× Cookies are disabled! This site requires cookies to be enabled to work properly
SHA256: a8aaf4e83cbdd37238f1ad1849863107b982dfdc3a9c36bb92d66be7d72c7848
File name: 4e68281eb66af9c433d9a247367e09e7
Detection ratio: 35 / 55
Analysis date: 2016-08-13 03:58:42 UTC ( 2 years, 8 months ago ) View latest
Antivirus Result Update
Ad-Aware Trojan.GenericKD.3444484 20160813
AhnLab-V3 Trojan/Win32.Downloader.N2072751268 20160812
ALYac Trojan.GenericKD.3444484 20160813
Arcabit Trojan.Generic.D348F04 20160813
Avast Win32:Malware-gen 20160813
AVG Downloader.VB.AJEE 20160812
Avira (no cloud) TR/Dldr.Agent.ycja 20160813
AVware Trojan.Win32.Generic!BT 20160813
BitDefender Trojan.GenericKD.3444484 20160813
Cyren W32/Trojan.DGPY-5768 20160813
DrWeb BackDoor.Bifrost.20608 20160813
Emsisoft Trojan.GenericKD.3444484 (B) 20160813
ESET-NOD32 Win32/TrojanDownloader.VB.QZI 20160812
F-Secure Trojan.GenericKD.3444484 20160813
Fortinet W32/Hlux.FTEI!tr.bdr 20160813
GData Trojan.GenericKD.3444484 20160813
K7AntiVirus Trojan ( 004f5a861 ) 20160812
K7GW Trojan ( 004f5a861 ) 20160813
Kaspersky Backdoor.Win32.Hlux.ftei 20160813
McAfee GenericRXAE-WR!4E68281EB66A 20160813
McAfee-GW-Edition GenericRXAE-WR!4E68281EB66A 20160813
Microsoft Trojan:Win32/Dynamer!ac 20160813
eScan Trojan.GenericKD.3444484 20160813
nProtect Trojan.GenericKD.3444484 20160812
Panda Trj/CI.A 20160812
Qihoo-360 QVM09.0.Malware.Gen 20160813
Sophos AV Mal/Generic-S 20160812
Symantec Backdoor.Trojan 20160813
Tencent Win32.Backdoor.Hlux.Pfjs 20160813
TrendMicro TROJ_GEN.R021C0DH916 20160813
TrendMicro-HouseCall TROJ_GEN.R021C0DH916 20160813
VIPRE Trojan.Win32.Generic!BT 20160813
ViRobot Trojan.Win32.Downloader.221184.BE[h] 20160813
Yandex Backdoor.Hlux!0pa3Hy4khQg 20160812
Zillya Trojan.Kryptik.Win32.932000 20160812
AegisLab 20160813
Alibaba 20160812
Antiy-AVL 20160813
Baidu 20160812
Bkav 20160812
CAT-QuickHeal 20160812
ClamAV 20160813
CMC 20160811
Comodo 20160813
F-Prot 20160813
Ikarus 20160812
Jiangmin 20160813
Kingsoft 20160813
Malwarebytes 20160813
NANO-Antivirus 20160812
SUPERAntiSpyware 20160813
TheHacker 20160812
TotalDefense 20160813
VBA32 20160812
Zoner 20160813
The file being studied is a Portable Executable file! More specifically, it is a Win32 EXE file for the Windows GUI subsystem.
PE header basic information
Target machine Intel 386 or later processors and compatible processors
Compilation timestamp 2016-08-06 00:46:10
Entry Point 0x00011FF7
Number of sections 4
PE sections
PE imports
RegDeleteKeyA
RegOpenKeyA
RegCloseKey
RegQueryValueA
RegQueryValueExA
RegSetValueExA
RegCreateKeyExA
RegOpenKeyExA
RegEnumKeyA
InitCommonControlsEx
SetMapMode
SaveDC
TextOutA
GetClipBox
GetDeviceCaps
OffsetViewportOrgEx
DeleteDC
RestoreDC
SetTextColor
GetObjectA
CreateBitmap
RectVisible
GetStockObject
SetViewportOrgEx
ScaleWindowExtEx
ExtTextOutA
PtVisible
ScaleViewportExtEx
SelectObject
SetWindowExtEx
SetViewportExtEx
Escape
SetBkColor
DeleteObject
GetStdHandle
GetConsoleOutputCP
HeapDestroy
FreeEnvironmentStringsA
DeleteCriticalSection
GetCurrentProcess
GetConsoleMode
GetLocaleInfoA
LocalAlloc
SetErrorMode
FreeEnvironmentStringsW
SetStdHandle
GetCPInfo
GetStringTypeA
InterlockedExchange
WriteFile
GetSystemTimeAsFileTime
EnumResourceLanguagesA
HeapReAlloc
GetStringTypeW
FreeLibrary
