× Cookies are disabled! This site requires cookies to be enabled to work properly
SHA256: 9f5a47b00748cb52f319622ed914e1b7b7416567254f4b0aec2206f3b80fb2d5
File name: 27d7c9ab8e170e530de3124ec2c408d4
Detection ratio: 34 / 57
Analysis date: 2016-05-31 04:56:58 UTC ( 2 years, 10 months ago )
Antivirus Result Update
Ad-Aware Gen:Variant.Razy.55822 20160531
AhnLab-V3 Malware/Win32.Generic 20160531
ALYac Gen:Variant.Razy.55822 20160531
Antiy-AVL Trojan/Win32.Agent 20160531
Arcabit Trojan.Razy.DDA0E 20160531
Avast Win32:Dorder-AD [Trj] 20160531
AVG Downloader.Generic14.AWYL 20160531
Avira (no cloud) TR/Crypt.ZPACK.hffm 20160530
AVware Trojan.Win32.Generic!BT 20160531
Baidu Win32.Trojan.WisdomEyes.151026.9950.9999 20160530
BitDefender Gen:Variant.Razy.55822 20160531
DrWeb Trojan.Siggen6.58358 20160531
Emsisoft Gen:Variant.Razy.55822 (B) 20160531
ESET-NOD32 Win32/TrojanDownloader.Agent.CFH 20160531
F-Secure Gen:Variant.Razy.55822 20160531
Fortinet W32/Kryptik.EXIZ!tr 20160531
GData Gen:Variant.Razy.55822 20160531
Jiangmin Trojan.Agent.aady 20160531
K7GW Hacktool ( 655367771 ) 20160531
Kaspersky Trojan.Win32.Agent.nevidu 20160531
McAfee Artemis!27D7C9AB8E17 20160531
McAfee-GW-Edition BehavesLike.Win32.FakeAlert.cc 20160530
Microsoft Trojan:Win32/Dynamer!ac 20160531
eScan Gen:Variant.Razy.55822 20160531
Panda Trj/CI.A 20160530
Qihoo-360 Win32/Trojan.075 20160531
Rising Malware.XPACK-HIE/Heur!1.9C48-qUWOotOpwTB (Cloud) 20160530
Sophos AV Mal/Generic-S 20160531
SUPERAntiSpyware Trojan.Agent/Gen-Kryptik 20160530
Symantec Trojan.Gen.2 20160531
Tencent Win32.Trojan.Agent.Html 20160531
TrendMicro TROJ_GEN.R011C0GEL16 20160531
VIPRE Trojan.Win32.Generic!BT 20160531
Yandex Trojan.Agent!Nkoc5MNTqAg 20160530
AegisLab 20160531
Alibaba 20160531
Baidu-International 20160530
Bkav 20160528
CAT-QuickHeal 20160530
ClamAV 20160531
CMC 20160530
Comodo 20160531
Cyren 20160531
F-Prot 20160531
Ikarus 20160531
K7AntiVirus 20160530
Kingsoft 20160531
Malwarebytes 20160530
NANO-Antivirus 20160531
nProtect 20160530
TheHacker 20160530
TotalDefense 20160531
TrendMicro-HouseCall 20160531
VBA32 20160530
ViRobot 20160531
Zillya 20160531
Zoner 20160531
The file being studied is a Portable Executable file! More specifically, it is a Win32 EXE file for the Windows GUI subsystem.
PE header basic information
Target machine Intel 386 or later processors and compatible processors
Compilation timestamp 2013-08-18 21:42:37
Entry Point 0x000218C3
Number of sections 4
PE sections
PE imports
DefineDosDeviceW
GetTickCount
LoadLibraryA
WaitForSingleObjectEx
GetSystemDirectoryA
GetLocaleInfoA
lstrcatA
CreateDirectoryA
DeleteFileW
GetProcAddress
GetProcessHeap
lstrcpynW
GetFileTime
CompareStringW
CloseHandle
SetEnvironmentVariableW
GetDiskFreeSpaceW
ReadFile
CreateSemaphoreW
WriteFile
CreateMutexW
GetVolumeNameForVolumeMountPointW
OpenMutexW
FindNextFileA
GetACP
MoveFileExA
WriteConsoleA
OpenJobObjectW
OpenSemaphoreA
MoveFileW
IsBadCodePtr
GetVersion
GetExpandedNameA
CreateHardLinkW
TraceSQLConnect
TraceSQLError
TraceSQLBindCol
SHBindToParent
FindExecutableA
ExtractIconExA
ExtractIconA
PickIconDlg
SHGetDesktopFolder
DragQueryFileA
DragAcceptFiles
SHChangeNotify
StrChrA
ShellAboutW
DllRegisterServer
ShellMessageBoxA
Number of PE resources by type
RT_DIALOG 4
RT_VERSION 1
Number of PE resources by language
ENGLISH US 5
PE resources
Debug information
ExifTool file metadata
MIMEType
application/octet-stream

Subsystem
Windows GUI

MachineType
Intel 386 or later, and compatibles

FileTypeExtension
exe

TimeStamp
2013:08:18 22:42:37+01:00

FileType
Win32 EXE

PEType
PE32

CodeSize
134656

LinkerVersion
6.0

Warning
Possibly corrupt Version resource

EntryPoint
0x218c3

InitializedDataSize
8192

SubsystemVersion
4.0

ImageVersion
0.0

OSVersion
4.0

UninitializedDataSize
0

File identification
MD5 27d7c9ab8e170e530de3124ec2c408d4
SHA1 d2a56052ed772134f79577c7c8f88d45ee223d6e
SHA256 9f5a47b00748cb52f319622ed914e1b7b7416567254f4b0aec2206f3b80fb2d5
ssdeep
3072:vRazyl3XC418r1e6S13hbfNWUi7bqzqfRDRDRDRDRw4rLaHOJ+:ZV9STODNBi7gqp1111b6OJ

authentihash f7cce2d48a69659e6137486db251a734267c0024a7b64c079d6d59826e1939ab
imphash f19f80902d94c9d46ed30e479783fe7e
File size 140.5 KB ( 143872 bytes )
File type Win32 EXE
Magic literal
PE32 executable for MS Windows (GUI) Intel 80386 32-bit

TrID Win32 Executable (generic) (52.9%)
Generic Win/DOS Executable (23.5%)
DOS Executable Generic (23.5%)
Tags
peexe

VirusTotal metadata
First submission 2016-05-31 04:56:58 UTC ( 2 years, 10 months ago )
Last submission 2016-05-31 04:56:58 UTC ( 2 years, 10 months ago )
No comments. No VirusTotal Community member has commented on this item yet, be the first one to do so!

Leave your comment...

?
Post comment

You have not signed in. Only registered users can leave comments, sign in and have a voice!

No votes. No one has voted on this item yet, be the first one to do so!