× Cookies are disabled! This site requires cookies to be enabled to work properly
SHA256: a48b7c803b3850ec2ff6208afe36ca75a9feb87b8e4dc0c2a425314509962824
File name: cr_bot-vm.exe
Detection ratio: 37 / 57
Analysis date: 2016-09-12 08:56:24 UTC ( 2 years, 7 months ago ) View latest
Antivirus Result Update
Ad-Aware Trojan.GenericKD.3518224 20160912
AhnLab-V3 Backdoor/Win32.Androm.N2101704670 20160912
ALYac Trojan.GenericKD.3518224 20160912
Antiy-AVL Trojan[Backdoor]/Win32.Androm 20160912
Arcabit Trojan.Generic.D35AF10 20160912
Avast Win32:Malware-gen 20160912
AVG Inject3.BDGS 20160912
Avira (no cloud) TR/Crypt.Xpack.dyk 20160912
AVware Trojan.Win32.Generic!BT 20160912
BitDefender Trojan.GenericKD.3518224 20160912
Bkav HW32.Packed.CDE4 20160910
CrowdStrike Falcon (ML) malicious_confidence_100% (W) 20160725
Cyren W32/Trojan.DAQI-5779 20160912
DrWeb Trojan.DownLoader22.35133 20160912
Emsisoft Trojan.GenericKD.3518224 (B) 20160912
ESET-NOD32 a variant of Win32/Injector.DEVX 20160912
F-Secure Trojan.GenericKD.3518224 20160912
Fortinet W32/Injector.DEVX!tr 20160912
GData Trojan.GenericKD.3518224 20160912
Ikarus Trojan.Win32.Injector 20160911
Sophos ML ddos.win32.nitol.b 20160830
Jiangmin Backdoor.Androm.kgb 20160912
K7AntiVirus Trojan ( 004f80581 ) 20160912
K7GW Trojan ( 004f80581 ) 20160912
Kaspersky Backdoor.Win32.Androm.koqj 20160912
Malwarebytes Trojan.Kelihos 20160912
McAfee Generic.agu 20160912
McAfee-GW-Edition BehavesLike.Win32.Downloader.dc 20160911
Microsoft Trojan:Win32/Skeeyah.A!rfn 20160912
eScan Trojan.GenericKD.3518224 20160912
Rising Malware.Generic!s6Q1PaqdcXD@5 (thunder) 20160912
Sophos AV Mal/Zbot-UM 20160912
Symantec Heur.AdvML.C 20160912
TrendMicro TROJ_GEN.R08NC0FIB16 20160912
TrendMicro-HouseCall TROJ_GEN.R08NC0FIB16 20160912
VIPRE Trojan.Win32.Generic!BT 20160912
Yandex Backdoor.Androm!7zAZTffFbuE 20160911
AegisLab 20160912
Alibaba 20160912
Baidu 20160912
CAT-QuickHeal 20160912
ClamAV 20160912
CMC 20160908
Comodo 20160908
F-Prot 20160912
Kingsoft 20160912
NANO-Antivirus 20160912
nProtect 20160912
Panda 20160911
Qihoo-360 20160912
SUPERAntiSpyware 20160912
Tencent 20160912
TheHacker 20160911
VBA32 20160909
ViRobot 20160912
Zillya 20160911
Zoner 20160912
The file being studied is a Portable Executable file! More specifically, it is a Win32 EXE file for the Windows GUI subsystem.
PE header basic information
Target machine Intel 386 or later processors and compatible processors
Compilation timestamp 2016-09-05 16:23:13
Entry Point 0x00006A38
Number of sections 4
PE sections
Overlays
MD5 b353de897560254a101e6f2fcac1cdb8
File type data
Offset 53248
Size 214018
Entropy 8.00
PE imports
LocalFree
LocalLock
LoadLibraryA
GetSystemDirectoryA
LocalAlloc
LocalUnlock
GetModuleHandleW
FreeLibrary
GetStartupInfoW
CreateFileA
GetModuleFileNameA
GetFileSize
MoveFileExA
GetProcAddress
CloseHandle
Ord(3820)
Ord(5285)
Ord(1197)
Ord(5296)
Ord(537)
Ord(5298)
Ord(2977)
Ord(4418)
Ord(3826)
Ord(5193)
Ord(2971)
Ord(5186)
Ord(4667)
Ord(4075)
Ord(535)
Ord(825)
Ord(540)
Ord(5710)
Ord(755)
Ord(5727)
Ord(2546)
Ord(3733)
Ord(2388)
Ord(5303)
Ord(2717)
Ord(858)
Ord(4616)
Ord(268)
Ord(561)
Ord(2371)
Ord(4459)
Ord(4480)
Ord(4229)
Ord(5175)
Ord(3825)
Ord(3131)
Ord(1970)
Ord(4074)
Ord(775)
Ord(815)
Ord(1560)
Ord(1089)
Ord(3257)
Ord(922)
Ord(317)
Ord(2504)
Ord(2980)
Ord(4269)
Ord(3254)
Ord(1165)
Ord(3341)
Ord(860)
Ord(800)
Ord(6371)
Ord(1569)
Ord(470)
Ord(3076)
Ord(4692)
Ord(503)
Ord(3074)
Ord(3142)
Ord(635)
Ord(3917)
_except_handler3
__p__fmode
strstr
_adjust_fdiv
__CxxFrameHandler
??1type_info@@UAE@XZ
__p__commode
strchr
__dllonexit
_onexit
__wgetmainargs
__setusermatherr
exit
_XcptFilter
_initterm
_controlfp
_wcmdln
_exit
__set_app_type
wsprintfA
GetSystemMetrics
SendMessageW
DrawIcon
FindWindowW
GetClientRect
IsIconic
MessageBoxA
Number of PE resources by type
RT_ICON 1
RT_DIALOG 1
RT_GROUP_ICON 1
Number of PE resources by language
NEUTRAL 2
FRENCH SWISS 1
PE resources
ExifTool file metadata
MIMEType
application/octet-stream