LocalFree
InitializeCriticalSection
LoadResource
GlobalHandle
TlsGetValue
FormatMessageA
SetLastError
GetModuleFileNameW
IsDebuggerPresent
HeapAlloc
FlushFileBuffers
GetModuleFileNameA
UnhandledExceptionFilter
InterlockedDecrement
MultiByteToWideChar
SetFilePointer
GlobalAddAtomA
SetUnhandledExceptionFilter
ConvertDefaultLocale
MulDiv
TerminateProcess
WriteConsoleA
GlobalAlloc
GetCurrentThreadId
InterlockedIncrement
WriteConsoleW
HeapFree
EnterCriticalSection
SetHandleCount
GetOEMCP
QueryPerformanceCounter
GetTickCount
TlsAlloc
GetVersionExA
LoadLibraryA
RtlUnwind
GetStartupInfoA
GlobalDeleteAtom
GlobalLock
GetProcessHeap
GlobalReAlloc
lstrcmpA
CompareStringA
lstrcmpW
GetProcAddress
GlobalFindAtomA
GetFileType
TlsSetValue
CreateFileA
ExitProcess
LeaveCriticalSection
GetLastError
LocalReAlloc
LCMapStringW
lstrlenA
GlobalFree
GetConsoleCP
LCMapStringA
GlobalGetAtomNameA
GetThreadLocale
GetEnvironmentStringsW
GlobalUnlock
GetEnvironmentStrings
WritePrivateProfileStringA
GetCurrentProcessId
LockResource
WideCharToMultiByte
HeapSize
GetCommandLineA
GetCurrentThread
RaiseException
TlsFree
GetModuleHandleA
ReadFile
GlobalFlags
CloseHandle
GetACP
GetVersion
FreeResource
SizeofResource
HeapCreate
VirtualFree
Sleep
FindResourceA
VirtualAlloc
VariantChangeType
VariantInit
VariantClear
PathFindFileNameA
PathFindExtensionA
MapWindowPoints
GetForegroundWindow
SetMenuItemBitmaps
DestroyMenu
PostQuitMessage
GetMessagePos
LoadBitmapA
SetWindowPos
IsWindow
DispatchMessageA
EndPaint
GrayStringA
GetMessageTime
SetActiveWindow
GetDC
GetCursorPos
ReleaseDC
GetDlgCtrlID
GetClassInfoA
GetMenu
UnregisterClassA
SendMessageA
GetClientRect
GetNextDlgTabItem
CallNextHookEx
GetActiveWindow
GetTopWindow
GetWindowTextA
DestroyWindow
GetMessageA
GetParent
UpdateWindow
SetPropA
GetClassInfoExA
ShowWindow
GetPropA
GetDesktopWindow
EnableWindow
PeekMessageA
TranslateMessage
IsWindowEnabled
GetWindow
GetWindowPlacement
IsIconic
RegisterClassA
TabbedTextOutA
GetWindowLongA
CreateWindowExA
CopyRect
GetSysColorBrush
PtInRect
IsDialogMessageA
SetFocus
BeginPaint
RegisterWindowMessageA
DefWindowProcA
SendDlgItemMessageA
GetSystemMetrics
EnableMenuItem
GetWindowRect
PostMessageA
SetWindowLongA
RemovePropA
SetWindowTextA
CheckMenuItem
GetSubMenu
GetLastActivePopup
GetDlgItem
GetMenuCheckMarkDimensions
ClientToScreen
GetClassLongA
CreateDialogIndirectParamA
LoadCursorA
LoadIconA
SetWindowsHookExA
GetMenuItemCount
GetMenuState
GetMenuItemID
SetForegroundWindow
PostThreadMessageA
DrawTextA
EndDialog
GetCapture
DrawTextExA
GetWindowThreadProcessId
UnhookWindowsHookEx
RegisterClipboardFormatA
MessageBoxA
AdjustWindowRectEx
GetSysColor
GetKeyState
SystemParametersInfoA
IsWindowVisible
WinHelpA
wsprintfA
ValidateRect
CallWindowProcA
GetClassNameA
GetFocus
ModifyMenuA
SetCursor
OpenPrinterA
DocumentPropertiesA
ClosePrinter
OleUninitialize
OleInitialize
CoRevokeClassObject
OleFlushClipboard
CoFreeUnusedLibraries
CoRegisterMessageFilter
OleIsCurrentClipboard
Number of PE resources by type
RT_STRING 24
RT_CURSOR 16
RT_GROUP_CURSOR 15
RT_DIALOG 3
RT_BITMAP 3
EDG 2
Struct(241) 1
RT_MENU 1
RT_ACCELERATOR 1
Number of PE resources by language
CHINESE SIMPLIFIED 64
NEUTRAL 2
PE resources
Debug information
ExifTool file metadata
MIMEType
application/octet-stream

