× Cookies are disabled! This site requires cookies to be enabled to work properly
SHA256: b84554d8c52c11a0751ce0f0371616903d803622db3564cddd97748104a0f2d1
File name: b84554d8c52c11a0751ce0f0371616903d803622db3564cddd97748104a0f2d1.ex$
Detection ratio: 31 / 57
Analysis date: 2016-11-03 23:46:19 UTC ( 2 years, 5 months ago ) View latest
Antivirus Result Update
Ad-Aware Trojan.GenericKD.3559545 20161103
AegisLab Troj.Downloader.W32.Upatre.mC73 20161103
AhnLab-V3 Dropper/Win32.Injector.N2115860809 20161103
ALYac Trojan.GenericKD.3559545 20161103
Antiy-AVL Trojan[Dropper]/Win32.Injector 20161103
Arcabit Trojan.Generic.D365079 20161103
Avast Win32:Trojan-gen 20161103
AVware Trojan-Downloader.Win32.Upatre.tfl (v) 20161103
Baidu Win32.Trojan.WisdomEyes.16070401.9500.9998 20161103
BitDefender Trojan.GenericKD.3559545 20161103
CrowdStrike Falcon (ML) malicious_confidence_85% (D) 20161024
DrWeb Trojan.DownLoader22.53771 20161103
Emsisoft Trojan.GenericKD.3559545 (B) 20161103
ESET-NOD32 Win32/Agent.RYE 20161103
F-Secure Trojan.GenericKD.3559545 20161103
Fortinet W32/Injector.PQDO!tr 20161103
GData Trojan.GenericKD.3559545 20161103
Sophos ML trojan.win32.c2lop.a 20161018
Kaspersky Trojan-Dropper.Win32.Injector.pqdo 20161103
Malwarebytes Trojan.Crypt 20161103
Microsoft VirTool:Win32/CeeInject.JK!bit 20161104
eScan Trojan.GenericKD.3559545 20161103
NANO-Antivirus Trojan.Win32.Injector.egwcks 20161103
Panda Trj/GdSda.A 20161103
Qihoo-360 Win32/Trojan.Dropper.4d0 20161104
Sophos AV Mal/Generic-S 20161103
Symantec Trojan.Gen 20161104
Tencent Win32.Trojan-dropper.Injector.Wnmh 20161104
TrendMicro TROJ_GEN.R0C1C0DJ116 20161104
TrendMicro-HouseCall TROJ_GEN.R0C1C0DJ116 20161104
VIPRE Trojan-Downloader.Win32.Upatre.tfl (v) 20161104
Alibaba 20161103
AVG 20161103
Avira (no cloud) 20161103
Bkav 20161103
CAT-QuickHeal 20161103
ClamAV 20161103
CMC 20161103
Comodo 20161103
Cyren 20161103
F-Prot 20161103
Ikarus 20161103
Jiangmin 20161103
K7AntiVirus 20161103
K7GW 20161103
Kingsoft 20161104
McAfee 20161104
McAfee-GW-Edition 20161103
nProtect 20161103
Rising 20161103
SUPERAntiSpyware 20161104
TheHacker 20161103
TotalDefense 20161103
VBA32 20161103
ViRobot 20161103
Yandex 20161103
Zillya 20161103
Zoner 20161103
The file being studied is a Portable Executable file! More specifically, it is a Win32 EXE file for the Windows GUI subsystem.
Packers identified
PEiD InstallShield 2000
PE header basic information
Target machine Intel 386 or later processors and compatible processors
Compilation timestamp 2015-05-13 03:04:05
Entry Point 0x00028360
Number of sections 4
PE sections
PE imports
InitCommonControlsEx
GetLastError
HeapFree
GetStdHandle
EnterCriticalSection
CreateFileMappingW
SetHandleCount
lstrlenA
GetOEMCP
HeapDestroy
HeapAlloc
TlsAlloc
GetVersionExA
GetEnvironmentStringsW
FlushFileBuffers
LoadLibraryA
RtlUnwind
lstrlenW
FreeEnvironmentStringsA
DeleteCriticalSection
GetStartupInfoA
GetEnvironmentStrings
GetCurrentDirectoryA
WideCharToMultiByte
UnhandledExceptionFilter
FreeEnvironmentStringsW
DeleteFileW
GetProcAddress
SetStdHandle
GetModuleHandleA
lstrcpyW
GetCPInfo
SetFilePointer
lstrcmpA
WriteFile
GetCurrentProcess
CloseHandle
GetCommandLineA
GetACP
GetVersion
TerminateProcess
GetModuleFileNameA
InitializeCriticalSection
HeapCreate
CreateFileW
SetCurrentDirectoryA
VirtualFree
TlsGetValue
GetFileType
GetTickCount
TlsSetValue
CreateFileA
ExitProcess
GetCurrentThreadId
VirtualAlloc
SleepEx
SetLastError
LeaveCriticalSection
GetMessageA
GetParent
UpdateWindow
EndDialog
LoadBitmapW
PostQuitMessage
DefWindowProcA
ShowWindow
FlashWindowEx
LoadBitmapA
SetWindowPos
GetSystemMetrics
SetWindowLongW
GetWindowRect
DispatchMessageA
EndPaint
MoveWindow
TranslateMessage
DialogBoxParamA
GetSysColor
RegisterClassExA
BeginPaint
LoadStringA
GetWindowLongW
GetWindowPlacement
SendMessageA
InvalidateRect
GetSubMenu
CreateWindowExA
LoadCursorA
LoadIconA
DeferWindowPos
EnableWindow
GetKeyState
IsChild
DestroyWindow
Number of PE resources by type
RT_ICON 2
RT_BITMAP 2
RT_DIALOG 1
RT_MANIFEST 1
RT_VERSION 1
RT_GROUP_ICON 1
Number of PE resources by language
ENGLISH US 8
PE resources
ExifTool file metadata
UninitializedDataSize
0

