× Cookies are disabled! This site requires cookies to be enabled to work properly
VirusTotal
SHA256: aa8f8120021ad82eaddbb958f34073d98fbd3de48c0256f768eac16617e2c03d
File name: aa8f8120021ad82eaddbb958f34073d98fbd3de48c0256f768eac16617e2c03d
Detection ratio: 20 / 57
Analysis date: 2016-04-06 22:43:07 UTC ( 2 years, 10 months ago ) View latest
Antivirus Result Update
Ad-Aware Gen:Variant.Razy.37488 20160406
AegisLab Troj.Dropper.W32.Agent.lsik 20160406
Arcabit Trojan.Razy.D9270 20160406
Avast Win32:Malware-gen 20160406
AVG Crypt5.AVNX 20160406
Avira (no cloud) TR/Crypt.Xpack.pofg 20160406
Baidu Win32.Trojan.WisdomEyes.151026.9950.9999 20160405
BitDefender Gen:Variant.Razy.37488 20160406
Bkav HW32.Packed.EE85 20160406
Emsisoft Gen:Variant.Razy.37488 (B) 20160406
ESET-NOD32 Win32/Qbot.BK 20160406
Kaspersky Trojan.Win32.Bublik.egyg 20160406
Malwarebytes Trojan.KeyLogger.INJ 20160406
McAfee W32/PinkSbot-BS!BDF43C8CEDB2 20160406
McAfee-GW-Edition BehavesLike.Win32.PWSZbot.dc 20160406
Panda Trj/GdSda.A 20160406
Qihoo-360 HEUR/QVM20.1.0000.Malware.Gen 20160406
Rising PE:Malware.XPACK-LNR/Heur!1.5594 [F] 20160406
Sophos AV Mal/Qbot-N 20160406
Tencent Win32.Trojan.Bp-generic.Ixrn 20160406
AhnLab-V3 20160406
Alibaba 20160406
ALYac 20160406
Antiy-AVL 20160406
AVware 20160406
Baidu-International 20160406
CAT-QuickHeal 20160406
ClamAV 20160405
CMC 20160404
Comodo 20160406
Cyren 20160406
DrWeb 20160406
F-Prot 20160406
F-Secure 20160406
Fortinet 20160404
GData 20160406
Ikarus 20160406
Jiangmin 20160406
K7AntiVirus 20160406
K7GW 20160404
Kingsoft 20160406
Microsoft 20160406
eScan 20160406
NANO-Antivirus 20160406
nProtect 20160406
SUPERAntiSpyware 20160406
Symantec 20160331
TheHacker 20160405
TotalDefense 20160406
TrendMicro 20160406
TrendMicro-HouseCall 20160406
VBA32 20160406
VIPRE 20160406
ViRobot 20160406
Yandex 20160406
Zillya 20160406
Zoner 20160406
The file being studied is a Portable Executable file! More specifically, it is a Win32 EXE file for the Windows command line subsystem.
PE header basic information
Target machine Intel 386 or later processors and compatible processors
Compilation timestamp 2016-04-05 12:40:49
Entry Point 0x00007450
Number of sections 5
PE sections
PE imports
[+] GDI32.dll
PlayMetaFileRecord
GdiComment
SelectObject
SetStretchBltMode
CreateBrushIndirect
SetICMProfileA
ExtTextOutA
GetGraphicsMode
SetViewportOrgEx
GetLogColorSpaceW
CreateRoundRectRgn
BeginPath
LineDDA
RealizePalette
SetSystemPaletteUse
StretchDIBits
[+] KERNEL32.dll
lstrcatA
lstrlenA
GetModuleFileNameW
CompareStringA
FreeConsole
[+] MPRAPI.dll
MprInfoBlockQuerySize
MprAdminIsDomainRasServer
MprAdminInterfaceGetCredentialsEx
MprAdminMIBEntryCreate
MprAdminInterfaceTransportRemove
MprInfoBlockSet
MprAdminMIBServerConnect
MprAdminTransportCreate
[+] RPCRT4.dll
RpcBindingToStringBindingA
NdrFullPointerXlatFree
NdrNonConformantStringMarshall
NdrConformantVaryingStructMemorySize
NdrNonEncapsulatedUnionFree
RpcProtseqVectorFreeW
NdrConformantStringMarshall
NdrPointerUnmarshall
RpcNetworkIsProtseqValidA
RpcStringBindingParseA
RpcMgmtEpEltInqBegin
[+] SETUPAPI.dll
SetupDiOpenDeviceInterfaceA
SetupDiGetDeviceInstallParamsA
SetupDiOpenDeviceInfoA
SetupCopyErrorA
SetupGetSourceFileSizeA
SetupDiInstallClassW
SetupScanFileQueueW
SetupDiGetDriverInstallParamsA
SetupQueueCopyA
SetupDiGetDeviceInterfaceAlias
SetupInitializeFileLogA
[+] USER32.dll
EndDeferWindowPos
GetMessageA
GetSystemMetrics
GetWindowModuleFileNameA
AppendMenuA
SendMessageW
PaintDesktop
FillRect
CreateAcceleratorTableW
ModifyMenuW
GetCapture
CascadeWindows
RegisterDeviceNotificationW
GetThreadDesktop
DragDetect
[+] comdlg32.dll
PrintDlgA
CommDlgExtendedError
PageSetupDlgW
PageSetupDlgA
GetOpenFileNameW
[+] mscms.dll
SetColorProfileElementReference
CreateColorTransformA
DisassociateColorProfileFromDeviceW
CloseColorProfile
OpenColorProfileA
CreateMultiProfileTransform
GetColorProfileHeader
EnumColorProfilesW
UnregisterCMMW
UninstallColorProfileA
SetColorProfileHeader
GetStandardColorSpaceProfileA
GetNamedProfileInfo
[+] ntdll.dll
ZwProtectVirtualMemory
NtOpenEvent
RtlGetLongestNtPathLength
ZwQueryInformationThread
NtQueryVolumeInformationFile
LdrDisableThreadCalloutsForDll
NtQueryDirectoryFile
NtSetInformationProcess
NtQueryInformationFile
RtlExtendedLargeIntegerDivide
RtlLargeIntegerSubtract
RtlCopyUnicodeString
RtlNtStatusToDosError
ZwAllocateVirtualMemory
ZwMapViewOfSection
NtQueryInformationProcess
RtlQueryProcessDebugInformation
[+] ole32.dll
CoGetInstanceFromFile
MonikerCommonPrefixWith
OleGetAutoConvert
DoDragDrop
CoEnableCallCancellation
STGMEDIUM_UserFree
StgGetIFillLockBytesOnFile
OleSetContainedObject
CoRegisterMallocSpy
StringFromCLSID
CreateOleAdviseHolder
CoGetClassObject
CoRegisterClassObject
HBITMAP_UserFree
StgOpenStorage
CoQueryAuthenticationServices
CoRevertToSelf
StgIsStorageFile
HMENU_UserSize
HDC_UserSize
CoSuspendClassObjects
StgOpenAsyncDocfileOnIFillLockBytes
BindMoniker
[+] pdh.dll
PdhComputeCounterStatistics
PdhOpenQueryA
PdhExpandCounterPathW
PdhExpandWildCardPathA
PdhSetCounterScaleFactor
PdhParseCounterPathA
PdhGetFormattedCounterArrayW
PdhUpdateLogW
PdhGetDataSourceTimeRangeW
PdhGetDefaultPerfCounterA
PdhEnumObjectsW
PdhSetDefaultRealTimeDataSource
PdhParseInstanceNameW
PdhParseCounterPathW
PdhValidatePathW
PdhCollectQueryData
ExifTool file metadata
MIMEType
application/octet-stream

