× Cookies are disabled! This site requires cookies to be enabled to work properly
SHA256: a6724abead35176f39deced24cf2a7e660535cb2884e776f71f2b4864bd55e58
File name: 4a9caf0b97c6e0f2be5e4f47d66ec2b3.virus
Detection ratio: 25 / 57
Analysis date: 2016-12-21 01:37:28 UTC ( 2 years, 3 months ago )
Antivirus Result Update
Ad-Aware Trojan.GenericKD.3938991 20161221
ALYac Trojan.GenericKD.3938991 20161221
Arcabit Trojan.Generic.D3C1AAF 20161221
Avast Win32:Malware-gen 20161221
AVG Downloader.Generic14.BIVL 20161220
Avira (no cloud) TR/Crypt.Xpack.mbzux 20161220
AVware Trojan.Win32.Generic!BT 20161221
Baidu Win32.Trojan.WisdomEyes.16070401.9500.9952 20161207
BitDefender Trojan.GenericKD.3938991 20161221
CrowdStrike Falcon (ML) malicious_confidence_90% (D) 20161024
Emsisoft Trojan.GenericKD.3938991 (B) 20161221
ESET-NOD32 Win32/TrojanDownloader.Agent.CZA 20161221
F-Secure Trojan.GenericKD.3938991 20161221
Fortinet W32/Agent.CZA!tr.dldr 20161221
GData Trojan.GenericKD.3938991 20161221
Sophos ML virtool.msil.asemlod.b 20161216
K7AntiVirus Trojan-Downloader ( 004ffed21 ) 20161220
K7GW Trojan-Downloader ( 004ffed21 ) 20161221
eScan Trojan.GenericKD.3938991 20161221
Qihoo-360 Win32/Trojan.ea8 20161221
Sophos AV Mal/Generic-S 20161221
Symantec Heur.AdvML.B 20161220
Tencent Win32.Trojan-downloader.Agent.Pfaa 20161221
TrendMicro-HouseCall TROJ_GEN.R00JH0CLJ16 20161221
VIPRE Trojan.Win32.Generic!BT 20161221
AegisLab 20161220
AhnLab-V3 20161220
Alibaba 20161220
Antiy-AVL 20161221
Bkav 20161220
CAT-QuickHeal 20161220
ClamAV 20161221
CMC 20161220
Comodo 20161221
Cyren 20161221
DrWeb 20161221
F-Prot 20161221
Ikarus 20161220
Jiangmin 20161220
Kaspersky 20161221
Kingsoft 20161221
Malwarebytes 20161221
McAfee 20161221
McAfee-GW-Edition 20161221
Microsoft 20161221
NANO-Antivirus 20161221
nProtect 20161221
Panda 20161220
Rising 20161221
SUPERAntiSpyware 20161221
TheHacker 20161219
TotalDefense 20161220
TrendMicro 20161221
Trustlook 20161221
VBA32 20161220
ViRobot 20161220
WhiteArmor 20161212
Yandex 20161220
Zillya 20161220
Zoner 20161220
The file being studied is a Portable Executable file! More specifically, it is a Win32 EXE file for the Windows GUI subsystem.
PE header basic information
Target machine Intel 386 or later processors and compatible processors
Compilation timestamp 2016-12-14 17:48:00
Entry Point 0x00008F12
Number of sections 4
PE sections
PE imports
DeregisterEventSource
RegSetValueExA
ReportEventA
RegisterEventSourceA
RegCreateKeyExA
ImageList_BeginDrag
ImageList_Destroy
ImageList_Draw
DestroyPropertySheetPage
CreatePropertySheetPageW
ImageList_Create
ImageList_DragLeave
ImageList_DragEnter
ImageList_EndDrag
GetOpenFileNameA
SaveDC
TextOutA
SetStretchBltMode
Rectangle
GetDeviceCaps
ExcludeClipRect
LineTo
DeleteDC
RestoreDC
SetLayout
ChoosePixelFormat
BitBlt
CreateFontA
DescribePixelFormat
MoveToEx
GetStockObject
CreateEnhMetaFileA
SetPixelFormat
SelectClipRgn
CreateCompatibleDC
SelectObject
GetTextExtentPoint32A
CreateSolidBrush
DeleteObject
gluOrtho2D
GetNetworkParams
GetIpStatistics
GetIfEntry
GetIfTable
GetTcpStatistics
GetIcmpStatistics
GetUdpStatistics
GetStdHandle
GetConsoleOutputCP
FileTimeToSystemTime
GetFileAttributesA
GetLocalTime
FreeEnvironmentStringsA
DeleteCriticalSection
GetCurrentProcess
GetConsoleMode
GetLocaleInfoA
lstrcatA
FreeEnvironmentStringsW
SetStdHandle
