× Cookies are disabled! This site requires cookies to be enabled to work properly
SHA256: ad3ba3bcd64aa9670389bedebe328c6874c96f2dea6ec2abb41b8c7537dc3d8d
File name: MEMORY.dmp
Detection ratio: 16 / 57
Analysis date: 2015-05-14 03:42:50 UTC ( 3 years, 9 months ago ) View latest
Antivirus Result Update
Ad-Aware Gen:Trojan.Heur.FU.bmX@ayndRGd 20150514
Avast Win32:Stoberox-A [Trj] 20150514
AVG Win32/DH{UFQWgQWBBgoTOyAigQ5bJQ} 20150514
Avira (no cloud) TR/Crypt.ZPACK.Gen 20150514
BitDefender Gen:Trojan.Heur.FU.bmX@ayndRGd 20150514
Emsisoft Gen:Trojan.Heur.FU.bmX@ayndRGd (B) 20150514
ESET-NOD32 a variant of Win32/Zlader.H 20150514
F-Secure Gen:Trojan.Heur.FU.bmX@ayndRGd 20150514
GData Gen:Trojan.Heur.FU.bmX@ayndRGd 20150514
Kaspersky HEUR:Trojan.Win32.Generic 20150514
Malwarebytes Trojan.Downloader 20150513
eScan Gen:Trojan.Heur.FU.bmX@ayndRGd 20150514
NANO-Antivirus Virus.Win32.Gen.ccmw 20150514
SUPERAntiSpyware Trojan.Agent/Gen-Obfuscator 20150514
Tencent Trojan.Win32.Qudamah.Gen.1 20150514
VBA32 Malware-Cryptor.Inject.gen.2 20150513
AegisLab 20150514
Yandex 20150513
AhnLab-V3 20150513
Alibaba 20150514
ALYac 20150514
Antiy-AVL 20150514
AVware 20150514
Baidu-International 20150513
Bkav 20150513
ByteHero 20150514
CAT-QuickHeal 20150513
ClamAV 20150513
CMC 20150513
Comodo 20150514
Cyren 20150513
DrWeb 20150514
F-Prot 20150514
Fortinet 20150514
Ikarus 20150514
Jiangmin 20150513
K7AntiVirus 20150513
K7GW 20150514
Kingsoft 20150514
McAfee 20150514
McAfee-GW-Edition 20150514
Microsoft 20150514
Norman 20150513
nProtect 20150513
Panda 20150513
Qihoo-360 20150514
Rising 20150513
Sophos AV 20150514
Symantec 20150514
TheHacker 20150514
TotalDefense 20150513
TrendMicro 20150514
TrendMicro-HouseCall 20150514
VIPRE 20150514
ViRobot 20150513
Zillya 20150513
Zoner 20150513
The file being studied is a Portable Executable file! More specifically, it is a Win32 EXE file for the Windows GUI subsystem.
PE header basic information
Target machine Intel 386 or later processors and compatible processors
Compilation timestamp 2015-04-23 14:26:38
Entry Point 0x00003FEB
Number of sections 3
PE sections
PE imports
LocalFree
LocalAlloc
GetModuleHandleA
GlobalFree
GlobalAlloc
ExitProcess
CloseHandle
GetCommandLineA
LoadLibraryA
GetVersionExW
lstrlenW
ExifTool file metadata
MIMEType
application/octet-stream

Subsystem
Windows GUI

MachineType
Intel 386 or later, and compatibles

FileTypeExtension
exe

TimeStamp
2015:04:23 15:26:38+01:00

FileType
Win32 EXE

PEType
PE32

CodeSize
12800

LinkerVersion
5.12

EntryPoint
0x3feb

InitializedDataSize
1024

SubsystemVersion
4.0

ImageVersion
0.0

OSVersion
4.0

UninitializedDataSize
0

File identification
MD5 5becaba3d4927272b082561b795e16bb
SHA1 d5ae5a5051f2c373afc6e18ee85df0dfe48c5490
SHA256 ad3ba3bcd64aa9670389bedebe328c6874c96f2dea6ec2abb41b8c7537dc3d8d
ssdeep
384:T6R0rSbzENSZ0Mec8RB3W7zadqW7FjkCKBKjR4ulQYVasvAU:TmzXENSZ0Me6G9suR4uDasI

authentihash f810d1535b755bcaee395fbd45e25bd66a281a1602c0a3c987861ed3d6a52b4a
imphash 6a8b8b65b915dcbf6e91a82d95c9eede
File size 16.0 KB ( 16384 bytes )
File type Win32 EXE
Magic literal
PE32 executable for MS Windows (GUI) Intel 80386 32-bit

TrID Win32 Dynamic Link Library (generic) (43.5%)
Win32 Executable (generic) (29.8%)
Generic Win/DOS Executable (13.2%)
DOS Executable Generic (13.2%)
Autodesk FLIC Image File (extensions: flc, fli, cel) (0.0%)
Tags
peexe via-tor

VirusTotal metadata
First submission 2015-05-14 03:42:50 UTC ( 3 years, 9 months ago )
Last submission 2015-05-14 09:35:42 UTC ( 3 years, 9 months ago )
File names DUMP_00960000-00964000.exe
MEMORY.dmp
Advanced heuristic and reputation engines
Symantec reputation Suspicious.Insight
No comments. No VirusTotal Community member has commented on this item yet, be the first one to do so!

Leave your comment...

?
Post comment

You have not signed in. Only registered users can leave comments, sign in and have a voice!

No votes. No one has voted on this item yet, be the first one to do so!
Condensed report! The following is a condensed report of the behaviour of the file when executed in a controlled environment. The actions and events described were either performed by the file itself or by any other process launched by the executed file or subjected to code injection by the executed file.
Opened files
Created processes
Opened mutexes
Runtime DLLs