× Cookies are disabled! This site requires cookies to be enabled to work properly
SHA256: abbdff763a825f28c2f62ab5cba008e9cbc64785677bb794236136ce83624678
File name: e6d2e5e9430df10d32e10b319842ef255fd54430
Detection ratio: 49 / 57
Analysis date: 2016-09-14 21:26:59 UTC ( 2 years, 5 months ago )
Antivirus Result Update
Ad-Aware Trojan.Lethic.Gen.14 20160914
AegisLab Worm.W32.Ngrbot|2|103!c 20160914
AhnLab-V3 Trojan/Win32.Upbot.N1871198654 20160914
ALYac Trojan.Lethic.Gen.14 20160914
Antiy-AVL Worm/Win32.Ngrbot 20160914
Arcabit Trojan.Lethic.Gen.14 20160914
Avast Win32:Malware-gen 20160914
AVG Generic_r.GSI 20160914
Avira (no cloud) TR/Crypt.Xpack.392831 20160914
AVware Trojan.Win32.Generic!BT 20160914
Baidu Win32.Trojan.Kryptik.vi 20160914
BitDefender Trojan.Lethic.Gen.14 20160914
Bkav W32.KusitraAC.Trojan 20160914
CAT-QuickHeal Ransom.Crowti.WR7 20160914
Comodo TrojWare.Win32.Midie.KNJ 20160912
CrowdStrike Falcon (ML) malicious_confidence_100% (W) 20160725
Cyren W32/Agent.XL.gen!Eldorado 20160914
DrWeb BackDoor.IRC.NgrBot.566 20160914
Emsisoft Trojan.Lethic.Gen.14 (B) 20160914
ESET-NOD32 a variant of Win32/Kryptik.EKJB 20160914
F-Prot W32/Agent.XL.gen!Eldorado 20160914
F-Secure Trojan.Lethic.Gen.14 20160914
Fortinet W32/Kryptik.EKDN!tr 20160914
GData Trojan.Lethic.Gen.14 20160914
Ikarus Trojan.Win32.Crypt 20160914
Sophos ML backdoor.win32.kasidet.c 20160912
Jiangmin Trojan.Agent.oej 20160914
K7AntiVirus Trojan ( 0040f8241 ) 20160914
K7GW Trojan ( 0040f8241 ) 20160914
Kaspersky Trojan-Proxy.Win32.Lethic.ddw 20160914
Malwarebytes Trojan.MalPack.Generic 20160914
McAfee RDN/Sdbot.worm 20160914
McAfee-GW-Edition BehavesLike.Win32.Trojan.fh 20160914
Microsoft Trojan:Win32/Bagsu!rfn 20160914
eScan Trojan.Lethic.Gen.14 20160914
NANO-Antivirus Trojan.Win32.NgrBot.dzstts 20160914
Panda Trj/CI.A 20160914
Qihoo-360 Win32/Trojan.Proxy.066 20160914
Rising Malware.Generic!5wVlwcwRccS@1 (thunder) 20160914
Sophos AV Mal/Wonton-BZ 20160914
SUPERAntiSpyware Trojan.Agent/Gen-Kryptik 20160914
Symantec Trojan.Gen 20160914
Tencent Win32.Trojan.Inject.Auto 20160914
TrendMicro Ransom_HPCRYPTESLA.SMD 20160914
TrendMicro-HouseCall Ransom_HPCRYPTESLA.SMD 20160914
VIPRE Trojan.Win32.Generic!BT 20160914
ViRobot Trojan.Win32.Kryptik.Gen.A[h] 20160914
Yandex Worm.Ngrbot!VEMKFvKCluw 20160914
Zillya Trojan.Lethic.Win32.3119 20160914
Alibaba 20160914
ClamAV 20160913
CMC 20160912
Kingsoft 20160914
nProtect 20160914
TheHacker 20160911
VBA32 20160914
Zoner 20160914
The file being studied is a Portable Executable file! More specifically, it is a Win32 EXE file for the Windows GUI subsystem.
PE header basic information
Target machine Intel 386 or later processors and compatible processors
Compilation timestamp 2016-01-11 07:20:49
Entry Point 0x00009602
Number of sections 4
PE sections
PE imports
RegDeleteKeyA
RegFlushKey
RegOpenKeyA
RegCloseKey
GetUserNameA
RegQueryValueA
RegEnumValueA
RegQueryValueExA
RegSetValueA
FreeSid
RegSetValueExA
RegOpenKeyExA
RegDeleteValueA
GetFileSecurityA
RegCreateKeyExA
RegCreateKeyA
RegEnumKeyA
SetFileSecurityA
RegEnumKeyExA
RegQueryInfoKeyA
RegQueryValueExW
ImageList_Create
ImageList_Destroy
ImageList_AddMasked
PrintDlgA
GetOpenFileNameA
ReplaceTextA
FindTextA
GetFileTitleA
ChooseColorA
CommDlgExtendedError
GetSaveFileNameA
ChooseFontA
SetMapMode
CreateMetaFileA
GetTextMetricsA
CombineRgn
GetROP2
GetObjectType
GetTextExtentPointA
EndDoc
DeleteObject
IntersectClipRect
GetTextFaceA
CreatePalette
CreateDIBitmap
CreateEllipticRgnIndirect
SetTextAlign
StretchDIBits
ScaleViewportExtEx
CloseMetaFile
WidenPath
ExtCreatePen
SetBkColor
