× Cookies are disabled! This site requires cookies to be enabled to work properly
SHA256: b6c83b75a405546fb53080e66d12372942cea35e744d9c223b6d254260d4c091
File name: 288aba6eb212bc5d092da27cb733a5eb
Detection ratio: 26 / 57
Analysis date: 2015-09-21 20:59:26 UTC ( 3 years, 6 months ago )
Antivirus Result Update
Ad-Aware Gen:Variant.Kazy.491855 20150921
Yandex Trojan.Agent!szPgHdoH3Yw 20150921
AhnLab-V3 Trojan/Win32.MDA 20150921
ALYac Gen:Variant.Kazy.491855 20150921
Antiy-AVL Trojan[:HEUR]/Win32.AGeneric 20150921
Arcabit Trojan.Kazy.D7814F 20150921
AVG Crypt_r.SA 20150921
Avira (no cloud) TR/Crypt.ZPACK.185281 20150921
AVware Trojan.Win32.Kryptik.dw (v) 20150921
BitDefender Gen:Variant.Kazy.491855 20150921
Emsisoft Gen:Variant.Kazy.491855 (B) 20150921
ESET-NOD32 a variant of Win32/Kryptik.DXJH 20150921
F-Secure Gen:Variant.Kazy.491855 20150921
Fortinet W32/Injector.CIRO!tr 20150921
GData Gen:Variant.Kazy.491855 20150921
K7AntiVirus Trojan ( 004ce5451 ) 20150921
K7GW Trojan ( 004ce5451 ) 20150921
Kaspersky HEUR:Trojan.Win32.Generic 20150921
McAfee RDN/Generic.dx 20150921
McAfee-GW-Edition BehavesLike.Win32.Worm.fh 20150921
eScan Gen:Variant.Kazy.491855 20150921
NANO-Antivirus Trojan.Win32.ZPACK.dxajib 20150921
Rising PE:Malware.Obscure!1.9C59[F1] 20150921
Sophos AV Mal/Generic-S 20150921
TrendMicro TROJ_GEN.R00GC0VIJ15 20150921
VIPRE Trojan.Win32.Kryptik.dw (v) 20150921
AegisLab 20150921
Alibaba 20150921
Avast 20150921
Baidu-International 20150921
Bkav 20150919
ByteHero 20150921
CAT-QuickHeal 20150921
ClamAV 20150921
CMC 20150921
Comodo 20150921
Cyren 20150921
DrWeb 20150921
F-Prot 20150919
Ikarus 20150921
Jiangmin 20150921
Kingsoft 20150921
Malwarebytes 20150921
Microsoft 20150921
nProtect 20150921
Panda 20150921
Qihoo-360 20150921
SUPERAntiSpyware 20150921
Symantec 20150921
Tencent 20150921
TheHacker 20150921
TotalDefense 20150921
TrendMicro-HouseCall 20150921
VBA32 20150920
ViRobot 20150921
Zillya 20150921
Zoner 20150921
The file being studied is a Portable Executable file! More specifically, it is a Win32 EXE file for the Windows GUI subsystem.
PE header basic information
Target machine Intel 386 or later processors and compatible processors
Compilation timestamp 2015-09-15 07:03:13
Entry Point 0x00017D7B
Number of sections 4
PE sections
Overlays
MD5 29fb63955b11f51d31e339a606793d52
File type data
Offset 371200
Size 1261
Entropy 7.70
PE imports
GetDeviceCaps
AddFontResourceA
ArcTo
CreateFontIndirectW
SetBkMode
CreateDCW
AddFontMemResourceEx
CreateBrushIndirect
CreateBitmap
CloseMetaFile
CreateDIBPatternBrush
AddFontResourceW
SelectObject
SetBkColor
BeginPath
DeleteObject
SetTextColor
GetStdHandle
GetConsoleOutputCP
DeleteFiber
FindNextFileA
GetExitCodeProcess
FreeEnvironmentStringsA
DeleteCriticalSection
GetCurrentProcess
GetConsoleMode
GetLocaleInfoA
UnhandledExceptionFilter
LoadLibraryExW
FreeEnvironmentStringsW
lstrcatW
SetStdHandle
GetCPInfo
LoadLibraryW
GetStringTypeA
WriteFile
WaitForSingleObject
GetSystemTimeAsFileTime
HeapReAlloc
GetStringTypeW
FreeLibrary
FindClose
InterlockedDecrement
SetLastError
RemoveDirectoryW
IsDebuggerPresent
HeapAlloc
GetModuleFileNameA
LoadLibraryA
FoldStringA
LoadLibraryExA
GetPrivateProfileStringA
GetVolumeInformationW
TlsGetValue
MultiByteToWideChar
GetSystemPowerStatus
GetPrivateProfileStringW
GetModuleHandleA
GetSystemDirectoryW
SetUnhandledExceptionFilter
MulDiv
SetEnvironmentVariableA
TerminateProcess
WriteConsoleA
GetVersion
GlobalAlloc
GetCurrentThreadId
InterlockedIncrement
WriteConsoleW
InitializeCriticalSectionAndSpinCount
HeapFree
EnterCriticalSection
SetHandleCount
lstrcmpiA
GetVersionExW
GetOEMCP
QueryPerformanceCounter
GetTickCount
TlsAlloc
FlushFileBuffers
lstrcmpiW
RtlUnwind
GetStartupInfoA
OpenProcess
DeleteFileA
GetWindowsDirectoryA
DeleteFileW
GetProcAddress
GetTempFileNameW
CompareStringW
lstrcpyW
SetDefaultCommConfigA
FindNextFileW
lstrcpyA
CompareStringA
FindFirstFileW
lstrcmpW
GetTimeZoneInformation
CreateFileW
GetFileType
TlsSetValue
CreateFileA
ExitProcess
LeaveCriticalSection
GetLastError
LCMapStringW
lstrlenA
GlobalFree
GetConsoleCP
LCMapStringA
GetEnvironmentStringsW
lstrlenW
CreateProcessW
GetEnvironmentStrings
WritePrivateProfileStringA
GetCurrentProcessId
WideCharToMultiByte
HeapSize
GetCommandLineA
WritePrivateProfileStringW
ExpandEnvironmentStringsW
RaiseException
TlsFree
SetFilePointer
ReadFile
FindFirstFileA
CloseHandle
GetACP
GetModuleHandleW
IsValidCodePage
HeapCreate
VirtualFree
Sleep
VirtualAlloc
EmptyClipboard
MapVirtualKeyA
EndPaint
CharPrevA
PostQuitMessage
InvalidateRect
LoadCursorW
DefWindowProcW
FindWindowW
MessageBoxW
CharPrevW
DefWindowProcA
SetWindowTextA
GetSystemMetrics
BeginDeferWindowPos
SetWindowLongW
IsWindow
AppendMenuA
DispatchMessageA
EnableWindow
SetDlgItemTextA
MessageBoxIndirectA
CharUpperW
GetDlgItemTextA
PeekMessageA
SetWindowLongA
IsCharAlphaNumericW
CharNextW
DialogBoxParamA
FindWindowExW
GetSysColor
CheckDlgButton
GetDC
CreateDialogParamW
SystemParametersInfoA
BeginPaint
CreatePopupMenu
SendMessageW
wsprintfA
CreateAcceleratorTableA
SetClipboardData
GetWindowLongW
SendMessageTimeoutA
GetMenuStringW
IsWindowVisible
GetClassInfoA
DrawTextA
SetWindowTextW
SetTimer
GetDlgItem
SetForegroundWindow
CreateDialogParamA
SetCursor
ShowWindow
DrawEdge
GetClassInfoW
RegisterClassA
PeekMessageW
SendMessageA
FindWindowExA
CreateWindowExA
LoadImageW
TrackPopupMenu
FillRect
GetGuiResources
CharNextA
DdeUnaccessData
DdeCreateDataHandle
SetWindowsHookExW
LoadImageA
SendMessageTimeoutW
DispatchMessageW
wsprintfW
CloseClipboard
GetClientRect
DrawTextW
DestroyWindow
ExitWindowsEx
OpenClipboard
Number of PE resources by type
RT_ICON 6
RT_MENU 4
RT_ACCELERATOR 2
Struct(3362) 1
RT_MANIFEST 1
RT_GROUP_ICON 1
Number of PE resources by language
NEUTRAL 7
ENGLISH US 7
LITHUANIAN 1
PE resources
ExifTool file metadata
MIMEType
application/octet-stream

