× Cookies are disabled! This site requires cookies to be enabled to work properly
SHA256: 9d3fac012d1f7a6cf3c7c381e6ef4b2c73d4d8d5a3f6a597d2b2837e115c90a0
File name: 229af3e4f9dccc0497e7546c09790d50.virobj
Detection ratio: 50 / 67
Analysis date: 2017-10-16 04:14:28 UTC ( 1 month, 1 week ago )
Antivirus Result Update
AegisLab Troj.W32.Genome.aepvs!c 20171016
AhnLab-V3 Trojan/Win32.Breut.C230199 20171015
Antiy-AVL Trojan/Win32.Genome 20171016
Arcabit Trojan.Kazy.DD6E1 20171016
Avast Win32:Malware-gen 20171016
AVG Win32:Malware-gen 20171016
Avira (no cloud) BDS/Fynloski.A.12199 20171015
AVware Trojan.Win32.Generic.pak!cobra 20171016
BitDefender Gen:Variant.Kazy.55009 20171016
ClamAV Win.Trojan.FaceHack-1 20171016
Comodo UnclassifiedMalware 20171016
CrowdStrike Falcon (ML) malicious_confidence_90% (W) 20170804
Cylance Unsafe 20171016
Cyren W32/Trojan.YAXB-5063 20171016
DrWeb Trojan.Siggen3.39429 20171016
eGambit malicious_confidence_95% 20171016
Emsisoft Gen:Variant.Kazy.55009 (B) 20171016
Endgame malicious (high confidence) 20170821
ESET-NOD32 Win32/Agent.PAB 20171016
F-Secure Gen:Variant.Kazy.55009 20171016
Fortinet W32/WBNA.IPA!worm 20171016
GData Gen:Variant.Kazy.55009 20171016
Ikarus Worm.Win32.VBNA 20171015
Sophos ML heuristic 20170914
Jiangmin Trojan/Genome.csmk 20171016
K7AntiVirus Backdoor ( 04c502b11 ) 20171015
K7GW Backdoor ( 04c502b11 ) 20171016
Kaspersky UDS:DangerousObject.Multi.Generic 20171016
Kingsoft Win32.Troj.Genome.(kcloud) 20171016
MAX malware (ai score=80) 20171016
McAfee Generic.dx!229AF3E4F9DC 20171016
McAfee-GW-Edition Generic.dx!229AF3E4F9DC 20171015
eScan Gen:Variant.Kazy.55009 20171016
NANO-Antivirus Trojan.Win32.TrjGen.ktouq 20171016
Palo Alto Networks (Known Signatures) generic.ml 20171016
Panda Trj/CI.A 20171015
Qihoo-360 Win32/Trojan.e43 20171016
SentinelOne (Static ML) static engine - malicious 20171001
Sophos AV Troj/Agent-UYX 20171016
Symantec Backdoor.Breut 20171015
Tencent Win32.Trojan.Zapchast.Hqby 20171016
TrendMicro BKDR_ZAPCHAST.SG 20171016
TrendMicro-HouseCall BKDR_ZAPCHAST.SG 20171016
VBA32 Trojan.Genome.ae 20171013
VIPRE Trojan.Win32.Generic.pak!cobra 20171016
ViRobot Trojan.Win32.S.Agent.459948 20171016
Webroot W32.Trojan.Gen 20171016
Yandex Trojan.Genome!dAt9gmt+Yuw 20171013
Zillya Trojan.Genome.Win32.155382 20171013
ZoneAlarm by Check Point UDS:DangerousObject.Multi.Generic 20171016
Ad-Aware 20171016
Alibaba 20170911
ALYac 20171015
Avast-Mobile 20171015
Baidu 20171013
Bkav 20171013
CAT-QuickHeal 20171014
CMC 20171015
F-Prot 20171016
Malwarebytes 20171016
Microsoft 20171016
nProtect 20171016
Rising 20171016
SUPERAntiSpyware 20171015
Symantec Mobile Insight 20171011
TheHacker 20171015
TotalDefense 20171015
Trustlook 20171016
WhiteArmor 20170927
Zoner 20171016
The file being studied is a Portable Executable file! More specifically, it is a Win32 EXE file for the Windows GUI subsystem.
Packers identified
F-PROT RAR
PE header basic information
Target machine Intel 386 or later processors and compatible processors
