× Cookies are disabled! This site requires cookies to be enabled to work properly
SHA256: a2502a43038deb39e6e9b75459716b9369ecb5a738eb4ea949f62efb31000884
File name: 9712d76a950c0333d3da4c387ef3a0ba.exe
Detection ratio: 10 / 52
Analysis date: 2016-02-02 14:54:59 UTC ( 3 years, 2 months ago )
Antivirus Result Update
Antiy-AVL Trojan[Ransom]/Win32.Foreign 20160202
Avast Win32:Malware-gen 20160202
AVG FileCryptor.GOJ 20160202
Avira (no cloud) TR/AD.Gootkit.Y.101 20160202
DrWeb BackDoor.Gootkit.212 20160202
ESET-NOD32 a variant of Win32/Kryptik.EMKT 20160202
Kaspersky Trojan-Ransom.Win32.Foreign.myzm 20160202
Malwarebytes Trojan.Injector 20160202
Qihoo-360 HEUR/QVM10.1.Malware.Gen 20160202
VIPRE Trojan.Win32.Generic!BT 20160202
Ad-Aware 20160202
AegisLab 20160202
Yandex 20160202
AhnLab-V3 20160202
Alibaba 20160202
ALYac 20160202
Arcabit 20160202
Baidu-International 20160202
BitDefender 20160202
Bkav 20160202
ByteHero 20160202
CAT-QuickHeal 20160202
ClamAV 20160202
Comodo 20160202
Cyren 20160202
Emsisoft 20160202
F-Prot 20160129
F-Secure 20160202
Fortinet 20160202
GData 20160202
Ikarus 20160202
Jiangmin 20160202
K7AntiVirus 20160202
K7GW 20160202
McAfee 20160202
McAfee-GW-Edition 20160202
Microsoft 20160202
eScan 20160202
NANO-Antivirus 20160202
nProtect 20160201
Panda 20160201
Rising 20160202
Sophos AV 20160202
SUPERAntiSpyware 20160202
Symantec 20160201
TheHacker 20160130
TrendMicro 20160202
TrendMicro-HouseCall 20160202
VBA32 20160202
ViRobot 20160202
Zillya 20160201
Zoner 20160202
The file being studied is a Portable Executable file! More specifically, it is a Win32 EXE file for the Windows GUI subsystem.
FileVersionInfo properties
Copyright
Copyright 2014 - . All rights reserved.

Product Isatap Nightly
Original name Isatap Nightly
Internal name Isatap Nightly
File version 3.2.6.299
Description Weighted Not Epistemology Faced
Comments Weighted Not Epistemology Faced
PE header basic information
Target machine Intel 386 or later processors and compatible processors
Compilation timestamp 2016-01-29 19:56:52
Entry Point 0x00005F5B
Number of sections 6
PE sections
PE imports
CryptEnumProvidersA
ImageList_Create
ImageList_ReplaceIcon
TextOutA
CreateFontIndirectA
GetStockObject
SetViewportOrgEx
LoadResource
GetLastError
InitializeCriticalSectionAndSpinCount
HeapFree
GetStdHandle
EnterCriticalSection
GetConsoleOutputCP
SetHandleCount
GetFileAttributesA
GetConsoleCP
GetOEMCP
QueryPerformanceCounter
WaitForSingleObject
GetTickCount
TlsAlloc
GetEnvironmentStringsW
FlushFileBuffers
LoadLibraryA
IsDebuggerPresent
RtlUnwind
GetModuleFileNameA
FreeEnvironmentStringsA
DeleteCriticalSection
GetCurrentProcess
EnumSystemLocalesA
SizeofResource
GetConsoleMode
GetLocaleInfoA
GetCurrentProcessId
LCMapStringW
LockResource
GetModuleHandleW
WideCharToMultiByte
ExitProcess
InterlockedDecrement
MultiByteToWideChar
HeapSize
FreeEnvironmentStringsW
GetConsoleTitleA
GetCommandLineA
GetProcAddress
TlsFree
GetLocaleInfoW
SetStdHandle
GetModuleHandleA
UnhandledExceptionFilter
GetCPInfo
GetStringTypeA
SetFilePointer
LeaveCriticalSection
SetUnhandledExceptionFilter
WriteFile
GetStartupInfoA
CloseHandle
GetSystemTimeAsFileTime
GetComputerNameA
IsValidLocale
GetACP
HeapReAlloc
GetStringTypeW
GetUserDefaultLCID
LocalFree
FindResourceA
TerminateProcess
GetEnvironmentStrings
LCMapStringA
WriteConsoleA
IsValidCodePage
HeapCreate
SetLastError
VirtualFree
TlsGetValue
Sleep
GetFileType
TlsSetValue
CreateFileA
HeapAlloc
GetCurrentThreadId
GetProcessHeap
VirtualAlloc
LocalAlloc
WriteConsoleW
InterlockedIncrement
GetPerformanceInfo
RasDialDlgA
SHGetFileInfoA
InitializeSecurityContextA
AcquireCredentialsHandleA
AcceptSecurityContext
SendMessageA
LoadCursorA
LoadIconA
DestroyIcon
SendDlgItemMessageA
EndDialog
IsDlgButtonChecked
CopyRect
SetRect
GetSysColorBrush
DrawTextA
GetDlgItem
IsWindow
CheckDlgButton
GetFileVersionInfoW
CoCreateActivity
SetVCPFeature
CoUnmarshalInterface
CoInitializeEx
OleUninitialize
CoUninitialize
CoInitialize
OleInitialize
OleFlushClipboard
CoCreateGuid
CoCreateInstance
OleIsCurrentClipboard
StringFromGUID2
Number of PE resources by type
RT_ICON 14
RT_DIALOG 10
RT_MENU 3
RT_BITMAP 3
RT_MESSAGETABLE 1
RT_MANIFEST 1
RT_VERSION 1
RT_GROUP_ICON 1
Number of PE resources by language
ENGLISH US 34
PE resources
ExifTool file metadata
LegalTrademarks
Copyright 2014 - . All rights reserved.

