× Cookies are disabled! This site requires cookies to be enabled to work properly
SHA256: a1171769927207cdc25af4df49209ddb781d50cd6be9cda7ddb7a031bf585691
File name: _CC7F527EA541711CEE59B622876ADD67._
Detection ratio: 19 / 55
Analysis date: 2016-11-20 01:39:30 UTC ( 2 years, 3 months ago ) View latest
Antivirus Result Update
Ad-Aware Trojan.Generic.19744795 20161120
Arcabit Trojan.Generic.D12D481B 20161120
Avast Win32:Trojan-gen 20161120
AVG Crypt6.MXM 20161120
Baidu Win32.Trojan.WisdomEyes.16070401.9500.9999 20161118
BitDefender Trojan.Generic.19744795 20161120
CrowdStrike Falcon (ML) malicious_confidence_100% (D) 20161024
DrWeb Trojan.Packed2.38613 20161120
Emsisoft Trojan.Generic.19744795 (B) 20161120
ESET-NOD32 a variant of Win32/Kryptik.FJZE 20161119
F-Secure Trojan.Generic.19744795 20161120
GData Trojan.Generic.19744795 20161120
Ikarus Trojan.Win32.Crypt 20161119
Sophos ML generic.a 20161018
McAfee Artemis!CC7F527EA541 20161120
McAfee-GW-Edition BehavesLike.Win32.PWSZbot.cc 20161120
eScan Trojan.Generic.19744795 20161120
Qihoo-360 HEUR/QVM20.1.0000.Malware.Gen 20161120
Symantec Heur.AdvML.B 20161120
AegisLab 20161119
AhnLab-V3 20161119
Alibaba 20161118
ALYac 20161119
Antiy-AVL 20161119
Avira (no cloud) 20161119
AVware 20161120
Bkav 20161119
CAT-QuickHeal 20161119
ClamAV 20161120
CMC 20161119
Comodo 20161119
Cyren 20161120
F-Prot 20161120
Fortinet 20161120
Jiangmin 20161119
K7AntiVirus 20161119
K7GW 20161120
Kaspersky 20161120
Kingsoft 20161120
Malwarebytes 20161120
Microsoft 20161119
NANO-Antivirus 20161119
nProtect 20161119
Panda 20161119
Rising 20161120
Sophos AV 20161120
SUPERAntiSpyware 20161119
Tencent 20161120
TheHacker 20161117
TrendMicro 20161120
TrendMicro-HouseCall 20161120
VBA32 20161118
VIPRE 20161120
ViRobot 20161119
Yandex 20161119
Zillya 20161118
Zoner 20161119
The file being studied is a Portable Executable file! More specifically, it is a Win32 EXE file for the Windows GUI subsystem.
PE header basic information
Target machine Intel 386 or later processors and compatible processors
Compilation timestamp 2013-09-02 10:01:36
Entry Point 0x00002FA6
Number of sections 4
PE sections
PE imports
CheckADsError
ErrMsg
CrackName
QueryDosDeviceA
OpenSemaphoreW
SystemTimeToFileTime
GetStringTypeA
GetModuleHandleA
lstrcmpiA
GetLastError
CreateDirectoryA
DeleteFileA
InterlockedExchange
FindFirstFileW
FindAtomA
GetStartupInfoA
CreateMutexW
CreateFileA
GetCommandLineA
GetProcAddress
WaitForSingleObjectEx
CopyFileA
GetPrivateProfileStringW
SHGetFileInfoA
SHCreateShellItem
SHQueryRecycleBinW
SHFree
ShellAboutA
SHChangeNotify
SHFileOperationW
DragQueryFileA
DragQueryPoint
SHGetFolderPathA
DuplicateIcon
DragAcceptFiles
SHGetDataFromIDListA
DllCanUnloadNow
SHGetDesktopFolder
FindExecutableA
FormatEx
Recover
Extend
Format
GetMessageA
CreateWindowExA
LoadCursorA
LoadStringA
RegisterClassExW
wsprintfA
MessageBoxA
OemToCharW
FindWindowExW
MapVirtualKeyW
LoadImageW
CharToOemA
Number of PE resources by type
BVAQ 2
Number of PE resources by language
ENGLISH US 2
PE resources
ExifTool file metadata
MIMEType
application/octet-stream

Subsystem
Windows GUI

MachineType
Intel 386 or later, and compatibles

FileTypeExtension
exe

TimeStamp
2013:09:02 11:01:36+01:00

FileType
Win32 EXE

PEType
PE32

CodeSize
16384

LinkerVersion
8.0

EntryPoint
0x2fa6

InitializedDataSize
139264

SubsystemVersion
4.0

ImageVersion
0.0

OSVersion
4.0

UninitializedDataSize
0

File identification
MD5 cc7f527ea541711cee59b622876add67
SHA1 994f463491fe1d5b924104714e1fc0874885f043
SHA256 a1171769927207cdc25af4df49209ddb781d50cd6be9cda7ddb7a031bf585691
ssdeep
3072:mkW3QSKh1qCeAvLHKoDoYH9wJEc9k5JeLJe70gLbJ:45Kh1qCekaYH9wJEc9k5/70ibJ

authentihash 95769e3db3b0c25fc4d53b72d209b7ef4f1800f93200784494bd7362342d7760
imphash 71dbeb20e8ff456ae5ea73bd8f443623
File size 156.0 KB ( 159744 bytes )
File type Win32 EXE
Magic literal
PE32 executable for MS Windows (GUI) Intel 80386 32-bit

TrID Win32 Dynamic Link Library (generic) (43.5%)
Win32 Executable (generic) (29.8%)
Generic Win/DOS Executable (13.2%)
DOS Executable Generic (13.2%)
Tags
peexe

VirusTotal metadata
First submission 2016-11-20 01:39:30 UTC ( 2 years, 3 months ago )
Last submission 2016-11-20 01:39:30 UTC ( 2 years, 3 months ago )
File names _CC7F527EA541711CEE59B622876ADD67._
No comments. No VirusTotal Community member has commented on this item yet, be the first one to do so!

Leave your comment...

?
Post comment

You have not signed in. Only registered users can leave comments, sign in and have a voice!

No votes. No one has voted on this item yet, be the first one to do so!
Condensed report! The following is a condensed report of the behaviour of the file when executed in a controlled environment. The actions and events described were either performed by the file itself or by any other process launched by the executed file or subjected to code injection by the executed file.
Opened files
Copied files
Created processes
Created mutexes
Opened mutexes
Runtime DLLs
DNS requests
UDP communications