× Cookies are disabled! This site requires cookies to be enabled to work properly
SHA256: a9310f5d568bcdbf1886f2259662e98f27d9512e297ab97ff48fa8f282e3c49c
File name: 666e460d156e964d61c9d48e6e8b0b95
Detection ratio: 43 / 57
Analysis date: 2016-05-18 08:22:28 UTC ( 2 years, 10 months ago )
Antivirus Result Update
Ad-Aware Trojan.GenericKD.3116720 20160518
AegisLab Worm.W32.Ngrbot!c 20160518
AhnLab-V3 Win-Trojan/Teslacrypt.Gen 20160518
ALYac Trojan.GenericKD.3116720 20160518
Antiy-AVL Worm/Win32.Ngrbot 20160518
Arcabit Trojan.Generic.D2F8EB0 20160518
Avast Win32:Dorder-T [Trj] 20160518
AVG Crypt_r.BOV 20160517
Avira (no cloud) TR/Crypt.ZPACK.hhil 20160518
AVware Trojan.Win32.Generic!BT 20160511
Baidu-International Worm.Win32.Dorkbot.B 20160518
BitDefender Trojan.GenericKD.3116720 20160518
CAT-QuickHeal Worm.Dorkbot.r6 20160518
Comodo UnclassifiedMalware 20160518
Cyren W32/Trojan.IZRP-4257 20160518
DrWeb BackDoor.IRC.NgrBot.42 20160518
Emsisoft Trojan.GenericKD.3116720 (B) 20160518
ESET-NOD32 Win32/Dorkbot.B 20160518
F-Secure Trojan.GenericKD.3116720 20160518
Fortinet W32/Ngrbot.B!worm 20160518
GData Trojan.GenericKD.3116720 20160518
Ikarus Trojan.Win32.Crypt 20160518
K7AntiVirus Trojan ( 0001589d1 ) 20160518
K7GW Trojan ( 0001589d1 ) 20160518
Kaspersky HEUR:Trojan.Win32.Generic 20160518
Malwarebytes Backdoor.Andromeda 20160518
McAfee RDN/Generic.bfr 20160518
McAfee-GW-Edition BehavesLike.Win32.PackedAP.fh 20160518
Microsoft Trojan:Win32/Bagsu!rfn 20160518
eScan Trojan.GenericKD.3116720 20160518
NANO-Antivirus Trojan.Win32.NgrBot.ebeiao 20160518
nProtect Trojan.GenericKD.3116720 20160517
Panda Trj/GdSda.A 20160517
Qihoo-360 Win32/Trojan.c74 20160518
Rising Trojan.Kryptik!1.A32E-Sit8lurY4zV (Cloud) 20160518
Sophos AV Mal/Generic-S 20160518
Symantec W32.IRCBot.NG 20160518
Tencent Win32.Trojan.Inject.Auto 20160518
TrendMicro TROJ_GEN.R047C0CCT16 20160518
VIPRE Trojan.Win32.Generic!BT 20160518
ViRobot Trojan.Win32.Z.Ngrbot.308224.B[h] 20160518
Yandex Worm.Ngrbot!rdfYYRxKbxc 20160517
Zillya Worm.Dorkbot.Win32.2640 20160517
Alibaba 20160516
Baidu 20160518
Bkav 20160517
ClamAV 20160518
CMC 20160516
F-Prot 20160518
Jiangmin 20160518
Kingsoft 20160518
SUPERAntiSpyware 20160518
TheHacker 20160518
TotalDefense 20160518
TrendMicro-HouseCall 20160518
VBA32 20160517
Zoner 20160518
The file being studied is a Portable Executable file! More specifically, it is a Win32 EXE file for the Windows GUI subsystem.
FileVersionInfo properties
Copyright
Copyright (c) Microsoft Corporation.  All rights reserved.

