× Cookies are disabled! This site requires cookies to be enabled to work properly
SHA256: 9d3fac012d1f7a6cf3c7c381e6ef4b2c73d4d8d5a3f6a597d2b2837e115c90a0
File name: hack_facebook_pro_v6.9.exe
Detection ratio: 43 / 56
Analysis date: 2016-12-23 04:44:16 UTC ( 4 months ago )
Antivirus Result Update
Ad-Aware Gen:Variant.Kazy.55009 20161223
AegisLab Troj.W32.Genome.aepvs!c 20161223
AhnLab-V3 Trojan/Win32.Breut.C230199 20161222
Antiy-AVL Trojan/Win32.Genome 20161223
Avast Win32:Malware-gen 20161223
AVG Downloader.VB.TAN 20161223
Avira (no cloud) BDS/Fynloski.A.12199 20161222
AVware Trojan.Win32.Generic.pak!cobra 20161223
BitDefender Gen:Variant.Kazy.55009 20161223
ClamAV Win.Trojan.FaceHack-1 20161223
Comodo UnclassifiedMalware 20161223
CrowdStrike Falcon (ML) malicious_confidence_100% (D) 20161024
DrWeb Trojan.Siggen3.39429 20161223
Emsisoft Gen:Variant.Kazy.55009 (B) 20161223
ESET-NOD32 Win32/Agent.PAB 20161223
F-Secure Gen:Variant.Kazy.55009 20161223
Fortinet W32/WBNA.IPA!worm 20161223
GData Gen:Variant.Kazy.55009 20161223
Ikarus Worm.Win32.VBNA 20161222
Invincea backdoor.msil.bladabindi.aj 20161216
Jiangmin Trojan/Genome.csmk 20161222
K7AntiVirus Backdoor ( 04c502b11 ) 20161222
K7GW Backdoor ( 04c502b11 ) 20161223
Kaspersky UDS:DangerousObject.Multi.Generic 20161223
Kingsoft Win32.Troj.Genome.(kcloud) 20161223
Malwarebytes Spyware.Agent 20161223
McAfee Generic.dx!229AF3E4F9DC 20161223
McAfee-GW-Edition Generic.dx!229AF3E4F9DC 20161223
Microsoft Backdoor:Win32/Fynloski.A 20161222
eScan Gen:Variant.Kazy.55009 20161223
NANO-Antivirus Trojan.Win32.Siggen3.ktouq 20161223
Panda Trj/CI.A 20161222
Qihoo-360 Win32/Trojan.e43 20161223
Rising Trojan.Generic-hNbZP89rNkJ (cloud) 20161223
Sophos Troj/Agent-UYX 20161223
Symantec Backdoor.Breut 20161223
Tencent Win32.Trojan.Zapchast.Hqby 20161223
TrendMicro-HouseCall BKDR_ZAPCHAST.SG 20161223
VBA32 Trojan.Genome.ae 20161222
VIPRE Trojan.Win32.Generic.pak!cobra 20161223
ViRobot Trojan.Win32.Z.Genome.459948[h] 20161223
Yandex Trojan.Genome!dAt9gmt+Yuw 20161222
Zillya Trojan.Genome.Win32.155382 20161222
Alibaba 20161223
ALYac 20161223
Arcabit 20161223
Baidu 20161207
CAT-QuickHeal 20161222
CMC 20161222
Cyren 20161223
F-Prot 20161223
nProtect 20161223
SUPERAntiSpyware 20161223
TheHacker 20161222
TotalDefense 20161222
TrendMicro 20161223
Trustlook 20161223
WhiteArmor 20161221
Zoner 20161223
The file being studied is a Portable Executable file! More specifically, it is a Win32 EXE file for the Windows GUI subsystem.
Packers identified
F-PROT RAR
PE header basic information
Target machine Intel 386 or later processors and compatible processors
Compilation timestamp 2011-12-07 06:40:20
Entry Point 0x0000B3C1
Number of sections 5
PE sections
Overlays
MD5 1573e7f3ba3967188a83cf39f7d1c8fc
File type application/x-rar
Offset 194560
Size 265388
Entropy 8.00
PE imports
RegCreateKeyExW
RegCloseKey
OpenProcessToken
RegSetValueExW
RegOpenKeyExW
SetFileSecurityW
AdjustTokenPrivileges
LookupPrivilegeValueW
SetFileSecurityA
RegQueryValueExW
InitCommonControlsEx
GetSaveFileNameW
CommDlgExtendedError
GetOpenFileNameW
GetDeviceCaps
DeleteDC
SelectObject
StretchBlt
GetObjectW
CreateCompatibleDC
DeleteObject
CreateCompatibleBitmap
SetFilePointer
GetSystemTime
GetLastError
HeapFree
GetStdHandle
DosDateTimeToFileTime
ReadFile
FileTimeToSystemTime
GetModuleFileNameW
WaitForSingleObject
GetVersionExW
GetExitCodeProcess
FindNextFileA
CompareStringW
HeapAlloc
SystemTimeToFileTime
IsDBCSLeadByte
GetCommandLineW
GetFileAttributesW
GetCurrentProcess
FileTimeToLocalFileTime
MoveFileW
OpenFileMappingW
SetFileAttributesA
GetDateFormatW
CreateDirectoryA
DeleteFileA
GetCPInfo
ExitProcess
MultiByteToWideChar
SetEnvironmentVariableW
CreateDirectoryW
DeleteFileW
GetProcAddress
GetProcessHeap
CreateFileMappingW
GetTimeFormatW
WriteFile
SetFileAttributesW
CloseHandle
WideCharToMultiByte
MapViewOfFile
MoveFileExW
ExpandEnvironmentStringsW
FindNextFileW
SetEndOfFile
GetFileAttributesA
GetTempPathW
FindFirstFileA
FindFirstFileW
HeapReAlloc
GetModuleHandleW
GetFullPathNameA
FreeLibrary
GetCurrentDirectoryW
LoadLibraryW
SetCurrentDirectoryW
UnmapViewOfFile
FindResourceW
CreateFileW
GlobalAlloc
LocalFileTimeToFileTime
FindClose
Sleep
GetFileType
GetFullPathNameW
SetFileTime
CreateFileA
GetTickCount
GetLocaleInfoW
GetNumberFormatW
SetLastError
CompareStringA
VariantInit
SHBrowseForFolderW
SHChangeNotify
SHFileOperationW
SHGetPathFromIDListW
SHGetSpecialFolderLocation
ShellExecuteExW
SHGetFileInfoW
SHGetMalloc
SHAutoComplete
SetFocus
MapWindowPoints
GetParent
UpdateWindow
EndDialog
LoadBitmapW
DefWindowProcW
GetWindowTextW
GetMessageW
ShowWindow
GetSystemMetrics
SetWindowPos
wvsprintfW
CharToOemBuffA
SetWindowLongW
IsWindow
SendMessageW
GetWindowRect
RegisterClassExW
CharUpperW
DialogBoxParamW
CharToOemBuffW
wvsprintfA
SendDlgItemMessageW
GetDlgItemTextW
PostMessageW
GetSysColor
SetDlgItemTextW
GetDC
ReleaseDC
DestroyIcon
TranslateMessage
IsWindowVisible
LoadStringW
SetWindowTextW
GetDlgItem
GetWindow
MessageBoxW
DispatchMessageW
GetClassNameW
PeekMessageW
CharUpperA
GetClientRect
OemToCharA
EnableWindow
CopyRect
WaitForInputIdle
OemToCharBuffA
LoadCursorW
LoadIconW
FindWindowExW
CreateWindowExW
GetWindowLongW
SetForegroundWindow
DestroyWindow
CharToOemA
CreateStreamOnHGlobal
OleUninitialize
CoCreateInstance
OleInitialize
CLSIDFromString
Number of PE resources by type
RT_DIALOG 6
RT_STRING 6
RT_ICON 5
RT_MANIFEST 1
RT_BITMAP 1
RT_GROUP_ICON 1
Number of PE resources by language
ENGLISH US 14
NEUTRAL DEFAULT 6
PE resources
Debug information
ExifTool file metadata
MIMEType
application/octet-stream

