× Cookies are disabled! This site requires cookies to be enabled to work properly
SHA256: b94b3049bdfa082c7d536e833dea4746e9ed124cdab8b0da5be43a4b6df1fbf1
File name: 9a27b5777611acba8e2c14ae59e7c70d
Detection ratio: 36 / 56
Analysis date: 2015-07-11 05:11:00 UTC ( 3 years, 8 months ago ) View latest
Antivirus Result Update
Ad-Aware Trojan.Injector.BNS 20150710
AhnLab-V3 Trojan/Win32.Miuref 20150710
ALYac Trojan.Injector.BNS 20150711
Antiy-AVL Trojan[Backdoor]/Win32.Androm 20150711
Arcabit Trojan.Injector.BNS 20150710
Avast Win32:Agent-AZPN [Trj] 20150711
AVG Crypt4.BGAI 20150711
Avira (no cloud) TR/Crypt.Xpack.43565 20150711
AVware Trojan.Win32.Generic!BT 20150711
BitDefender Trojan.Injector.BNS 20150711
Bkav HW32.Packed.3787 20150708
DrWeb Trojan.Encoder.1242 20150711
Emsisoft Trojan.Injector.BNS (B) 20150711
ESET-NOD32 a variant of Win32/Injector.CEMQ 20150711
F-Secure Trojan.Injector.BNS 20150711
Fortinet W32/Injector.CELH!tr 20150711
GData Trojan.Injector.BNS 20150711
Ikarus Trojan.Win32.Injector 20150710
Jiangmin Trojan/Agent.lfsd 20150710
K7AntiVirus Trojan ( 004c7e4b1 ) 20150710
K7GW Trojan ( 004c7e4b1 ) 20150711
Kaspersky Trojan-Spy.Win32.Zbot.vrms 20150711
Malwarebytes Trojan.MalPack 20150711
McAfee Generic-FAWK!9A27B5777611 20150711
McAfee-GW-Edition Generic-FAWK!9A27B5777611 20150710
Microsoft VirTool:Win32/Injector 20150711
eScan Trojan.Injector.BNS 20150711
NANO-Antivirus Trojan.Win32.Androm.dtqivu 20150711
nProtect Trojan.Injector.BNS 20150710
Panda Trj/RansomCrypt.E 20150710
Rising PE:Trojan.Win32.Generic.18DE68C6!417228998 20150709
Sophos AV Mal/Zbot-TY 20150711
SUPERAntiSpyware Trojan.Agent/Gen-Injector 20150711
Tencent Win32.Trojan.Crypt.Htbz 20150711
VIPRE Trojan.Win32.Generic!BT 20150711
ViRobot Trojan.Win32.CryptoLocker.286720.E[h] 20150711
AegisLab 20150710
Yandex 20150710
Alibaba 20150710
Baidu-International 20150710
ByteHero 20150711
CAT-QuickHeal 20150710
ClamAV 20150711
Comodo 20150711
Cyren 20150711
F-Prot 20150711
Kingsoft 20150711
Qihoo-360 20150711
Symantec 20150711
TheHacker 20150709
TotalDefense 20150710
TrendMicro 20150711
TrendMicro-HouseCall 20150711
VBA32 20150710
Zillya 20150710
Zoner 20150711
The file being studied is a Portable Executable file! More specifically, it is a Win32 EXE file for the Windows GUI subsystem.
PE header basic information
Target machine Intel 386 or later processors and compatible processors
Compilation timestamp 2015-07-07 18:51:37
Entry Point 0x00001DBA
Number of sections 6
PE sections
Overlays
MD5 a8a6515820a7bd87e891580daaab9ab4
File type data
Offset 262144
Size 512
Entropy 7.58
PE imports
RegCreateKeyExW
SetBkColor
Polyline
lstrcpynW
SetCurrentDirectoryW
GetModuleFileNameW
SetCommState
GetSystemDirectoryW
CreateFileW
GetCommandLineW
GetOEMCP
LCMapStringA
GetStartupInfoW
DeleteFileW
GetModuleFileNameA
GetModuleHandleW
Ord(3820)
Ord(2438)
Ord(4621)
Ord(537)
Ord(5298)
Ord(2980)
Ord(6371)
Ord(5237)
Ord(4073)
Ord(6048)
Ord(5257)
Ord(3733)
Ord(755)
Ord(5727)
Ord(3744)
Ord(4616)
Ord(6370)
Ord(815)
Ord(3257)
Ord(922)
Ord(641)
Ord(3917)
Ord(2506)
Ord(2388)
Ord(3076)
Ord(3142)
Ord(5285)
Ord(4667)
Ord(825)
Ord(5571)
Ord(5710)
Ord(4124)
Ord(839)
Ord(5276)
Ord(4401)
Ord(540)
Ord(4692)
Ord(1767)
Ord(2371)
Ord(4480)
Ord(4229)
Ord(2047)
Ord(2504)
Ord(800)
Ord(5157)
Ord(1569)
Ord(470)
Ord(5261)
Ord(3074)
Ord(2613)
Ord(3592)
Ord(465)
Ord(4269)
Ord(2977)
Ord(2116)
Ord(4418)
Ord(4831)
Ord(538)
Ord(850)
Ord(858)
Ord(4992)
Ord(464)
Ord(4459)
Ord(2377)
Ord(3825)
Ord(4419)
Ord(4074)
Ord(2640)
Ord(1089)
Ord(3254)
Ord(1165)
Ord(3341)
Ord(5273)
Ord(2971)
Ord(4347)
Ord(324)
Ord(5296)
Ord(4704)
Ord(3793)
Ord(3826)
Ord(5193)
Ord(4847)
Ord(1720)
Ord(4075)
Ord(433)
Ord(5679)
Ord(1131)
Ord(2546)
Ord(4435)
Ord(5303)
Ord(2717)
Ord(561)
Ord(4028)
Ord(434)
Ord(6372)
Ord(3131)
Ord(5059)
Ord(4370)
Ord(1202)
_except_handler3
__p__fmode
__CxxFrameHandler
__wgetmainargs
_exit
__p__commode
__setusermatherr
__dllonexit
_onexit
exit
_XcptFilter
_initterm
_controlfp
_wcmdln
_adjust_fdiv
__set_app_type
VariantClear
GetSystemMetrics
SetWindowLongW
GetClientRect
SendMessageW
TrackPopupMenu
EnableWindow
DrawIcon
DefWindowProcW
GetWindowPlacement
MessageBoxA
SetWindowLongA
GetWindowTextA
IsIconic
Number of PE resources by type
RT_DIALOG 2
RT_ICON 1
RT_STRING 1
27 1
RT_GROUP_ICON 1
Number of PE resources by language
NEUTRAL 3
FRENCH CANADIAN 1
FRENCH SWISS 1
GREEK DEFAULT 1
PE resources
ExifTool file metadata
MIMEType
application/octet-stream