Compilation timestamp 2011-12-07 06:40:20
Entry Point 0x0000B3C1
Number of sections 5
PE sections
Overlays
MD5 1573e7f3ba3967188a83cf39f7d1c8fc
File type application/x-rar
Offset 194560
Size 265388
Entropy 8.00
PE imports
RegCreateKeyExW
RegCloseKey
OpenProcessToken
RegSetValueExW
RegOpenKeyExW
SetFileSecurityW
AdjustTokenPrivileges
LookupPrivilegeValueW
SetFileSecurityA
RegQueryValueExW
InitCommonControlsEx
GetSaveFileNameW
CommDlgExtendedError
GetOpenFileNameW
GetDeviceCaps
DeleteDC
SelectObject
StretchBlt
GetObjectW
CreateCompatibleDC
DeleteObject
CreateCompatibleBitmap
SetFilePointer
GetSystemTime
GetLastError
HeapFree
GetStdHandle
DosDateTimeToFileTime
ReadFile
FileTimeToSystemTime
GetModuleFileNameW
WaitForSingleObject
GetVersionExW
GetExitCodeProcess
FindNextFileA
CompareStringW
HeapAlloc
SystemTimeToFileTime
IsDBCSLeadByte
GetCommandLineW
GetFileAttributesW
GetCurrentProcess
FileTimeToLocalFileTime
MoveFileW
OpenFileMappingW
SetFileAttributesA
GetDateFormatW
CreateDirectoryA
DeleteFileA
GetCPInfo
ExitProcess
MultiByteToWideChar
SetEnvironmentVariableW
CreateDirectoryW
DeleteFileW
GetProcAddress
GetProcessHeap
CreateFileMappingW
GetTimeFormatW
WriteFile
SetFileAttributesW
CloseHandle
WideCharToMultiByte
MapViewOfFile
MoveFileExW
ExpandEnvironmentStringsW
FindNextFileW
SetEndOfFile
GetFileAttributesA
GetTempPathW
FindFirstFileA
FindFirstFileW
HeapReAlloc
GetModuleHandleW
GetFullPathNameA
FreeLibrary
GetCurrentDirectoryW
LoadLibraryW
SetCurrentDirectoryW
UnmapViewOfFile
FindResourceW
CreateFileW
GlobalAlloc
LocalFileTimeToFileTime
FindClose
Sleep
GetFileType
GetFullPathNameW
SetFileTime
CreateFileA
GetTickCount
GetLocaleInfoW
GetNumberFormatW
SetLastError
CompareStringA
VariantInit
SHBrowseForFolderW
SHChangeNotify
SHFileOperationW
SHGetPathFromIDListW
SHGetSpecialFolderLocation
ShellExecuteExW
SHGetFileInfoW
SHGetMalloc
SHAutoComplete
SetFocus
MapWindowPoints
GetParent
UpdateWindow
EndDialog
LoadBitmapW
DefWindowProcW
GetWindowTextW
GetMessageW
ShowWindow
GetSystemMetrics
SetWindowPos
wvsprintfW
CharToOemBuffA
SetWindowLongW
IsWindow
SendMessageW
GetWindowRect
RegisterClassExW
CharUpperW
DialogBoxParamW
CharToOemBuffW
wvsprintfA
SendDlgItemMessageW
GetDlgItemTextW
PostMessageW
GetSysColor
SetDlgItemTextW
GetDC
ReleaseDC
DestroyIcon
TranslateMessage
IsWindowVisible
LoadStringW
SetWindowTextW
GetDlgItem
GetWindow
MessageBoxW
DispatchMessageW
GetClassNameW
PeekMessageW
CharUpperA
GetClientRect
OemToCharA
EnableWindow
CopyRect
WaitForInputIdle
OemToCharBuffA
LoadCursorW
LoadIconW
FindWindowExW
CreateWindowExW
GetWindowLongW
SetForegroundWindow
DestroyWindow
CharToOemA
CreateStreamOnHGlobal
OleUninitialize
CoCreateInstance
OleInitialize
CLSIDFromString
Number of PE resources by type
RT_DIALOG 6
RT_STRING 6
RT_ICON 5
RT_MANIFEST 1
RT_BITMAP 1
RT_GROUP_ICON 1
Number of PE resources by language
ENGLISH US 14
NEUTRAL DEFAULT 6
PE resources
Debug information
ExifTool file metadata
MIMEType
application/octet-stream

