× Cookies are disabled! This site requires cookies to be enabled to work properly
SHA256: a5fde020474da3ba98d201402ee0ad72418943ecfab9ab23a28be3d45ea7af4c
File name: 85e8ec807651ce07dda17a008709fba1.virus
Detection ratio: 2 / 55
Analysis date: 2016-08-12 22:50:08 UTC ( 2 years, 8 months ago ) View latest
Antivirus Result Update
Microsoft VirTool:Win32/Injector.gen!E 20160812
VBA32 Malware-Cryptor.Inject.gen 20160812
Ad-Aware 20160812
AegisLab 20160812
AhnLab-V3 20160812
Alibaba 20160812
ALYac 20160812
Antiy-AVL 20160812
Arcabit 20160812
Avast 20160812
AVG 20160812
Avira (no cloud) 20160812
AVware 20160812
Baidu 20160812
BitDefender 20160812
Bkav 20160812
CAT-QuickHeal 20160812
ClamAV 20160811
CMC 20160811
Comodo 20160812
Cyren 20160812
DrWeb 20160812
Emsisoft 20160812
ESET-NOD32 20160812
F-Prot 20160812
F-Secure 20160812
Fortinet 20160812
GData 20160812
Ikarus 20160812
Jiangmin 20160812
K7AntiVirus 20160812
K7GW 20160812
Kaspersky 20160812
Kingsoft 20160812
Malwarebytes 20160812
McAfee 20160812
McAfee-GW-Edition 20160812
eScan 20160812
NANO-Antivirus 20160812
nProtect 20160812
Panda 20160812
Qihoo-360 20160812
Sophos AV 20160812
SUPERAntiSpyware 20160812
Symantec 20160812
Tencent 20160812
TheHacker 20160812
TotalDefense 20160812
TrendMicro 20160812
TrendMicro-HouseCall 20160812
VIPRE 20160812
ViRobot 20160812
Yandex 20160812
Zillya 20160812
Zoner 20160812
The file being studied is a Portable Executable file! More specifically, it is a Win32 EXE file for the Windows GUI subsystem.
FileVersionInfo properties
Copyright
TODO: (c) <Company name>. All rights reserved.