Product Windows XML
Original name getmyapp.exe
Internal name getmyapp
File version 3, 3, 1, 362
Description Software
PE header basic information
Target machine Intel 386 or later processors and compatible processors
Compilation timestamp 2016-03-23 10:46:13
Entry Point 0x0000B8CD
Number of sections 6
PE sections
PE imports
GetTokenInformation
RegEnumValueW
OpenProcessToken
FreeSid
RegQueryInfoKeyW
OpenSCManagerW
RegEnumKeyExW
RegEnumKeyW
OpenThreadToken
AdjustTokenPrivileges
LookupPrivilegeValueW
AllocateAndInitializeSid
RegDeleteKeyW
QueryServiceStatus
EqualSid
RegDeleteValueW
RegEnumKeyExA
RegQueryValueW
InitCommonControlsEx
SetDIBits
GetTextMetricsW
SetMapMode
TextOutW
CreateFontIndirectW
SetBitmapBits
CreatePen
GetRgnBox
SaveDC
CreateRectRgnIndirect
LPtoDP
GetClipBox
GetWindowExtEx
GetBitmapBits
Rectangle
GetDeviceCaps
SetViewportExtEx
LineTo
DeleteDC
RestoreDC
GetMapMode
EnumFontFamiliesW
GetTextExtentExPointW
GetPixel
SetWindowOrgEx
DeleteObject
GetObjectW
BitBlt
CreateDIBSection
SetTextColor
GetCurrentObject
RectVisible
ExtTextOutW
CreateBitmap
Escape
GetStockObject
SetViewportOrgEx
ScaleWindowExtEx
SetBkColor
PtVisible
GetDIBits
ExtSelectClipRgn
CreateCompatibleDC
SetBkMode
ScaleViewportExtEx
OffsetViewportOrgEx
CreateRectRgn
GetTextExtentPoint32W
Ellipse
SetWindowExtEx
GetTextColor
CreateSolidBrush
DPtoLP
SelectObject
GetViewportExtEx
GetBkColor
CreateCompatibleBitmap
MoveToEx
GetStdHandle
GetDriveTypeW
GetConsoleOutputCP
ReleaseMutex
FileTimeToSystemTime
GetFileAttributesA
WaitForSingleObject
GetDriveTypeA
HeapDestroy
GetFileAttributesW
lstrcmpW
FreeEnvironmentStringsA
DeleteCriticalSection
GetCurrentProcess
OpenFileMappingW
GetConsoleMode
GetLocaleInfoA
LocalAlloc
GetSystemDefaultLCID
SetErrorMode
FreeEnvironmentStringsW
GetLocaleInfoW
GetFullPathNameA
GetFileTime
GetCPInfo
GetStringTypeA
GetSystemTimeAsFileTime
WriteFile
MoveFileA
SetStdHandle
HeapReAlloc
GetStringTypeW
SetFileAttributesA
GetExitCodeProcess
LocalFree
FormatMessageW
BeginUpdateResourceW
LoadResource
GlobalHandle
GetLogicalDriveStringsW
FindClose
InterlockedDecrement
MoveFileW
SetFileAttributesW
GetCurrentThread
GetEnvironmentVariableW
SetLastError
GetSystemTime
TlsGetValue
GlobalFindAtomW
UpdateResourceW
GetModuleFileNameW
GetCurrentDirectoryA
IsDebuggerPresent
HeapAlloc
GetVersionExA
GetModuleFileNameA
EnumSystemLocalesA
EnumResourceLanguagesW
GetVolumeInformationW
LoadLibraryExW
MultiByteToWideChar
SetFilePointerEx
GetPrivateProfileStringW
FormatMessageA
GetModuleHandleA
GetFullPathNameW
GlobalAddAtomW
CreateThread
SetEnvironmentVariableW
MoveFileExW
GetSystemDirectoryW
CreatePipe
GetExitCodeThread
SetUnhandledExceptionFilter
ConvertDefaultLocale
CreateMutexW
MulDiv
GetDateFormatA
SetEnvironmentVariableA
TerminateProcess
WriteConsoleA
GetVersion
SetCurrentDirectoryW
GlobalAlloc
LocalFileTimeToFileTime
GetDiskFreeSpaceExW
SetEndOfFile
GetCurrentThreadId
LeaveCriticalSection
GetNumberFormatW