Subsystem
Windows GUI

MachineType
Intel 386 or later, and compatibles

FileTypeExtension
exe

TimeStamp
2011:12:07 07:40:20+01:00

FileType
Win32 EXE

PEType
PE32

CodeSize
72704

LinkerVersion
9.0

EntryPoint
0xb3c1

InitializedDataSize
120832

SubsystemVersion
5.0

ImageVersion
0.0

OSVersion
5.0

UninitializedDataSize
0

File identification
MD5 229af3e4f9dccc0497e7546c09790d50
SHA1 5a35ec46be8f551ed572ab2fb675f7c09ae7beaf
SHA256 9d3fac012d1f7a6cf3c7c381e6ef4b2c73d4d8d5a3f6a597d2b2837e115c90a0
ssdeep
12288:gxaVAh64U5lygx6Ep8wSMvKviU8rxEAxDUtsT8:gxaVxr5BwE9B9C28T

authentihash 909bd6d6d4d24bded9938926478482fd8745e62975c63f8b5c54b4bc26de677b
imphash 2b8c9d9ab6fefc247adaf927e83dcea6
File size 449.2 KB ( 459948 bytes )
File type Win32 EXE
Magic literal
PE32 executable for MS Windows (GUI) Intel 80386 32-bit

TrID Win32 Executable MS Visual C++ (generic) (42.2%)
Win64 Executable (generic) (37.3%)
Win32 Dynamic Link Library (generic) (8.8%)
Win32 Executable (generic) (6.0%)
Generic Win/DOS Executable (2.7%)
Tags
peexe overlay

VirusTotal metadata
First submission 2012-02-06 19:03:28 UTC ( 5 years, 9 months ago )
Last submission 2017-10-14 19:44:57 UTC ( 1 month, 1 week ago )
File names hack_facebook_pro_v6.9.exe
229af3e4f9dccc0497e7546c09790d50.vxe
0534
9d3fac012d1f7a6cf3c7c381e6ef4b2c73d4d8d5a3f6a597d2b2837e115c90a0.log
8_NOT_DETECTED.exe
hack_facebook_pro_v6.9.bin
hack_facebook_pro_v6.9.exe
axe
8a3f2dba-1dd1-4086-9fba-f44af57b4c19
bad.exe
229af3e4f9dccc0497e7546c09790d50.exe
file-3830615_
5a35ec46be8f551ed572ab2fb675f7c09ae7beaf.bin
229af3e4f9dccc0497e7546c09790d50
229af3e4f9dccc0497e7546c09790d50.virobj
dee536a4-50de-4dc1-87e4-b4aca997a773
Advanced heuristic and reputation engines
No comments. No VirusTotal Community member has commented on this item yet, be the first one to do so!

Leave your comment...

?
Post comment

You have not signed in. Only registered users can leave comments, sign in and have a voice!

No votes. No one has voted on this item yet, be the first one to do so!