× Cookies are disabled! This site requires cookies to be enabled to work properly
SHA256: abc5dd0336a147311dd638442781b883bf14ab2aa708de70121d2dabbe5aacce
File name: 7ccc57f92ee1132e30141f22bbb385db.virus
Detection ratio: 32 / 56
Analysis date: 2016-10-15 04:40:35 UTC ( 2 years, 4 months ago ) View latest
Antivirus Result Update
Ad-Aware Gen:Variant.Symmi.68306 20161015
AegisLab Troj.W32.Gen.miet 20161015
AhnLab-V3 Backdoor/Win32.Androm.N2128377757 20161014
ALYac Gen:Variant.Symmi.68306 20161015
Antiy-AVL Trojan[Backdoor]/Win32.Androm 20161015
Arcabit Trojan.Symmi.D10AD2 20161015
Avast Win32:Trojan-gen 20161015
AVG PSW.Generic13.PEU 20161015
Avira (no cloud) TR/Crypt.Xpack.ikear 20161014
BitDefender Gen:Variant.Symmi.68306 20161015
Bkav W32.FamVT.RazyNHmC.Trojan 20161014
CrowdStrike Falcon (ML) malicious_confidence_100% (D) 20160725
DrWeb Trojan.PWS.Papras.2166 20161015
Emsisoft Gen:Variant.Symmi.68306 (B) 20161015
ESET-NOD32 Win32/PSW.Papras.EJ 20161015
F-Secure Gen:Variant.Symmi.68306 20161015
Fortinet W32/Androm.EJ!tr.bdr 20161015
GData Gen:Variant.Symmi.68306 20161015
Sophos ML trojandownloader.win32.kuluoz.d 20160928
Kaspersky Backdoor.Win32.Androm.lcbo 20161015
McAfee Artemis!7CCC57F92EE1 20161015
McAfee-GW-Edition BehavesLike.Win32.Mkar.dh 20161015
Microsoft Trojan:Win32/Dynamer!ac 20161015
eScan Gen:Variant.Symmi.68306 20161015
NANO-Antivirus Trojan.Win32.Androm.ehdlex 20161015
Panda Generic Suspicious 20161014
Qihoo-360 HEUR/QVM10.1.0000.Malware.Gen 20161015
Sophos AV Mal/Generic-S 20161015
Symantec Heur.AdvML.B 20161015
TrendMicro TROJ_GEN.R011C0DJE16 20161015
TrendMicro-HouseCall TROJ_GEN.R011C0DJE16 20161015
Yandex Backdoor.Androm!84ZbGkYtMS8 20161014
Alibaba 20161014
AVware 20161015
Baidu 20161014
CAT-QuickHeal 20161014
ClamAV 20161015
CMC 20161014
Comodo 20161015
Cyren 20161015
F-Prot 20161015
Ikarus 20161014
Jiangmin 20161015
K7AntiVirus 20161014
K7GW 20161015
Kingsoft 20161015
Malwarebytes 20161015
nProtect 20161015
Rising 20161015
SUPERAntiSpyware 20161015
Tencent 20161015
TheHacker 20161014
VBA32 20161014
VIPRE 20161015
ViRobot 20161014
Zillya 20161013
Zoner 20161015
The file being studied is a Portable Executable file! More specifically, it is a Win32 EXE file for the Windows GUI subsystem.
PE header basic information
Target machine Intel 386 or later processors and compatible processors
Compilation timestamp 2016-09-22 06:43:04
Entry Point 0x00003C48
Number of sections 4
PE sections
PE imports
RegDeleteKeyA
LookupPrivilegeValueA
RegCloseKey
OpenServiceA
RegQueryValueExA
AdjustTokenPrivileges
ControlService
RegCreateKeyExA
DeleteService
CloseServiceHandle
OpenProcessToken
CreateServiceA
QueryServiceStatus
RegOpenKeyExA
CryptReleaseContext
CryptAcquireContextA
CryptGenRandom
RegEnumKeyExA
RegQueryInfoKeyA
ChangeServiceConfigA
RegSetValueExA
StartServiceA
RegDeleteValueA
OpenSCManagerA
GetStdHandle
GetConsoleOutputCP
ReleaseMutex
FileTimeToSystemTime
GetFileAttributesA
WaitForSingleObject
GetDriveTypeA
GetVolumePathNameA
GetFileAttributesW
FreeEnvironmentStringsA
DeleteCriticalSection
GetCurrentProcess
GetConsoleMode
GetLocaleInfoA
LocalAlloc
SetErrorMode
FreeEnvironmentStringsW
GetLocaleInfoW
SetStdHandle
GetFileTime
GetTempPathA
GetCPInfo
GetProcAddress
