× Cookies are disabled! This site requires cookies to be enabled to work properly
SHA256: b70ff0bdb74ef3584aefd486cd6f10d6711b1b4664da1c4d2b278c9784d15277
File name: 7e15b4e21f19fe08957ab9fbb9442a92bc741789
Detection ratio: 28 / 56
Analysis date: 2016-10-06 21:10:12 UTC ( 2 years, 4 months ago ) View latest
Antivirus Result Update
Ad-Aware Trojan.GenericKD.3579681 20161006
AegisLab Heur.Advml.Gen!c 20161006
AhnLab-V3 Trojan/Win32.Tuhkit.N2121950264 20161006
Arcabit Trojan.Generic.D369F21 20161006
Avast Win32:Malware-gen 20161006
AVG Pakes3_c.AYE 20161006
BitDefender Trojan.GenericKD.3579681 20161006
CrowdStrike Falcon (ML) malicious_confidence_100% (W) 20160725
DrWeb Trojan.Siggen6.58358 20161006
Emsisoft Trojan.GenericKD.3579681 (B) 20161006
ESET-NOD32 a variant of Generik.EEIVGB 20161006
F-Secure Trojan.GenericKD.3579681 20161006
GData Trojan.GenericKD.3579681 20161006
Ikarus Trojan.SuspectCRC 20161006
Sophos ML virus.win32.sality.at 20160928
K7AntiVirus Trojan ( 004f9f611 ) 20161006
K7GW Trojan ( 004f9f611 ) 20161006
Kaspersky Trojan-Banker.Win32.Tuhkit.hq 20161006
Malwarebytes Backdoor.Bot 20161006
McAfee Artemis!FCEA0572A144 20161006
McAfee-GW-Edition BehavesLike.Win32.Expiro.fh 20161006
Microsoft TrojanSpy:Win32/Banker 20161006
eScan Trojan.GenericKD.3579681 20161006
NANO-Antivirus Trojan.Win32.Tuhkit.egvqdv 20161006
Symantec Heur.AdvML.B 20161006
Tencent Win32.Trojan-banker.Tuhkit.Eibq 20161006
TrendMicro-HouseCall TROJ_GEN.R00GH0DJ616 20161006
Yandex Trojan.PWS.Tuhkit! 20161005
Alibaba 20161003
ALYac 20160930
Antiy-AVL 20161006
Avira (no cloud) 20161006
AVware 20161006
Baidu 20161001
Bkav 20161006
CAT-QuickHeal 20161006
ClamAV 20161006
CMC 20161003
Comodo 20161006
Cyren 20161006
F-Prot 20161006
Fortinet 20161006
Jiangmin 20161006
Kingsoft 20161006
nProtect 20161006
Panda 20161006
Qihoo-360 20161006
Rising 20161006
Sophos AV 20161006
SUPERAntiSpyware 20161006
TheHacker 20161005
TrendMicro 20161006
VBA32 20161006
VIPRE 20161006
ViRobot 20161006
Zillya 20161003
Zoner 20161006
The file being studied is a Portable Executable file! More specifically, it is a Win32 EXE file for the Windows GUI subsystem.
PE header basic information
Target machine Intel 386 or later processors and compatible processors
Compilation timestamp 2004-01-02 20:18:57
Entry Point 0x00027453
Number of sections 6
PE sections
PE imports
GetStdHandle
GetConsoleOutputCP
HeapDestroy
FreeEnvironmentStringsA
DeleteCriticalSection
GetCurrentProcess
GetConsoleMode
GetLocaleInfoA
FreeEnvironmentStringsW
GetLocaleInfoW
SetStdHandle
GetCPInfo
GetStringTypeA
InterlockedExchange
WriteFile
GetSystemTimeAsFileTime
HeapReAlloc
GetStringTypeW
GetOEMCP
LocalFree
ResumeThread
InitializeCriticalSection
TlsGetValue
FormatMessageA
SetLastError
GetModuleFileNameW
IsDebuggerPresent
HeapAlloc
FlushFileBuffers
GetModuleFileNameA
EnumSystemLocalesA
UnhandledExceptionFilter
InterlockedDecrement
MultiByteToWideChar
SetFilePointer
CreateSemaphoreA
CreateThread
SetUnhandledExceptionFilter
ExitThread
WaitForMultipleObjectsEx
TerminateProcess
WriteConsoleA
GetCurrentThreadId
InterlockedIncrement
WriteConsoleW
HeapFree
EnterCriticalSection
SetHandleCount
SetEvent
QueryPerformanceCounter
GetTickCount
TlsAlloc
GetVersionExA
LoadLibraryA
RtlUnwind
GetStartupInfoA
GetStartupInfoW
GetUserDefaultLCID
GetProcessHeap
WaitNamedPipeA
ResetEvent
CreateWaitableTimerA
IsValidLocale
GetProcAddress
CreateEventA
GetFileType
TlsSetValue
CreateFileA
ExitProcess
LeaveCriticalSection
GetLastError
SystemTimeToFileTime
LCMapStringW
GetConsoleCP
LCMapStringA
GetEnvironmentStringsW
WaitForSingleObjectEx
GetEnvironmentStrings
GetCurrentProcessId
GetCommandLineW
WideCharToMultiByte
HeapSize
GetCommandLineA
RaiseException
ReleaseSemaphore
TlsFree
GetModuleHandleA
ReadFile
CloseHandle
GetACP
SetWaitableTimer
IsValidCodePage
HeapCreate
VirtualFree
Sleep
OpenEventA
VirtualAlloc
OleUninitialize
CoUninitialize
CoInitialize
OleInitialize
CoRevokeClassObject
OleSetContainedObject
Number of PE resources by type
RT_MANIFEST 1
Number of PE resources by language
ENGLISH US 1
PE resources
Debug information
ExifTool file metadata
MIMEType
application/octet-stream