InitializedDataSize
232448

ImageVersion
0.0

ProductName
WER Tehno

FileVersionNumber
2.23.8.11

LanguageCode
Unknown (156B)

FileFlagsMask
0x0000

FileDescription
WER Tehno Ltd. gui application

CharacterSet
Unknown (4383)

LinkerVersion
6.2

FileTypeExtension
exe

OriginalFileName
WER Tehno

MIMEType
application/octet-stream

Subsystem
Windows GUI

FileVersion
2.3.8.11

TimeStamp
2015:05:13 04:04:05+01:00

FileType
Win32 EXE

PEType
PE32

InternalName
WER tehno INU

ProductVersion
2.23.8.11

SubsystemVersion
4.0

OSVersion
4.0

FileOS
Win32

LegalCopyright
WER Tehno. All rights reserved. 2015

MachineType
Intel 386 or later, and compatibles

CompanyName
WER Tehno Ltd.

CodeSize
168448

FileSubtype
0

ProductVersionNumber
2.23.8.11

EntryPoint
0x28360

ObjectFileType
Executable application

File identification
MD5 6a03c9ec2f71ec72ef87895e8313efdd
SHA1 b5bf9296bd6680e28ce48844eba7ad209388c71f
SHA256 b84554d8c52c11a0751ce0f0371616903d803622db3564cddd97748104a0f2d1
ssdeep
6144:ueLSshKUkGS81UbwGwB65ELGfbkzTx/y1caWVcFM/8:ueOshlkPC4IPx/yFM0

authentihash 9996b2cec740db727ee1998ec0a8b30c695ec7b19fdc072e617e941d7f5b553e
imphash 65320df422b3c76a78717dc91eb6a593
File size 387.0 KB ( 396288 bytes )
File type Win32 EXE
Magic literal
PE32 executable for MS Windows (GUI) Intel 80386 32-bit

TrID Win32 Executable MS Visual C++ (generic) (67.4%)
Win32 Dynamic Link Library (generic) (14.2%)
Win32 Executable (generic) (9.7%)
Generic Win/DOS Executable (4.3%)
DOS Executable Generic (4.3%)
Tags
peexe installshield

VirusTotal metadata
First submission 2016-11-03 23:46:19 UTC ( 2 years, 5 months ago )
Last submission 2016-11-14 08:54:42 UTC ( 2 years, 5 months ago )
File names b84554d8c52c11a0751ce0f0371616903d803622db3564cddd97748104a0f2d1.ex$
No comments. No VirusTotal Community member has commented on this item yet, be the first one to do so!

Leave your comment...

?
Post comment

You have not signed in. Only registered users can leave comments, sign in and have a voice!

No votes. No one has voted on this item yet, be the first one to do so!
Condensed report! The following is a condensed report of the behaviour of the file when executed in a controlled environment. The actions and events described were either performed by the file itself or by any other process launched by the executed file or subjected to code injection by the executed file.
Opened files
Read files
Written files
Copied files
Deleted files
Created processes
Created mutexes
Opened mutexes
Runtime DLLs
HTTP requests
DNS requests
TCP connections
UDP communications