GetBkColor
SetRectRgn
GetDIBColorTable
TextOutW
GetClipBox
GetCurrentPositionEx
TextOutA
CreateFontIndirectA
CreateRectRgnIndirect
LPtoDP
ExcludeClipRect
OffsetViewportOrgEx
SetBkMode
CreateBitmap
BitBlt
EnumFontFamiliesA
GetObjectA
MoveToEx
GetOutlineTextMetricsA
SetAbortProc
CreateBrushIndirect
ScaleWindowExtEx
GetFontData
PtVisible
SelectPalette
SetROP2
EndPage
GetTextColor
StrokePath
GetMapMode
SetWindowExtEx
BeginPath
SetViewportExtEx
CreateCompatibleDC
GetWindowExtEx
PatBlt
CreatePen
SetStretchBltMode
Rectangle
GetDeviceCaps
CreateDCA
LineTo
DeleteDC
PolyBezierTo
StartPage
GetCharWidthA
RealizePalette
CreatePatternBrush
SelectClipPath
RectVisible
GetStockObject
ExtTextOutA
UnrealizeObject
SelectClipRgn
GetTextAlign
ExtEscape
GetTextExtentPoint32A
SetWindowOrgEx
SelectObject
GetViewportExtEx
EndPath
CreatePolygonRgn
Polygon
CreateHalftonePalette
SaveDC
RestoreDC
GetBitmapDimensionEx
FillPath
SetDIBitsToDevice
CreateDIBSection
SetTextColor
SetMiterLimit
CreateFontA
SetViewportOrgEx
EnumFontFamiliesExA
StrokeAndFillPath
PolyBezier
SetBrushOrgEx
CreateRectRgn
Escape
GetClipRgn
StartDocA
SetPolyFillMode
Ellipse
CreateSolidBrush
Polyline
DPtoLP
GetDIBits
CopyMetaFileA
AbortDoc
CreateCompatibleBitmap
DeleteMetaFile
SetThreadLocale
GetStdHandle
FileTimeToDosDateTime
GetConsoleOutputCP
FileTimeToSystemTime
GetFileAttributesA
WaitForSingleObject
IsValidLocale
GetLocalTime
FreeEnvironmentStringsA
DeleteCriticalSection
GetCurrentProcess
GetCurrentDirectoryA
GetConsoleMode
GetLocaleInfoA
LocalAlloc
lstrcatA
SetErrorMode
FreeEnvironmentStringsW
GetLocaleInfoW
SetStdHandle
GetFileTime
FindResourceExA
GetCPInfo
GetStringTypeA
WriteFile
GetSystemTimeAsFileTime
GetDiskFreeSpaceA
GetStringTypeW
GetFullPathNameA
FreeLibrary
LocalFree
MoveFileA
ResumeThread
InitializeCriticalSection
LoadResource
GlobalHandle
FindClose
TlsGetValue
FormatMessageA
GetStringTypeExA
OutputDebugStringA
SetLastError
CopyFileA
HeapAlloc
GetUserDefaultLCID
FlushFileBuffers
GetModuleFileNameA
QueryPerformanceFrequency
EnumCalendarInfoA
GetVolumeInformationA
LoadLibraryExA
GetPrivateProfileStringA
SetConsoleCtrlHandler
WriteProfileStringA
UnhandledExceptionFilter
InterlockedDecrement
MultiByteToWideChar
GetProfileIntA
SetFilePointer
CreateThread
GetExitCodeThread
GlobalAddAtomA
SetUnhandledExceptionFilter
MulDiv
UnlockFile
GetSystemDirectoryA
GlobalMemoryStatus
WriteConsoleA
GlobalAlloc
SetEndOfFile
GetVersion
InterlockedIncrement
WriteConsoleW
InitializeCriticalSectionAndSpinCount
HeapFree
EnterCriticalSection
SetHandleCount
TerminateThread
lstrcmpiA
GetOEMCP
QueryPerformanceCounter
GetTickCount
TlsAlloc
VirtualProtect
GetVersionExA
LoadLibraryA
RtlUnwind
ExitThread
GlobalSize
GetStartupInfoA
GetDateFormatA
GetFileSize
LCMapStringW
GetPrivateProfileIntA
CreateDirectoryA
DeleteFileA
GetWindowsDirectoryA
SetEvent
GetProcAddress
GetProcessHeap
GlobalReAlloc
lstrcmpA
FindFirstFileA
lstrcpyA
GetProfileStringA
ResetEvent
GetTempFileNameA
FindNextFileA
TerminateProcess
DuplicateHandle
GlobalLock
CreateEventA
GlobalFindAtomA
GetFileType
TlsSetValue
CreateFileA
ExitProcess
LeaveCriticalSection
GetLastError
LocalReAlloc
GlobalDeleteAtom
GetSystemInfo
lstrlenA
GlobalFree
GetConsoleCP
LCMapStringA
HeapReAlloc
GlobalGetAtomNameA
GetThreadLocale
GetEnvironmentStringsW
GlobalUnlock
VirtualQuery
lstrlenW
GetShortPathNameA
LockFile
FileTimeToLocalFileTime
GetEnvironmentStrings
WritePrivateProfileStringA
GetCurrentProcessId
LockResource
SetFileTime
WideCharToMultiByte
HeapSize
IsDebuggerPresent
GetCommandLineA
GetCurrentThread
GetTempPathA
SuspendThread
RaiseException
