× Cookies are disabled! This site requires cookies to be enabled to work properly
SHA256: acc60dfffb3e8a695a6aff28079e50ef6422e7789168acc9005048c1ba36970f
File name: 66d0446b5e43ec2260b18da8570e0e22.virus
Detection ratio: 29 / 56
Analysis date: 2016-11-23 07:49:00 UTC ( 2 years, 4 months ago )
Antivirus Result Update
Ad-Aware Gen:Variant.Zusy.212031 20161123
ALYac Gen:Variant.Zusy.212031 20161123
Arcabit Trojan.Zusy.D33C3F 20161123
Avast Win32:Malware-gen 20161123
AVG Generic_r.PLO 20161123
Avira (no cloud) TR/Crypt.Xpack.dslaj 20161122
Baidu Win32.Trojan.WisdomEyes.16070401.9500.9873 20161123
BitDefender Gen:Variant.Zusy.212031 20161123
CrowdStrike Falcon (ML) malicious_confidence_100% (D) 20161024
Cyren W32/Trojan.ACIP-7891 20161123
DrWeb Trojan.Encoder.7098 20161123
Emsisoft Gen:Variant.Zusy.212031 (B) 20161123
ESET-NOD32 a variant of Win32/Injector.DHRP 20161123
F-Secure Gen:Variant.Zusy.212031 20161123
Fortinet W32/Injector.DHQQ!tr 20161123
GData Gen:Variant.Zusy.212031 20161123
Sophos ML virtool.win32.ceeinject.gl 20161018
Kaspersky Backdoor.Win32.Androm.lrsa 20161123
Malwarebytes Trojan.Crypt 20161123
McAfee Trojan-FKHW!66D0446B5E43 20161123
McAfee-GW-Edition BehavesLike.Win32.Downloader.dc 20161123
Microsoft PWS:Win32/Zbot 20161123
eScan Gen:Variant.Zusy.212031 20161123
Panda Trj/CI.A 20161122
Qihoo-360 HEUR/QVM07.1.0000.Malware.Gen 20161123
Sophos AV Mal/Zbot-UM 20161123
Symantec Heur.AdvML.C 20161123
TrendMicro TROJ_GEN.R00JC0DKK16 20161123
TrendMicro-HouseCall TROJ_GEN.R00JC0DKK16 20161123
AegisLab 20161123
AhnLab-V3 20161123
Alibaba 20161123
Antiy-AVL 20161123
AVware 20161123
Bkav 20161123
CAT-QuickHeal 20161123
ClamAV 20161123
CMC 20161123
Comodo 20161122
F-Prot 20161123
Ikarus 20161122
Jiangmin 20161123
K7AntiVirus 20161123
K7GW 20161123
Kingsoft 20161123
NANO-Antivirus 20161123
nProtect 20161123
Rising 20161123
SUPERAntiSpyware 20161123
Tencent 20161123
TheHacker 20161122
TotalDefense 20161123
Trustlook 20161123
VBA32 20161122
VIPRE 20161123
ViRobot 20161123
Yandex 20161122
Zillya 20161122
Zoner 20161123
The file being studied is a Portable Executable file! More specifically, it is a Win32 EXE file for the Windows GUI subsystem.
FileVersionInfo properties
Copyright
(C) 2009

