× Cookies are disabled! This site requires cookies to be enabled to work properly
SHA256: b4991e553e612cf54605b2c82f7f5b364a9d7d0e506be3be0f3243f3d7e26803
File name: tKlBtHnPD3
Detection ratio: 40 / 55
Analysis date: 2016-10-23 01:19:41 UTC ( 2 years, 4 months ago )
Antivirus Result Update
Ad-Aware Trojan.GenericKD.3594261 20161023
AegisLab Troj.W32.Gen.lIRz 20161022
AhnLab-V3 Backdoor/Win32.Androm.N2126033397 20161022
ALYac Trojan.GenericKD.3594261 20161023
Antiy-AVL Trojan[Backdoor]/Win32.Androm 20161023
Arcabit Trojan.Generic.D36D815 20161023
Avast Win32:Trojan-gen 20161023
Avira (no cloud) TR/Crypt.Xpack.jfduu 20161022
Baidu Win32.Trojan.WisdomEyes.16070401.9500.9970 20161022
BitDefender Trojan.GenericKD.3594261 20161023
Bkav HW32.Packed.8AFA 20161022
CAT-QuickHeal Backdoor.Androm 20161022
CrowdStrike Falcon (ML) malicious_confidence_100% (D) 20160725
DrWeb Trojan.PWS.Papras.2166 20161022
Emsisoft Trojan.GenericKD.3594261 (B) 20161022
ESET-NOD32 a variant of Win32/Kryptik.FHRH 20161022
F-Secure Trojan.GenericKD.3594261 20161022
Fortinet W32/Androm.FHRH!tr.bdr 20161022
GData Trojan.GenericKD.3594261 20161022
Ikarus Trojan.Win32.Crypt 20161022
Sophos ML trojan.win32.lethic.k 20161018
Jiangmin Backdoor.Androm.kzg 20161022
K7AntiVirus Trojan ( 004fa5c31 ) 20161022
K7GW Trojan ( 004fa5c31 ) 20161023
Kaspersky Backdoor.Win32.Androm.lbwm 20161023
McAfee RDN/Generic BackDoor 20161023
McAfee-GW-Edition BehavesLike.Win32.PWSZbot.dh 20161023
Microsoft Backdoor:Win32/Vawtrak!rfn 20161023
eScan Trojan.GenericKD.3594261 20161023
NANO-Antivirus Trojan.Win32.Papras.ehcupa 20161023
Panda Trj/GdSda.A 20161022
Qihoo-360 Win32/Trojan.224 20161023
Sophos AV Mal/Generic-S 20161023
Symantec Trojan.Gen 20161023
Tencent Win32.Backdoor.Androm.Tcly 20161023
TrendMicro TROJ_GEN.R047C0DJE16 20161023
TrendMicro-HouseCall TROJ_GEN.R047C0DJE16 20161023
VIPRE Trojan.Win32.Generic!BT 20161023
ViRobot Trojan.Win32.Z.Crypt.246784.P[h] 20161023
Yandex Backdoor.Androm!ktsAxLJdmgM 20161022
Alibaba 20161022
AVG 20161022
ClamAV 20161022
CMC 20161022
Comodo 20161022
Cyren 20161022
F-Prot 20161022
Kingsoft 20161023
Malwarebytes 20161023
nProtect 20161022
Rising 20161023
SUPERAntiSpyware 20161022
TheHacker 20161022
TotalDefense 20161022
VBA32 20161022
Zillya 20161022
Zoner 20161023
The file being studied is a Portable Executable file! More specifically, it is a Win32 EXE file for the Windows GUI subsystem.
PE header basic information
Target machine Intel 386 or later processors and compatible processors
Compilation timestamp 2016-09-27 16:57:09
Entry Point 0x00003696
Number of sections 4
PE sections
PE imports
RegCreateKeyExW
RegEnumKeyW
RegDeleteValueW
RegCloseKey
OpenProcessToken
RegSetValueExW
FreeSid
RegOpenKeyExW
RegEnumValueW
AllocateAndInitializeSid
RegEnumKeyExW
AdjustTokenPrivileges
LookupPrivilegeValueW
RegOpenKeyW
RegDeleteKeyW
CheckTokenMembership
RegQueryValueExW
RegQueryValueW
GetFileTitleW
GetWindowExtEx
SetMapMode
TextOutW
CreateFontIndirectW
GetRgnBox
SaveDC
CreateRectRgnIndirect
GetClipBox
GetDeviceCaps
OffsetViewportOrgEx
DeleteDC
RestoreDC
SetBkMode
DeleteObject
GetObjectW
SetTextColor
ExtTextOutW
CreateBitmap
RectVisible
GetStockObject
SetViewportOrgEx
ScaleWindowExtEx
GetViewportExtEx
PtVisible
ExtSelectClipRgn
GetBkColor
ScaleViewportExtEx
SelectObject
GetMapMode
SetWindowExtEx
GetTextColor
DPtoLP
Escape
SetBkColor
SetViewportExtEx
GetStdHandle
GetDriveTypeW
GetConsoleOutputCP
ReleaseMutex
FileTimeToSystemTime
GetFileAttributesA
WaitForSingleObject
GetDriveTypeA
HeapDestroy
GetFileAttributesW
FreeEnvironmentStringsA
CreatePipe
GetCurrentProcess
GetConsoleMode
GetLocaleInfoA
LocalAlloc
GetSystemDefaultLCID
SetErrorMode
FreeEnvironmentStringsW
GetLocaleInfoW
EnumResourceLanguagesW
GetCPInfo
GetProcAddress
GetStringTypeA