TlsFree
GetModuleHandleA
ReadFile
CloseHandle
lstrcpynA
EnumSystemLocalesA
GetACP
GetModuleHandleW
GetCurrentThreadId
FreeResource
SizeofResource
CreateProcessA
IsValidCodePage
HeapCreate
VirtualFree
Sleep
SetThreadPriority
GetProcessVersion
FindResourceA
VirtualAlloc
CompareStringA
SHGetFileInfoA
ExtractIconA
ShellExecuteExA
DragFinish
DragAcceptFiles
SHChangeNotify
DragQueryFileA
ShellExecuteA
RedrawWindow
SetDlgItemTextA
GetForegroundWindow
SetMenuItemBitmaps
DrawStateA
SetRectEmpty
DestroyMenu
PostQuitMessage
GetMessagePos
LoadBitmapA
SetWindowPos
GetScrollInfo
GetNextDlgTabItem
IsWindow
DispatchMessageA
ScreenToClient
SetMenuItemInfoA
GrayStringA
WindowFromPoint
GetMessageTime
SetActiveWindow
GetMenuItemID
GetCursorPos
DrawTextA
GetDlgCtrlID
GetClassInfoA
AdjustWindowRectEx
GetMenu
UnregisterClassA
IsClipboardFormatAvailable
DefFrameProcA
GetClientRect
SetScrollPos
InSendMessage
CallNextHookEx
LoadAcceleratorsA
GetWindowTextLengthA
DestroyCaret
CopyAcceleratorTableA
GetActiveWindow
GetSubMenu
LoadImageA
wsprintfA
GetMenuItemInfoA
ScrollWindow
GetWindowTextA
InvalidateRgn
DestroyWindow
GetMessageA
GetParent
UpdateWindow
SetPropA
EqualRect
DefMDIChildProcA
CreateCaret
ExcludeUpdateRgn
ShowWindow
GetPropA
GetNextDlgGroupItem
GetMenuState
TranslateMDISysAccel
GetTabbedTextExtentA
EnableWindow
SetWindowPlacement
LockWindowUpdate
PeekMessageA
ScrollDC
TranslateMessage
IsWindowEnabled
GetWindow
CharUpperA
CheckRadioButton
InsertMenuItemA
LoadStringA
SetParent
SetClipboardData
IsZoomed
GetWindowPlacement
DrawMenuBar
IsIconic
RegisterClassA
TrackPopupMenuEx
TabbedTextOutA
DrawFocusRect
CreateWindowExA
ShowOwnedPopups
FillRect
CopyRect
GetSysColorBrush
IsWindowUnicode
ReleaseDC
CreateMenu
WindowFromDC
IsChild
IsDialogMessageA
SetFocus
MapVirtualKeyA
DrawEdge
PostMessageA
BeginPaint
OffsetRect
SetCaretPos
GetScrollPos
CopyIcon
KillTimer
CharNextA
TrackMouseEvent
ClipCursor
RegisterWindowMessageA
DefWindowProcA
CheckMenuRadioItem
GetClipboardData
SendDlgItemMessageA
GetSystemMetrics
EnableMenuItem
SetScrollRange
GetWindowRect
InflateRect
InvertRect
SetCapture
ReleaseCapture
EnumChildWindows
GetScrollRange
SetWindowLongA
IsRectEmpty
CheckDlgButton
GetMenuItemCount
RemovePropA
CreatePopupMenu
ShowCaret
GetWindowLongA
GetLastActivePopup
PtInRect
SetTimer
GetDlgItem
GetMenuCheckMarkDimensions
SetCursor
BringWindowToTop
ClientToScreen
GetClassLongA
InsertMenuA
CreateDialogIndirectParamA
GetAsyncKeyState
LoadCursorA
LoadIconA
TrackPopupMenu
SetWindowsHookExA
GetMenuStringA
IsDlgButtonChecked
BeginDeferWindowPos
ValidateRect
GetSystemMenu
ReuseDDElParam
GetDC
CheckMenuItem
SetForegroundWindow
PostThreadMessageA
OpenClipboard
EmptyClipboard
EndPaint
MapDialogRect
IntersectRect
EndDialog
LoadMenuA
HideCaret
SetWindowContextHelpId
GetCapture
FindWindowA
MessageBeep
RemoveMenu
DeferWindowPos
ShowScrollBar
AppendMenuA
DrawFrameControl
UnhookWindowsHookEx
RegisterClipboardFormatA
MoveWindow
MessageBoxA
GetCursor
GetWindowDC
DestroyCursor
wvsprintfA
DialogBoxParamA
GetSysColor
SetScrollInfo
GetKeyState
EndDeferWindowPos
SystemParametersInfoA
DestroyIcon
GetTopWindow
GetKeyNameTextA
IsWindowVisible
GetDesktopWindow
UnpackDDElParam
SetCursorPos
GetDCEx
WinHelpA
UnionRect
FrameRect
SetRect
DeleteMenu
InvalidateRect
SendMessageA
SendMessageTimeoutA
SetWindowTextA
TranslateAcceleratorA
DefDlgProcA
CallWindowProcA
GetClassNameA
GetFocus
CloseClipboard
ModifyMenuA
SetMenu
MapWindowPoints
Number of PE resources by type
RT_STRING 34
Number of PE resources by language
NEUTRAL 34
PE resources
ExifTool file metadata
MIMEType
application/octet-stream

