× Cookies are disabled! This site requires cookies to be enabled to work properly
SHA256: b15cec2e3d9a952d9e7c8a591e00fe9a27f0b68ea6f4496e190ce6982289cefc
File name: D113628C6386F2F89B4D56DC843FBB3E
Detection ratio: 54 / 62
Analysis date: 2017-05-12 06:12:20 UTC ( 3 months, 1 week ago )
Antivirus Result Update
Ad-Aware Gen:Variant.Poweliks.Dropper.2 20170512
AegisLab Uds.Dangerousobject.Multi!c 20170512
AhnLab-V3 Trojan/Win32.Poweliks.R194808 20170512
ALYac Gen:Variant.Poweliks.Dropper.2 20170512
Antiy-AVL Trojan/Win32.Poweliks 20170512
Arcabit Trojan.Poweliks.Dropper.2 20170512
Avast Win32:Rootkit-gen [Rtk] 20170512
AVG Atros5.QDP 20170512
Avira (no cloud) TR/Crypt.Xpack.fajna 20170511
AVware Trojan.Win32.Generic!BT 20170512
Baidu Win32.Trojan.WisdomEyes.16070401.9500.9999 20170503
BitDefender Gen:Variant.Poweliks.Dropper.2 20170512
CAT-QuickHeal Trojan.Kovter.S472208 20170512
Comodo TrojWare.Win32.Amtar.UABW 20170512
CrowdStrike Falcon (ML) malicious_confidence_100% (W) 20170130
Cyren W32/S-1f0f80e6!Eldorado 20170512
DrWeb Trojan.Kovter.297 20170512
Emsisoft Gen:Variant.Poweliks.Dropper.2 (B) 20170512
Endgame malicious (high confidence) 20170503
ESET-NOD32 a variant of Win32/Kryptik.FRCN 20170512
F-Prot W32/S-1f0f80e6!Eldorado 20170512
F-Secure Gen:Variant.Poweliks.Dropper.2 20170512
Fortinet W32/GenKryptik.TIW!tr 20170512
GData Gen:Variant.Poweliks.Dropper.2 20170512
Ikarus Trojan.Win32.Kovter 20170511
Sophos ML trojan.win32.ramnit.a 20170413
Jiangmin Trojan.Poweliks.ld 20170512
K7AntiVirus Trojan ( 004c341a1 ) 20170512
K7GW Trojan ( 004c341a1 ) 20170512
Kaspersky HEUR:Trojan.Win32.Generic 20170512
Malwarebytes Trojan.Kovter 20170512
McAfee GenericRXAY-IA!D113628C6386 20170512
McAfee-GW-Edition BehavesLike.Win32.Downloader.fc 20170511
Microsoft Trojan:Win32/Kovter 20170512
eScan Gen:Variant.Poweliks.Dropper.2 20170512
NANO-Antivirus Trojan.Win32.GenKryptik.eljipv 20170512
Palo Alto Networks (Known Signatures) generic.ml 20170512
Panda Trj/GdSda.A 20170511
Qihoo-360 Win32/RootKit.Rootkit.7e5 20170512
Rising Malware.Generic.1!tfe (thunder:1:cKlyGdlTckP) 20170512
SentinelOne (Static ML) static engine - malicious 20170330
Sophos AV Mal/Kovter-Z 20170512
Symantec Ransom.Kovter 20170511
Tencent Win32.Trojan.Poweliks.Wnbv 20170512
TheHacker Trojan/GenKryptik.ton 20170508
TrendMicro TROJ_KOVTER.AUSIW 20170512
TrendMicro-HouseCall TROJ_KOVTER.AUSIW 20170512
VBA32 Trojan.Poweliks 20170511
VIPRE Trojan.Win32.Generic!BT 20170512
ViRobot Trojan.Win32.Z.Kovter.342765[h] 20170512
Webroot W32.Trojan.Gen 20170512
Yandex Trojan.GenKryptik! 20170510
Zillya Trojan.Poweliks.Win32.276 20170511
ZoneAlarm by Check Point HEUR:Trojan.Win32.Generic 20170512
Alibaba 20170512
Bkav 20170511
ClamAV 20170512
CMC 20170511
Kingsoft 20170512
nProtect 20170512
SUPERAntiSpyware 20170511
Symantec Mobile Insight 20170512
TotalDefense 20170512
Trustlook 20170512
WhiteArmor 20170502
Zoner 20170512
The file being studied is a Portable Executable file! More specifically, it is a Win32 EXE file for the Windows GUI subsystem.
FileVersionInfo properties
Copyright
Copyright © 1991-2005 by Gougelet Pierre-e