Subsystem
Windows GUI

MachineType
Intel 386 or later, and compatibles

TimeStamp
2016:09:05 17:23:13+01:00

FileType
Win32 EXE

PEType
PE32

CodeSize
28672

LinkerVersion
6.0

FileTypeExtension
exe

InitializedDataSize
20480

SubsystemVersion
4.0

EntryPoint
0x6a38

OSVersion
4.0

ImageVersion
0.0

UninitializedDataSize
16

File identification
MD5 a52a58e1a9dc6066d8191ac8264490d7
SHA1 0fc7d83ce5e0934e309bfaff1add8fd003c26bcd
SHA256 a48b7c803b3850ec2ff6208afe36ca75a9feb87b8e4dc0c2a425314509962824
ssdeep
6144:uW72LSXyu2MX6b08vR924FwOefhNY9RCV2LyBPeVoMU6rTac:f2LVtb0wqAi5tcOVqoX4

authentihash b87a2ac94392fefe786060c75c2f29cd0b53d301ff1167683aedad453ea8518e
imphash e449ccbab6b168c5b60fa5d5dbf1ce57
File size 261.0 KB ( 267266 bytes )
File type Win32 EXE
Magic literal
PE32 executable for MS Windows (GUI) Intel 80386 32-bit

TrID Win32 Executable MS Visual C++ (generic) (41.0%)
Win64 Executable (generic) (36.3%)
Win32 Dynamic Link Library (generic) (8.6%)
Win32 Executable (generic) (5.9%)
OS/2 Executable (generic) (2.6%)
Tags
peexe overlay

VirusTotal metadata
First submission 2016-09-08 23:20:34 UTC ( 2 years, 7 months ago )
Last submission 2016-09-12 08:56:24 UTC ( 2 years, 7 months ago )
File names hw8RmvqDT.7z
aa
m.exe
cr_bot-vm.exe
5bd523e8a7c065588ca6d98b9cbea9e2871f6048
VirusShare_a52a58e1a9dc6066d8191ac8264490d7
No comments. No VirusTotal Community member has commented on this item yet, be the first one to do so!

Leave your comment...

?
Post comment

You have not signed in. Only registered users can leave comments, sign in and have a voice!

No votes. No one has voted on this item yet, be the first one to do so!
Condensed report! The following is a condensed report of the behaviour of the file when executed in a controlled environment. The actions and events described were either performed by the file itself or by any other process launched by the executed file or subjected to code injection by the executed file.
Opened files
Read files
Written files
Created processes
Code injections in the following processes
Opened mutexes
Runtime DLLs
UDP communications