× Cookies are disabled! This site requires cookies to be enabled to work properly
SHA256: ac5c6192bd6a5c26c7e1c3d81c2464a487da89eafe284bab67454988a3a1b3de
File name: 4ac7d949d3a7d1a18ac242bb21b41cec262372ef
Detection ratio: 16 / 57
Analysis date: 2016-10-31 13:51:52 UTC ( 2 years, 4 months ago ) View latest
Antivirus Result Update
Avast Win32:Malware-gen 20161031
AVG SHeur4.CLHO 20161031
Avira (no cloud) TR/Crypt.ZPACK.ritzd 20161031
Baidu Win32.Trojan.Elenoocka.a 20161031
Bkav HW32.Packed.A4D7 20161031
CrowdStrike Falcon (ML) malicious_confidence_100% (D) 20161024
ESET-NOD32 a variant of Win32/Kryptik.FIUA 20161031
Fortinet W32/Kryptik.FIUA!tr 20161031
GData Win32.Trojan.Agent.HOJ0SP 20161031
Ikarus Trojan.Win32.Crypt 20161031
Sophos ML virus.win32.sality.at 20161018
Malwarebytes Trojan.Boaxxe 20161031
McAfee-GW-Edition BehavesLike.Win32.Backdoor.dc 20161031
Qihoo-360 HEUR/QVM20.1.0000.Malware.Gen 20161031
Rising Malware.XPACK-HIE/Heur!1.9C48 (classic) 20161031
Sophos AV Mal/Generic-S 20161031
Ad-Aware 20161031
AegisLab 20161031
AhnLab-V3 20161031
Alibaba 20161031
ALYac 20161031
Antiy-AVL 20161031
Arcabit 20161031
AVware 20161031
BitDefender 20161031
CAT-QuickHeal 20161031
ClamAV 20161031
CMC 20161031
Comodo 20161031
Cyren 20161031
DrWeb 20161031
Emsisoft 20161031
F-Prot 20161031
F-Secure 20161031
Jiangmin 20161031
K7AntiVirus 20161031
K7GW 20161031
Kaspersky 20161031
Kingsoft 20161031
McAfee 20161031
Microsoft 20161031
eScan 20161031
NANO-Antivirus 20161031
nProtect 20161028
Panda 20161030
SUPERAntiSpyware 20161031
Symantec 20161031
Tencent 20161031
TheHacker 20161029
TotalDefense 20161028
TrendMicro 20161031
TrendMicro-HouseCall 20161031
VBA32 20161031
VIPRE 20161031
ViRobot 20161031
Yandex 20161030
Zillya 20161028
Zoner 20161031
The file being studied is a Portable Executable file! More specifically, it is a Win32 EXE file for the Windows GUI subsystem.
PE header basic information
Target machine Intel 386 or later processors and compatible processors
Compilation timestamp 2014-10-29 20:36:29
Entry Point 0x00006FE2
Number of sections 3
PE sections
PE imports
RegUnLoadKeyA
RegDeleteValueW
CredReadA
RegCreateKeyExA
RegReplaceKeyA
RegCreateKeyW
RegSaveKeyW
RegEnumValueW
RegDeleteKeyW
RegRestoreKeyW
RegOpenKeyW
SetPriorityClass
GetCurrentProcess
GetCurrentDirectoryW
GetModuleFileNameA
ReleaseSemaphore
GetConsoleTitleW
lstrlenA
WaitForSingleObject
FreeLibrary
InterlockedDecrement
FindNextFileW
lstrcpynA
LoadLibraryA
GetProcAddress
SetCurrentDirectoryA
CPEncrypt
CPDeriveKey
CPGenKey
CPCreateHash
CPDecrypt
InsertMenuA
CharNextA
LoadCursorW
LoadIconW
GetMonitorInfoA
wsprintfW
GetCaretPos
DrawStateW
DispatchMessageW
CharToOemA
Number of PE resources by type
RT_BITMAP 2
RT_VERSION 1
Number of PE resources by language
NEUTRAL 3
PE resources
Debug information
ExifTool file metadata
MIMEType
application/octet-stream

Subsystem
Windows GUI

MachineType
Intel 386 or later, and compatibles

FileTypeExtension
exe

TimeStamp
2014:10:29 21:36:29+01:00

FileType
Win32 EXE

PEType
PE32

CodeSize
219648

LinkerVersion
7.0

Warning
Possibly corrupt Version resource

EntryPoint
0x6fe2

InitializedDataSize
7680

SubsystemVersion
4.0

ImageVersion
5.1

OSVersion
5.1

UninitializedDataSize
0

File identification
MD5 e81a2c1dca5d5bc0086883ad29e8e738
SHA1 4ac7d949d3a7d1a18ac242bb21b41cec262372ef
SHA256 ac5c6192bd6a5c26c7e1c3d81c2464a487da89eafe284bab67454988a3a1b3de
ssdeep
3072:8cgSgZ7o30vc7vr4xrG0/7NlFxBUYgwuiRSfncuftq9prz5sSAd7g7Il0S:VgJxvRJ3xBF5RSfRftCFNsSAd7Fu

authentihash 97ff47c399c437b75575de91ab75375e41a1a2c6b5b658f8c690e09c890a16b3
imphash b588c725c1048cbbdd95183bdcc768f1
File size 223.0 KB ( 228352 bytes )
File type Win32 EXE
Magic literal
PE32 executable for MS Windows (GUI) Intel 80386 32-bit

TrID Win32 Dynamic Link Library (generic) (43.5%)
Win32 Executable (generic) (29.8%)
Generic Win/DOS Executable (13.2%)
DOS Executable Generic (13.2%)
Tags
peexe

VirusTotal metadata
First submission 2016-10-31 13:51:52 UTC ( 2 years, 4 months ago )
Last submission 2016-10-31 13:51:52 UTC ( 2 years, 4 months ago )
No comments. No VirusTotal Community member has commented on this item yet, be the first one to do so!

Leave your comment...

?
Post comment

You have not signed in. Only registered users can leave comments, sign in and have a voice!

No votes. No one has voted on this item yet, be the first one to do so!
Condensed report! The following is a condensed report of the behaviour of the file when executed in a controlled environment. The actions and events described were either performed by the file itself or by any other process launched by the executed file or subjected to code injection by the executed file.
Opened files
Read files
Written files
Copied files
Deleted files
Created processes
Shell commands
Code injections in the following processes
Created mutexes
Opened mutexes
Runtime DLLs