× Cookies are disabled! This site requires cookies to be enabled to work properly
SHA256: b095bd6f4e7bcccd23b523eeae989d8eade10cbaaa64cd12d4b194c4a2dc1546
File name: s927245.exe
Detection ratio: 32 / 56
Analysis date: 2017-01-23 04:28:01 UTC ( 2 years ago ) View latest
Antivirus Result Update
Ad-Aware Gen:Variant.Symmi.69744 20170123
AegisLab Ml.Attribute.Veryhighconfidence.[Heur.Advml!c 20170123
AhnLab-V3 Trojan/Win32.Lethic.R194181 20170122
ALYac Gen:Variant.Symmi.69744 20170123
Antiy-AVL Trojan[Backdoor]/Win32.Androm 20170123
Arcabit Trojan.Symmi.D11070 20170123
Avast Win32:Malware-gen 20170123
AVG Generic_r.QWU 20170123
Avira (no cloud) TR/AD.Zurgop.kyggt 20170122
AVware Trojan.Win32.Generic!BT 20170123
Baidu Win32.Trojan.WisdomEyes.16070401.9500.9956 20170122
BitDefender Gen:Variant.Symmi.69744 20170123
Cyren W32/S-e2e07e9d!Eldorado 20170123
Emsisoft Gen:Variant.Symmi.69744 (B) 20170123
ESET-NOD32 a variant of Win32/Kryptik.FNFD 20170122
F-Prot W32/S-e2e07e9d!Eldorado 20170123
F-Secure Gen:Variant.Symmi.69744 20170123
Fortinet W32/Kryptik.FNCG!tr 20170123
GData Gen:Variant.Symmi.69744 20170123
Ikarus Trojan.Win32.Crypt 20170122
Jiangmin Backdoor.Ruskill.yf 20170123
Kaspersky Backdoor.Win32.Androm.mihr 20170123
McAfee RDN/Generic.hbg 20170123
McAfee-GW-Edition BehavesLike.Win32.IBryte.ch 20170123
eScan Gen:Variant.Symmi.69744 20170123
Panda Trj/Genetic.gen 20170122
Rising Malware.Generic!nLLpcnRhEwJ@5 (thunder) 20170123
Symantec ML.Relationship.HighConfidence [Trojan.Gen.2] 20170122
TrendMicro TROJ_GEN.R021C0FAM17 20170123
TrendMicro-HouseCall TROJ_GEN.R021C0FAM17 20170123
VIPRE Trojan.Win32.Generic!BT 20170123
Yandex Backdoor.Androm!dmd8XSzls84 20170122
Alibaba 20170122
CAT-QuickHeal 20170121
ClamAV 20170123
CMC 20170122
Comodo 20170123
CrowdStrike Falcon (ML) 20161024
DrWeb 20170123
Sophos ML 20170111
K7AntiVirus 20170122
K7GW 20170123
Kingsoft 20170123
Malwarebytes 20170123
Microsoft 20170123
NANO-Antivirus 20170123
nProtect 20170123
Qihoo-360 20170123
Sophos AV 20170123
SUPERAntiSpyware 20170122
Tencent 20170123
TheHacker 20170117
TotalDefense 20170122
Trustlook 20170123
VBA32 20170121
ViRobot 20170123
WhiteArmor 20170122
Zillya 20170120
Zoner 20170123
The file being studied is a Portable Executable file! More specifically, it is a Win32 EXE file for the Windows GUI subsystem.
FileVersionInfo properties
Copyright
749