FindResourceExW
FormatMessageW
GetSystemTimeAsFileTime
HeapReAlloc
GetStringTypeW
GetOEMCP
LocalFree
MoveFileA
InitializeCriticalSection
LoadResource
GlobalHandle
GetLogicalDriveStringsW
FindClose
InterlockedDecrement
FormatMessageA
SetFileAttributesW
WritePrivateProfileStringW
GetEnvironmentVariableW
SetLastError
BeginUpdateResourceW
CopyFileW
UpdateResourceW
GetModuleFileNameW
IsDebuggerPresent
ExitProcess
GetModuleFileNameA
EnumSystemLocalesA
UnhandledExceptionFilter
TlsGetValue
MultiByteToWideChar
SetFilePointerEx
GetPrivateProfileStringW
GetModuleHandleA
GetFullPathNameW
CreateThread
SetEnvironmentVariableW
GetSystemDirectoryW
DeleteCriticalSection
GetExitCodeThread
SetUnhandledExceptionFilter
ConvertDefaultLocale
CreateMutexW
MulDiv
SetEnvironmentVariableA
TerminateProcess
WriteConsoleA
SetCurrentDirectoryW
GlobalAlloc
GetDiskFreeSpaceExW
CreateEventW
SetEndOfFile
GetVersion
LeaveCriticalSection
WriteConsoleW
InitializeCriticalSectionAndSpinCount
HeapFree
EnterCriticalSection
SetHandleCount
LoadLibraryW
EndUpdateResourceW
GetVersionExW
GetExitCodeProcess
QueryPerformanceCounter
GetTickCount
TlsAlloc
FlushFileBuffers
LoadLibraryA
RtlUnwind
FreeLibrary
GetStartupInfoA
GetDateFormatA
GetWindowsDirectoryW
LCMapStringW
DeleteFileA
CreateDirectoryW
DeleteFileW
GlobalLock
WriteFile
GlobalReAlloc
RemoveDirectoryW
FindNextFileW
GetCurrentThreadId
CompareStringA
FindFirstFileW
IsValidLocale
lstrcmpW
GetUserDefaultLCID
SetEvent
GetTempPathW
GetTimeZoneInformation
CreateFileW
GetFileType
TlsSetValue
CreateFileA
HeapAlloc
InterlockedIncrement
GetLastError
LocalReAlloc
GlobalDeleteAtom
lstrlenA
GlobalFree
GetConsoleCP
LCMapStringA
GetThreadLocale
GetEnvironmentStringsW
GlobalUnlock
lstrlenW
FileTimeToLocalFileTime
GetEnvironmentStrings
GetCurrentDirectoryW
GetCurrentProcessId
LockResource
GetCommandLineW
GetCurrentDirectoryA
HeapSize
GetCommandLineA
GetCurrentThread
GetSystemDefaultLangID
TlsFree
SetFilePointer
ReadFile
LoadLibraryExW
CloseHandle
GetTimeFormatA
GetACP
GetModuleHandleW
FreeResource
SizeofResource
CreateProcessA
WideCharToMultiByte
IsValidCodePage
HeapCreate
FindResourceW
VirtualFree
Sleep
VirtualAlloc
ResetEvent
SHGetFolderPathW
ShellExecuteW
RedrawWindow
LoadBitmapW
DestroyMenu
PostQuitMessage
DrawStateW
SetWindowPos
IsWindow
GrayStringW
EndPaint
DispatchMessageW
GetCursorPos
MapDialogRect
GetDlgCtrlID
SendMessageW
UnregisterClassA
GetClientRect
DrawTextW
GetNextDlgTabItem
CallNextHookEx
GetTopWindow
GetWindowTextW
CopyAcceleratorTableW
GetActiveWindow
InvalidateRgn
GetMenuItemID
DestroyWindow
GetParent
EqualRect
GetMenuState
GetMessageW
ShowWindow
GetNextDlgGroupItem
GetDesktopWindow
PeekMessageW
EnableWindow
CharUpperW
TranslateMessage
IsWindowEnabled
GetWindow
LoadStringW
GetSubMenu
IsDialogMessageW
SetWindowContextHelpId
GetSysColorBrush
CreateWindowExW
TabbedTextOutW
GetWindowLongW
CharNextW
IsChild
SetFocus
BeginPaint
OffsetRect
DefWindowProcW
GetSystemMetrics
SetWindowLongW
GetWindowRect
SetCapture
ReleaseCapture
DrawTextExW
SendDlgItemMessageW
PostMessageW
GetLastActivePopup
PtInRect
SetWindowTextW
GetDlgItem
BringWindowToTop
ClientToScreen
PostThreadMessageW
GetMenuItemCount
ValidateRect
SetWindowsHookExW
LoadCursorW
LoadIconW
GetDC
SetForegroundWindow
ExitWindowsEx
CreateDialogIndirectParamW
ReleaseDC
IntersectRect
EndDialog
CopyRect
GetWindowThreadProcessId
MessageBoxW
RegisterClassExW
UnhookWindowsHookEx
MoveWindow
GetWindowDC
GetSysColor
RegisterClipboardFormatW
GetKeyState
IsWindowVisible
SystemParametersInfoW
SetRect
InvalidateRect
IsRectEmpty
GetFocus
SetCursor
VerQueryValueW
GetFileVersionInfoW
GetFileVersionInfoSizeW
Number of PE resources by type
RT_DIALOG 2
Number of PE resources by language
NEUTRAL 2
PE resources
ExifTool file metadata
MIMEType
application/octet-stream