GetStringTypeA
WriteFile
MoveFileA
GetSystemTimeAsFileTime
HeapReAlloc
GetStringTypeW
GetFullPathNameA
FreeLibrary
LocalFree
FormatMessageW
ResumeThread
InitializeCriticalSection
LoadResource
FindClose
InterlockedDecrement
QueryDosDeviceW
FormatMessageA
SetLastError
PeekNamedPipe
DeviceIoControl
GetModuleFileNameW
CopyFileA
HeapAlloc
GetVersionExA
GetModuleFileNameA
FindNextVolumeW
EnumSystemLocalesA
LoadLibraryExA
UnhandledExceptionFilter
TlsGetValue
MultiByteToWideChar
SetFilePointerEx
CreateMutexA
GetModuleHandleA
CreateThread
CreatePipe
SetUnhandledExceptionFilter
GetSystemDirectoryA
SetHandleInformation
SetEnvironmentVariableA
TerminateProcess
WriteConsoleA
VirtualQuery
SetEndOfFile
GetCurrentThreadId
LeaveCriticalSection
SetCurrentDirectoryA
WriteConsoleW
InitializeCriticalSectionAndSpinCount
HeapFree
EnterCriticalSection
SetHandleCount
lstrcmpiA
FindVolumeClose
GetOEMCP
QueryPerformanceCounter
GetTickCount
TlsAlloc
VirtualProtect
FlushFileBuffers
LoadLibraryA
RtlUnwind
ExitThread
GetStartupInfoA
GetFileSize
CreateDirectoryA
DeleteFileA
GetWindowsDirectoryA
GetUserDefaultLCID
GetProcessHeap
CompareStringW
GetFileSizeEx
GetFileInformationByHandle
FindNextFileW
CompareStringA
FindFirstFileW
IsValidLocale
GlobalLock
RemoveDirectoryA
GetTimeZoneInformation
CreateFileW
IsDebuggerPresent
GetFileType
TlsSetValue
CreateFileA
ExitProcess
FindFirstVolumeW
InterlockedIncrement
GetLastError
LCMapStringW
GetSystemInfo
lstrlenA
GetConsoleCP
LCMapStringA
GetEnvironmentStringsW
IsDBCSLeadByte
lstrlenW
GetShortPathNameA
FileTimeToLocalFileTime
GetEnvironmentStrings
GetCurrentProcessId
LockResource
SetFileTime
GetCurrentDirectoryA
HeapSize
GetCommandLineA
GetCurrentThread
RaiseException
TlsFree
SetFilePointer
ReadFile
FindFirstFileA
CloseHandle
GetVolumeInformationA
GetACP
GetModuleHandleW
SizeofResource
CreateProcessA
WideCharToMultiByte
IsValidCodePage
HeapCreate
VirtualFree
Sleep
FindResourceA
VirtualAlloc
SHBrowseForFolderW
SHChangeNotify
SHGetSpecialFolderPathA
SHGetSpecialFolderLocation
SHGetFolderPathA
SHGetPathFromIDListA
SHGetMalloc
ShellExecuteA
SHStrDupW
SetFocus
GetParent
ReleaseDC
EndPaint
EndDialog
BeginPaint
SetWindowTextW
EnumWindows
TrackMouseEvent
ShowWindow
SetWindowTextA
MessageBeep
LoadBitmapA
SetWindowPos
GetClassNameA
SendDlgItemMessageA
GetSystemMetrics
MessageBoxW
AppendMenuA
GetWindowRect
EnableWindow
SetDlgItemTextA
PostMessageA
MoveWindow
DialogBoxParamW
MessageBoxA
AppendMenuW
SetWindowLongA
SendDlgItemMessageW
GetDC
GetKeyState
CreateDialogParamW
MapDialogRect
GetDlgCtrlID
GetClassInfoA
SendMessageW
UnregisterClassA
SendMessageA
GetClientRect
GetDlgItem
SystemParametersInfoW
RegisterClassA
InvalidateRect
GetWindowLongA
GetWindowTextLengthA
LoadCursorA
LoadIconA
FillRect
DefDlgProcA
CharNextA
GetWindowTextW
CallWindowProcA
GetSystemMenu
EnumChildWindows
wsprintfW
GetWindowTextA
GetWindowInfo
DestroyWindow
ExitWindowsEx
SetCursor
OleUninitialize
CoUninitialize
CoInitialize
OleInitialize
CoTaskMemRealloc
CoCreateInstance
PropVariantClear
CoTaskMemFree
CoTaskMemAlloc
Number of PE resources by type
RT_ICON 4
RT_GROUP_ICON 1
RT_MANIFEST 1
Number of PE resources by language
NEUTRAL 6
PE resources
ExifTool file metadata
MIMEType
application/octet-stream

