× Cookies are disabled! This site requires cookies to be enabled to work properly
SHA256: a0fb948ad2d63d3f64486c7f1f235d958a50f10a5b82998cd02835dba9a2b536
File name: 1df80948b373e15405f90daec05bdc5aa6194dbe
Detection ratio: 46 / 57
Analysis date: 2016-09-30 07:46:48 UTC ( 1 year, 10 months ago )
Antivirus Result Update
Ad-Aware Gen:Variant.Coantor.35 20160930
AegisLab Uds.Dangerousobject.Multi!c 20160930
AhnLab-V3 Trojan/Win32.Garrun.N2089063847 20160930
ALYac Trojan.Preald.AH 20160930
Arcabit Trojan.Coantor.35 20160930
Avast Win32:Malware-gen 20160930
AVG Generic_r.MSU 20160930
Avira (no cloud) TR/Crypt.Xpack.cclx 20160930
AVware Trojan.Win32.Generic!BT 20160930
Baidu Win32.Trojan.Kryptik.arg 20160930
BitDefender Gen:Variant.Coantor.35 20160930
Bkav W32.FamVT.RazyNHmA.Trojan 20160930
CAT-QuickHeal Trojan.Garrun 20160930
CrowdStrike Falcon (ML) malicious_confidence_100% (W) 20160725
Cyren W32/S-e2e07e9d!Eldorado 20160930
DrWeb Trojan.PWS.Steam.12079 20160930
Emsisoft Gen:Variant.Coantor.35 (B) 20160930
ESET-NOD32 a variant of Win32/Kryptik.FFHA 20160930
F-Prot W32/S-e2e07e9d!Eldorado 20160926
F-Secure Gen:Variant.Coantor.35 20160930
Fortinet W32/Garrun.CSU!tr 20160930
GData Gen:Variant.Coantor.35 20160930
Sophos ML trojan.win32.lethic.b 20160928
Jiangmin Trojan.Garrun.kf 20160930
K7AntiVirus Trojan ( 004f6eb91 ) 20160930
K7GW Trojan ( 004f6eb91 ) 20160930
Kaspersky Trojan.Win32.Garrun.cst 20160930
Malwarebytes Backdoor.Andromeda 20160930
McAfee RDN/Generic.hbg 20160930
McAfee-GW-Edition BehavesLike.Win32.PWSZbot.ch 20160929
Microsoft Trojan:Win32/Lethic!rfn 20160930
eScan Gen:Variant.Coantor.35 20160930
NANO-Antivirus Trojan.Win32.Xpack.efrlkx 20160930
Panda Trj/Genetic.gen 20160929
Qihoo-360 HEUR/QVM09.0.6023.Malware.Gen 20160930
Rising Malware.Heuristic!ET (rdm+) 20160930
Sophos AV Mal/Generic-S 20160930
SUPERAntiSpyware Trojan.Agent/Gen-Kryptik 20160930
Symantec Trojan Horse 20160930
Tencent Win32.Trojan.Garrun.Anpv 20160930
TrendMicro TROJ_GEN.R021C0DHS16 20160930
TrendMicro-HouseCall TROJ_GEN.R021C0DHS16 20160930
VIPRE Trojan.Win32.Generic!BT 20160930
ViRobot Trojan.Win32.Z.Genkryptik.152064[h] 20160930
Yandex Trojan.Garrun! 20160929
Zillya Trojan.Garrun.Win32.1239 20160929
Alibaba 20160930
Antiy-AVL 20160930
ClamAV 20160930
CMC 20160928
Comodo 20160930
Ikarus 20160929
Kingsoft 20160930
nProtect 20160930
TheHacker 20160930
VBA32 20160929
Zoner 20160930
The file being studied is a Portable Executable file! More specifically, it is a Win32 EXE file for the Windows GUI subsystem.
PE header basic information
Target machine Intel 386 or later processors and compatible processors
Compilation timestamp 2016-08-25 07:12:04
Entry Point 0x00004262
Number of sections 4
PE sections
PE imports
RegDeleteKeyA
RegCloseKey
RegQueryValueExA
RegSetValueExA
RegDeleteValueA
RegCreateKeyExA
RegOpenKeyExA
RegEnumKeyA
RegEnumValueA
GetStdHandle
GetConsoleOutputCP
GetFileAttributesA
HeapDestroy
GetFileAttributesW
FreeEnvironmentStringsA
DeleteCriticalSection
GetCurrentProcess
GetConsoleMode
GetLocaleInfoA
FreeEnvironmentStringsW
GetLocaleInfoW
SetStdHandle
GetCPInfo
GetStringTypeA
WriteFile
GetSystemTimeAsFileTime
HeapReAlloc
GetStringTypeW
SetFileAttributesA
FreeLibrary
MoveFileA
InitializeCriticalSection
TlsGetValue
SetFileAttributesW
SetLastError
IsDebuggerPresent
HeapAlloc
GetVersionExA
GetModuleFileNameA
EnumSystemLocalesA
UnhandledExceptionFilter
InterlockedDecrement
MultiByteToWideChar
GetModuleHandleA
SetUnhandledExceptionFilter
SetEnvironmentVariableA
TerminateProcess
WriteConsoleA
SetEndOfFile
GetCurrentThreadId
LeaveCriticalSection
WriteConsoleW
HeapFree
EnterCriticalSection
SetHandleCount
GetOEMCP
QueryPerformanceCounter
GetTickCount
TlsAlloc
FlushFileBuffers
LoadLibraryA
RtlUnwind
GetStartupInfoA
GetFullPathNameA
GetUserDefaultLCID
GetProcessHeap
CompareStringW
CompareStringA
IsValidLocale
GetProcAddress
GetTimeZoneInformation
CreateFileW
GetFileType
TlsSetValue
CreateFileA
ExitProcess
InterlockedIncrement
GetLastError
DosDateTimeToFileTime
LCMapStringW
GetConsoleCP
LCMapStringA
GetEnvironmentStringsW
IsDBCSLeadByte
GetEnvironmentStrings
GetCurrentProcessId
SetFileTime
GetCurrentDirectoryA
HeapSize
GetCommandLineA
RaiseException
TlsFree
SetFilePointer
ReadFile
GlobalFlags
CloseHandle
GetACP
WideCharToMultiByte
IsValidCodePage
HeapCreate
VirtualFree
Sleep
VirtualAlloc
SHGetFileInfoA
SHGetSpecialFolderLocation
SHBrowseForFolderA
SHGetPathFromIDListA
ShellExecuteA
SHFileOperationA
EndDialog
KillTimer
SetProcessDefaultLayout
ShowWindow
SetWindowPos
CharToOemBuffA
MessageBoxW
DispatchMessageA
EnableWindow
PostMessageA
CharUpperW
DialogBoxParamW
MessageBoxA
SetWindowLongA
wvsprintfA
TranslateMessage
DialogBoxParamA
GetWindow
CharUpperA
SetWindowTextA
LoadStringA
GetSystemMetrics
SendMessageA
LoadStringW
SetWindowTextW
GetDlgItem
IsWindow
GetWindowLongA
FindWindowExA
SetTimer
GetClientRect
CopyRect
OemToCharBuffA
GetWindowTextA
DestroyWindow
Number of PE resources by type
RT_DIALOG 12
RT_MANIFEST 1
Number of PE resources by language
ENGLISH US 12
ENGLISH AUS 1
PE resources
ExifTool file metadata
MIMEType
application/octet-stream

