× Cookies are disabled! This site requires cookies to be enabled to work properly
SHA256: a2f81f7288400a7dcd344350e17fc4af21ce0fb40f7e91fcd736e1b62b3500ca
File name: a61bc96793f35f9abe6e0a8b3ee03278
Detection ratio: 15 / 27
Analysis date: 2017-10-02 22:50:28 UTC ( 1 year, 4 months ago ) View latest
Antivirus Result Update
AegisLab Gen.Variant.Strictor!c 20171002
ALYac Gen:Variant.Strictor.148415 20171002
Arcabit Trojan.Strictor.D243BF 20171002
Avira (no cloud) TR/Crypt.ZPACK.jkrmk 20171002
Baidu Win32.Trojan.WisdomEyes.16070401.9500.9838 20170930
CrowdStrike Falcon (ML) malicious_confidence_100% (W) 20170804
Emsisoft Gen:Variant.Strictor.148415 (B) 20171002
F-Secure Gen:Variant.Strictor.148415 20171002
Ikarus Trojan.Win32.Krypt 20171002
Kaspersky Trojan.Win32.Mansabo.ni 20171002
McAfee-GW-Edition BehavesLike.Win32.PUPXAQ.gc 20171002
Palo Alto Networks (Known Signatures) generic.ml 20171002
Panda Trj/GdSda.A 20171002
VIPRE Trojan.Win32.Generic!BT 20171002
ZoneAlarm by Check Point Trojan.Win32.Mansabo.ni 20171002
Antiy-AVL 20171002
AVware 20171002
Bkav 20170928
ClamAV 20171002
CMC 20171002
Sophos ML 20170914
Jiangmin 20171002
Kingsoft 20171002
Malwarebytes 20171002
Qihoo-360 20171002
Symantec Mobile Insight 20170928
Trustlook 20171002
Zillya 20171002
Zoner 20171002
The file being studied is a Portable Executable file! More specifically, it is a Win32 EXE file for the Windows GUI subsystem.
PE header basic information
Target machine Intel 386 or later processors and compatible processors
Compilation timestamp 2015-12-21 11:37:47
Entry Point 0x00011340
Number of sections 3
PE sections
PE imports
GetStockObject
GetLastError
HeapFree
GetStdHandle
SetHandleCount
lstrlenA
GetOEMCP
HeapDestroy
HeapAlloc
GetEnvironmentStringsW
GetVersionExA
LoadLibraryA
RtlUnwind
GetModuleFileNameA
FreeEnvironmentStringsA
GetStartupInfoA
GetEnvironmentStrings
GetCurrentDirectoryA
WideCharToMultiByte
UnhandledExceptionFilter
FreeEnvironmentStringsW
GetCommandLineA
GetProcAddress
GetCPInfo
GetModuleHandleA
lstrcmpA
WriteFile
GetCurrentProcess
GetACP
TerminateProcess
HeapCreate
lstrcpyA
VirtualFree
GetFileType
CreateFileA
ExitProcess
GetVersion
VirtualAlloc
GetMessageA
SetTimer
LoadIconA
InvalidateRect
LoadStringA
DispatchMessageA
EndDialog
PostQuitMessage
MessageBoxA
SendMessageA
DialogBoxParamA
CreateWindowExA
wsprintfA
GetWindowLongA
TranslateMessage
DefWindowProcA
DestroyWindow
LoadBitmapA
GetScrollInfo
RegisterClassExA
Number of PE resources by type
RT_MENU 1
Number of PE resources by language
ENGLISH US 1
PE resources
ExifTool file metadata
MIMEType
application/octet-stream

Subsystem
Windows GUI

MachineType
Intel 386 or later, and compatibles

FileTypeExtension
exe

TimeStamp
2015:12:21 12:37:47+01:00

FileType
Win32 EXE

PEType
PE32

CodeSize
192000

LinkerVersion
7.0

ImageFileCharacteristics
No relocs, Executable, No line numbers, No symbols, 32-bit

EntryPoint
0x11340

InitializedDataSize
301568

SubsystemVersion
4.0

ImageVersion
0.0

OSVersion
4.0

UninitializedDataSize
0

File identification
MD5 a61bc96793f35f9abe6e0a8b3ee03278
SHA1 e223a1a17259d8b7af8524ec2d4e06a2bdf9d758
SHA256 a2f81f7288400a7dcd344350e17fc4af21ce0fb40f7e91fcd736e1b62b3500ca
ssdeep
6144:VWPiE1MGnID0N04WVlrbWHyLmmBSayt+pWtoubNDmFBG/CoJFE5AdKCsC+bkQa4c:VWF1Ut9zyHyBB4CG/hJ+5A9Bd4

authentihash 19df1052b7bbf255c4d57de807e6c9cf3016ff5af58e659301a6ca1feb795833
imphash 44bdbfeaa3ab75d72786b08de3256c69
File size 483.0 KB ( 494592 bytes )
File type Win32 EXE
Magic literal
PE32 executable for MS Windows (GUI) Intel 80386 32-bit

TrID Win32 Executable MS Visual C++ (generic) (41.0%)
Win64 Executable (generic) (36.3%)
Win32 Dynamic Link Library (generic) (8.6%)
Win32 Executable (generic) (5.9%)
OS/2 Executable (generic) (2.6%)
Tags
peexe

VirusTotal metadata
First submission 2017-10-01 09:10:09 UTC ( 1 year, 4 months ago )
Last submission 2018-10-24 07:22:23 UTC ( 3 months, 4 weeks ago )
File names a61bc96793f35f9abe6e0a8b3ee03278.vir
a61bc96793f35f9abe6e0a8b3ee03278.vir
a61bc96793f35f9abe6e0a8b3ee03278.vir
setup.exe
No comments. No VirusTotal Community member has commented on this item yet, be the first one to do so!

Leave your comment...

?
Post comment

You have not signed in. Only registered users can leave comments, sign in and have a voice!

No votes. No one has voted on this item yet, be the first one to do so!
Condensed report! The following is a condensed report of the behaviour of the file when executed in a controlled environment. The actions and events described were either performed by the file itself or by any other process launched by the executed file or subjected to code injection by the executed file.
Opened files
Read files
Written files
Copied files
Deleted files
Created processes
Terminated processes
Created mutexes
Opened mutexes
Opened service managers
Opened services
Runtime DLLs
HTTP requests
DNS requests
TCP connections
UDP communications