Subsystem
Windows GUI

MachineType
Intel 386 or later, and compatibles

TimeStamp
2011:12:07 07:40:20+01:00

FileType
Win32 EXE

PEType
PE32

CodeSize
72704

LinkerVersion
9.0

FileTypeExtension
exe

InitializedDataSize
120832

SubsystemVersion
5.0

EntryPoint
0xb3c1

OSVersion
5.0

ImageVersion
0.0

UninitializedDataSize
0

File identification
MD5 229af3e4f9dccc0497e7546c09790d50
SHA1 5a35ec46be8f551ed572ab2fb675f7c09ae7beaf
SHA256 9d3fac012d1f7a6cf3c7c381e6ef4b2c73d4d8d5a3f6a597d2b2837e115c90a0
ssdeep
12288:gxaVAh64U5lygx6Ep8wSMvKviU8rxEAxDUtsT8:gxaVxr5BwE9B9C28T

authentihash 909bd6d6d4d24bded9938926478482fd8745e62975c63f8b5c54b4bc26de677b
imphash 2b8c9d9ab6fefc247adaf927e83dcea6
File size 449.2 KB ( 459948 bytes )
File type Win32 EXE
Magic literal
PE32 executable for MS Windows (GUI) Intel 80386 32-bit

TrID Win32 Executable MS Visual C++ (generic) (42.2%)
Win64 Executable (generic) (37.3%)
Win32 Dynamic Link Library (generic) (8.8%)
Win32 Executable (generic) (6.0%)
Generic Win/DOS Executable (2.7%)
Tags
peexe overlay

VirusTotal metadata
First submission 2012-02-06 19:03:28 UTC ( 5 years, 2 months ago )
Last submission 2016-12-20 23:07:00 UTC ( 4 months, 1 week ago )
File names hack_facebook_pro_v6.9.exe
229af3e4f9dccc0497e7546c09790d50.vxe
9d3fac012d1f7a6cf3c7c381e6ef4b2c73d4d8d5a3f6a597d2b2837e115c90a0.log
8_NOT_DETECTED.exe
hack_facebook_pro_v6.9.bin
hack_facebook_pro_v6.9.exe
axe
8a3f2dba-1dd1-4086-9fba-f44af57b4c19
bad.exe
229af3e4f9dccc0497e7546c09790d50.exe
file-3830615_
5a35ec46be8f551ed572ab2fb675f7c09ae7beaf.bin
229af3e4f9dccc0497e7546c09790d50
0534
dee536a4-50de-4dc1-87e4-b4aca997a773
Advanced heuristic and reputation engines
No comments. No VirusTotal Community member has commented on this item yet, be the first one to do so!

Leave your comment...

?
Post comment

You have not signed in. Only registered users can leave comments, sign in and have a voice!

No votes. No one has voted on this item yet, be the first one to do so!