× Cookies are disabled! This site requires cookies to be enabled to work properly
SHA256: af4b12b47ffc944f0ee2ebd5b946a0d6bb27c55a036d468045e64846d1c80c2d
File name: 5311c3288e5480670222351b8ff4bafb.virus
Detection ratio: 36 / 54
Analysis date: 2016-06-29 11:46:04 UTC ( 2 years, 7 months ago ) View latest
Antivirus Result Update
Ad-Aware Gen:Variant.Razy.67425 20160629
AegisLab Troj.Downloader.W32.Small.lfSy 20160629
AhnLab-V3 Malware/Win32.Generic.N2032347018 20160629
ALYac Gen:Variant.Razy.67425 20160629
Antiy-AVL Trojan[:HEUR]/Win32.AGeneric 20160629
Arcabit Trojan.Razy.D10761 20160629
Avast Win32:Trojan-gen 20160629
AVG Downloader.Generic14.AZSA 20160629
Avira (no cloud) TR/Crypt.ZPACK.qvix 20160629
AVware Trojan.Win32.Generic!BT 20160629
Baidu Win32.Trojan.WisdomEyes.151026.9950.9987 20160629
BitDefender Gen:Variant.Razy.67425 20160629
Bkav HW32.Packed.D39E 20160629
Cyren W32/Trojan.VFHW-2595 20160629
Emsisoft Gen:Variant.Razy.67425 (B) 20160629
ESET-NOD32 a variant of Win32/Kryptik.FAAN 20160629
F-Secure Gen:Variant.Razy.67425 20160629
Fortinet W32/Kryptik.EYZH!tr 20160629
GData Gen:Variant.Razy.67425 20160629
Ikarus Trojan.Win32.Crypt 20160629
Jiangmin Trojan.Agent.acxs 20160629
K7AntiVirus Trojan ( 004f207c1 ) 20160629
K7GW Trojan ( 004f207c1 ) 20160629
Kaspersky HEUR:Trojan.Win32.Generic 20160629
Malwarebytes Trojan.Ursnif 20160629
McAfee Fareit-FEX!5311C3288E54 20160629
McAfee-GW-Edition BehavesLike.Win32.Backdoor.cc 20160629
Microsoft TrojanDownloader:Win32/Talalpek.A 20160629
eScan Gen:Variant.Razy.67425 20160629
Panda Trj/Genetic.gen 20160628
Qihoo-360 QVM20.1.Malware.Gen 20160629
Sophos AV Mal/Generic-S 20160629
Symantec Suspicious.Cloud.7.L 20160629
Tencent Win32.Trojan.Kryptik.Ssgn 20160629
TrendMicro TROJ_GEN.R02EC0FFO16 20160629
VIPRE Trojan.Win32.Generic!BT 20160629
Alibaba 20160629
CAT-QuickHeal 20160629
ClamAV 20160629
CMC 20160627
Comodo 20160629
DrWeb 20160629
F-Prot 20160629
Kingsoft 20160629
NANO-Antivirus 20160629
nProtect 20160629
SUPERAntiSpyware 20160629
TheHacker 20160628
TotalDefense 20160628
TrendMicro-HouseCall 20160629
VBA32 20160627
ViRobot 20160629
Zillya 20160629
Zoner 20160629
The file being studied is a Portable Executable file! More specifically, it is a Win32 EXE file for the Windows GUI subsystem.
PE header basic information
Target machine Intel 386 or later processors and compatible processors
Compilation timestamp 2012-07-14 08:37:33
Entry Point 0x00017B39
Number of sections 4
PE sections
PE imports
CloseClusterGroup
ClusterEnum
CloseCluster
JetCloseTable
JetCloseDatabase
CopyFileW
lstrcpynA
ReplaceFileW
WaitForSingleObjectEx
GetACP
GetStartupInfoA
GetDateFormatA
OpenWaitableTimerA
GetFileSize
OpenFileMappingA
CreateDirectoryW
DeleteFileW
GetProcAddress
CompareStringW
GetBinaryTypeW
GetModuleHandleA
GetDiskFreeSpaceW
ReadFile
WriteFile
CreateMutexW
CreateHardLinkW
GetComputerNameExW
CreateWaitableTimerA
FindNextFileA
GetSystemDirectoryA
HeapReAlloc
MoveFileExA
SetEnvironmentVariableA
GetLogicalDriveStringsA
GetNumberFormatA
InterlockedDecrement
CreateFileA
GetVersion
WriteConsoleW
CloseHandle
SHCreateShellItem
FindExecutableA
ShellAboutA
DragAcceptFiles
DragQueryFileA
DllUnregisterServer
DragQueryPoint
StrChrA
SHGetDesktopFolder
SHFileOperationA
GetThemeFont
GetThemeEnumValue
DrawThemeEdge
GetWindowTheme
GetCurrentThemeName
GetThemeBool
IsThemeActive
OpenThemeData
GetThemeInt
GetThemeSysSize
GetThemeColor
SetWindowTheme
GetThemeTextMetrics
Number of PE resources by type
ART 1
Number of PE resources by language
ENGLISH US 1
PE resources
Debug information
ExifTool file metadata
MIMEType
application/octet-stream

Subsystem
Windows GUI

MachineType
Intel 386 or later, and compatibles

FileTypeExtension
exe

TimeStamp
2012:07:14 09:37:33+01:00

FileType
Win32 EXE

PEType
PE32

CodeSize
96768

LinkerVersion
6.0

EntryPoint
0x17b39

InitializedDataSize
17920

SubsystemVersion
4.0

ImageVersion
0.0

OSVersion
4.0

UninitializedDataSize
0

File identification
MD5 5311c3288e5480670222351b8ff4bafb
SHA1 7fe090ed5aca5c13dc6adfe7bfd808a1dfb564e0
SHA256 af4b12b47ffc944f0ee2ebd5b946a0d6bb27c55a036d468045e64846d1c80c2d
ssdeep
3072:I8b345M0yGUFw4kwUBCUq4hDw09Z9j8dwo:h345M0yG54/Uf5X39

authentihash 42f9123ae796b59c67170a5cf5ce1ce862389ce4e880a5596be612f511a95300
imphash f547d211f63fa38a8fbb17f1be475532
File size 113.0 KB ( 115712 bytes )
File type Win32 EXE
Magic literal
PE32 executable for MS Windows (GUI) Intel 80386 32-bit

TrID Win32 Dynamic Link Library (generic) (43.5%)
Win32 Executable (generic) (29.8%)
Generic Win/DOS Executable (13.2%)
DOS Executable Generic (13.2%)
Tags
peexe

VirusTotal metadata
First submission 2016-06-29 11:46:04 UTC ( 2 years, 7 months ago )
Last submission 2016-07-22 22:42:24 UTC ( 2 years, 6 months ago )
File names 5311c3288e5480670222351b8ff4bafb.virus
No comments. No VirusTotal Community member has commented on this item yet, be the first one to do so!

Leave your comment...

?
Post comment

You have not signed in. Only registered users can leave comments, sign in and have a voice!

No votes. No one has voted on this item yet, be the first one to do so!
Condensed report! The following is a condensed report of the behaviour of the file when executed in a controlled environment. The actions and events described were either performed by the file itself or by any other process launched by the executed file or subjected to code injection by the executed file.
Opened files
Read files
Written files
Deleted files
Created processes
Code injections in the following processes
Created mutexes
Opened mutexes
Opened service managers
Opened services
Runtime DLLs
HTTP requests
DNS requests
TCP connections
UDP communications