× Cookies are disabled! This site requires cookies to be enabled to work properly
SHA256: 9f3ad367eb06c31c46d49c60d264f7807a53fafd920b34ea5e7a15cefe3d9369
File name: 77a8a981ca4a6f444456627bf4b5d3074b1c5931
Detection ratio: 7 / 55
Analysis date: 2015-07-04 13:37:57 UTC ( 3 years, 8 months ago ) View latest
Antivirus Result Update
Avira (no cloud) TR/Crypt.EPACK.69 20150704
ESET-NOD32 a variant of Win32/Kryptik.DONT 20150704
Kaspersky Trojan-Spy.Win32.Zbot.vqwj 20150704
Panda Generic Suspicious 20150704
Qihoo-360 HEUR/QVM19.1.Malware.Gen 20150704
TrendMicro TROJ_FORUCON.BME 20150704
TrendMicro-HouseCall TROJ_FORUCON.BME 20150704
Ad-Aware 20150704
AegisLab 20150704
Yandex 20150630
AhnLab-V3 20150704
Alibaba 20150630
ALYac 20150704
Antiy-AVL 20150704
Arcabit 20150630
Avast 20150704
AVG 20150704
AVware 20150704
Baidu-International 20150704
BitDefender 20150704
Bkav 20150704
ByteHero 20150704
CAT-QuickHeal 20150704
ClamAV 20150704
Comodo 20150704
Cyren 20150704
DrWeb 20150704
Emsisoft 20150704
F-Prot 20150704
F-Secure 20150704
Fortinet 20150704
GData 20150702
Ikarus 20150704
Jiangmin 20150703
K7AntiVirus 20150704
K7GW 20150704
Kingsoft 20150704
Malwarebytes 20150704
McAfee 20150704
McAfee-GW-Edition 20150703
Microsoft 20150704
eScan 20150704
NANO-Antivirus 20150704
nProtect 20150703
Rising 20150704
SUPERAntiSpyware 20150703
Symantec 20150704
Tencent 20150704
TheHacker 20150702
TotalDefense 20150704
VBA32 20150703
VIPRE 20150704
ViRobot 20150704
Zillya 20150704
Zoner 20150704
The file being studied is a Portable Executable file! More specifically, it is a Win32 EXE file for the Windows GUI subsystem.
PE header basic information
Target machine Intel 386 or later processors and compatible processors
Compilation timestamp 2005-03-01 10:45:14
Entry Point 0x00001000
Number of sections 13
PE sections
Overlays
MD5 0f343b0931126a20f133d67c2b018a3b
File type ASCII text
Offset 292352
Size 1024
Entropy 0.00
PE imports
RegCreateKeyExW
RegCloseKey
RegDeleteKeyW
RegQueryValueExA
AdjustTokenPrivileges
InitializeAcl
RegDeleteValueW
RegCreateKeyExA
RegQueryValueExW
SetSecurityDescriptorDacl
CloseServiceHandle
OpenProcessToken
AddAccessAllowedAce
RegOpenKeyExW
RegOpenKeyW
RegOpenKeyExA
GetTokenInformation
RegQueryInfoKeyW
RegEnumKeyExW
OpenThreadToken
GetLengthSid
RegEnumValueW
RegSetValueExW
FreeSid
AllocateAndInitializeSid
InitializeSecurityDescriptor
RegSetValueExA
GetEnhMetaFileA
Polygon
CreateHalftonePalette
GdiPlayJournal
GdiGetDevmodeForPage
GetTextExtentPointA
EndDoc
DeviceCapabilitiesExW
IntersectClipRect
GetArcDirection
GetCharacterPlacementA
OffsetWindowOrgEx
FrameRgn
PlayEnhMetaFile
GetEnhMetaFileBits
CreateFontW
SwapBuffers
FlattenPath
CopyEnhMetaFileA
SetWinMetaFileBits
UpdateICMRegKeyW
PolyPolygon
StartDocW
DdeAbandonTransaction
EnumWindowStationsA
OpenIcon
GetCaretPos
ChildWindowFromPointEx
GetScrollRange
DlgDirListComboBoxW
GetWindowRgn
WINNLSEnableIME
DefMDIChildProcW
HiliteMenuItem
CreateCaret
CharUpperBuffA
UnregisterHotKey
GetMessageW
MessageBeep
DlgDirListComboBoxA
SetWindowPos
ToUnicodeEx
CharToOemBuffA
SetWindowLongW
SetScrollRange
AppendMenuA
GrayStringW
SetDeskWallpaper
InSendMessageEx
CountClipboardFormats
GetKeyboardLayoutNameA
OpenWindowStationW
DialogBoxParamW
PaintDesktop
GetClassNameA
CharToOemBuffW
SetClipboardViewer
wvsprintfA
SendDlgItemMessageW
LoadCursorFromFileW
CascadeChildWindows
SetMenuItemInfoW
SendMessageCallbackW
RegisterClassExA
SystemParametersInfoA
CharNextExA
CreatePopupMenu
SendMessageW
RealGetWindowClassW
GetMenuItemRect
RegisterClassW
TranslateMessage
EmptyClipboard
CreateMDIWindowA
SubtractRect
UnpackDDElParam
DdeGetLastError
PackDDElParam
SetMenuDefaultItem
ChangeDisplaySettingsW
GetClipboardFormatNameA
InvertRect
CloseWindowStation
DdeFreeDataHandle
LoadMenuIndirectA
IsClipboardFormatAvailable
ChangeMenuA
DlgDirListA
AdjustWindowRect
TileChildWindows
CreateIconFromResource
CallWindowProcA
GetSystemMenu
GetWindowTextLengthW
ToUnicode
EnableWindow
SetForegroundWindow
ModifyMenuA
Number of PE resources by type
RT_GROUP_CURSOR 1
RT_CURSOR 1
RT_VERSION 1
Number of PE resources by language
JAPANESE DEFAULT 3
PE resources
ExifTool file metadata
MIMEType
application/octet-stream

