× Cookies are disabled! This site requires cookies to be enabled to work properly
SHA256: a43f9c274147bffab99a069e780a41feefd4870cb5ca53b112a35d830f9eb741
File name: fd6b8682d2d6cc16b6062ef42f0941ea61f0452e
Detection ratio: 2 / 57
Analysis date: 2015-06-02 14:18:33 UTC ( 3 years, 9 months ago ) View latest
Antivirus Result Update
ESET-NOD32 Win32/Spy.Zbot.ACB 20150602
Kaspersky Trojan-Spy.Win32.Zbot.vlpz 20150602
Ad-Aware 20150602
AegisLab 20150602
Yandex 20150601
AhnLab-V3 20150602
Alibaba 20150602
ALYac 20150602
Antiy-AVL 20150602
Arcabit 20150602
Avast 20150602
AVG 20150602
Avira (no cloud) 20150602
AVware 20150602
Baidu-International 20150602
BitDefender 20150602
Bkav 20150602
ByteHero 20150602
CAT-QuickHeal 20150602
ClamAV 20150602
CMC 20150602
Comodo 20150602
Cyren 20150602
DrWeb 20150602
Emsisoft 20150602
F-Prot 20150602
F-Secure 20150602
Fortinet 20150602
GData 20150602
Ikarus 20150602
Jiangmin 20150601
K7AntiVirus 20150602
K7GW 20150602
Kingsoft 20150602
Malwarebytes 20150602
McAfee 20150602
McAfee-GW-Edition 20150602
Microsoft 20150602
eScan 20150602
NANO-Antivirus 20150602
nProtect 20150602
Panda 20150602
Qihoo-360 20150602
Rising 20150602
Sophos AV 20150602
SUPERAntiSpyware 20150602
Symantec 20150602
Tencent 20150602
TheHacker 20150602
TotalDefense 20150602
TrendMicro 20150602
TrendMicro-HouseCall 20150602
VBA32 20150602
VIPRE 20150602
ViRobot 20150602
Zillya 20150602
Zoner 20150602
The file being studied is a Portable Executable file! More specifically, it is a Win32 EXE file for the Windows GUI subsystem.
PE header basic information
Target machine Intel 386 or later processors and compatible processors
Compilation timestamp 2015-06-01 10:19:18
Entry Point 0x0000B8A1
Number of sections 4
PE sections
PE imports
IsValidSid
CopySid
GetAce
GetLengthSid
GetSecurityInfo
GetAclInformation
SetMapMode
TextOutW
SaveDC
GetClipBox
GetDeviceCaps
OffsetViewportOrgEx
DeleteDC
RestoreDC
SelectObject
SetTextColor
ExtTextOutW
CreateBitmap
RectVisible
GetStockObject
SetViewportOrgEx
ScaleWindowExtEx
PtVisible
ScaleViewportExtEx
SetViewportExtEx
SetWindowExtEx
Escape
SetBkColor
DeleteObject
GetStdHandle
GetConsoleOutputCP
HeapDestroy
FreeEnvironmentStringsA
DeleteCriticalSection
GetCurrentProcess
GetConsoleMode
GetLocaleInfoA
LocalAlloc
ExitProcess
FreeEnvironmentStringsW
SetStdHandle
GetFileTime
WideCharToMultiByte
GetStringTypeA
GetDiskFreeSpaceW
InterlockedExchange
WriteFile
GetSystemTimeAsFileTime
HeapReAlloc
GetStringTypeW
FreeLibrary
LocalFree
FormatMessageW
InitializeCriticalSection
LoadResource
GlobalHandle
TlsGetValue
SetLastError
GlobalFindAtomW
GetModuleFileNameW
IsDebuggerPresent
HeapAlloc
FlushFileBuffers
GetModuleFileNameA
UnhandledExceptionFilter
InterlockedDecrement
MultiByteToWideChar
SetFilePointer
GlobalAddAtomW
MoveFileExW
SetUnhandledExceptionFilter
TerminateProcess
WriteConsoleA
GlobalAlloc
GetVersion
InterlockedIncrement
WriteConsoleW
HeapFree
EnterCriticalSection
SetHandleCount
LoadLibraryW
GetOEMCP
QueryPerformanceCounter
GetTickCount
TlsAlloc
VirtualProtect
GetVersionExA
LoadLibraryA
RtlUnwind
CopyFileW
GetStartupInfoA
GlobalDeleteAtom
GetStartupInfoW
CreateDirectoryW
DeleteFileW
GetProcAddress
SetSystemTimeAdjustment
GetProcessHeap
GlobalReAlloc
ResetEvent
lstrcmpW
GlobalLock
GetFileType
TlsSetValue
CreateFileA
GetCurrentThreadId
LeaveCriticalSection
GetLastError
LocalReAlloc
LCMapStringW
GlobalFree
GetConsoleCP
LCMapStringA
GetThreadLocale
GetEnvironmentStringsW
GlobalUnlock
lstrlenW
CreateProcessW
GetEnvironmentStrings
GetCurrentProcessId
LockResource
GetCommandLineW
GetCPInfo
HeapSize
GetCommandLineA
RaiseException
TlsFree
GetModuleHandleA
GlobalFlags
CloseHandle
GetACP
GetModuleHandleW
SizeofResource
HeapCreate
FindResourceW
VirtualFree
Sleep
VirtualAlloc
CreateStdAccessibleObject
LresultFromObject
VariantChangeType
VariantClear
VariantInit
MapWindowPoints
RegisterWindowMessageW
GetForegroundWindow
GetClassInfoExW
ReleaseDC
DrawTextExW
GetWindow
SetMenuItemBitmaps
LoadBitmapW
SetWindowTextW
DefWindowProcW
CopyRect
GetCapture
GetMenuState
DestroyMenu
PostQuitMessage
GetMessagePos
IsWindowEnabled
SetPropW
GetParent
GetWindowThreadProcessId
GetSysColorBrush
GetSystemMetrics
IsIconic
IsWindow
PeekMessageW
GrayStringW
GetWindowRect
EnableWindow
UnhookWindowsHookEx
GetDC
SetWindowPos
AdjustWindowRectEx
GetMessageTime
GetFocus
PostMessageW
GetSysColor
SendMessageW
GetPropW
DispatchMessageW
GetKeyState
GetMenuItemCount
SystemParametersInfoA
GetDlgCtrlID
CheckMenuItem
GetMenu
UnregisterClassA
GetClassLongW
RegisterClassW
WinHelpW
GetWindowPlacement
TabbedTextOutW
GetClientRect
SetWindowLongW
GetDlgItem
GetMenuCheckMarkDimensions
DrawTextW
MessageBoxW
EnableMenuItem
ClientToScreen
CallNextHookEx
GetSubMenu
CallWindowProcW
GetClassNameW
GetMenuItemID
GetTopWindow
ModifyMenuW
GetWindowTextW
ValidateRect
SetWindowsHookExW
LoadCursorW
LoadIconW
GetClassInfoW
CreateWindowExW
RemovePropW
GetWindowLongW
SetForegroundWindow
PtInRect
GetLastActivePopup
DestroyWindow
DocumentPropertiesW
ClosePrinter
OpenPrinterW
Number of PE resources by type
RT_VERSION 1
Number of PE resources by language
ENGLISH US 1
PE resources
Debug information
ExifTool file metadata
LegalTrademarks
Bellduring Fat fightmy Knew was Appear casegood minearm