WriteConsoleW
HeapFree
EnterCriticalSection
GetTimeZoneInformation
SetHandleCount
LoadLibraryW
EndUpdateResourceW
GetVersionExW
FreeLibrary
QueryPerformanceCounter
GetTickCount
TlsAlloc
VirtualProtect
FlushFileBuffers
LoadLibraryA
RtlUnwind
CopyFileW
GetStartupInfoA
UnlockFile
DosDateTimeToFileTime
GetWindowsDirectoryW
GetFileSize
GlobalDeleteAtom
DeleteFileA
GetDateFormatW
GetStartupInfoW
CreateDirectoryW
DeleteFileW
GetProcAddress
GetProcessHeap
CreateFileMappingW
GetTimeFormatW
GlobalReAlloc
RemoveDirectoryW
ExpandEnvironmentStringsW
FindNextFileW
CompareStringA
FindFirstFileW
IsValidLocale
DuplicateHandle
GetUserDefaultLCID
SetEvent
CreateEventW
CreateFileW
GetFileType
TlsSetValue
CreateFileA
ExitProcess
InterlockedIncrement
GetLastError
InitializeCriticalSection
LocalReAlloc
SystemTimeToFileTime
LCMapStringW
HeapCreate
GetSystemInfo
lstrlenA
GlobalFree
GetConsoleCP
FindResourceW
LCMapStringA
CompareStringW
GetThreadLocale
GetEnvironmentStringsW
GlobalUnlock
IsDBCSLeadByte
LockFile
lstrlenW
FileTimeToLocalFileTime
SizeofResource
GetCurrentDirectoryW
GetCurrentProcessId
LockResource
SetFileTime
GetCommandLineW
WideCharToMultiByte
HeapSize
GetCommandLineA
WritePrivateProfileStringW
GetSystemDefaultLangID
RaiseException
UnhandledExceptionFilter
MapViewOfFile
TlsFree
SetFilePointer
ReadFile
GlobalFlags
CloseHandle
GetTimeFormatA
GetACP
GlobalLock
GetModuleHandleW
FreeResource
FindResourceExW
GetEnvironmentStrings
CreateProcessA
IsValidCodePage
UnmapViewOfFile
GetTempPathW
VirtualQuery
VirtualFree
Sleep
VirtualAlloc
GetOEMCP
ResetEvent
NetShareGetInfo
ShellExecuteExW
ShellExecuteW
SHGetMalloc
SHGetDesktopFolder
SetFocus
MapWindowPoints
GetParent
UpdateWindow
EndDialog
LoadBitmapW
TranslateMessage
DefWindowProcW
IsWindow
WaitForInputIdle
GetMessageW
ShowWindow
SetWindowPos
wvsprintfW
CharToOemBuffA
SetWindowLongW
MessageBoxW
DestroyIcon
GetWindowRect
EnableWindow
CharUpperW
DialogBoxParamW
CharToOemBuffW
wvsprintfA
SendDlgItemMessageW
GetWindow
PostMessageW
CharUpperA
SetDlgItemTextW
GetDC
ReleaseDC
SendMessageW
GetWindowLongW
GetSystemMetrics
IsWindowVisible
LoadStringW
SetWindowTextW
GetDlgItem
GetDlgItemTextW
OemToCharBuffA
DispatchMessageW
OemToCharA
PeekMessageW
GetSysColor
GetClientRect
GetClassNameW
CopyRect
GetWindowTextW
GetDesktopWindow
LoadCursorW
LoadIconW
FindWindowExW
CreateWindowExW
RegisterClassExW
SetForegroundWindow
DestroyWindow
CharToOemA
OleUninitialize
CoTaskMemFree
CoTaskMemAlloc
StgCreateDocfileOnILockBytes
OleFlushClipboard
CoCreateGuid
CLSIDFromProgID
CoRevokeClassObject
CoFreeUnusedLibraries
CoRegisterMessageFilter
StgOpenStorageOnILockBytes
OleIsCurrentClipboard
OleInitialize
CLSIDFromString
CreateILockBytesOnHGlobal
CoGetClassObject
OleUIBusyW
Number of PE resources by type
RT_BITMAP 2
RT_VERSION 1
RT_ANICURSOR 1
Number of PE resources by language
ENGLISH US 3
ENGLISH NZ 1
PE resources
ExifTool file metadata
UninitializedDataSize
0