Product TODO: <Product name>
Original name HelloWan.exe
Internal name HelloWan.exe
File version 1.0.0.1
Description TODO: <File description>
PE header basic information
Target machine Intel 386 or later processors and compatible processors
Compilation timestamp 2016-08-12 10:06:47
Entry Point 0x000125DA
Number of sections 4
PE sections
PE imports
RegDeleteKeyA
RegOpenKeyA
RegCloseKey
RegQueryValueA
RegQueryValueExA
RegSetValueExA
RegDeleteValueA
RegCreateKeyExA
RegOpenKeyExA
RegEnumKeyA
InitCommonControlsEx
SetMapMode
SaveDC
TextOutA
GetClipBox
GetDeviceCaps
OffsetViewportOrgEx
DeleteDC
RestoreDC
SetTextColor
GetObjectA
CreateBitmap
RectVisible
GetStockObject
SetViewportOrgEx
ScaleWindowExtEx
ExtTextOutA
PtVisible
ScaleViewportExtEx
SelectObject
SetWindowExtEx
SetViewportExtEx
Escape
SetBkColor
DeleteObject
GetStdHandle
GetConsoleOutputCP
HeapDestroy
FreeEnvironmentStringsA
DeleteCriticalSection
GetCurrentProcess
GetConsoleMode
GetLocaleInfoA
LocalAlloc
lstrcatA
SetErrorMode
FreeEnvironmentStringsW
SetStdHandle
GetCPInfo
GetStringTypeA
InterlockedExchange
WriteFile
GetSystemTimeAsFileTime
EnumResourceLanguagesA
HeapReAlloc
GetStringTypeW
GetFullPathNameA
FreeLibrary
LocalFree
InitializeCriticalSection
LoadResource
GlobalHandle
FindClose
TlsGetValue
FormatMessageA
GetStringTypeExA
SetLastError
GetModuleFileNameW
GlobalFindAtomA
HeapAlloc
FlushFileBuffers
GetModuleFileNameA
GetVolumeInformationA
GetPrivateProfileStringA
UnhandledExceptionFilter
InterlockedDecrement
MultiByteToWideChar
GetModuleHandleA
GlobalAddAtomA
SetUnhandledExceptionFilter
ConvertDefaultLocale
MulDiv
TerminateProcess
WriteConsoleA
GlobalAlloc
GetCurrentThreadId
InterlockedIncrement
WriteConsoleW
HeapFree
EnterCriticalSection
SetHandleCount
lstrcmpiA
GetOEMCP
QueryPerformanceCounter
GetTickCount
TlsAlloc
GetVersionExA
LoadLibraryA
RtlUnwind
GetStartupInfoA
GlobalDeleteAtom
GetPrivateProfileIntA
GlobalLock
GetProcessHeap
GlobalReAlloc
lstrcmpA
FindFirstFileA
lstrcpyA
CompareStringA
lstrcmpW
GetProcAddress
IsDebuggerPresent
GetFileType
TlsSetValue
CreateFileA
ExitProcess
LeaveCriticalSection
GetLastError
LocalReAlloc
LCMapStringW
lstrlenA
GlobalFree
GetConsoleCP
LCMapStringA
GlobalGetAtomNameA
GetThreadLocale
GetEnvironmentStringsW
GlobalUnlock
GetEnvironmentStrings
WritePrivateProfileStringA
GetCurrentProcessId
LockResource
GetCurrentDirectoryA
HeapSize
GetCommandLineA
GetCurrentThread
RaiseException
TlsFree
SetFilePointer
ReadFile
GlobalFlags
CloseHandle
GetACP
GetVersion
FreeResource
SizeofResource
WideCharToMultiByte
HeapCreate
VirtualFree
Sleep
FindResourceA
VirtualAlloc
VariantChangeType
VariantInit
VariantClear
PathFindFileNameA
PathFindExtensionA
PathIsUNCA
PathStripToRootA
SetFocus
GetForegroundWindow
SetMenuItemBitmaps
DestroyMenu
PostQuitMessage
GetMessagePos
LoadBitmapA
SetWindowPos
IsWindow
DispatchMessageA
EndPaint
GrayStringA
GetMessageTime
SetActiveWindow
GetDC
GetCursorPos
ReleaseDC
GetDlgCtrlID
GetClassInfoA
GetMenu
UnregisterClassA
SendMessageA
GetClientRect
GetNextDlgTabItem
CallNextHookEx
GetActiveWindow
GetMenuStringA
GetWindowTextA
DestroyWindow
GetMessageA
GetParent
UpdateWindow
SetPropA
GetClassInfoExA
ShowWindow
GetPropA
ValidateRect
EnableWindow
PeekMessageA
TranslateMessage
IsWindowEnabled
GetWindow
CharUpperA
GetWindowPlacement
EnableMenuItem
RegisterClassA
TabbedTextOutA
GetSubMenu
CreateWindowExA
CopyRect
GetSysColorBrush
PtInRect
IsDialogMessageA
MapWindowPoints
BeginPaint
RegisterWindowMessageA
DefWindowProcA
SendDlgItemMessageA
GetSystemMetrics
IsIconic
GetWindowRect
PostMessageA
SetWindowLongA
RemovePropA
SetWindowTextA
CheckMenuItem
GetWindowLongA
GetLastActivePopup
GetDlgItem
GetMenuCheckMarkDimensions
ClientToScreen
GetClassLongA
InsertMenuA
CreateDialogIndirectParamA
LoadCursorA
LoadIconA
SetWindowsHookExA
GetMenuItemCount
GetMenuState
GetMenuItemID
SetForegroundWindow
PostThreadMessageA
DrawTextA
EndDialog
GetCapture
DrawTextExA
GetWindowThreadProcessId
UnhookWindowsHookEx
RegisterClipboardFormatA
MessageBoxA
AdjustWindowRectEx
GetSysColor
GetKeyState
SystemParametersInfoA
GetTopWindow
IsWindowVisible
GetDesktopWindow
WinHelpA
DeleteMenu
CallWindowProcA
GetClassNameA
GetFocus
ModifyMenuA
SetCursor
OpenPrinterA
DocumentPropertiesA
ClosePrinter
GetFileTitleA
OleUninitialize
OleInitialize
CoRevokeClassObject
OleFlushClipboard
CoFreeUnusedLibraries
CoRegisterMessageFilter
OleIsCurrentClipboard
Number of PE resources by type
RT_STRING 27
RT_CURSOR 18
RT_GROUP_CURSOR 16
RT_DIALOG 5
RT_BITMAP 3
OMG 2
RT_MENU 2
RT_ACCELERATOR 2
Struct(241) 1
RT_MANIFEST 1
RT_VERSION 1
Number of PE resources by language
CHINESE SIMPLIFIED 75
NEUTRAL 2
ENGLISH US 1
PE resources
ExifTool file metadata
SubsystemVersion
4.0

