× Cookies are disabled! This site requires cookies to be enabled to work properly
SHA256: a12494b1d1b88ad11c3881fd264f6bce141152892e10fa1ac434d34e213cf612
File name: 173a6bc2a6186a9a80d787160962149d.virus
Detection ratio: 7 / 57
Analysis date: 2016-05-31 04:53:09 UTC ( 2 years, 10 months ago ) View latest
Antivirus Result Update
Avast Win32:Malware-gen 20160531
Avira (no cloud) TR/Crypt.ZPACK.snar 20160530
Baidu Win32.Trojan.Kryptik.acm 20160530
Bkav HW32.Packed.D55D 20160528
Kaspersky HEUR:Trojan.Win32.Generic 20160531
Qihoo-360 QVM07.1.Malware.Gen 20160531
Rising Malware.XPACK-HIE/Heur!1.9C48 20160530
Ad-Aware 20160531
AegisLab 20160531
AhnLab-V3 20160531
Alibaba 20160531
ALYac 20160531
Antiy-AVL 20160531
Arcabit 20160531
AVG 20160531
AVware 20160531
Baidu-International 20160530
BitDefender 20160531
CAT-QuickHeal 20160530
ClamAV 20160531
CMC 20160530
Comodo 20160531
Cyren 20160531
DrWeb 20160531
Emsisoft 20160531
ESET-NOD32 20160531
F-Prot 20160531
F-Secure 20160531
Fortinet 20160531
GData 20160531
Ikarus 20160531
Jiangmin 20160531
K7AntiVirus 20160530
K7GW 20160531
Kingsoft 20160531
Malwarebytes 20160530
McAfee 20160531
McAfee-GW-Edition 20160530
Microsoft 20160531
eScan 20160531
NANO-Antivirus 20160531
nProtect 20160530
Panda 20160530
Sophos AV 20160531
SUPERAntiSpyware 20160530
Symantec 20160531
Tencent 20160531
TheHacker 20160530
TotalDefense 20160531
TrendMicro 20160531
TrendMicro-HouseCall 20160531
VBA32 20160530
VIPRE 20160531
ViRobot 20160531
Yandex 20160530
Zillya 20160531
Zoner 20160531
The file being studied is a Portable Executable file! More specifically, it is a Win32 EXE file for the Windows GUI subsystem.
PE header basic information
Target machine Intel 386 or later processors and compatible processors
Compilation timestamp 2013-02-02 20:01:54
Entry Point 0x0001A992
Number of sections 4
PE sections
PE imports
RegDeleteKeyA
RegNotifyChangeKeyValue
OpenServiceA
QueryServiceConfigA
RegSetValueA
LsaNtStatusToWinError
DeleteService
RegSetValueW
UnlockServiceDatabase
LsaOpenPolicy
RegisterEventSourceW
QueryServiceStatus
CloseEventLog
RegisterEventSourceA
RegDeleteValueA
InitiateSystemShutdownA
SetServiceStatus
LockServiceDatabase
LsaAddAccountRights
IsTextUnicode
RegisterServiceCtrlHandlerA
ChangeServiceConfigW
RegDeleteValueW
StartServiceW
OpenSCManagerW
RegSetValueExA
EnumServicesStatusW
EqualSid
OpenSCManagerA
ReportEventA
GetDriveTypeA
GetStartupInfoA
GetModuleHandleA
AddAtomW
GetLongPathNameW
_acmdln
__p__fmode
_adjust_fdiv
__p__commode
_controlfp
exit
_XcptFilter
putc
__getmainargs
_initterm
__setusermatherr
_adj_fdiv_m16i
__set_app_type
RasEnumDevicesA
RasEnumEntriesA
PathRemoveExtensionA
PathFindExtensionA
PathRenameExtensionW
PathRemoveBackslashA
PathStripPathA
PathIsRelativeA
PathCanonicalizeA
PathIsUNCW
SHSetValueA
PathRemoveExtensionW
PathIsRelativeW
StrNCatA
PathIsDirectoryW
SHGetValueW
StrCSpnIW
StrToIntExW
PathIsRootW
StrTrimW
PathFileExistsW
PathCombineA
SHDeleteValueA
PathAddBackslashW
PathRemoveBackslashW
StrCmpIW
PathCombineW
PathFileExistsA
PathStripPathW
SHDeleteKeyW
PathAppendA
StrToIntA
PathIsUNCServerW
StrCpyW
SHRegSetUSValueW
SHDeleteKeyA
PathAppendW
PathRenameExtensionA
PathRemoveFileSpecA
SHRegOpenUSKeyW
PathAddExtensionA
PathFindFileNameW
PathUnquoteSpacesA
PathFindFileNameA
StrDupA
SHQueryValueExW
SHRegGetBoolUSValueW
PathGetArgsW
Number of PE resources by type
RT_DIALOG 11
RT_STRING 6
RT_ICON 4
RT_VERSION 1
RT_GROUP_ICON 1
Number of PE resources by language
BENGALI DEFAULT 8
SPANISH URUGUAY 8
ENGLISH AUS 7
PE resources
ExifTool file metadata
SubsystemVersion
4.0

