× Cookies are disabled! This site requires cookies to be enabled to work properly
SHA256: b889277c94e7432125cc295440ddd95358aedbbd444093df3b69c7c6b1b6ff92
File name: 6a6523b1f62fb9684353229be727d09e.exe
Detection ratio: 21 / 57
Analysis date: 2016-12-14 18:32:51 UTC ( 2 years, 4 months ago ) View latest
Antivirus Result Update
AegisLab Heur.Advml.Gen!c 20161214
AhnLab-V3 Trojan/Win32.Agent.C1705480 20161214
Avast Win32:Malware-gen 20161214
Avira (no cloud) TR/Azden.gruaa 20161214
Baidu Win32.Trojan.WisdomEyes.16070401.9500.9999 20161207
CrowdStrike Falcon (ML) malicious_confidence_98% (W) 20161024
ESET-NOD32 Win32/PSW.Papras.EJ 20161214
Fortinet W32/Pincav.BQRNE!tr 20161214
GData Win32.Trojan-Spy.Vawtrak.D2URV1 20161214
Ikarus Trojan.Win32.PSW 20161214
Sophos ML virus.win32.ramnit.ah 20161202
Kaspersky Trojan.Win32.Pincav.bqrne 20161214
Malwarebytes Trojan.MalPack 20161214
Microsoft Backdoor:Win32/Vawtrak.E 20161214
Panda Trj/Agent.HFQ 20161214
Qihoo-360 HEUR/QVM20.1.CD36.Malware.Gen 20161214
Sophos AV Mal/Generic-S 20161214
Symantec Heur.AdvML.B 20161214
Tencent Win32.Trojan.Bp-generic.Ixrn 20161214
TrendMicro BKDR_VAWTRAK.BYZ 20161214
TrendMicro-HouseCall BKDR_VAWTRAK.BYZ 20161214
Ad-Aware 20161214
Alibaba 20161214
ALYac 20161214
Antiy-AVL 20161214
Arcabit 20161214
AVG 20161214
AVware 20161214
BitDefender 20161214
Bkav 20161214
CAT-QuickHeal 20161214
ClamAV 20161214
CMC 20161214
Comodo 20161214
Cyren 20161214
DrWeb 20161214
Emsisoft 20161214
F-Prot 20161214
F-Secure 20161214
Jiangmin 20161214
K7AntiVirus 20161214
K7GW 20161214
Kingsoft 20161214
McAfee 20161214
McAfee-GW-Edition 20161214
eScan 20161214
NANO-Antivirus 20161214
nProtect 20161214
Rising 20161214
SUPERAntiSpyware 20161214
TheHacker 20161214
TotalDefense 20161214
Trustlook 20161214
VBA32 20161214
VIPRE 20161214
ViRobot 20161214
WhiteArmor 20161212
Yandex 20161214
Zillya 20161214
Zoner 20161214
The file being studied is a Portable Executable file! More specifically, it is a Win32 EXE file for the Windows GUI subsystem.
FileVersionInfo properties
Copyright
Copyright(C) 2005-2015

File version 1.0.0.0
PE header basic information
Target machine Intel 386 or later processors and compatible processors
Compilation timestamp 2014-10-10 06:22:24
Entry Point 0x0000105A
Number of sections 8
PE sections
PE imports
GetStockObject
BuildCommDCBA
GetLastError
GetVolumePathNameW
GlobalFindAtomW
GetSystemTime
LoadLibraryA
LoadLibraryW
GetExitCodeProcess
CopyFileA
DebugBreak
GetVolumePathNameA
VirtualProtect
GetVersionExA
IsDBCSLeadByte
LockFile
lstrcmpiW
GetShortPathNameA
IsDBCSLeadByteEx
GetCurrentProcess
UnlockFile
SwitchToThread
CompareFileTime
CommConfigDialogW
CompareStringW
AddAtomA
CreateActCtxA
GetDateFormatW
MultiByteToWideChar
FoldStringW
CreateDirectoryW
GetCompressedFileSizeA
GetProcAddress
AddAtomW
CancelIo
GetCurrentThread
SetFilePointer
lstrcpyW
GetCPInfo
GetModuleHandleA
GetDiskFreeSpaceW
ReadFile
GetConsoleTitleA
WriteFile
CloseHandle
IsProcessorFeaturePresent
DeleteFileW
GlobalMemoryStatusEx
SetThreadIdealProcessor
SetComputerNameA
GetDiskFreeSpaceExA
CreateFileW
GlobalHandle
GetBinaryTypeW
GetVolumeInformationA
CreateFileA
ExitProcess
GetVersion
GetCurrencyFormatW
GetTimeFormatA
GetCaretBlinkTime
GetForegroundWindow
IntersectRect
LoadMenuA
FindWindowW
CharNextA
TrackMouseEvent
GetClipboardOwner
GetShellWindow
LockSetForegroundWindow
FlashWindowEx
LoadMenuW
GetClipboardViewer
GetLastInputInfo
GetWindowRect
EnumDisplaySettingsExW
ChangeClipboardChain
IsWindowEnabled
GetWindow
TrackPopupMenuEx
GetClipboardSequenceNumber
GetCursorPos
ChildWindowFromPointEx
GetClassInfoA
GetMenu
GetClassLongW
GetKeyNameTextA
RegisterClassW
GetWindowLongW
GetMenuCheckMarkDimensions
DrawTextW
RegisterClassA
GetMenuItemCount
GetSubMenu
GetWindowTextLengthA
CreateMenu
GetActiveWindow
CopyRect
GetWindowTextW
DragDetect
LoadCursorW
LoadIconW
GetFocus
GetTopWindow
IsChild
ScriptFreeCache
ScriptPlace
ScriptLayout
Number of PE resources by type
RT_BITMAP 11
RT_STRING 8
RT_RCDATA 7
RT_ICON 7
MAD 2
RT_VERSION 1
RT_GROUP_ICON 1
Number of PE resources by language
NEUTRAL 27
CHINESE SIMPLIFIED 8
ENGLISH US 2
PE resources
Debug information
ExifTool file metadata
CodeSize
45568