SubsystemVersion
4.0

Comments
Dresschart Pound faract Cut ProLink Solutions substancebegan insect

LinkerVersion
8.0

ImageVersion
0.0

FileSubtype
0

FileVersionNumber
2.7.5926.1110

LanguageCode
English (U.S.)

FileFlagsMask
0x0000

FileDescription
ProLink Solutions

CharacterSet
Unknown (04E0)

InitializedDataSize
272384

EntryPoint
0xb8a1

OriginalFileName
determinecry.exe

MIMEType
application/octet-stream

LegalCopyright
Headtrain Cell

FileVersion
2.7.5926.1110

TimeStamp
2015:06:01 11:19:18+01:00

FileType
Win32 EXE

PEType
PE32

InternalName
ProLink Solutions

ProductVersion
2.7.5926.1110

UninitializedDataSize
0

OSVersion
4.0

FileOS
Win32

Subsystem
Windows GUI

MachineType
Intel 386 or later, and compatibles

CompanyName
homewintersimilar lessfriendtire

CodeSize
212992

ProductName
ProLink Solutions

ProductVersionNumber
2.7.5926.1110

FileTypeExtension
exe

ObjectFileType
Executable application

File identification
MD5 aab8abc4bec06309851d05ef6c5e3721
SHA1 4b47b96f3af67e3b566a9605b1b4f8e8326c8368
SHA256 a43f9c274147bffab99a069e780a41feefd4870cb5ca53b112a35d830f9eb741
ssdeep
6144:R4voiY2x7tmLs5rMbkddEUGVHkFFyA/2Q8XmT/ePDvBN1q07nG95:RUjtmkrModdNfBuVmT6bfA0zU

authentihash 60cfd5d87c4f7cc2e719c8f1a6a65e111bf65f4fb31bff6bbb822a544da26803
imphash 2656288ab900405b241a383755df4ac9
File size 329.5 KB ( 337408 bytes )
File type Win32 EXE
Magic literal
PE32 executable for MS Windows (GUI) Intel 80386 32-bit

TrID Win32 EXE PECompact compressed (generic) (47.3%)
Win32 Executable MS Visual C++ (generic) (35.5%)
Win32 Dynamic Link Library (generic) (7.4%)
Win32 Executable (generic) (5.1%)
Generic Win/DOS Executable (2.2%)
Tags
peexe

VirusTotal metadata
First submission 2015-06-02 14:18:33 UTC ( 3 years, 9 months ago )
Last submission 2015-06-02 14:18:33 UTC ( 3 years, 9 months ago )
File names fd6b8682d2d6cc16b6062ef42f0941ea61f0452e
Advanced heuristic and reputation engines
TrendMicro-HouseCall
TrendMicro's heuristic engine has flagged this file as: TROJ_GEN.R021C0DF815.

Symantec reputation Suspicious.Insight
No comments. No VirusTotal Community member has commented on this item yet, be the first one to do so!

Leave your comment...

?
Post comment

You have not signed in. Only registered users can leave comments, sign in and have a voice!

No votes. No one has voted on this item yet, be the first one to do so!
Condensed report! The following is a condensed report of the behaviour of the file when executed in a controlled environment. The actions and events described were either performed by the file itself or by any other process launched by the executed file or subjected to code injection by the executed file.
Opened files
Read files
Written files
Created processes
Created mutexes
Opened mutexes
Runtime DLLs
Additional details
The file sends control codes directly to certain device drivers making use of the DeviceIoControl Windows API function.