× Cookies are disabled! This site requires cookies to be enabled to work properly
SHA256: a76ea5574fb4cce1299c9453f0aaa38e5b701e191440c25f9d9fe51b9636d241
File name: z.php?id=5
Detection ratio: 20 / 57
Analysis date: 2016-09-17 16:33:58 UTC ( 2 years, 5 months ago ) View latest
Antivirus Result Update
Ad-Aware Gen:Variant.Razy.94477 20160917
Arcabit Trojan.Razy.D1710D 20160917
Avast Win32:Malware-gen 20160917
Avira (no cloud) TR/Crypt.ZPACK.qagpk 20160917
Baidu Win32.Trojan.WisdomEyes.151026.9950.9952 20160914
BitDefender Gen:Variant.Razy.94477 20160917
Bkav HW32.Packed.69CF 20160917
CrowdStrike Falcon (ML) malicious_confidence_100% (D) 20160725
Emsisoft Gen:Variant.Razy.94477 (B) 20160917
ESET-NOD32 a variant of Win32/Kryptik.FGJP 20160917
F-Secure Gen:Variant.Razy.94477 20160917
GData Gen:Variant.Razy.94477 20160917
Sophos ML trojan.win32.ramnit.a 20160917
Kaspersky Trojan-Banker.Win32.Tuhkit.ay 20160917
Malwarebytes Trojan.Downloader 20160917
McAfee-GW-Edition BehavesLike.Win32.PWSZbot.cc 20160917
eScan Gen:Variant.Razy.94477 20160917
Panda Trj/GdSda.A 20160917
Qihoo-360 HEUR/QVM20.1.0000.Malware.Gen 20160917
Rising Malware.Heuristic!ET (rdm+) 20160917
AegisLab 20160917
AhnLab-V3 20160917
Alibaba 20160914
ALYac 20160917
Antiy-AVL 20160916
AVG 20160917
AVware 20160917
CAT-QuickHeal 20160917
ClamAV 20160916
CMC 20160916
Comodo 20160916
Cyren 20160917
DrWeb 20160917
F-Prot 20160917
Fortinet 20160917
Ikarus 20160917
Jiangmin 20160917
K7AntiVirus 20160917
K7GW 20160917
Kingsoft 20160917
McAfee 20160917
Microsoft 20160917
NANO-Antivirus 20160917
nProtect 20160917
Sophos AV 20160917
SUPERAntiSpyware 20160917
Symantec 20160917
Tencent 20160917
TheHacker 20160916
TrendMicro 20160917
TrendMicro-HouseCall 20160917
VBA32 20160917
VIPRE 20160917
ViRobot 20160917
Yandex 20160916
Zillya 20160915
Zoner 20160917
The file being studied is a Portable Executable file! More specifically, it is a Win32 EXE file for the Windows GUI subsystem.
Packers identified
PEiD Ste@lth PE 1.01 -> BGCorp
PE header basic information
Target machine Intel 386 or later processors and compatible processors
Compilation timestamp 2012-07-14 10:54:05
Entry Point 0x00003A63
Number of sections 3
PE sections
PE imports
GetStdHandle
WaitForSingleObject
GetOEMCP
lstrlen
GetTickCount
LoadLibraryA
RemoveDirectoryA
GetCurrentProcess
GetVolumeInformationA
GetCompressedFileSizeA
GetProcAddress
GetCurrentThread
CreateWaitableTimerW
GetFileTime
GetFullPathNameW
ReleaseSemaphore
CreateThread
MapViewOfFile
GlobalAddAtomA
GetAtomNameA
DeleteFileW
FindNextFileA
GetACP
GetStringTypeW
GetGeoInfoW
FindResourceA
CreateEventW
InterlockedDecrement
SetEndOfFile
GetProcessVersion
OpenEventA
lstrcpyn
InterlockedIncrement
SE_InstallAfterInit
SE_IsShimDll
SE_InstallBeforeInit
InsertMenuA
CharPrevA
GetPropA
LoadIconW
CreateDesktopW
LoadCursorW
PeekMessageA
GetMonitorInfoA
DialogBoxParamA
PostMessageW
LoadBitmapA
GetCaretPos
GetClassLongA
Number of PE resources by type
RT_RCDATA 9
RT_DIALOG 1
Number of PE resources by language
NEUTRAL 10
PE resources
Debug information
ExifTool file metadata
MIMEType
application/octet-stream

Subsystem
Windows GUI

MachineType
Intel 386 or later, and compatibles

FileTypeExtension
exe

TimeStamp
2012:07:14 11:54:05+01:00

FileType
Win32 EXE

PEType
PE32

CodeSize
125440

LinkerVersion
7.0

EntryPoint
0x3a63

InitializedDataSize
33792

SubsystemVersion
4.0

ImageVersion
5.1

OSVersion
5.1

UninitializedDataSize
0

File identification
MD5 7460451d39c86cce74fbf5d2baf2c602
SHA1 f4fd96f4906f20f65e13cd0b2f50a171c0b3456d
SHA256 a76ea5574fb4cce1299c9453f0aaa38e5b701e191440c25f9d9fe51b9636d241
ssdeep
3072:H2B+XvKyQPajUDR7cCqGfHGpE9i5ZBqKmPZGsO8F3HIEXSo:H2B+XSvBRTfHGpyijB+Gp8RoEX

authentihash be17cf03940bbf220893292fa7cf7975bc43a06402ec99f6a07d0e2ae5be1c17
imphash f73e716cd857bcfd6e6d78157c0bc264
File size 156.5 KB ( 160256 bytes )
File type Win32 EXE
Magic literal
PE32 executable for MS Windows (GUI) Intel 80386 32-bit

TrID Win32 Dynamic Link Library (generic) (43.5%)
Win32 Executable (generic) (29.8%)
Generic Win/DOS Executable (13.2%)
DOS Executable Generic (13.2%)
Tags
stealth peexe

VirusTotal metadata
First submission 2016-09-17 16:33:58 UTC ( 2 years, 5 months ago )
Last submission 2016-09-17 16:33:58 UTC ( 2 years, 5 months ago )
File names z.php?id=5
No comments. No VirusTotal Community member has commented on this item yet, be the first one to do so!

Leave your comment...

?
Post comment

You have not signed in. Only registered users can leave comments, sign in and have a voice!

No votes. No one has voted on this item yet, be the first one to do so!
Condensed report! The following is a condensed report of the behaviour of the file when executed in a controlled environment. The actions and events described were either performed by the file itself or by any other process launched by the executed file or subjected to code injection by the executed file.
Opened files
Read files
Written files
Deleted files
Created processes
Code injections in the following processes
Created mutexes
Opened mutexes
Opened service managers
Opened services
Runtime DLLs
HTTP requests
DNS requests
TCP connections
UDP communications