Subsystem
Windows GUI

MachineType
Intel 386 or later, and compatibles

FileTypeExtension
exe

TimeStamp
2016:08:25 08:12:04+01:00

FileType
Win32 EXE

PEType
PE32

CodeSize
89088

LinkerVersion
9.0

EntryPoint
0x4262

InitializedDataSize
93696

SubsystemVersion
5.0

ImageVersion
0.0

OSVersion
5.0

UninitializedDataSize
0

File identification
MD5 ecaf0b0fb00977dbd103c9de2975cae7
SHA1 9e0335c45165cfc44d16effe1bc0028a6583db77
SHA256 a0fb948ad2d63d3f64486c7f1f235d958a50f10a5b82998cd02835dba9a2b536
ssdeep
1536:xJX6GMaiaHg/OuiBS4tRdw+DIzaBEzDeHwwpr4tVGtO/KyyVad9+SGJzxAvSkCr2:xJXSVOAuIzamV71aad9+S0zTO2my8V

authentihash aaa25b4281fd6abcddbe89b64aa09fd1d84201965c294e12344cdd0b13f35a35
imphash 7d72ae52b2364839863c994ff3737d90
File size 148.5 KB ( 152064 bytes )
File type Win32 EXE
Magic literal
PE32 executable for MS Windows (GUI) Intel 80386 32-bit

TrID Win32 Executable MS Visual C++ (generic) (42.2%)
Win64 Executable (generic) (37.3%)
Win32 Dynamic Link Library (generic) (8.8%)
Win32 Executable (generic) (6.0%)
Generic Win/DOS Executable (2.7%)
Tags
peexe

VirusTotal metadata
First submission 2016-08-25 08:39:58 UTC ( 1 year, 11 months ago )
Last submission 2016-08-26 15:26:45 UTC ( 1 year, 11 months ago )
File names 74cdcddcdcdcdccdeeee.exe
1df80948b373e15405f90daec05bdc5aa6194dbe
kb00208921.exe
No comments. No VirusTotal Community member has commented on this item yet, be the first one to do so!

Leave your comment...

?
Post comment

You have not signed in. Only registered users can leave comments, sign in and have a voice!

No votes. No one has voted on this item yet, be the first one to do so!
Condensed report! The following is a condensed report of the behaviour of the file when executed in a controlled environment. The actions and events described were either performed by the file itself or by any other process launched by the executed file or subjected to code injection by the executed file.
Code injections in the following processes
Runtime DLLs
UDP communications