UninitializedDataSize
0

LinkerVersion
14.0

ImageVersion
0.0

FileVersionNumber
1.0.0.0

LanguageCode
English (U.S.)

FileFlagsMask
0x003f

ImageFileCharacteristics
No relocs, Executable, 32-bit

CharacterSet
Windows, Latin1

InitializedDataSize
245248

EntryPoint
0x105a

MIMEType
application/octet-stream

LegalCopyright
Copyright(C) 2005-2015

FileVersion
1.0.0.0

TimeStamp
2014:10:10 08:22:24+02:00

FileType
Win32 EXE

PEType
PE32

ProductVersion
1.0.0.0

SubsystemVersion
5.1

OSVersion
5.1

FileOS
Win32

Subsystem
Windows GUI

MachineType
Intel 386 or later, and compatibles

CompanyName
IObit

LegalTrademarks
IObit

FileSubtype
0

ProductVersionNumber
1.0.0.0

FileTypeExtension
exe

ObjectFileType
Executable application

Compressed bundles
File identification
MD5 6a6523b1f62fb9684353229be727d09e
SHA1 521dc04912baf23cbc8fe69e0acc4e2e9a175924
SHA256 b889277c94e7432125cc295440ddd95358aedbbd444093df3b69c7c6b1b6ff92
ssdeep
12288:K98vaTOHAaBsb4z2888888888888W88888888888B:KsaKH5BxC

authentihash 807028db1f1d042dd5bed7837c171f5d2c076e2494f8def22a4bccbdfb2286b7
imphash e8f173dfda86b3d6862bcffdc43b7d27
File size 401.0 KB ( 410624 bytes )
File type Win32 EXE
Magic literal
PE32 executable for MS Windows (GUI) Intel 80386 32-bit

TrID Win32 Executable MS Visual C++ (generic) (48.0%)
Microsoft Visual C++ compiled executable (generic) (25.4%)
Win32 Dynamic Link Library (generic) (10.1%)
Win32 Executable (generic) (6.9%)
OS/2 Executable (generic) (3.1%)
Tags
peexe

VirusTotal metadata
First submission 2016-12-13 18:30:57 UTC ( 2 years, 4 months ago )
Last submission 2019-04-04 06:16:54 UTC ( 2 weeks, 4 days ago )
File names bcbad22e-c363-11e6-bb66-80e65024849a.file
VirusShare_6a6523b1f62fb9684353229be727d09e
inst2.exe
bijze.exe
inst2.exe
6a6523b1f62fb9684353229be727d09e.exe
b889277c94e7432125cc295440ddd95358aedbbd444093df3b69c7c6b1b6ff92
output.105169946.txt
malware
bcbad22e-c363-11e6-bb66-80e65024849a.file
Sample (192).exe
bcbad22e-c363-11e6-bb66-80e65024849a.file
aa
output.105004555.txt
b889277c94e7432125cc295440ddd95358aedbbd444093df3b69c7c6b1b6ff92
rZqso0mjhq.pdf
bcbad22e-c363-11e6-bb66-80e65024849a.file
521dc04912baf23cbc8fe69e0acc4e2e9a175924.exe
output.107174967.txt
Recent Sample (91).exe
Advanced heuristic and reputation engines
No comments. No VirusTotal Community member has commented on this item yet, be the first one to do so!

Leave your comment...

?
Post comment

You have not signed in. Only registered users can leave comments, sign in and have a voice!

No votes. No one has voted on this item yet, be the first one to do so!
Condensed report! The following is a condensed report of the behaviour of the file when executed in a controlled environment. The actions and events described were either performed by the file itself or by any other process launched by the executed file or subjected to code injection by the executed file.
Opened files
Read files
Written files
Copied files
Deleted files
Code injections in the following processes
Created mutexes
Searched windows
Runtime DLLs
UDP communications