Subsystem
Windows GUI

MachineType
Intel 386 or later, and compatibles

TimeStamp
2015:09:15 08:03:13+01:00

FileType
Win32 EXE

PEType
PE32

CodeSize
166400

LinkerVersion
9.0

FileTypeExtension
exe

InitializedDataSize
203776

SubsystemVersion
5.0

EntryPoint
0x17d7b

OSVersion
5.0

ImageVersion
0.0

UninitializedDataSize
0

File identification
MD5 288aba6eb212bc5d092da27cb733a5eb
SHA1 28ff4f717ba9ba78af2804c6846253fc1b666a40
SHA256 b6c83b75a405546fb53080e66d12372942cea35e744d9c223b6d254260d4c091
ssdeep
6144:Hr4HT7Tnh3PWMlTGrHsl4AKF0qfztGHS1PqWuOx/3uJ:HrIVqrMl47QIut

authentihash 7d771bd9960318379f9fb9290aae75fd3ea94392c203389d93601cbff02a9e6d
imphash 8938deb4e65516ff6b39265df73a3150
File size 363.7 KB ( 372461 bytes )
File type Win32 EXE
Magic literal
PE32 executable for MS Windows (GUI) Intel 80386 32-bit

TrID InstallShield setup (48.1%)
Win32 Executable MS Visual C++ (generic) (34.9%)
Win32 Dynamic Link Library (generic) (7.3%)
Win32 Executable (generic) (5.0%)
Generic Win/DOS Executable (2.2%)
Tags
peexe overlay

VirusTotal metadata
First submission 2015-09-21 20:59:26 UTC ( 3 years, 6 months ago )
Last submission 2015-09-21 20:59:26 UTC ( 3 years, 6 months ago )
No comments. No VirusTotal Community member has commented on this item yet, be the first one to do so!

Leave your comment...

?
Post comment

You have not signed in. Only registered users can leave comments, sign in and have a voice!

No votes. No one has voted on this item yet, be the first one to do so!
Condensed report! The following is a condensed report of the behaviour of the file when executed in a controlled environment. The actions and events described were either performed by the file itself or by any other process launched by the executed file or subjected to code injection by the executed file.
Opened files
Read files
Written files
Created processes
Created mutexes
Opened mutexes
Runtime DLLs