× Cookies are disabled! This site requires cookies to be enabled to work properly
SHA256: af345dfd3dac80ac16ab6bd087a21d09ec76fc5b869e709b0fe5cd2f312a278a
File name: 9787g4fr4.exe
Detection ratio: 3 / 55
Analysis date: 2016-01-14 11:47:03 UTC ( 2 years, 10 months ago ) View latest
Antivirus Result Update
Jiangmin Trojan.PSW.Tepfer.abx 20160114
Qihoo-360 QVM10.1.Malware.Gen 20160114
Rising PE:Malware.Generic(Thunder)!1.A1C4 [F] 20160114
Ad-Aware 20160114
AegisLab 20160114
Yandex 20160113
AhnLab-V3 20160114
Alibaba 20160114
ALYac 20160114
Antiy-AVL 20160114
Arcabit 20160114
Avast 20160114
AVG 20160114
Avira (no cloud) 20160114
AVware 20160111
Baidu-International 20160114
BitDefender 20160114
Bkav 20160113
ByteHero 20160114
CAT-QuickHeal 20160114
ClamAV 20160113
CMC 20160111
Comodo 20160113
Cyren 20160114
DrWeb 20160114
Emsisoft 20160114
ESET-NOD32 20160114
F-Prot 20160111
F-Secure 20160114
Fortinet 20160114
GData 20160114
Ikarus 20160114
K7AntiVirus 20160114
K7GW 20160114
Kaspersky 20160114
Malwarebytes 20160114
McAfee 20160114
McAfee-GW-Edition 20160114
Microsoft 20160114
eScan 20160114
NANO-Antivirus 20160114
nProtect 20160113
Panda 20160113
Sophos AV 20160114
SUPERAntiSpyware 20160114
Symantec 20160113
Tencent 20160114
TheHacker 20160114
TrendMicro 20160114
TrendMicro-HouseCall 20160114
VBA32 20160113
VIPRE 20160114
ViRobot 20160114
Zillya 20160114
Zoner 20160114
The file being studied is a Portable Executable file! More specifically, it is a Win32 EXE file for the Windows GUI subsystem.
FileVersionInfo properties
Copyright
Copyright 1995-Present McAfee Inc

Product Fad Decompress
Original name Fad Decompress
Internal name Fad Decompress
File version 3.8.33.120
Description Eventhandlingscopeactivity Multiplexer
Comments Eventhandlingscopeactivity Multiplexer
PE header basic information
Target machine Intel 386 or later processors and compatible processors
Compilation timestamp 2016-01-14 11:31:31
Entry Point 0x0000C805
Number of sections 3
PE sections
PE imports
GetTokenInformation
LsaAddAccountRights
OpenProcessToken
GetUserNameW
FreeSid
AllocateAndInitializeSid
OpenThreadToken
LsaRemoveAccountRights
EqualSid
DeleteDC
SelectObject
PatBlt
GetStockObject
CreateCompatibleBitmap
TextOutA
SetWindowOrgEx
BitBlt
CreateCompatibleDC
DeleteObject
StretchBlt
SetTextColor
GetLastError
GetSystemTimeAsFileTime
QueryPerformanceCounter
IsDebuggerPresent
GetTickCount
LoadLibraryA
GetStartupInfoA
GetCurrentProcessId
OpenProcess
GetVolumeInformationW
DeleteFileA
UnhandledExceptionFilter
GetProcAddress
InterlockedCompareExchange
GetCurrentThread
SetFilePointer
GetTempPathA
GetFileSizeEx
GetModuleHandleA
InterlockedExchange
SetUnhandledExceptionFilter
GetCurrentProcess
GetVolumeNameForVolumeMountPointW
GetTempFileNameA
ExitThread
GlobalLock
SetFileAttributesA
MoveFileA
TerminateProcess
HeapCreate
Sleep
CreateFileA
HeapAlloc
GetCurrentThreadId
SetLastError
CloseHandle
??0?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@PBD@Z
??0?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@ABV01@@Z
??1?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@XZ
??4?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEAAV01@PBD@Z
__p__fmode
malloc
?what@exception@std@@UBEPBDXZ
_acmdln
wprintf
memset
__dllonexit
_controlfp_s
toupper
printf
_invoke_watson
strlen
_amsg_exit
?terminate@@YAXXZ
?_type_info_dtor_internal_method@type_info@@QAEXXZ
??2@YAPAXI@Z
_lock
_onexit
_unlock
exit
_XcptFilter
_encode_pointer
__setusermatherr
_decode_pointer
__p__commode
_cexit
_CxxThrowException
_ismbblead
memmove_s
_crt_debugger_hook
_adjust_fdiv
??3@YAXPAX@Z
free
__CxxFrameHandler3
_except_handler4_common
__getmainargs
calloc
_initterm
??0exception@std@@QAE@ABV01@@Z
??1exception@std@@UAE@XZ
_initterm_e
_invalid_parameter_noinfo
??0exception@std@@QAE@ABQBD@Z
_configthreadlocale
??0exception@std@@QAE@XZ
_exit
__set_app_type
NetUserGetInfo
NetApiBufferFree
VariantChangeType
VariantClear
VariantInit
VariantChangeTypeEx
GetModuleFileNameExA
EnumProcessModules
SetupDiEnumDeviceInterfaces
SetupDiSetDeviceInstallParamsA
SetupDiGetClassDevsA
SetupDiGetDeviceInterfaceDetailA
SetupDiEnumDeviceInfo
SetupDiDestroyDeviceInfoList
SetupDiSetClassInstallParamsA
ExtractAssociatedIconA
ExtractAssociatedIconExA
StrToInt64ExA
StrToIntA
StrRetToStrA
lineSetTollListA
MapWindowPoints
EmptyClipboard
RegisterClipboardFormatA
ReleaseDC
EndDialog
LoadMenuA
EnumWindows
ChangeDisplaySettingsA
DefWindowProcA
CheckMenuRadioItem
SetWindowPos
RemoveMenu
DestroyIcon
GetWindowRect
EndPaint
ScrollWindowEx
SetDlgItemTextA
SetWindowLongA
GetWindowLongA
DialogBoxParamA
SetScrollInfo
CopyImage
GetCursorPos
DrawTextA
BeginPaint
SetWindowTextA
CheckMenuItem
GetMenu
LoadStringA
SetClipboardData
DrawIconEx
wsprintfA
SetForegroundWindow
GetClientRect
GetDlgItem
CreateDialogParamA
DeleteMenu
InvalidateRect
GetSubMenu
CreateWindowExA
EnumDisplaySettingsA
TrackPopupMenu
FillRect
IsDlgButtonChecked
GetMenuState
IsRectEmpty
GetSystemMenu
GetDC
CloseClipboard
DestroyMenu
OpenClipboard
GetAncestor
DestroyWindow
GetFileVersionInfoSizeA
InternetSetFilePointer
InternetReadFile
InternetOpenUrlA
InternetOpenA
HttpQueryInfoA
ImageRvaToVa
CLSIDFromString
CoTaskMemFree
CoInitialize
ExifTool file metadata
LegalTrademarks
Copyright 1995-Present McAfee Inc