Subsystem
Windows GUI

MachineType
Intel 386 or later, and compatibles

FileTypeExtension
exe

TimeStamp
2004:01:02 21:18:57+01:00

FileType
Win32 EXE

PEType
PE32

CodeSize
237568

LinkerVersion
8.0

EntryPoint
0x27453

InitializedDataSize
139264

SubsystemVersion
4.0

ImageVersion
0.0

OSVersion
4.0

UninitializedDataSize
0

File identification
MD5 fcea0572a1441164f2acff3ea5e136f0
SHA1 969139334b162fff31b3e9b685bf7b8c57950a4f
SHA256 b70ff0bdb74ef3584aefd486cd6f10d6711b1b4664da1c4d2b278c9784d15277
ssdeep
6144:stlMfO31TA6Rz3dWnza8ie2WihbhJmKphP+Nf8:qMfO9RztCzce2WMjjPP+Nf

authentihash bd60f9a754a5bd4d8a99570a9fe64a9f62cd8f68289e0ee2b17744f38c60e9c7
imphash 4c15c0e47d82cdfd6f730da3fd3f2730
File size 328.0 KB ( 335872 bytes )
File type Win32 EXE
Magic literal
PE32 executable for MS Windows (GUI) Intel 80386 32-bit

TrID Win32 Executable MS Visual C++ (generic) (64.5%)
Win32 Dynamic Link Library (generic) (13.6%)
Win32 Executable (generic) (9.3%)
OS/2 Executable (generic) (4.1%)
Generic Win/DOS Executable (4.1%)
Tags
peexe

VirusTotal metadata
First submission 2016-10-04 08:53:37 UTC ( 2 years, 4 months ago )
Last submission 2016-10-06 21:10:12 UTC ( 2 years, 4 months ago )
File names 7e15b4e21f19fe08957ab9fbb9442a92bc741789
output.100680913.txt
chrome_plugin.exe
Advanced heuristic and reputation engines
TrendMicro-HouseCall
TrendMicro's heuristic engine has flagged this file as: Suspicious_GEN.F47V1005.

No comments. No VirusTotal Community member has commented on this item yet, be the first one to do so!

Leave your comment...

?
Post comment

You have not signed in. Only registered users can leave comments, sign in and have a voice!

No votes. No one has voted on this item yet, be the first one to do so!
Condensed report! The following is a condensed report of the behaviour of the file when executed in a controlled environment. The actions and events described were either performed by the file itself or by any other process launched by the executed file or subjected to code injection by the executed file.
Opened files
Read files
Written files
Deleted files
Created processes
Code injections in the following processes
Created mutexes
Opened mutexes
Opened service managers
Opened services
Runtime DLLs
HTTP requests
DNS requests
TCP connections
UDP communications