Product XnView
Internal name XnView
File version 2.13
Description XnView SlideShow
Comments Modified by an unpaid evaluation copy of Resource Tuner 2 (www.heaventools.com)
PE header basic information
Target machine Intel 386 or later processors and compatible processors
Compilation timestamp 2005-01-04 07:28:00
Entry Point 0x00003466
Number of sections 8
PE sections
Overlays
MD5 3a561d1d4dadcc58a8e808629cf7a0dd
File type data
Offset 342016
Size 749
Entropy 7.75
PE imports
CryptReleaseContext
RegisterEventSourceA
CryptGenRandom
CryptAcquireContextA
ReportEventA
CertOpenSystemStoreA
CertCloseStore
GetDeviceCaps
CreateDCA
DeleteDC
DeleteObject
SelectObject
BitBlt
CreateCompatibleDC
GetBitmapBits
CreateCompatibleBitmap
GetLastError
GetStdHandle
EnterCriticalSection
WaitForSingleObject
GetThreadPriority
QueryPerformanceCounter
GetTickCount
TlsAlloc
VirtualProtect
LoadLibraryA
GlobalHandle
GetSystemDirectoryA
DeleteCriticalSection
SetThreadPriority
ReleaseSemaphore
OpenProcess
SetThreadAffinityMask
WaitForMultipleObjects
GetThreadContext
GetCurrentThread
IsDBCSLeadByteEx
GetTempPathA
QueryPerformanceFrequency
CreateSemaphoreA
TlsFree
GetModuleHandleA
FindFirstFileA
SetUnhandledExceptionFilter
lstrcpyA
CloseHandle
ResetEvent
lstrcpynA
FindNextFileA
SetProcessAffinityMask
DuplicateHandle
GetProcAddress
ResumeThread
SetThreadContext
GetProcessAffinityMask
GetTimeZoneInformation
GlobalAlloc
CreateEventA
TlsGetValue
Sleep
TlsSetValue
ExitProcess
GetVersion
VirtualQuery
GetModuleHandleExA
SetLastError
LeaveCriticalSection
wsprintfA
MessageBoxW
GetDesktopWindow
MessageBoxA
GetUserObjectInformationW
GetProcessWindowStation
timeGetTime
getaddrinfo
htonl
shutdown
accept
ioctlsocket
WSAStartup
freeaddrinfo
connect
getsockname
htons
getnameinfo
select
gethostname
getsockopt
recv
ntohl
inet_addr
send
ntohs
WSAGetLastError
listen
__WSAFDIsSet
WSACleanup
gethostbyname
WSASetLastError
closesocket
setsockopt
socket
getpeername
bind
recvfrom
WSAEnumNetworkEvents
sendto
fseek
_wfindfirst
_wfopen
fclose
_snwprintf
strtoul
fflush
fsetpos
strtol
_findclose
_ftime64
fwrite
mktime
isspace
localtime
__doserrno
strrchr
_write
memcpy
strstr
memmove
signal
_mkdir
_initterm
strcmp
memchr
strncmp
toupper
fgetc
memset
strcat
_stricmp
_setmode
fgets
__pioinfo
strchr
fopen
_wfindnext
fgetpos
_getpid
ftell
exit
sprintf
_unlink
strcspn
fputc
ferror
gmtime
free
_strnicmp
_fstati64
_stat
_lseeki64
_vsnprintf
putchar
puts
_read
strcpy
bsearch
__mb_cur_max
islower
_getch
isupper
strftime
_iob
rand
_putenv
setlocale
realloc
__dllonexit
calloc
isprint
_setjmp3
_access
printf
_rmdir
strncpy
raise
isalnum
fputs
qsort
_open
_onexit
wcslen
isalpha
putc
memcmp
__setusermatherr
log10
srand
getenv
_stati64
atoi
vfprintf
atof
localeconv
strerror
wcscpy
_beginthreadex
strspn
ungetc
_close
isxdigit
rename
malloc
sscanf
fread
abort
fprintf
feof
_endthreadex
strncat
_errno
_lock
_get_osfhandle
_strdup
_fileno
_amsg_exit
longjmp
tolower
_unlock
fwprintf
_exit
_filelengthi64
_ftime
time
wcsstr
getc
setvbuf
Number of PE resources by type
RT_ICON 1
RT_VERSION 1
RT_GROUP_ICON 1
Number of PE resources by language
CHINESE TRADITIONAL 1
FRENCH 1
GERMAN LUXEMBOURG 1
PE resources
ExifTool file metadata
MIMEType
application/octet-stream

