× Cookies are disabled! This site requires cookies to be enabled to work properly
SHA256: a953deed1701d22f947e9d4a5cb3c0f255ae0a2863d667c1f329b93c6230ced2
File name: a953deed1701d22f947e9d4a5cb3c0f255ae0a2863d667c1f329b93c6230ced2
Detection ratio: 11 / 57
Analysis date: 2016-06-04 22:58:20 UTC ( 2 years, 9 months ago ) View latest
Antivirus Result Update
AegisLab Backdoor.W32.Agent.lnci 20160604
AVG Inject3.ASON 20160604
Avira (no cloud) TR/Crypt.ZPACK.aexa 20160604
Baidu Win32.Trojan.WisdomEyes.151026.9950.9999 20160603
ESET-NOD32 Win32/Spy.Shiz.NCU 20160604
Fortinet W32/Shiz.NCU!tr.spy 20160604
Kaspersky UDS:DangerousObject.Multi.Generic 20160604
McAfee-GW-Edition BehavesLike.Win32.Backdoor.dc 20160604
Qihoo-360 QVM20.1.Malware.Gen 20160604
Sophos AV Mal/Generic-S 20160604
Symantec Suspicious.Cloud.9 20160604
Ad-Aware 20160604
AhnLab-V3 20160604
Alibaba 20160603
ALYac 20160604
Antiy-AVL 20160604
Arcabit 20160604
Avast 20160604
AVware 20160604
Baidu-International 20160604
BitDefender 20160604
Bkav 20160604
CAT-QuickHeal 20160604
ClamAV 20160604
CMC 20160602
Comodo 20160604
Cyren 20160604
DrWeb 20160604
Emsisoft 20160604
F-Prot 20160604
F-Secure 20160604
GData 20160604
Ikarus 20160604
Jiangmin 20160604
K7AntiVirus 20160604
K7GW 20160604
Kingsoft 20160604
Malwarebytes 20160604
McAfee 20160604
Microsoft 20160604
eScan 20160604
NANO-Antivirus 20160604
nProtect 20160603
Panda 20160604
Rising 20160604
SUPERAntiSpyware 20160604
Tencent 20160604
TheHacker 20160604
TotalDefense 20160604
TrendMicro 20160604
TrendMicro-HouseCall 20160604
VBA32 20160603
VIPRE 20160604
ViRobot 20160604
Yandex 20160604
Zillya 20160603
Zoner 20160604
The file being studied is a Portable Executable file! More specifically, it is a Win32 EXE file for the Windows GUI subsystem.
PE header basic information
Target machine Intel 386 or later processors and compatible processors
Compilation timestamp 2014-03-15 14:21:52
Entry Point 0x00002025
Number of sections 4
PE sections
PE imports
CAEnumFirstCA
CADeleteCA
CACloseCA
CACloseCertType
GetSystemTime
DeviceIoControl
HeapFree
GetDriveTypeW
GetShortPathNameW
FileTimeToSystemTime
GetLastError
WaitForSingleObject
GetOEMCP
GetTickCount
LoadLibraryA
GetStartupInfoA
GetDateFormatA
GetFileSize
CopyFileExA
CreateDirectoryA
GetProcAddress
lstrcpynW
MapViewOfFile
lstrcmpA
ReadFile
FindFirstFileA
CompareStringA
OpenMutexW
GetLongPathNameW
OpenEventW
SearchPathA
WriteConsoleW
InterlockedIncrement
CPGenKey
CPCreateHash
SetFocus
GetMessageA
CreateWindowExA
MessageBoxW
PeekMessageW
LoadStringA
PostMessageA
IsCharLowerA
FindWindowW
GetClassInfoA
LoadImageA
GetCursor
wsprintfW
LoadCursorA
CreateDesktopW
IsDialogMessageA
IsThemeActive
DrawThemeBackground
DrawThemeEdge
GetWindowTheme
GetThemeBool
GetThemeTextExtent
OpenThemeData
GetThemeInt
GetThemeSysSize
GetThemeTextMetrics
WTSVirtualChannelPurgeInput
WTSQuerySessionInformationA
WTSQueryUserToken
WTSVirtualChannelWrite
WTSVirtualChannelRead
WTSSetSessionInformationA
WTSFreeMemory
WTSRegisterSessionNotification
WTSSendMessageA
WTSVirtualChannelOpen
WTSEnumerateServersA
Number of PE resources by type
RT_RCDATA 7
Number of PE resources by language
NEUTRAL 7
PE resources
ExifTool file metadata
MIMEType
application/octet-stream

Subsystem
Windows GUI

MachineType
Intel 386 or later, and compatibles

FileTypeExtension
exe

TimeStamp
2014:03:15 15:21:52+01:00

FileType
Win32 EXE

PEType
PE32

CodeSize
12288

LinkerVersion
6.0

EntryPoint
0x2025

InitializedDataSize
204800

SubsystemVersion
4.0

ImageVersion
0.0

OSVersion
4.0

UninitializedDataSize
0

File identification
MD5 1d6dc40055dbfb4ca2efe1392f469e8c
SHA1 a84887220a37a033fa290c07fd4cfb8c76072c5c
SHA256 a953deed1701d22f947e9d4a5cb3c0f255ae0a2863d667c1f329b93c6230ced2
ssdeep
6144:9RebOAnAJmT3migIkhlaK9WyBHPAQQi+EAnAJ:9RebOAAJUDgIkhlaJyBvb3AAJ

authentihash 3ed69e639c190a3a4f75a552b5810b38b7eec9dde85680b904c74bad11f8694b
imphash edf2a15d1a98d38a8842a7a1d472c4a6
File size 216.0 KB ( 221184 bytes )
File type Win32 EXE
Magic literal
PE32 executable for MS Windows (GUI) Intel 80386 32-bit

TrID Win32 Dynamic Link Library (generic) (43.5%)
Win32 Executable (generic) (29.8%)
Generic Win/DOS Executable (13.2%)
DOS Executable Generic (13.2%)
Tags
peexe

VirusTotal metadata
First submission 2016-06-04 22:58:20 UTC ( 2 years, 9 months ago )
Last submission 2016-06-04 22:58:20 UTC ( 2 years, 9 months ago )
No comments. No VirusTotal Community member has commented on this item yet, be the first one to do so!

Leave your comment...

?
Post comment

You have not signed in. Only registered users can leave comments, sign in and have a voice!

No votes. No one has voted on this item yet, be the first one to do so!
Condensed report! The following is a condensed report of the behaviour of the file when executed in a controlled environment. The actions and events described were either performed by the file itself or by any other process launched by the executed file or subjected to code injection by the executed file.
Opened files
Runtime DLLs
Additional details
The file uses the IsDebuggerPresent Windows API function in order to see whether it is being debugged.
UDP communications