InitializedDataSize
194048

ImageVersion
0.0

FileSubtype
0

FileVersionNumber
3.3.1.362

LanguageCode
English (U.S.)

FileFlagsMask
0x003f

FileDescription
Software

CharacterSet
Windows, Latin1

LinkerVersion
9.0

EntryPoint
0xb8cd

OriginalFileName
getmyapp.exe

MIMEType
application/octet-stream

LegalCopyright
Copyright (c) Microsoft Corporation. All rights reserved.

LegalTrademarks2
Windows is a registered trademark of Microsoft Corporation.

FileVersion
3, 3, 1, 362

LegalTrademarks1
Microsoft is a registered trademark of Microsoft Corporation.

TimeStamp
2016:03:23 11:46:13+01:00

FileType
Win32 EXE

PEType
PE32

InternalName
getmyapp

ProductVersion
3, 3, 1, 362

SubsystemVersion
5.0

OSVersion
5.0

FileOS
Win32

Subsystem
Windows GUI

MachineType
Intel 386 or later, and compatibles

CompanyName
Microsoft Corporation

CodeSize
113152

ProductName
Windows XML

ProductVersionNumber
3.3.1.362

FileTypeExtension
exe

ObjectFileType
Executable application

File identification
MD5 666e460d156e964d61c9d48e6e8b0b95
SHA1 4ef82826ad200ad9eccfd121f141e3bc6267f731
SHA256 a9310f5d568bcdbf1886f2259662e98f27d9512e297ab97ff48fa8f282e3c49c
ssdeep
6144:zv/ABMAOZEWJUWemFOAbLF6BH1ZoLIM/pwnFY:zv/ABMf/JUEO2FaVZMOnFY

authentihash d8cd42d35f72a841b5e276ccfad249e8f862da9870494f8adc4ad7df6c2e3739
imphash e9ecd294bc1e9b15ea31c4c621a7702b
File size 301.0 KB ( 308224 bytes )
File type Win32 EXE
Magic literal
PE32 executable for MS Windows (GUI) Intel 80386 32-bit

TrID Win32 Executable MS Visual C++ (generic) (67.4%)
Win32 Dynamic Link Library (generic) (14.2%)
Win32 Executable (generic) (9.7%)
Generic Win/DOS Executable (4.3%)
DOS Executable Generic (4.3%)
Tags
peexe

VirusTotal metadata
First submission 2016-03-27 02:30:40 UTC ( 2 years, 11 months ago )
Last submission 2016-03-27 02:30:40 UTC ( 2 years, 11 months ago )
File names getmyapp.exe
getmyapp
No comments. No VirusTotal Community member has commented on this item yet, be the first one to do so!

Leave your comment...

?
Post comment

You have not signed in. Only registered users can leave comments, sign in and have a voice!

No votes. No one has voted on this item yet, be the first one to do so!
Condensed report! The following is a condensed report of the behaviour of the file when executed in a controlled environment. The actions and events described were either performed by the file itself or by any other process launched by the executed file or subjected to code injection by the executed file.
Opened files
Created processes
Code injections in the following processes
Created mutexes
Opened mutexes
Runtime DLLs
UDP communications