GetFileTime
FindNextVolumeMountPointA
WideCharToMultiByte
GetStringTypeA
WriteFile
GetSystemTimeAsFileTime
HeapReAlloc
GetStringTypeW
SetFileAttributesA
LocalFree
GetLogicalDriveStringsA
FindClose
InterlockedDecrement
SetFileAttributesW
FindFirstVolumeMountPointA
SetLastError
GetSystemTime
GetModuleFileNameW
IsDebuggerPresent
ExitProcess
GetVersionExA
RemoveDirectoryA
UnhandledExceptionFilter
TlsGetValue
MultiByteToWideChar
GetVolumeNameForVolumeMountPointA
EnumSystemLanguageGroupsA
SetUnhandledExceptionFilter
SetEnvironmentVariableA
TerminateProcess
WriteConsoleA
GlobalAlloc
GetCurrentThreadId
InterlockedIncrement
WriteConsoleW
InitializeCriticalSectionAndSpinCount
HeapFree
EnterCriticalSection
SetHandleCount
LoadLibraryW
GetOEMCP
QueryPerformanceCounter
GetTickCount
TlsAlloc
FlushFileBuffers
LoadLibraryA
RtlUnwind
GetStartupInfoA
DeleteFileA
FindVolumeMountPointClose
GetProcAddress
GetProcessHeap
CompareStringW
FindFirstFileA
GetModuleHandleA
lstrcpyA
CompareStringA
FindNextFileA
GetTimeZoneInformation
GetFileType
TlsSetValue
CreateFileA
HeapAlloc
LeaveCriticalSection
GetLastError
LCMapStringW
GetSystemInfo
lstrlenA
GlobalFree
GetConsoleCP
LCMapStringA
GetEnvironmentStringsW
VirtualQuery
GetModuleFileNameA
FileTimeToLocalFileTime
GetEnvironmentStrings
GetCurrentProcessId
GetCPInfo
HeapSize
GetCommandLineA
RaiseException
TlsFree
SetFilePointer
ReadFile
CloseHandle
GetACP
GetModuleHandleW
IsValidCodePage
HeapCreate
VirtualFree
Sleep
VirtualAlloc
Ord(69)
Ord(59)
Ord(61)
Ord(66)
Ord(67)
Ord(60)
VariantChangeType
VariantTimeToSystemTime
SystemTimeToVariantTime
VariantClear
SafeArrayDestroy
SafeArrayCreateVector
SysFreeString
SafeArrayPutElement
VariantInit
glVertex2f
glFlush
glClear
glColor3f
glDisable
glViewport
glMatrixMode
glEnd
glBegin
glLoadIdentity
RpcErrorStartEnumeration
RpcMgmtSetServerStackSize
SetupDiEnumDeviceInfo
SetupDiGetClassDevsA
SetupDiDestroyDeviceInfoList
SHFileOperationW
SHFileOperationA
Shell_NotifyIconA
SHStrDupW
PathRemoveFileSpecA
StrStrIA
StrDupA
PathFindFileNameW
GetMessageA
GetParent
EndDialog
BeginPaint
PostQuitMessage
DefWindowProcA
ShowWindow
FillRect
SetWindowPos
MessageBoxW
AppendMenuA
GetWindowRect
DispatchMessageA
EnableWindow
SetMenu
SetCapture
GetDlgItemTextA
MessageBoxA
TranslateMessage
DialogBoxParamA
GetWindow
SetDlgItemTextW
GetDC
RegisterClassExA
CreatePopupMenu
GetMenu
LoadStringA
wsprintfW
SendMessageA
GetClientRect
CreateMenu
GetDlgItem
DrawMenuBar
IsWindow
EnableMenuItem
ScreenToClient
SetRect
InvalidateRect
LoadAcceleratorsA
GetWindowLongA
CreateWindowExA
LoadCursorA
LoadIconA
GetTopWindow
GetDesktopWindow
LoadImageA
wsprintfA
EndPaint
PtInRect
InternetConnectA
InternetOpenA
midiOutShortMsg
waveOutWrite
waveOutOpen
midiOutGetNumDevs
midiOutOpen
waveOutPrepareHeader
midiOutGetDevCapsA
midiOutClose
WSCEnumProtocols
GdiplusShutdown
GdipDisposeImage
GdipGetImageRawFormat
GdipLoadImageFromFile
GdipAlloc
GdipFree
GdipCloneImage
GdiplusStartup
Ord(73)
OleUninitialize
StgIsStorageFile
OleSetMenuDescriptor
CoTaskMemFree
StringFromGUID2
OleInitialize
OleUIInsertObjectW
ObtainUserAgentString
Number of PE resources by type
RT_ICON 10
RT_STRING 7
UNICODEDATA 5
BIN 4
Struct(240) 2
RT_MANIFEST 1
RT_GROUP_ICON 1
Number of PE resources by language
ENGLISH US 30
PE resources
Debug information
ExifTool file metadata
MIMEType
application/octet-stream