Product Proxy maker team
File version 3.54.155
Description Proxy maker team
Comments Proxy maker team
PE header basic information
Target machine Intel 386 or later processors and compatible processors
Compilation timestamp 2017-01-20 06:51:12
Entry Point 0x00003575
Number of sections 4
PE sections
PE imports
SetThreadLocale
GetStdHandle
GetConsoleOutputCP
GetFileAttributesA
HeapDestroy
GetLocalTime
FreeEnvironmentStringsA
DeleteCriticalSection
GetCurrentProcess
GetConsoleMode
GetLocaleInfoA
LocalAlloc
SetErrorMode
FreeEnvironmentStringsW
SetStdHandle
GetTempPathA
GetCPInfo
GetStringTypeA
WriteFile
GetSystemTimeAsFileTime
HeapReAlloc
GetStringTypeW
GetFullPathNameA
SetEvent
LocalFree
ResumeThread
InitializeCriticalSection
LoadResource
GlobalHandle
TlsGetValue
GetStringTypeExA
OutputDebugStringA
SetLastError
GlobalFindAtomA
HeapAlloc
GetVersionExA
GetModuleFileNameA
RaiseException
EnumCalendarInfoA
LoadLibraryExA
GetPrivateProfileStringA
SetThreadPriority
UnhandledExceptionFilter
InterlockedDecrement
MultiByteToWideChar
GetModuleHandleA
CreateThread
GlobalAddAtomA
SetUnhandledExceptionFilter
MulDiv
ExitThread
SetEnvironmentVariableA
GlobalMemoryStatus
WriteConsoleA
GlobalAlloc
SetEndOfFile
GetVersion
InterlockedIncrement
WriteConsoleW
HeapFree
EnterCriticalSection
SetHandleCount
GetOEMCP
QueryPerformanceCounter
GetTickCount
TlsAlloc
FlushFileBuffers
LoadLibraryA
RtlUnwind
GlobalSize
GetStartupInfoA
GlobalDeleteAtom
CreateDirectoryA
DeleteFileA
GetWindowsDirectoryA
GlobalLock
GetProcessHeap
CompareStringW
GlobalReAlloc
GetProfileStringA
CompareStringA
GetTempFileNameA
TerminateProcess
GetProcAddress
GetTimeZoneInformation
CreateEventA
CopyFileA
GetFileType
TlsSetValue
CreateFileA
ExitProcess
LeaveCriticalSection
GetLastError
LCMapStringW
GetSystemInfo
GlobalFree
GetConsoleCP
LCMapStringA
IsDebuggerPresent
GetThreadLocale
GetEnvironmentStringsW
GlobalUnlock
GetEnvironmentStrings
GetCurrentProcessId
LockResource
WideCharToMultiByte
HeapSize
GetCommandLineA
SuspendThread
QueryPerformanceFrequency
TlsFree
SetFilePointer
ReadFile
CloseHandle
GetACP
GetCurrentThreadId
SizeofResource
IsValidCodePage
HeapCreate
VirtualFree
Sleep
SetConsoleCtrlHandler
VirtualAlloc
ResetEvent
SystemParametersInfoA
ShowScrollBar
WaitMessage
TrackPopupMenu
TranslateMDISysAccel
UnhookWindowsHookEx
UnregisterClassA
ValidateRect
WindowFromPoint
wsprintfA
wvsprintfA
TranslateMessage
WinHelpA
ShowWindow
GetSysColor
UpdateWindow
Number of PE resources by type
RT_MANIFEST 1
RT_VERSION 1
Number of PE resources by language
ENGLISH US 1
ENGLISH ARABIC QATAR 1
PE resources
ExifTool file metadata
UninitializedDataSize
0

Comments
Proxy maker team

LinkerVersion
9.0

ImageVersion
0.0

FileSubtype
0

FileVersionNumber
7.3.131.0

LanguageCode
English (U.S.)

FileFlagsMask
0x0002

CharacterSet
Windows, Latin1

InitializedDataSize
88064

EntryPoint
0x3575

MIMEType
application/octet-stream

LegalCopyright
749

FileVersion
3.54.155

TimeStamp
2017:01:20 07:51:12+01:00

FileType
Win32 EXE

PEType
PE32

SubsystemVersion
5.0

ProductVersion
3.54.155

FileDescription
Proxy maker team

OSVersion
5.0

FileOS
Windows 16-bit

Subsystem
Windows GUI

MachineType
Intel 386 or later, and compatibles

CompanyName
Proxy maker team

CodeSize
70144

ProductName
Proxy maker team

ProductVersionNumber
7.3.0.0

FileTypeExtension
exe

ObjectFileType
Executable application

File identification
MD5 9bf097f21659e9a0003e27d03e0f24bf
SHA1 466a4dd09464a1f9debe3e573999756b745dd5ee
SHA256 b095bd6f4e7bcccd23b523eeae989d8eade10cbaaa64cd12d4b194c4a2dc1546
ssdeep
3072:r7XPb9yrqdcCehsKxiYW72dwV5zTu318n+W:3jsrqdcvsKCC6V5Ps18

authentihash 010500f588e0a85ae284ae7051ddbc8fa0a63f8d25f3f7662507cae6480ba806
imphash 41665fd31172c3d68aad6dcb836a070e
File size 136.0 KB ( 139264 bytes )
File type Win32 EXE
Magic literal
PE32 executable for MS Windows (GUI) Intel 80386 32-bit

TrID Win32 Executable MS Visual C++ (generic) (42.2%)
Win64 Executable (generic) (37.3%)
Win32 Dynamic Link Library (generic) (8.8%)
Win32 Executable (generic) (6.0%)
Generic Win/DOS Executable (2.7%)
Tags
peexe

VirusTotal metadata
First submission 2017-01-20 07:47:54 UTC ( 2 years, 1 month ago )
Last submission 2017-01-20 07:47:54 UTC ( 2 years, 1 month ago )
File names s927245.exe
No comments. No VirusTotal Community member has commented on this item yet, be the first one to do so!

Leave your comment...

?
Post comment

You have not signed in. Only registered users can leave comments, sign in and have a voice!

No votes. No one has voted on this item yet, be the first one to do so!
Condensed report! The following is a condensed report of the behaviour of the file when executed in a controlled environment. The actions and events described were either performed by the file itself or by any other process launched by the executed file or subjected to code injection by the executed file.
Opened files
Read files
Written files
Created processes
Code injections in the following processes
Opened mutexes
Runtime DLLs
UDP communications