Subsystem
Windows command line

MachineType
Intel 386 or later, and compatibles

FileTypeExtension
exe

TimeStamp
2016:04:05 13:40:49+01:00

FileType
Win32 EXE

PEType
PE32

CodeSize
32768

LinkerVersion
6.0

EntryPoint
0x7450

InitializedDataSize
225280

SubsystemVersion
4.0

ImageVersion
0.0

OSVersion
4.0

UninitializedDataSize
0

File identification
MD5 bdf43c8cedb2f8d124ff7aff76dd8c4b
SHA1 fc8d0450403b8d125f1150ff695e9e37c2bfba6e
SHA256 aa8f8120021ad82eaddbb958f34073d98fbd3de48c0256f768eac16617e2c03d
ssdeep
6144:PCjUqSNmZNCwylJmSy2nIBsYb5quICT45+fH:GRSNmZmy2nIRw95+v

authentihash a081de918b657c5568731550a841091acd88c9a11bd2a3ae99e5ccfe6f9b430a
imphash 0598d36cbc0de063e21cda61465cb304
File size 256.0 KB ( 262144 bytes )
File type Win32 EXE
Magic literal
PE32 executable for MS Windows (console) Intel 80386 32-bit

TrID Win32 Dynamic Link Library (generic) (43.5%)
Win32 Executable (generic) (29.8%)
Generic Win/DOS Executable (13.2%)
DOS Executable Generic (13.2%)
Tags
peexe

VirusTotal metadata
First submission 2016-04-06 22:43:07 UTC ( 2 years, 10 months ago )
Last submission 2016-09-12 08:27:16 UTC ( 2 years, 5 months ago )
No comments. No VirusTotal Community member has commented on this item yet, be the first one to do so!
More comments

Leave your comment...

?
Post comment

You have not signed in. Only registered users can leave comments, sign in and have a voice!

Sign in Join the community
No votes. No one has voted on this item yet, be the first one to do so!
More votes
Condensed report! The following is a condensed report of the behaviour of the file when executed in a controlled environment. The actions and events described were either performed by the file itself or by any other process launched by the executed file or subjected to code injection by the executed file.
Opened files
Read files
Written files
Copied files
Deleted files
Created processes
Shell commands
Created mutexes
Opened mutexes
Runtime DLLs
UDP communications
Blog | Twitter | Contact us | ToS | Privacy policy