LinkerVersion
6.0

ImageVersion
0.0

FileSubtype
0

FileVersionNumber
0.189.103.63

UninitializedDataSize
0

LanguageCode
English (U.S.)

FileFlagsMask
0x003f

CharacterSet
Unicode

InitializedDataSize
167936

EntryPoint
0x1a992

OriginalFileName
Scrapes.exe

MIMEType
application/octet-stream

LegalCopyright
Copyright Valiant 2011

FileVersion
224, 92, 118, 157

TimeStamp
2013:02:02 21:01:54+01:00

FileType
Win32 EXE

PEType
PE32

InternalName
Rostrums

ProductVersion
62, 195, 4, 256

FileDescription
Visitation

OSVersion
4.0

FileOS
Windows NT 32-bit

Subsystem
Windows GUI

MachineType
Intel 386 or later, and compatibles

CompanyName
Validity Sensors, Inc.

CodeSize
106496

ProductName
Validity Sensors, Inc. Sea

ProductVersionNumber
0.163.45.205

FileTypeExtension
exe

ObjectFileType
Executable application

File identification
MD5 173a6bc2a6186a9a80d787160962149d
SHA1 90cc23d1b038a93f3a2b8b86eb3ea2879de71e63
SHA256 a12494b1d1b88ad11c3881fd264f6bce141152892e10fa1ac434d34e213cf612
ssdeep
3072:IeoNMWZn04Oz6gc50QgKlsAA8jaCtV4I4AGaSKjyAh:IesCfPQgAlA5QeAGahy

authentihash f3c6070229bea50a4e3db0bcdded5abe99d5193808d6328686adb6f986de33fc
imphash 1e5359c8cb30554f78f0b727c04594ac
File size 168.0 KB ( 172032 bytes )
File type Win32 EXE
Magic literal
PE32 executable for MS Windows (GUI) Intel 80386 32-bit

TrID Win64 Executable (generic) (64.6%)
Win32 Dynamic Link Library (generic) (15.4%)
Win32 Executable (generic) (10.5%)
Generic Win/DOS Executable (4.6%)
DOS Executable Generic (4.6%)
Tags
peexe

VirusTotal metadata
First submission 2016-05-31 04:53:09 UTC ( 2 years, 10 months ago )
Last submission 2016-05-31 04:53:09 UTC ( 2 years, 10 months ago )
File names 173a6bc2a6186a9a80d787160962149d.virus
No comments. No VirusTotal Community member has commented on this item yet, be the first one to do so!

Leave your comment...

?
Post comment

You have not signed in. Only registered users can leave comments, sign in and have a voice!

No votes. No one has voted on this item yet, be the first one to do so!
Condensed report! The following is a condensed report of the behaviour of the file when executed in a controlled environment. The actions and events described were either performed by the file itself or by any other process launched by the executed file or subjected to code injection by the executed file.
Opened files
Read files
Written files
Deleted files
Created processes
Code injections in the following processes
Created mutexes
Opened mutexes
Opened service managers
Opened services
Runtime DLLs
HTTP requests
DNS requests
TCP connections
UDP communications