× Cookies are disabled! This site requires cookies to be enabled to work properly
SHA256: a98bb2f8daa4ced3acbd7aff27c1918d8135bf2e64442b225b178548b594363d
File name: wa1.exe
Detection ratio: 3 / 55
Analysis date: 2015-10-27 17:16:59 UTC ( 1 year, 9 months ago ) View latest
Antivirus Result Update
McAfee Upatre-FAEC!FCB8647D5AB8 20151027
Rising PE:Malware.Obscure!1.9C59 [F] 20151027
Tencent Trojan.Win32.Qudamah.Gen.24 20151027
Ad-Aware 20151027
AegisLab 20151027
Yandex 20151027
AhnLab-V3 20151027
Alibaba 20151027
ALYac 20151027
Antiy-AVL 20151027
Arcabit 20151027
Avast 20151027
AVG 20151027
Avira (no cloud) 20151027
AVware 20151027
Baidu-International 20151027
BitDefender 20151027
Bkav 20151027
ByteHero 20151027
CAT-QuickHeal 20151027
ClamAV 20151027
CMC 20151026
Comodo 20151027
Cyren 20151027
DrWeb 20151027
Emsisoft 20151027
ESET-NOD32 20151027
F-Prot 20151027
F-Secure 20151027
Fortinet 20151027
GData 20151027
Ikarus 20151027
Jiangmin 20151026
K7AntiVirus 20151027
K7GW 20151027
Kaspersky 20151027
Malwarebytes 20151027
McAfee-GW-Edition 20151027
Microsoft 20151027
eScan 20151027
NANO-Antivirus 20151027
nProtect 20151027
Panda 20151027
Qihoo-360 20151027
Sophos AV 20151027
SUPERAntiSpyware 20151027
Symantec 20151026
TheHacker 20151026
TrendMicro 20151027
TrendMicro-HouseCall 20151027
VBA32 20151027
VIPRE 20151027
ViRobot 20151027
Zillya 20151027
Zoner 20151027
The file being studied is a Portable Executable file! More specifically, it is a Win32 EXE file for the Windows GUI subsystem.
FileVersionInfo properties
Signature verification A certificate was explicitly revoked by its issuer.
Signing date 7:44 PM 4/20/2016
PE header basic information
Target machine Intel 386 or later processors and compatible processors
Compilation timestamp 2015-10-27 11:54:52
Entry Point 0x0000168E
Number of sections 4
PE sections
Overlays
MD5 7d6a49416c2da1ec0e85e6956e61d440
File type data
Offset 81920
Size 5368
Entropy 7.43
PE imports
OpenServiceW
SelectObject
CreatePen
CreateBitmap
ReadConsoleInputA
HeapFree
GetStdHandle
LCMapStringW
SetHandleCount
GetOEMCP
LCMapStringA
HeapDestroy
GetTickCount
VirtualProtect
LoadLibraryA
RtlUnwind
GetModuleFileNameA
GetLocalTime
FreeEnvironmentStringsA
HeapAlloc
GetStartupInfoA
GetEnvironmentStrings
GetConsoleMode
GetCPInfo
UnhandledExceptionFilter
MultiByteToWideChar
HeapSize
FreeEnvironmentStringsW
GetCommandLineA
GetProcAddress
WideCharToMultiByte
GetStringTypeA
GetModuleHandleA
InterlockedExchange
WriteFile
GetCurrentProcess
CloseHandle
GetACP
HeapReAlloc
GetStringTypeW
TerminateProcess
SetConsoleMode
OpenSemaphoreA
VirtualFree
GetEnvironmentStringsW
Sleep
GetFileType
CreateFileA
ExitProcess
GetVersion
OpenSemaphoreW
VirtualAlloc
HeapCreate
InterlockedIncrement
SysAllocString
auxGetVolume
CoUninitialize
CoInitialize
Number of PE resources by type
RT_GROUP_CURSOR 1
RT_ICON 1
RT_CURSOR 1
RT_VERSION 1
RT_GROUP_ICON 1
Number of PE resources by language
RUSSIAN 5
PE resources
ExifTool file metadata
UninitializedDataSize
0

LinkerVersion
6.0

ImageVersion
8.2

FileVersionNumber
7.16.13.799

LanguageCode
Russian

FileFlagsMask
0x0001

CharacterSet
Unknown (24B2)

InitializedDataSize
61440

EntryPoint
0x168e

MIMEType
application/octet-stream

TimeStamp
2015:10:27 12:54:52+01:00

FileType
Win32 EXE

PEType
PE32

SubsystemVersion
4.0

OSVersion
4.0

FileOS
Unknown (0x5)

Subsystem
Windows GUI

MachineType
Intel 386 or later, and compatibles

BuildVersion
7, 16, 19, 799

CodeSize
16384

FileSubtype
1

ProductVersionNumber
7.16.13.799

FileTypeExtension
exe

ObjectFileType
VxD

File identification
MD5 fcb8647d5ab8c4640e139df1b988cd7a
SHA1 701e7b7e0231417910a3fd24ab5e50de4543042a
SHA256 a98bb2f8daa4ced3acbd7aff27c1918d8135bf2e64442b225b178548b594363d
ssdeep
768:nNNlFJI3VyA6hJojhvuttQZR4Nuov7u/8iH:nNNls30do1u4R4NuOuki

authentihash 4fda017876550073e920766ec5fb6165de57f026c761f23ab083b3790fc92764
imphash bfb800fd5d51b039fba649ec85046ee7
File size 85.2 KB ( 87288 bytes )
File type Win32 EXE
Magic literal
PE32 executable for MS Windows (GUI) Intel 80386 32-bit

TrID Win32 Executable MS Visual C++ (generic) (42.2%)
Win64 Executable (generic) (37.3%)
Win32 Dynamic Link Library (generic) (8.8%)
Win32 Executable (generic) (6.0%)
Generic Win/DOS Executable (2.7%)
Tags
peexe overlay

VirusTotal metadata
First submission 2015-10-27 17:16:59 UTC ( 1 year, 9 months ago )
Last submission 2015-11-05 08:07:19 UTC ( 1 year, 9 months ago )
File names 701e7b7e0231417910a3fd24ab5e50de4543042a
a98bb2f8daa4ced3acbd7aff27c1918d8135bf2e64442b225b178548b594363d.bin
wa1.exe
wa1 (2).exe
No comments. No VirusTotal Community member has commented on this item yet, be the first one to do so!

Leave your comment...

?
Post comment

You have not signed in. Only registered users can leave comments, sign in and have a voice!

No votes. No one has voted on this item yet, be the first one to do so!
Condensed report! The following is a condensed report of the behaviour of the file when executed in a controlled environment. The actions and events described were either performed by the file itself or by any other process launched by the executed file or subjected to code injection by the executed file.
Opened files
Read files
Runtime DLLs