× Cookies are disabled! This site requires cookies to be enabled to work properly
SHA256: adb8ae7245995c041c3bfd67c760b595007cd5d17b09767e2c1f8fd6600a5d74
File name: 5c86e9e0a43c876da5a4cf27ee02df9c.dec
Detection ratio: 21 / 56
Analysis date: 2015-07-26 00:15:53 UTC ( 2 years, 11 months ago )
Antivirus Result Update
Antiy-AVL Trojan[Backdoor]/Win32.Caphaw 20150725
Avast Win32:Malware-gen 20150726
AVG Crypt4.BNBL 20150726
Cyren W32/FakeAlert.UQ.gen!Eldorado 20150726
DrWeb Trojan.DownLoader15.2621 20150726
ESET-NOD32 Win32/Battdil.AH 20150725
F-Prot W32/FakeAlert.UQ.gen!Eldorado 20150726
Fortinet W32/Waski.B!tr 20150725
K7AntiVirus Trojan ( 004c8b151 ) 20150725
K7GW Trojan ( 004c8b151 ) 20150725
Kaspersky Backdoor.Win32.Caphaw.vkr 20150726
Malwarebytes Trojan.Shylock.XGen 20150724
McAfee Downloader-FAWW!48B97CA94B8E 20150726
McAfee-GW-Edition Downloader-FAWW!48B97CA94B8E 20150726
Microsoft PWS:Win32/Dyzap 20150725
NANO-Antivirus Trojan.Win32.DownLoader15.dufjig 20150725
Sophos AV Mal/Wonton-BD 20150725
TrendMicro TROJ_UPATRE.SMY2 20150726
TrendMicro-HouseCall TROJ_UPATRE.SMY2 20150725
ViRobot Trojan.Win32.Upatre.487424.A[h] 20150726
Zillya Backdoor.Caphaw.Win32.906 20150725
Ad-Aware 20150725
AegisLab 20150725
Yandex 20150725
AhnLab-V3 20150725
Alibaba 20150724
ALYac 20150725
Arcabit 20150726
Avira (no cloud) 20150725
AVware 20150725
Baidu-International 20150725
BitDefender 20150726
Bkav 20150724
ByteHero 20150726
CAT-QuickHeal 20150725
ClamAV 20150725
Comodo 20150725
Emsisoft 20150726
F-Secure 20150725
GData 20150726
Ikarus 20150725
Jiangmin 20150725
Kingsoft 20150726
eScan 20150726
nProtect 20150723
Panda 20150725
Qihoo-360 20150726
Rising 20150722
SUPERAntiSpyware 20150725
Symantec 20150725
Tencent 20150726
TheHacker 20150723
TotalDefense 20150723
VBA32 20150725
VIPRE 20150726
Zoner 20150725
The file being studied is a Portable Executable file! More specifically, it is a Win32 EXE file for the Windows GUI subsystem.
PE header basic information
Target machine Intel 386 or later processors and compatible processors
Compilation timestamp 2015-07-20 09:54:13
Entry Point 0x00001775
Number of sections 4
PE sections
PE imports
CreateBitmap
SelectObject
GetLastError
HeapFree
GetStdHandle
LCMapStringW
SetHandleCount
GetFileAttributesA
OpenEventW
GetOEMCP
LCMapStringA
HeapDestroy
GetTickCount
GetEnvironmentStringsW
LoadLibraryA
RtlUnwind
RemoveDirectoryA
FreeEnvironmentStringsA
HeapAlloc
GetStartupInfoA
GetEnvironmentStrings
WideCharToMultiByte
UnhandledExceptionFilter
MultiByteToWideChar
HeapSize
FreeEnvironmentStringsW
GetCommandLineA
GetProcAddress
GetCurrentThread
GetCPInfo
GetStringTypeA
GetModuleHandleA
InterlockedExchange
WriteFile
GetCurrentProcess
GetACP
HeapReAlloc
GetStringTypeW
GetModuleHandleW
TerminateProcess
GetModuleFileNameA
HeapCreate
OpenSemaphoreA
VirtualFree
FindClose
Sleep
GetFileType
ExitProcess
GetVersion
OpenEventA
VirtualAlloc
EnableWindow
LoadIconW
MessageBoxW
LoadIconA
WaitForInputIdle
SCardForgetReaderW
ExifTool file metadata
MIMEType
application/octet-stream

Subsystem
Windows GUI

MachineType
Intel 386 or later, and compatibles

FileTypeExtension
exe

TimeStamp
2015:07:20 10:54:13+01:00

FileType
Win32 EXE

PEType
PE32

CodeSize
16384

LinkerVersion
6.0

Warning
Error processing PE data dictionary

EntryPoint
0x1775

InitializedDataSize
471040

SubsystemVersion
4.0

ImageVersion
8.2

OSVersion
4.0

UninitializedDataSize
0

File identification
MD5 48b97ca94b8ee8c469abeb3836c55eb2
SHA1 3fdfaca98cef88efe1411789e741dd5ffa65a91c
SHA256 adb8ae7245995c041c3bfd67c760b595007cd5d17b09767e2c1f8fd6600a5d74
ssdeep
6144:qPascXi5LOR5z39b6j3s40EUT7dshwkJwo0Tlk/9Zgi2HW0XQTo9Oo:AasciOPz35/Jsh9wn8HgV20+SOo

authentihash 2236e6d1104a2c09e1f78ba10f53b5130550c378ba87db02f461d7f33e6d5acb
imphash f9e96ebb8d34f0e22d985ef2bd03cc45
File size 472.0 KB ( 483328 bytes )
File type Win32 EXE
Magic literal
PE32 executable for MS Windows (GUI) Intel 80386 32-bit

TrID Win32 Executable MS Visual C++ (generic) (67.3%)
Win32 Dynamic Link Library (generic) (14.2%)
Win32 Executable (generic) (9.7%)
Generic Win/DOS Executable (4.3%)
DOS Executable Generic (4.3%)
Tags
peexe

VirusTotal metadata
First submission 2015-07-26 00:15:53 UTC ( 2 years, 11 months ago )
Last submission 2015-07-26 00:15:53 UTC ( 2 years, 11 months ago )
File names 5c86e9e0a43c876da5a4cf27ee02df9c.dec
Advanced heuristic and reputation engines
Symantec reputation Suspicious.Insight
No comments. No VirusTotal Community member has commented on this item yet, be the first one to do so!

Leave your comment...

?
Post comment

You have not signed in. Only registered users can leave comments, sign in and have a voice!

No votes. No one has voted on this item yet, be the first one to do so!