SubsystemVersion
5.0

Comments
Eventhandlingscopeactivity Multiplexer

Languages
English

LinkerVersion
9.0

ImageVersion
0.0

FileSubtype
0

FileVersionNumber
3.8.33.120

LanguageCode
Unknown (03EE)

FileFlagsMask
0x003f

FileDescription
Eventhandlingscopeactivity Multiplexer

CharacterSet
Unicode

InitializedDataSize
69632

PrivateBuild
3.8.33.120

EntryPoint
0xc805

OriginalFileName
Fad Decompress

MIMEType
application/octet-stream

LegalCopyright
Copyright 1995-Present McAfee Inc

FileVersion
3.8.33.120

TimeStamp
2016:01:14 12:31:31+01:00

FileType
Win32 EXE

PEType
PE32

InternalName
Fad Decompress

ProductVersion
3.8.33.120

UninitializedDataSize
0

OSVersion
5.0

FileOS
Windows NT 32-bit

Subsystem
Windows GUI

MachineType
Intel 386 or later, and compatibles

CompanyName
McAfee Inc

CodeSize
55296

ProductName
Fad Decompress

ProductVersionNumber
3.8.33.120

FileTypeExtension
exe

ObjectFileType
Executable application

Compressed bundles
File identification
MD5 9f6ce868b6e3671afe731de8768b9c8c
SHA1 3babc0e3438361be692272268dde5307b08aecb7
SHA256 af345dfd3dac80ac16ab6bd087a21d09ec76fc5b869e709b0fe5cd2f312a278a
ssdeep
3072:5dhZXi3NtQhZ4GY9pphpcMFciOGGdxEi90GNzyNc1AeRIc:5jZXiX335OGOx/90xIH

authentihash 6d393423f00f3884440bd1166e704e226ee58c79503a573bb1c34b679272d308
imphash a53d5945ac0594ba643b18408b020a3d
File size 123.0 KB ( 125952 bytes )
File type Win32 EXE
Magic literal
PE32 executable for MS Windows (GUI) Intel 80386 32-bit

TrID Win32 Executable MS Visual C++ (generic) (67.4%)
Win32 Dynamic Link Library (generic) (14.2%)
Win32 Executable (generic) (9.7%)
Generic Win/DOS Executable (4.3%)
DOS Executable Generic (4.3%)
Tags
peexe

VirusTotal metadata
First submission 2016-01-14 11:47:03 UTC ( 2 years, 10 months ago )
Last submission 2016-04-25 12:14:57 UTC ( 2 years, 6 months ago )
File names verdnd.exe
BLABLA.BLA.exe
Malware_MSEXE_af345dfd3dac80ac16ab6bd087a21d09ec76fc5b869e709b0fe5cd2f312a278a
dridex11.exe
9787g4fr4.ex
Fad Decompress
9787g4fr4.exe
Advanced heuristic and reputation engines
No comments. No VirusTotal Community member has commented on this item yet, be the first one to do so!

Leave your comment...

?
Post comment

You have not signed in. Only registered users can leave comments, sign in and have a voice!

No votes. No one has voted on this item yet, be the first one to do so!
Condensed report! The following is a condensed report of the behaviour of the file when executed in a controlled environment. The actions and events described were either performed by the file itself or by any other process launched by the executed file or subjected to code injection by the executed file.
Opened files
Read files
Written files
Deleted files
Created processes
Code injections in the following processes
Created mutexes
Opened mutexes
Opened service managers
Opened services
Runtime DLLs
HTTP requests
DNS requests
TCP connections
UDP communications