileStringW
CreateMutexA
SetFilePointer
CreateThread
MoveFileExW
GetSystemDirectoryW
GetExitCodeThread
CreateMutexW
GetSystemDirectoryA
SetThreadContext
TerminateProcess
VirtualQuery
VirtualQueryEx
GetCurrentThreadId
CreateToolhelp32Snapshot
HeapFree
EnterCriticalSection
TerminateThread
lstrcmpiA
GetVersionExW
FreeLibrary
GetTickCount
VirtualProtect
GetVersionExA
LoadLibraryA
ExitThread
CreateRemoteThread
GetWindowsDirectoryW
GetFileSize
OpenProcess
GetStartupInfoW
ReadProcessMemory
CreateDirectoryW
DeleteFileW
GetProcAddress
GetPrivateProfileIntW
VirtualProtectEx
GetProcessHeap
GetTempFileNameW
GetComputerNameW
FindNextFileW
GetComputerNameA
FindFirstFileW
CreateFileW
CreateFileA
ExitProcess
RemoveVectoredExceptionHandler
LeaveCriticalSection
GetLastError
SystemTimeToFileTime
VirtualAllocEx
GetSystemInfo
GlobalFree
GlobalAlloc
Process32NextW
CreateProcessW
GetCurrentDirectoryW
VirtualFreeEx
GetCurrentProcessId
SetFileTime
GetCommandLineW
Process32FirstW
WritePrivateProfileStringW
OpenMutexA
MapViewOfFile
GetModuleHandleA
ReadFile
GetDiskFreeSpaceW
CloseHandle
OpenMutexW
GetModuleHandleW
CompareFileTime
UnmapViewOfFile
WriteFile
VirtualFree
Sleep
IsBadReadPtr
VirtualAlloc
strchr
_mbscpy
_wcsicmp
_vsnwprintf
_mbscat
memset
_strcmpi
wcscpy
wcslen
wcscat
strrchr
_vsnprintf
_strlwr
memcmp
_strnicmp
sscanf
atoi
strstr
strlen
memcpy
strcmp
RtlInitUnicodeString
RtlEqualUnicodeString
NtOpenFile
RtlRaiseException
_allmul
_aulldiv
_alldiv
NtCreateFile
NtClose
NtReadFile
LdrLoadDll
NtDeviceIoControlFile
RtlRegisterSecureMemoryCacheCallback
NtWriteFile
CoInitializeEx
CoCreateGuid
CoCreateInstance
CoInitializeSecurity
StringFromGUID2
CoSetProxyBlanket
SafeArrayAccessData
SafeArrayUnaccessData
VariantClear
SysAllocString
VariantInit
SysFreeString
SafeArrayCreateVector
GetProcessImageFileNameA
SHGetFolderPathW
ShellExecuteW
SHGetFolderPathAndSubDirW
CommandLineToArgvW
ShellExecuteExW
StrCmpNIW
StrStrIA
PathAppendA
StrRChrIW
wnsprintfW
StrChrIW
StrCpyW
StrRChrIA
StrStrIW
PathAppendW
StrCmpNIA
StrChrIA
StrCatW
wnsprintfA
URLDownloadToFileW
GetMessageA
GetForegroundWindow
BroadcastSystemMessageA
DestroyMenu
PostQuitMessage
DefWindowProcA
GetSystemMetrics
MessageBoxW
DispatchMessageA
SendMessageCallbackA
PostMessageA
CallWindowProcA
MessageBoxA
SetWindowLongA
TranslateMessage
SendMessageCallbackW
RegisterClassExA
CreatePopupMenu
UnregisterClassA
EndMenu
CallNextHookEx
CreateWindowExA
TrackPopupMenu
SetWindowsHookExA
UnhookWindowsHook
GetDesktopWindow
LoadCursorW
InsertMenuItemA
ExitWindowsEx
PostThreadMessageA
DestroyWindow
GetFileVersionInfoSizeA
GetFileVersionInfoA
VerQueryValueA
HttpSendRequestA
InternetSetOptionA
HttpOpenRequestA
InternetReadFile
InternetCloseHandle
InternetGetLastResponseInfoA
InternetOpenA
InternetConnectA
InternetQueryOptionA
InternetGetConnectedState
GetUrlCacheEntryInfoW
InternetCrackUrlA
InternetCreateUrlA
getaddrinfo
WSASocketA
htonl
getsockname
accept
WSACreateEvent
WSAStartup
WSCGetProviderPath
connect
shutdown
htons
getpeername
select
gethostname
getsockopt
WSAAccept
FreeAddrInfoW
closesocket
inet_addr
send
getservbyport
ioctlsocket
WSAGetLastError
listen
__WSAFDIsSet
WSAEventSelect
gethostbyname
inet_ntoa
WSACleanup
recv
WSAIoctl
setsockopt
socket
bind
recvfrom
WSAEnumNetworkEvents
sendto
WSAEnumProtocolsW
Number of PE resources by type
RT_MANIFEST 1
Number of PE resources by language
ENGLISH US 1
PE resources
ExifTool file metadata
MIMEType
application/octet-stream

Subsystem
Windows GUI

MachineType
Intel 386 or later, and compatibles

FileTypeExtension
exe

TimeStamp
2015:04:29 16:46:19+01:00

FileType
Win32 EXE

PEType
PE32

CodeSize
66560

LinkerVersion
11.0

ImageFileCharacteristics
Executable, 32-bit

EntryPoint
0x25c0

InitializedDataSize
358912

SubsystemVersion
5.1

ImageVersion
0.0

OSVersion
5.1

UninitializedDataSize
0

Compressed bundles
File identification
MD5 b76054213d804892566b89be3d4940fd
SHA1 d4b75c435317155c16e851db5e73ff43006be8d7
SHA256 9cc213ab2409d49acd4194818501886b533c62060e7edec348be39171e500606
ssdeep
6144:Fx6yI/KO9sbFanZ8WnGawlBw967A8AcrShrVPEt+85WW6fmX516Bd75T:FA9X8Eb967A8Athiv5WWDXw7Z

authentihash 37635a604a6b852f8c0f32c6f66945420a21495c6e583850771928b31eb0a1f7
imphash 53a63dbebea21dd24d19d68b7a3addee
File size 388.0 KB ( 397312 bytes )
File type Win32 EXE
Magic literal
PE32 executable for MS Windows (GUI) Intel 80386 32-bit

TrID Win32 Executable MS Visual C++ (generic) (41.0%)
Win64 Executable (generic) (36.3%)
Win32 Dynamic Link Library (generic) (8.6%)
Win32 Executable (generic) (5.9%)
OS/2 Executable (generic) (2.6%)
Tags
peexe

VirusTotal metadata
First submission 2015-05-15 08:58:31 UTC ( 3 years, 7 months ago )
Last submission 2018-10-04 22:23:58 UTC ( 2 months, 1 week ago )
File names B76054213D804892566B89BE3D4940FD.exe
UnpackedDropper.ex_
b76054213d804892566b89be3d4940fd.vir
B76054213D804892566B89BE3D4940FD
Advanced heuristic and reputation engines
Symantec reputation Suspicious.Insight
No comments. No VirusTotal Community member has commented on this item yet, be the first one to do so!

Leave your comment...

?
Post comment

You have not signed in. Only registered users can leave comments, sign in and have a voice!

No votes. No one has voted on this item yet, be the first one to do so!
Condensed report! The following is a condensed report of the behaviour of the file when executed in a controlled environment. The actions and events described were either performed by the file itself or by any other process launched by the executed file or subjected to code injection by the executed file.
Runtime DLLs