Subsystem
Windows GUI

MachineType
Intel 386 or later, and compatibles

FileTypeExtension
exe

TimeStamp
2016:09:27 17:57:09+01:00

FileType
Win32 EXE

PEType
PE32

CodeSize
38400

LinkerVersion
9.0

EntryPoint
0x3696

InitializedDataSize
284160

SubsystemVersion
5.0

ImageVersion
0.0

OSVersion
5.0

UninitializedDataSize
0

File identification
MD5 ccc611f636bb96bb9e34c3da97f3b8f8
SHA1 2c59c22bcc392b717e7fa4cac63bb74e9f2e50ba
SHA256 b4991e553e612cf54605b2c82f7f5b364a9d7d0e506be3be0f3243f3d7e26803
ssdeep
6144:HbB5viero/gxpVt5OZePh64d1wZVe2Fx:7ueE/s/5PM4WZVj

authentihash 98a87548117921e7f28409f82ff0a2261d4850540a2b554e749fd997d340ae42
imphash ea01b80a6df1350f9f938a76b7790809
File size 241.0 KB ( 246784 bytes )
File type Win32 EXE
Magic literal
PE32 executable for MS Windows (GUI) Intel 80386 32-bit

TrID Win32 Executable MS Visual C++ (generic) (35.8%)
Win64 Executable (generic) (31.7%)
Windows screen saver (15.0%)
Win32 Dynamic Link Library (generic) (7.5%)
Win32 Executable (generic) (5.1%)
Tags
peexe

VirusTotal metadata
First submission 2016-10-11 23:12:09 UTC ( 2 years, 4 months ago )
Last submission 2016-10-23 01:19:41 UTC ( 2 years, 4 months ago )
File names tKlBtHnPD3
ccc611f636bb96bb9e34c3da97f3b8f8.virus
Advanced heuristic and reputation engines
No comments. No VirusTotal Community member has commented on this item yet, be the first one to do so!

Leave your comment...

?
Post comment

You have not signed in. Only registered users can leave comments, sign in and have a voice!

No votes. No one has voted on this item yet, be the first one to do so!
Condensed report! The following is a condensed report of the behaviour of the file when executed in a controlled environment. The actions and events described were either performed by the file itself or by any other process launched by the executed file or subjected to code injection by the executed file.
Opened files
Read files
Written files
Code injections in the following processes
Created mutexes
Runtime DLLs
UDP communications