× Cookies are disabled! This site requires cookies to be enabled to work properly
SHA256: 9f1add1967afa4330f53d350db418dc1a5bc9b378508e9af30f71e0b7e791489
File name: cc_arhiv.exe
Detection ratio: 55 / 67
Analysis date: 2018-08-28 00:21:14 UTC ( 6 months, 4 weeks ago )
Antivirus Result Update
Ad-Aware Gen:Variant.Zusy.109293 20180827
AegisLab Trojan.Win32.BitWallet.7!c 20180827
AhnLab-V3 Malware/Win32.Generic.C622514 20180827
ALYac Gen:Variant.Zusy.109293 20180827
Antiy-AVL Trojan[Banker]/Win32.BitWallet 20180828
Arcabit Trojan.Zusy.D1AAED 20180827
Avast Win32:Malware-gen 20180827
AVG Win32:Malware-gen 20180827
Avira (no cloud) HEUR/AGEN.1017457 20180827
AVware Trojan.Win32.Generic!BT 20180823
Baidu Win32.Trojan.WisdomEyes.16070401.9500.9757 20180827
BitDefender Gen:Variant.Zusy.109293 20180827
Bkav W32.LaisberLTL.Trojan 20180827
CrowdStrike Falcon (ML) malicious_confidence_70% (D) 20180723
Cybereason malicious.fdac16 20180225
Cylance Unsafe 20180828
Cyren W32/Trojan.RXKL-5086 20180828
DrWeb BackDoor.IRC.Bot.5486 20180828
Emsisoft Gen:Variant.Zusy.109293 (B) 20180828
Endgame malicious (high confidence) 20180730
ESET-NOD32 a variant of Win32/Spy.CoinBit.N 20180828
F-Prot W32/Trojan3.ADTH 20180828
F-Secure Gen:Variant.Zusy.109293 20180827
Fortinet W32/Generic.AC.B08D2!tr 20180828
GData Gen:Variant.Zusy.109293 20180828
Ikarus Trojan-Banker.Win32.BitWallet 20180827
Sophos ML heuristic 20180717
K7AntiVirus Spyware ( 004ac3511 ) 20180827
K7GW Spyware ( 004ac3511 ) 20180827
Kaspersky Trojan-Banker.Win32.BitWallet.r 20180827
Malwarebytes Trojan.BitCoinStealer 20180827
MAX malware (ai score=100) 20180828
McAfee GenericRXCN-GL!8ABE26CFDAC1 20180828
McAfee-GW-Edition GenericRXCN-GL!8ABE26CFDAC1 20180827
Microsoft TrojanSpy:Win32/Banker 20180827
eScan Gen:Variant.Zusy.109293 20180828
NANO-Antivirus Trojan.Win32.BitWallet.dfqwde 20180828
Palo Alto Networks (Known Signatures) generic.ml 20180828
Panda Trj/CI.A 20180827
Qihoo-360 HEUR/QVM10.1.Malware.Gen 20180828
Rising Malware.Heuristic!ET#99% (RDM+:cmRtazqB8hKHw4Vf0evQRrZQc/xO) 20180828
SentinelOne (Static ML) static engine - malicious 20180701
Sophos AV Mal/Generic-S 20180828
SUPERAntiSpyware Trojan.Agent/Gen-BitWallet 20180827
Symantec ML.Attribute.HighConfidence 20180827
TACHYON Trojan-Spy/W32.Banker.172544.G 20180828
Tencent Win32.Trojan-banker.Bitwallet.Edog 20180828
TrendMicro TROJ_GEN.R061C0DHK18 20180828
TrendMicro-HouseCall TROJ_GEN.R061C0DHK18 20180828
VBA32 TrojanBanker.BitWallet 20180827
VIPRE Trojan.Win32.Generic!BT 20180828
Webroot W32.Malware.Gen 20180828
Yandex Trojan.Banker!DDczJBB0bvU 20180827
Zillya Trojan.BitWallet.Win32.10 20180827
ZoneAlarm by Check Point Trojan-Banker.Win32.BitWallet.r 20180827
Alibaba 20180713
Avast-Mobile 20180827
Babable 20180822
CAT-QuickHeal 20180827
CMC 20180827
Comodo 20180827
eGambit 20180828
Jiangmin 20180827
Kingsoft 20180828
Symantec Mobile Insight 20180822
TheHacker 20180824
TotalDefense 20180827
Trustlook 20180828
ViRobot 20180827
Zoner 20180827
The file being studied is a Portable Executable file! More specifically, it is a Win32 EXE file for the Windows GUI subsystem.
PE header basic information
Target machine Intel 386 or later processors and compatible processors
Compilation timestamp 2014-08-27 16:03:37
Entry Point 0x0000D7D1
Number of sections 5
PE sections
PE imports
GetLastError
IsValidCodePage
HeapFree
GetStdHandle
EnterCriticalSection
LCMapStringW
HeapCreate
GetLocaleInfoW
LoadLibraryW
GetConsoleCP
GetOEMCP
QueryPerformanceCounter
IsDebuggerPresent
EncodePointer
TlsAlloc
GetEnvironmentStringsW
FlushFileBuffers
GetModuleFileNameA
RtlUnwind
DeleteCriticalSection
LeaveCriticalSection
EnumSystemLocalesA
GetFileType
GetConsoleMode
FreeEnvironmentStringsW
GetFileSize
GetUserDefaultLCID
LockResource
GetLocaleInfoA
GetCPInfo
UnhandledExceptionFilter
TlsGetValue
MultiByteToWideChar
GetStartupInfoW
GetTickCount
SetHandleCount
InitializeCriticalSectionAndSpinCount
GetCommandLineA
GetProcAddress
HeapSize
SetStdHandle
CompareStringW
RaiseException
WideCharToMultiByte
GetModuleFileNameW
TlsFree
SetFilePointer
GetSystemTimeAsFileTime
HeapSetInformation
FindFirstFileA
InterlockedExchange
SetUnhandledExceptionFilter
WriteFile
InterlockedIncrement
ReadFile
IsProcessorFeaturePresent
GetComputerNameA
FindNextFileA
IsValidLocale
GetACP
HeapReAlloc
DecodePointer
GetModuleHandleW
SetEnvironmentVariableA
GetProcessHeap
TerminateProcess
GetCurrentProcess
InitializeCriticalSection
LoadResource
CreateFileW
GetStringTypeW
FindClose
InterlockedDecrement
Sleep
SetLastError
SetEndOfFile
TlsSetValue
CreateFileA
HeapAlloc
GetCurrentThreadId
FindResourceA
ExitProcess
GetCurrentProcessId
WriteConsoleW
CloseHandle
ShellExecuteA
socket
recv
send
WSACleanup
WSAStartup
gethostbyname
connect
htons
closesocket
Number of PE resources by type
RT_RCDATA 5
RT_MANIFEST 1
Number of PE resources by language
ARABIC NEUTRAL 5
ENGLISH US 1
PE resources
Debug information
ExifTool file metadata
MIMEType
application/octet-stream