Subsystem
Windows GUI

MachineType
Intel 386 or later, and compatibles

FileTypeExtension
exe

TimeStamp
2016:09:22 07:43:04+01:00

FileType
Win32 EXE

PEType
PE32

CodeSize
46080

LinkerVersion
9.0

EntryPoint
0x3c48

InitializedDataSize
301056

SubsystemVersion
5.0

ImageVersion
0.0

OSVersion
5.0

UninitializedDataSize
0

File identification
MD5 7ccc57f92ee1132e30141f22bbb385db
SHA1 2a171eb4cfa538c54ac6a777d037eb7342bc89fe
SHA256 abc5dd0336a147311dd638442781b883bf14ab2aa708de70121d2dabbe5aacce
ssdeep
6144:6DPtXM1lKfCcJru7pPeCXZgZEbRzBHWX9w:6LtXM1UqcJ67vZOEbRzBHW

authentihash 21795f679e1a55953e3a7ed25f65067fac6ff6fd089cd2b4f32574c82dae6308
imphash 849e4f271ad511bc0e6d8f6b68512457
File size 265.0 KB ( 271360 bytes )
File type Win32 EXE
Magic literal
PE32 executable for MS Windows (GUI) Intel 80386 32-bit

TrID Win32 Executable MS Visual C++ (generic) (67.4%)
Win32 Dynamic Link Library (generic) (14.2%)
Win32 Executable (generic) (9.7%)
Generic Win/DOS Executable (4.3%)
DOS Executable Generic (4.3%)
Tags
peexe

VirusTotal metadata
First submission 2016-10-15 04:40:35 UTC ( 2 years, 4 months ago )
Last submission 2017-02-16 11:51:48 UTC ( 2 years ago )
File names 7ccc57f92ee1132e30141f22bbb385db
7ccc57f92ee1132e30141f22bbb385db.virus
abc5dd0336a147311dd638442781b883bf14ab2aa708de70121d2dabbe5aacce
No comments. No VirusTotal Community member has commented on this item yet, be the first one to do so!

Leave your comment...

?
Post comment

You have not signed in. Only registered users can leave comments, sign in and have a voice!

No votes. No one has voted on this item yet, be the first one to do so!
Condensed report! The following is a condensed report of the behaviour of the file when executed in a controlled environment. The actions and events described were either performed by the file itself or by any other process launched by the executed file or subjected to code injection by the executed file.
Opened files
Read files
Written files
Code injections in the following processes
Created mutexes
Runtime DLLs
UDP communications