× Cookies are disabled! This site requires cookies to be enabled to work properly
SHA256: b3d08fdd904e214ea5a9044b2ae4b7eaf2b35512f0956ed46237b962276de07e
File name: 133b3fea49190485dd3ccedc597b4ef49dbc58de
Detection ratio: 39 / 57
Analysis date: 2016-11-23 13:41:51 UTC ( 2 years, 2 months ago ) View latest
Antivirus Result Update
Ad-Aware Gen:Variant.Zusy.212497 20161123
AegisLab Troj.W32.Inject!c 20161123
AhnLab-V3 Trojan/Win32.Inject.C1680899 20161123
ALYac Gen:Variant.Mikey.56078 20161123
Antiy-AVL Trojan/Win32.Inject 20161123
Arcabit Trojan.Zusy.D33E11 20161123
Avast Win32:Malware-gen 20161123
AVG Generic_r.POY 20161123
Avira (no cloud) TR/Crypt.Xpack.vlgkr 20161123
AVware Trojan.Win32.Generic!BT 20161123
BitDefender Gen:Variant.Zusy.212497 20161123
Bkav HW32.Packed.272D 20161123
CrowdStrike Falcon (ML) malicious_confidence_100% (W) 20161024
Cyren W32/S-e2e07e9d!Eldorado 20161123
DrWeb Trojan.DownLoader23.20233 20161123
Emsisoft Gen:Variant.Zusy.212497 (B) 20161123
ESET-NOD32 a variant of Win32/Kryptik.FKEJ 20161123
F-Prot W32/S-e2e07e9d!Eldorado 20161123
F-Secure Gen:Variant.Mikey.56078 20161123
Fortinet W32/GenKryptik.LGP!tr 20161123
GData Gen:Variant.Zusy.212497 20161123
Ikarus Trojan.Win32.Crypt 20161123
Sophos ML ransom.win32.tescrypt.d 20161018
Jiangmin Trojan.Inject.udo 20161123
K7AntiVirus Trojan ( 004fe5561 ) 20161123
K7GW Trojan ( 004fe5561 ) 20161123
Kaspersky Trojan.Win32.Inject.acekf 20161123
Malwarebytes Backdoor.NanoCore 20161123
McAfee Trojan-FKIH!5D817395B4E6 20161123
McAfee-GW-Edition Artemis!Trojan 20161123
Microsoft PWS:Win32/Zbot 20161123
eScan Gen:Variant.Zusy.212497 20161123
Panda Trj/Genetic.gen 20161122
Qihoo-360 HEUR/QVM09.0.0000.Malware.Gen 20161123
Rising Trojan.Kryptik!8.8-J9QN7hsiBgV (cloud) 20161123
Sophos AV Mal/Generic-S 20161123
Symantec Heur.AdvML.B 20161123
Tencent Win32.Trojan.Zbot.Kush 20161123
VIPRE Trojan.Win32.Generic!BT 20161123
Alibaba 20161123
Baidu 20161123
CAT-QuickHeal 20161123
ClamAV 20161123
CMC 20161123
Comodo 20161122
Kingsoft 20161123
NANO-Antivirus 20161123
nProtect 20161123
SUPERAntiSpyware 20161123
TheHacker 20161122
TotalDefense 20161123
TrendMicro 20161123
TrendMicro-HouseCall 20161123
Trustlook 20161123
VBA32 20161123
ViRobot 20161123
WhiteArmor 20161018
Yandex 20161123
Zillya 20161122
Zoner 20161123
The file being studied is a Portable Executable file! More specifically, it is a Win32 EXE file for the Windows GUI subsystem.
PE header basic information
Target machine Intel 386 or later processors and compatible processors
Compilation timestamp 2016-11-21 17:47:55
Entry Point 0x00003021
Number of sections 4
PE sections
PE imports
ImageList_Create
GetFileTitleW
GetWindowExtEx
SetMapMode
TextOutW
CreateFontIndirectW
SetBkMode
GetRgnBox
SaveDC
CreateRectRgnIndirect
GetClipBox
GetDeviceCaps
OffsetViewportOrgEx
DeleteDC
RestoreDC
GetTextExtentPointA
SelectObject
DeleteObject
GetObjectW
SetTextColor
ExtTextOutW
CreateBitmap
RectVisible
GetStockObject
SetViewportOrgEx
ScaleWindowExtEx
GetViewportExtEx
PtVisible
ExtSelectClipRgn
SelectClipRgn
ScaleViewportExtEx
CreateRectRgn
GetBkColor
GetMapMode
SetWindowExtEx
GetTextColor
DPtoLP
Escape
SetBkColor
SetViewportExtEx
GetStdHandle
GetConsoleOutputCP
HeapDestroy
FreeEnvironmentStringsA
DeleteCriticalSection
GetCurrentProcess
GetConsoleMode
GetLocaleInfoA
LocalAlloc
FreeEnvironmentStringsW
GetLocaleInfoW
SetStdHandle
GetTempPathA
GetCPInfo
GetStringTypeA
WriteFile
GetSystemTimeAsFileTime
HeapReAlloc
GetStringTypeW
SetFileAttributesA
FreeLibrary
InitializeCriticalSection
FindClose
InterlockedDecrement
SetLastError
VerLanguageNameA
ReadConsoleInputA
GetUserDefaultLangID
CopyFileA
ExitProcess
GetVersionExA
GetModuleFileNameA
GetPrivateProfileStringA
UnhandledExceptionFilter
TlsGetValue
MultiByteToWideChar
GetModuleHandleA
CreateThread
SetUnhandledExceptionFilter
MulDiv
ExitThread
SetEnvironmentVariableA
TerminateProcess
WriteConsoleA
VirtualQuery
GetVersion
LeaveCriticalSection
WriteConsoleW
HeapFree
EnterCriticalSection
SetHandleCount
GetOEMCP
QueryPerformanceCounter
GetTickCount
IsBadWritePtr
TlsAlloc
FlushFileBuffers
LoadLibraryA
RtlUnwind
GetStartupInfoA
GetFileSize
CreateDirectoryA
GetWindowsDirectoryA
GetProcAddress
GetProcessHeap
CompareStringW
GetDiskFreeSpaceA
CompareStringA
GlobalLock
GetTimeZoneInformation
IsDebuggerPresent
GetFileType
TlsSetValue
CreateFileA
HeapAlloc
InterlockedIncrement
GetLastError
LCMapStringW
SetConsoleMode
GlobalFree
GetConsoleCP
LCMapStringA
GetEnvironmentStringsW
GlobalUnlock
GetEnvironmentStrings
WritePrivateProfileStringA
GetCurrentProcessId
WideCharToMultiByte
HeapSize
GetCommandLineA
RaiseException
TlsFree
SetFilePointer
ReadFile
CloseHandle
lstrcpynA
GetACP
GetCurrentThreadId
HeapCreate
VirtualFree
Sleep
IsBadReadPtr
VirtualAlloc
PathIsUNCW
PathAddBackslashW
CharPrevA
EndDialog
KillTimer
PostQuitMessage
DefWindowProcA
ShowWindow
DispatchMessageA
SetDlgItemTextA
PeekMessageA
TranslateMessage
DialogBoxParamA
RegisterClassExA
DrawTextA
LoadStringA
SendMessageA
LoadStringW
GetDlgItem
GetWindowLongA
SetTimer
LoadCursorA
LoadIconA
GetKeyState
GetFileVersionInfoSizeA
GetFileVersionInfoA
VerQueryValueA
OleUninitialize
CoCreateInstance
OleInitialize
Number of PE resources by type
RT_DIALOG 2
RT_MANIFEST 1
Number of PE resources by language
ENGLISH US 2
ENGLISH ARABIC QATAR 1
PE resources
ExifTool file metadata
MIMEType
application/octet-stream