Subsystem
Windows GUI

MachineType
Intel 386 or later, and compatibles

FileTypeExtension
exe

TimeStamp
2016:08:06 01:46:10+01:00

FileType
Win32 EXE

PEType
PE32

CodeSize
139264

LinkerVersion
8.0

EntryPoint
0x11ff7

InitializedDataSize
77824

SubsystemVersion
4.0

ImageVersion
0.0

OSVersion
4.0

UninitializedDataSize
0

File identification
MD5 4e68281eb66af9c433d9a247367e09e7
SHA1 5256daf3016a65ff239a98a1806fab52f3537d56
SHA256 a8aaf4e83cbdd37238f1ad1849863107b982dfdc3a9c36bb92d66be7d72c7848
ssdeep
3072:pLHh9/5nrjbU8PbjhIN/85VKk2s6+JKzIiav+zXWuzrh9r82FoDtgxGLDm7LT5:Ff/5nrjw8PnhSzJzeoIiav0BfDL5Gfq

authentihash c44a5984dbc7795223d31ef1779589354494a5ede94e15cab2261e355a62f1fa
imphash 09ec701bda5a32dcf471b1b3ce33ef35
File size 216.0 KB ( 221184 bytes )
File type Win32 EXE
Magic literal
PE32 executable for MS Windows (GUI) Intel 80386 32-bit

TrID Win32 Executable MS Visual C++ (generic) (42.2%)
Win64 Executable (generic) (37.3%)
Win32 Dynamic Link Library (generic) (8.8%)
Win32 Executable (generic) (6.0%)
Generic Win/DOS Executable (2.7%)
Tags
peexe

VirusTotal metadata
First submission 2016-08-13 03:58:42 UTC ( 2 years, 8 months ago )
Last submission 2016-12-08 17:20:56 UTC ( 2 years, 4 months ago )
No comments. No VirusTotal Community member has commented on this item yet, be the first one to do so!

Leave your comment...

?
Post comment

You have not signed in. Only registered users can leave comments, sign in and have a voice!

No votes. No one has voted on this item yet, be the first one to do so!
Condensed report! The following is a condensed report of the behaviour of the file when executed in a controlled environment. The actions and events described were either performed by the file itself or by any other process launched by the executed file or subjected to code injection by the executed file.
Created processes
Opened mutexes
Hooking activity
Runtime DLLs
Additional details
The file installs an application-defined hook procedure into a hook chain. You would install a hook procedure to monitor the system for certain types of events. These events are associated either with a specific thread or with all threads in the same desktop as the calling thread. This is done making use of the SetWindowsHook Windows API function.