Subsystem
Windows GUI

MachineType
Intel 386 or later, and compatibles

TimeStamp
2005:01:04 08:28:00+01:00

FileType
Win32 EXE

PEType
PE32

CodeSize
73728

LinkerVersion
2.23

FileTypeExtension
exe

InitializedDataSize
344576

SubsystemVersion
4.0

EntryPoint
0x3466

OSVersion
4.0

ImageVersion
1.0

UninitializedDataSize
0

Compressed bundles
File identification
MD5 d113628c6386f2f89b4d56dc843fbb3e
SHA1 f3e4113dbfb968f0664428c2e7f2cb9aa41ce2e6
SHA256 b15cec2e3d9a952d9e7c8a591e00fe9a27f0b68ea6f4496e190ce6982289cefc
ssdeep
6144:flY7MSJ9n8xxrVBGzP/oVxuAHfU5s/O3kRZvv2QrDkqYAGPaj09AsLctE:NAMSbaBIzP/Axu4Mm/OSZvv2Q8qY5PaG

authentihash 00ebc17092252d4f8a10bdbb3a8f53e9ee81e4d570cd512e6175c22cf839d56b
imphash 423d3f7ee17354500a57aeb64f833d4d
File size 334.7 KB ( 342765 bytes )
File type Win32 EXE
Magic literal
PE32 executable for MS Windows (GUI) Intel 80386 32-bit

TrID Win32 Executable MS Visual C++ (generic) (67.3%)
Win32 Dynamic Link Library (generic) (14.1%)
Win32 Executable (generic) (9.7%)
Generic Win/DOS Executable (4.3%)
DOS Executable Generic (4.3%)
Tags
peexe overlay

VirusTotal metadata
First submission 2017-02-06 10:51:34 UTC ( 6 months, 2 weeks ago )
Last submission 2017-04-26 13:18:27 UTC ( 3 months, 3 weeks ago )
File names XnView
d113628c6386f2f89b4d56dc843fbb3e.exe
D113628C6386F2F89B4D56DC843FBB3E
Behaviour characterization
Zemana
dll-injection

No comments. No VirusTotal Community member has commented on this item yet, be the first one to do so!

Leave your comment...

?
Post comment

You have not signed in. Only registered users can leave comments, sign in and have a voice!

No votes. No one has voted on this item yet, be the first one to do so!
Condensed report! The following is a condensed report of the behaviour of the file when executed in a controlled environment. The actions and events described were either performed by the file itself or by any other process launched by the executed file or subjected to code injection by the executed file.
Opened files
Created processes
Terminated processes
Opened mutexes
Runtime DLLs
UDP communications