Subsystem
Windows GUI

MachineType
Intel 386 or later, and compatibles

FileTypeExtension
exe

TimeStamp
2016:01:11 08:20:49+01:00

FileType
Win32 EXE

PEType
PE32

CodeSize
110592

LinkerVersion
9.0

EntryPoint
0x9602

InitializedDataSize
225792

SubsystemVersion
5.0

ImageVersion
0.0

OSVersion
5.0

UninitializedDataSize
0

File identification
MD5 68ee072d0afd4cc6d7e3e7714096359e
SHA1 e6d2e5e9430df10d32e10b319842ef255fd54430
SHA256 abbdff763a825f28c2f62ab5cba008e9cbc64785677bb794236136ce83624678
ssdeep
6144:bzsVI9cCJVvA+ac0tdqSF+rcJiJ/E6njUQTPp0ADB:bzsVI9cCJJac0WG65

authentihash b974d956e69d26e2db0d14a099637ebeff91383a34447e43531436830be348e9
imphash 932a207cacd875c7e47ac4a3b82d5298
File size 329.5 KB ( 337408 bytes )
File type Win32 EXE
Magic literal
PE32 executable for MS Windows (GUI) Intel 80386 32-bit

TrID Win32 Executable MS Visual C++ (generic) (67.4%)
Win32 Dynamic Link Library (generic) (14.2%)
Win32 Executable (generic) (9.7%)
Generic Win/DOS Executable (4.3%)
DOS Executable Generic (4.3%)
Tags
peexe

VirusTotal metadata
First submission 2016-01-16 20:43:29 UTC ( 3 years, 1 month ago )
Last submission 2016-09-09 13:25:26 UTC ( 2 years, 5 months ago )
File names winrshost.exe
wenemus.exe
Explorer.exe
No comments. No VirusTotal Community member has commented on this item yet, be the first one to do so!

Leave your comment...

?
Post comment

You have not signed in. Only registered users can leave comments, sign in and have a voice!

No votes. No one has voted on this item yet, be the first one to do so!
Condensed report! The following is a condensed report of the behaviour of the file when executed in a controlled environment. The actions and events described were either performed by the file itself or by any other process launched by the executed file or subjected to code injection by the executed file.
Opened files
Created processes
Code injections in the following processes
Created mutexes
Opened mutexes
Runtime DLLs
UDP communications