Subsystem
Windows GUI

MachineType
Intel 386 or later, and compatibles

FileTypeExtension
exe

TimeStamp
2005:03:01 11:45:14+01:00

FileType
Win32 EXE

PEType
PE32

CodeSize
242176

LinkerVersion
0.0

EntryPoint
0x1000

InitializedDataSize
33792

SubsystemVersion
4.1

ImageVersion
0.0

OSVersion
4.0

UninitializedDataSize
0

File identification
MD5 3c05346fa36d6d5e727538658e026206
SHA1 02de98d5ca9dd175fa1c171cc9c52f50cd877275
SHA256 9f3ad367eb06c31c46d49c60d264f7807a53fafd920b34ea5e7a15cefe3d9369
ssdeep
3072:vhoLi1LAtc0BQWayXEtP4TOIbIKIqSAd14qg:J4c0BQWYiSAd14qg

authentihash a8e969a68e592271099be30706440f95e69dd6e3e8e58892405b149b1d33ee13
imphash 32c89d1b8b5096af5c1a30036eaad7cc
File size 286.5 KB ( 293376 bytes )
File type Win32 EXE
Magic literal
PE32 executable for MS Windows (GUI) Intel 80386 32-bit

TrID Win64 Executable (generic) (76.3%)
Win32 Executable (generic) (12.4%)
Generic Win/DOS Executable (5.5%)
DOS Executable Generic (5.5%)
VXD Driver (0.0%)
Tags
peexe overlay

VirusTotal metadata
First submission 2015-07-03 11:33:20 UTC ( 3 years, 8 months ago )
Last submission 2015-07-04 13:37:57 UTC ( 3 years, 8 months ago )
File names Unconfirmed 504854.crdownload
77a8a981ca4a6f444456627bf4b5d3074b1c5931
Advanced heuristic and reputation engines
Symantec reputation Suspicious.Insight
No comments. No VirusTotal Community member has commented on this item yet, be the first one to do so!

Leave your comment...

?
Post comment

You have not signed in. Only registered users can leave comments, sign in and have a voice!

No votes. No one has voted on this item yet, be the first one to do so!
Condensed report! The following is a condensed report of the behaviour of the file when executed in a controlled environment. The actions and events described were either performed by the file itself or by any other process launched by the executed file or subjected to code injection by the executed file.
Opened files
Read files
Written files
Copied files
Deleted files
Created processes
Code injections in the following processes
Created mutexes
Opened mutexes
Searched windows
Opened service managers
Opened services
Runtime DLLs