Subsystem
Windows GUI

MachineType
Intel 386 or later, and compatibles

FileTypeExtension
exe

TimeStamp
2015:07:07 19:51:37+01:00

FileType
Win32 EXE

PEType
PE32

CodeSize
8192

LinkerVersion
6.0

EntryPoint
0x1dba

InitializedDataSize
249856

SubsystemVersion
4.0

ImageVersion
0.0

OSVersion
4.0

UninitializedDataSize
0

File identification
MD5 9a27b5777611acba8e2c14ae59e7c70d
SHA1 8c96611f849db05a49a0b40cfa48a764bae3fb72
SHA256 b94b3049bdfa082c7d536e833dea4746e9ed124cdab8b0da5be43a4b6df1fbf1
ssdeep
6144:3bj1lv8Cg3AGDpd2ZaglqupzG6iIER6tQS:NlvlWFYvc8KKZ

authentihash 8533ed471127582f8b017310f3b45bf42374d5efef1d9eb73f74910074f3ce5b
imphash 0a274c5d333aa95e832cc4b84514e41e
File size 256.5 KB ( 262656 bytes )
File type Win32 EXE
Magic literal
PE32 executable for MS Windows (GUI) Intel 80386 32-bit

TrID Win32 Dynamic Link Library (generic) (43.5%)
Win32 Executable (generic) (29.8%)
Generic Win/DOS Executable (13.2%)
DOS Executable Generic (13.2%)
Autodesk FLIC Image File (extensions: flc, fli, cel) (0.0%)
Tags
peexe overlay

VirusTotal metadata
First submission 2015-07-11 05:11:00 UTC ( 3 years, 8 months ago )
Last submission 2015-07-11 05:11:00 UTC ( 3 years, 8 months ago )
File names B94B3049BDFA082C7D536E833DEA4746E9ED124CDAB8B0DA5BE43A4B6DF1FBF1.EXE
Advanced heuristic and reputation engines
TrendMicro-HouseCall
TrendMicro's heuristic engine has flagged this file as: TROJ_GEN.R047C0FGD15.

Symantec reputation Suspicious.Insight
No comments. No VirusTotal Community member has commented on this item yet, be the first one to do so!

Leave your comment...

?
Post comment

You have not signed in. Only registered users can leave comments, sign in and have a voice!

No votes. No one has voted on this item yet, be the first one to do so!
Condensed report! The following is a condensed report of the behaviour of the file when executed in a controlled environment. The actions and events described were either performed by the file itself or by any other process launched by the executed file or subjected to code injection by the executed file.
Opened files
Read files
Written files
Created processes
Code injections in the following processes
Opened mutexes
Runtime DLLs