Subsystem
Windows GUI

MachineType
Intel 386 or later, and compatibles

FileTypeExtension
exe

TimeStamp
2014:08:27 17:03:37+01:00

FileType
Win32 EXE

PEType
PE32

CodeSize
128512

LinkerVersion
10.0

ImageFileCharacteristics
Executable, 32-bit

EntryPoint
0xd7d1

InitializedDataSize
43008

SubsystemVersion
5.1

ImageVersion
0.0

OSVersion
5.1

UninitializedDataSize
0

File identification
MD5 8abe26cfdac16c4680c62f176b8c2db5
SHA1 22451e6a7fe98d772ffa3727a0e2108a60b86dc0
SHA256 9f1add1967afa4330f53d350db418dc1a5bc9b378508e9af30f71e0b7e791489
ssdeep
3072:G/dlqfYF0WscNazKNJtJQmPNsxLVgFUM+:IdlqgFHP1NZQWYbM+

authentihash 41ddabee75f17dc761bdc515ba383b4c119334779cf058900aa67a2a549a30bb
imphash 50ffc349eadf23b87b37780609c94771
File size 168.5 KB ( 172544 bytes )
File type Win32 EXE
Magic literal
PE32 executable for MS Windows (GUI) Intel 80386 32-bit

TrID Win32 Executable MS Visual C++ (generic) (41.0%)
Win64 Executable (generic) (36.3%)
Win32 Dynamic Link Library (generic) (8.6%)
Win32 Executable (generic) (5.9%)
OS/2 Executable (generic) (2.6%)
Tags
peexe

VirusTotal metadata
First submission 2015-01-20 13:44:30 UTC ( 4 years, 2 months ago )
Last submission 2015-07-29 01:38:37 UTC ( 3 years, 7 months ago )
File names cc_arhiv.exe
9f1add1967afa4330f53d350db418dc1a5bc9b378508e9af30f71e0b7e791489
Advanced heuristic and reputation engines
TrendMicro-HouseCall
TrendMicro's heuristic engine has flagged this file as: TROJ_GEN.R021C0EB615.

Symantec reputation Suspicious.Insight
No comments. No VirusTotal Community member has commented on this item yet, be the first one to do so!

Leave your comment...

?
Post comment

You have not signed in. Only registered users can leave comments, sign in and have a voice!

No votes. No one has voted on this item yet, be the first one to do so!
Condensed report! The following is a condensed report of the behaviour of the file when executed in a controlled environment. The actions and events described were either performed by the file itself or by any other process launched by the executed file or subjected to code injection by the executed file.
Opened files
Read files
Created processes
Opened mutexes
Runtime DLLs
Additional details
The file uses the IsDebuggerPresent Windows API function in order to see whether it is being debugged.
The file sends control codes directly to certain device drivers making use of the DeviceIoControl Windows API function.