Subsystem
Windows GUI

MachineType
Intel 386 or later, and compatibles

FileTypeExtension
exe

TimeStamp
2016:11:21 18:47:55+01:00

FileType
Win32 EXE

PEType
PE32

CodeSize
73216

LinkerVersion
9.0

EntryPoint
0x3021

InitializedDataSize
886272

SubsystemVersion
5.0

ImageVersion
0.0

OSVersion
5.0

UninitializedDataSize
0

File identification
MD5 5d817395b4e6a828850e0010edeccc93
SHA1 26b75a8962310ab39283cdf28d63cf8f80c002bd
SHA256 b3d08fdd904e214ea5a9044b2ae4b7eaf2b35512f0956ed46237b962276de07e
ssdeep
12288:fSMGIzXKzVXK2eSu7soPxrYS90aHlpzcyT6uy8Yh+WSqhYbuKPm6:fSvIOVasPylF1HfcyM8YzSq+uKe

authentihash 96206009787f1fab81f5de3339fad972dc97a61e517f6296dcbdd4a4bbcdc29b
imphash 4c4870c13d11bf260c090ec292ed8627
File size 774.5 KB ( 793088 bytes )
File type Win32 EXE
Magic literal
PE32 executable for MS Windows (GUI) Intel 80386 32-bit

TrID Win32 Executable MS Visual C++ (generic) (42.2%)
Win64 Executable (generic) (37.3%)
Win32 Dynamic Link Library (generic) (8.8%)
Win32 Executable (generic) (6.0%)
Generic Win/DOS Executable (2.7%)
Tags
peexe

VirusTotal metadata
First submission 2016-11-22 12:18:47 UTC ( 2 years, 2 months ago )
Last submission 2016-11-23 13:41:51 UTC ( 2 years, 2 months ago )
File names oricd.exe
botc.exe
133b3fea49190485dd3ccedc597b4ef49dbc58de
No comments. No VirusTotal Community member has commented on this item yet, be the first one to do so!

Leave your comment...

?
Post comment

You have not signed in. Only registered users can leave comments, sign in and have a voice!

No votes. No one has voted on this item yet, be the first one to do so!
Condensed report! The following is a condensed report of the behaviour of the file when executed in a controlled environment. The actions and events described were either performed by the file itself or by any other process launched by the executed file or subjected to code injection by the executed file.
Opened files
Created processes
Runtime DLLs