SubsystemVersion
5.0

Comments
Weighted Not Epistemology Faced

Languages
English

InitializedDataSize
223744

ImageVersion
0.0

FileSubtype
0

FileVersionNumber
3.2.6.299

LanguageCode
English (U.S.)

FileFlagsMask
0x003f

FileDescription
Weighted Not Epistemology Faced

CharacterSet
Unicode

LinkerVersion
9.0

PrivateBuild
3.2.6.299

EntryPoint
0x5f5b

OriginalFileName
Isatap Nightly

MIMEType
application/octet-stream

LegalCopyright
Copyright 2014 - . All rights reserved.

FileVersion
3.2.6.299

TimeStamp
2016:01:29 20:56:52+01:00

FileType
Win32 EXE

PEType
PE32

InternalName
Isatap Nightly

ProductVersion
3.2.6.299

UninitializedDataSize
0

OSVersion
5.0

FileOS
Windows NT 32-bit

Subsystem
Windows GUI

MachineType
Intel 386 or later, and compatibles

CompanyName
Opera Software

CodeSize
116736

ProductName
Isatap Nightly

ProductVersionNumber
3.2.6.299

FileTypeExtension
exe

ObjectFileType
Executable application

AssemblyVersion
3.2.6.299

File identification
MD5 9712d76a950c0333d3da4c387ef3a0ba
SHA1 7ea96ba7fccd185fac4e7ab4be40f11e2f6f795a
SHA256 a2502a43038deb39e6e9b75459716b9369ecb5a738eb4ea949f62efb31000884
ssdeep
3072:Y5xT6ssKEgrrtYdJ0k49Y2NVbDG5JIRrHU2ItX6Yh5dy9VkyKaxhFqGSKhWVhNX4:YbsBGud6kYY2D6A1zX6y9egxLsnRFO

authentihash e7575159cc27fab1af3f23c0c58c5c563583878032a8c22d09dda28079d67564
imphash 052efcb2f668e575669106ff4176735a
File size 333.5 KB ( 341504 bytes )
File type Win32 EXE
Magic literal
PE32 executable for MS Windows (GUI) Intel 80386 32-bit

TrID InstallShield setup (48.1%)
Win32 Executable MS Visual C++ (generic) (34.9%)
Win32 Dynamic Link Library (generic) (7.3%)
Win32 Executable (generic) (5.0%)
Generic Win/DOS Executable (2.2%)
Tags
peexe

VirusTotal metadata
First submission 2016-02-02 14:54:59 UTC ( 3 years, 2 months ago )
Last submission 2016-02-02 14:54:59 UTC ( 3 years, 2 months ago )
File names Isatap Nightly
9712d76a950c0333d3da4c387ef3a0ba.exe
No comments. No VirusTotal Community member has commented on this item yet, be the first one to do so!

Leave your comment...

?
Post comment

You have not signed in. Only registered users can leave comments, sign in and have a voice!

No votes. No one has voted on this item yet, be the first one to do so!
Condensed report! The following is a condensed report of the behaviour of the file when executed in a controlled environment. The actions and events described were either performed by the file itself or by any other process launched by the executed file or subjected to code injection by the executed file.
Opened files
Read files
Opened mutexes
Runtime DLLs
UDP communications