Product test
Original name test_21211.EXE
Internal name test_21211
File version 1, 0, 0, 1
Description test
PE header basic information
Target machine Intel 386 or later processors and compatible processors
Compilation timestamp 2016-11-15 06:38:35
Entry Point 0x00002CE4
Number of sections 4
PE sections
Overlays
MD5 927e987305bd7e2d1e4da66bbf06edc9
File type data
Offset 73728
Size 216930
Entropy 8.00
PE imports
RegQueryValueExW
GetTextExtentPoint32A
FindFirstFileW
CreateFileMappingW
GetStartupInfoA
GetCurrentProcessId
GetEnvironmentVariableA
OpenProcess
Beep
CreateFileA
GetEnvironmentStringsW
Sleep
GetStartupInfoW
FindNextFileA
GlobalUnlock
GetModuleFileNameA
VirtualAlloc
GetModuleHandleW
Ord(3820)
Ord(2438)
Ord(4621)
Ord(5298)
Ord(2980)
Ord(6371)
Ord(5237)
Ord(4073)
Ord(6048)
Ord(5257)
Ord(4435)
Ord(755)
Ord(5727)
Ord(3744)
Ord(4616)
Ord(6370)
Ord(815)
Ord(3257)
Ord(2717)
Ord(641)
Ord(4155)
Ord(3917)
Ord(2506)
Ord(2388)
Ord(567)
Ord(3076)
Ord(5285)
Ord(4667)
Ord(825)
Ord(5710)
Ord(5276)
Ord(4401)
Ord(540)
Ord(2858)
Ord(5273)
Ord(1767)
Ord(2127)
Ord(2371)
Ord(4480)
Ord(4229)
Ord(2294)
Ord(823)
Ord(912)
Ord(2047)
Ord(2504)
Ord(3216)
Ord(1569)
Ord(470)
Ord(6051)
Ord(5261)
Ord(3074)
Ord(2613)
Ord(3592)
Ord(4269)
Ord(324)
Ord(2977)
Ord(2116)
Ord(4418)
Ord(4831)
Ord(4992)
Ord(4459)
Ord(2377)
Ord(3825)
Ord(4419)
Ord(4074)
Ord(2640)
Ord(1089)
Ord(3254)
Ord(1165)
Ord(3341)
Ord(3523)
Ord(4692)
Ord(2971)
Ord(818)
Ord(4347)
Ord(535)
Ord(5157)
Ord(4029)
Ord(5296)
Ord(1768)
Ord(4704)
Ord(3793)
Ord(3826)
Ord(5193)
Ord(4847)
Ord(1720)
Ord(4075)
Ord(6090)
Ord(1131)
Ord(3733)
Ord(5303)
Ord(2546)
Ord(561)
Ord(1143)
Ord(1941)
Ord(6372)
Ord(3131)
Ord(5059)
Ord(3397)
Ord(4370)
Ord(5286)
_except_handler3
__p__fmode
_XcptFilter
__CxxFrameHandler
__wgetmainargs
_ftol
__p__commode
__setusermatherr
__dllonexit
_onexit
exit
_exit
_initterm
_controlfp
_wcmdln
_adjust_fdiv
__set_app_type
ReleaseDC
GetSystemMetrics
SetTimer
PeekMessageA
SendMessageW
GetMessageA
EnableWindow
GetScrollInfo
LoadIconW
DrawIcon
FindWindowW
GetClientRect
AppendMenuW
CreateWindowExW
KillTimer
GetMessageTime
GetSystemMenu
IsIconic
Number of PE resources by type
RT_ICON 6
RT_DIALOG 2
RT_GROUP_ICON 2
Struct(240) 1
RT_STRING 1
RT_VERSION 1
Number of PE resources by language
CHINESE SIMPLIFIED 8
NEUTRAL 5
PE resources
ExifTool file metadata
MIMEType
application/octet-stream

Subsystem
Windows GUI

MachineType
Intel 386 or later, and compatibles

FileTypeExtension
exe

TimeStamp
2016:11:15 07:38:35+01:00

FileType
Win32 EXE

PEType
PE32

CodeSize
12288

LinkerVersion
6.5

Warning
Invalid Version Info block

EntryPoint
0x2ce4

InitializedDataSize
57344

SubsystemVersion
4.0

ImageVersion
0.0

OSVersion
4.0

UninitializedDataSize
57344

File identification
MD5 66d0446b5e43ec2260b18da8570e0e22
SHA1 d52b046ab1a9c78f34ff2e1adcce4ad619b82a13
SHA256 acc60dfffb3e8a695a6aff28079e50ef6422e7789168acc9005048c1ba36970f
ssdeep
6144:4uadgbdf+R+xcL45gdMqIfQUPqIly11IMA6eU:4uR5EwckO2QUPVlyRA7U

authentihash e527b1cec4296f5919d8fd2a193678f739305a8ae756e07b0ea2a8bb04f2d63c
imphash 7ced55e8a649fac81d7da4bcb2876977
File size 283.8 KB ( 290658 bytes )
File type Win32 EXE
Magic literal
PE32 executable for MS Windows (GUI) Intel 80386 32-bit

TrID Win32 Executable MS Visual C++ (generic) (42.2%)
Win64 Executable (generic) (37.3%)
Win32 Dynamic Link Library (generic) (8.8%)
Win32 Executable (generic) (6.0%)
Generic Win/DOS Executable (2.7%)
Tags
peexe overlay

VirusTotal metadata
First submission 2016-11-23 07:49:00 UTC ( 2 years, 4 months ago )
Last submission 2016-11-23 07:49:00 UTC ( 2 years, 4 months ago )
File names 66d0446b5e43ec2260b18da8570e0e22.virus
test_21211.EXE
test_21211
No comments. No VirusTotal Community member has commented on this item yet, be the first one to do so!

Leave your comment...

?
Post comment

You have not signed in. Only registered users can leave comments, sign in and have a voice!

No votes. No one has voted on this item yet, be the first one to do so!