LinkerVersion
8.0

ImageVersion
0.0

FileSubtype
0

FileVersionNumber
1.0.0.1

UninitializedDataSize
0

LanguageCode
English (U.S.)

FileFlagsMask
0x003f

CharacterSet
Windows, Latin1

InitializedDataSize
81920

EntryPoint
0x125da

OriginalFileName
HelloWan.exe

MIMEType
application/octet-stream

LegalCopyright
TODO: (c) <Company name>. All rights reserved.

FileVersion
1.0.0.1

TimeStamp
2016:08:12 11:06:47+01:00

FileType
Win32 EXE

PEType
PE32

InternalName
HelloWan.exe

ProductVersion
1.0.0.1

FileDescription
TODO: <File description>

OSVersion
4.0

FileOS
Win32

Subsystem
Windows GUI

MachineType
Intel 386 or later, and compatibles

CompanyName
TODO: <Company name>

CodeSize
143360

ProductName
TODO: <Product name>

ProductVersionNumber
1.0.0.1

FileTypeExtension
exe

ObjectFileType
Executable application

File identification
MD5 85e8ec807651ce07dda17a008709fba1
SHA1 1537e7f723501ca404ae59c7b1cdfbd778b520d4
SHA256 a5fde020474da3ba98d201402ee0ad72418943ecfab9ab23a28be3d45ea7af4c
ssdeep
3072:Rj6viGzXed4lcVmGT9Eg/yBVJcnMpdwYZVS3BDoQel13tPvthGsVz3c6avTtw:h6viGzwzbT9EeCVJc3OVQuH6smq

authentihash 2fa6ee9fed83d08b01d6edb6b5c3cb1ae856b7937e4b53a8c894762090d8a0d3
imphash 9aa7c30aa88a7b119c77652bb836ebbc
File size 224.0 KB ( 229376 bytes )
File type Win32 EXE
Magic literal
PE32 executable for MS Windows (GUI) Intel 80386 32-bit

TrID InstallShield setup (48.1%)
Win32 Executable MS Visual C++ (generic) (34.9%)
Win32 Dynamic Link Library (generic) (7.3%)
Win32 Executable (generic) (5.0%)
Generic Win/DOS Executable (2.2%)
Tags
peexe

VirusTotal metadata
First submission 2016-08-12 22:50:08 UTC ( 2 years, 8 months ago )
Last submission 2016-08-12 22:50:08 UTC ( 2 years, 8 months ago )
File names 85e8ec807651ce07dda17a008709fba1.virus
HelloWan.exe
No comments. No VirusTotal Community member has commented on this item yet, be the first one to do so!

Leave your comment...

?
Post comment

You have not signed in. Only registered users can leave comments, sign in and have a voice!

No votes. No one has voted on this item yet, be the first one to do so!
Condensed report! The following is a condensed report of the behaviour of the file when executed in a controlled environment. The actions and events described were either performed by the file itself or by any other process launched by the executed file or subjected to code injection by the executed file.
Created processes
Opened mutexes
Hooking activity
Runtime DLLs
Additional details
The file installs an application-defined hook procedure into a hook chain. You would install a hook procedure to monitor the system for certain types of events. These events are associated either with a specific thread or with all threads in the same desktop as the calling thread. This is done making use of the SetWindowsHook Windows API function.