Subsystem
Windows GUI

MachineType
Intel 386 or later, and compatibles

TimeStamp
2016:12:14 18:48:00+01:00

FileType
Win32 EXE

PEType
PE32

CodeSize
97280

LinkerVersion
9.0

FileTypeExtension
exe

InitializedDataSize
172032

SubsystemVersion
5.0

EntryPoint
0x8f12

OSVersion
5.0

ImageVersion
0.0

UninitializedDataSize
0

File identification
MD5 4a9caf0b97c6e0f2be5e4f47d66ec2b3
SHA1 581641db7f0f31115756860bfa3dcd70ef29d43d
SHA256 a6724abead35176f39deced24cf2a7e660535cb2884e776f71f2b4864bd55e58
ssdeep
6144:DuvUesWwMVO2jW+r5vyii0HCxqgTJAZXRdXerf2cCa:DAUAOilL/iqg1SOrf2cj

authentihash 963590faef30d1169e8050e1b74f6fb4c9e227403628c9bd88ea93b65b1c1f5c
imphash 14a208b346cf84e713dbb6a0d03c9f50
File size 264.0 KB ( 270336 bytes )
File type Win32 EXE
Magic literal
PE32 executable for MS Windows (GUI) Intel 80386 32-bit

TrID Win32 Executable MS Visual C++ (generic) (42.2%)
Win64 Executable (generic) (37.3%)
Win32 Dynamic Link Library (generic) (8.8%)
Win32 Executable (generic) (6.0%)
Generic Win/DOS Executable (2.7%)
Tags
peexe

VirusTotal metadata
First submission 2016-12-21 01:37:28 UTC ( 2 years, 3 months ago )
Last submission 2016-12-21 01:37:28 UTC ( 2 years, 3 months ago )
File names 4a9caf0b97c6e0f2be5e4f47d66ec2b3.virus
No comments. No VirusTotal Community member has commented on this item yet, be the first one to do so!

Leave your comment...

?
Post comment

You have not signed in. Only registered users can leave comments, sign in and have a voice!

No votes. No one has voted on this item yet, be the first one to do so!