× Cookies are disabled! This site requires cookies to be enabled to work properly
VirusTotal
SHA256: b9aec91341dfbf4c13f5b4b040aa87eec1c439c2d5ec24002dac51e99e0bf998
File name: 11a70cbb9c539fa457f61e8d26d7531f
Detection ratio: 34 / 57
Analysis date: 2016-10-18 13:12:21 UTC ( 2 years, 4 months ago )
Antivirus Result Update
Ad-Aware Backdoor.Generic.1002223 20161018
AegisLab W32.W.Ngrbot.mDuH 20161018
AhnLab-V3 Backdoor/Win32.Androm.N2132223011 20161018
ALYac Backdoor.Generic.1002223 20161018
Arcabit Backdoor.Generic.DF4AEF 20161018
Avast Win32:Trojan-gen 20161018
AVG BackDoor.Generic19.AXUC 20161018
Avira (no cloud) TR/Crypt.Xpack.tnvnr 20161018
AVware Trojan.Win32.Generic!BT 20161018
Baidu Win32.Trojan.WisdomEyes.16070401.9500.9985 20161018
BitDefender Backdoor.Generic.1002223 20161018
Bkav HW32.Packed.4942 20161018
CrowdStrike Falcon (ML) malicious_confidence_100% (D) 20160725
DrWeb Trojan.PWS.Papras.2166 20161018
Emsisoft Backdoor.Generic.1002223 (B) 20161018
ESET-NOD32 a variant of Win32/Kryptik.FIBP 20161018
F-Secure Backdoor.Generic.1002223 20161018
Fortinet W32/Kryptik.FIBP!tr 20161018
GData Backdoor.Generic.1002223 20161018
Ikarus Backdoor.Win32.Vawtrak 20161018
Sophos ML trojan.win32.lethic.b 20160928
K7GW Trojan ( 004fae531 ) 20161018
Kaspersky Backdoor.Win32.Androm.lcsg 20161018
McAfee RDN/Generic BackDoor 20161018
McAfee-GW-Edition BehavesLike.Win32.PWSZbot.dh 20161018
Microsoft Backdoor:Win32/Vawtrak.E 20161018
eScan Backdoor.Generic.1002223 20161018
Panda Trj/Genetic.gen 20161017
Qihoo-360 HEUR/QVM10.1.0000.Malware.Gen 20161018
Sophos AV Mal/Generic-S 20161018
Symantec Trojan.Gen 20161018
TrendMicro TROJ_GEN.R072C0DJH16 20161018
TrendMicro-HouseCall TROJ_GEN.R072C0DJH16 20161018
VIPRE Trojan.Win32.Generic!BT 20161018
Alibaba 20161018
Antiy-AVL 20161018
CAT-QuickHeal 20161018
ClamAV 20161018
CMC 20161018
Comodo 20161018
Cyren 20161018
F-Prot 20161018
Jiangmin 20161018
K7AntiVirus 20161018
Kingsoft 20161018
Malwarebytes 20161018
NANO-Antivirus 20161018
nProtect 20161018
Rising 20161018
SUPERAntiSpyware 20161018
Tencent 20161018
TheHacker 20161018
TotalDefense 20161018
VBA32 20161018
ViRobot 20161018
Yandex 20161018
Zillya 20161018
Zoner 20161018
The file being studied is a Portable Executable file! More specifically, it is a Win32 EXE file for the Windows GUI subsystem.
PE header basic information
Target machine Intel 386 or later processors and compatible processors
Compilation timestamp 2016-10-05 19:30:42
Entry Point 0x00003838
Number of sections 4
PE sections
PE imports
[+] ADVAPI32.dll
RegCreateKeyExW
RegCloseKey
OpenServiceW
AdjustTokenPrivileges
ControlService
InitializeAcl
LookupPrivilegeValueW
RegEnumKeyW
RegDeleteKeyW
InitiateSystemShutdownExW
RegQueryValueExW
SetSecurityDescriptorDacl
CloseServiceHandle
OpenProcessToken
QueryServiceStatus
RegOpenKeyExW
CreateServiceW
GetTokenInformation
RegEnumKeyExW
OpenThreadToken
GetLengthSid
RegDeleteValueW
StartServiceW
RegSetValueExW
FreeSid
OpenSCManagerW
AllocateAndInitializeSid
InitializeSecurityDescriptor
EqualSid
AddAce
[+] GDI32.dll
SelectObject
LineTo
SetBkMode
MoveToEx
CreatePen
GetStockObject
CreateSolidBrush
PatBlt
CreateRoundRectRgn
DeleteObject
SetTextColor
[+] KERNEL32.dll
GetStdHandle
GetDriveTypeW
GetConsoleOutputCP
FileTimeToSystemTime
WaitForSingleObject
GetFileAttributesW
FreeEnvironmentStringsA
DeleteCriticalSection
GetCurrentProcess
GetConsoleMode
GetLocaleInfoA
LocalAlloc
LoadLibraryExW
FreeEnvironmentStringsW
GetLocaleInfoW
SetStdHandle
WideCharToMultiByte
LoadLibraryW
GetStringTypeA
WriteFile
GetSystemTimeAsFileTime
GlobalMemoryStatusEx
HeapReAlloc
GetStringTypeW
GetOEMCP
LocalFree
FormatMessageW
ResumeThread
GetTimeZoneInformation
OutputDebugStringW
FindClose
TlsGetValue
QueryDosDeviceW
FormatMessageA
SetFileAttributesW
GetEnvironmentVariableW
SetLastError
DeviceIoControl
InitializeCriticalSection
WriteProcessMemory
LoadResource
GetModuleFileNameW
IsDebuggerPresent
ExitProcess
GetModuleFileNameA
EnumSystemLocalesA
UnhandledExceptionFilter
InterlockedDecrement
MultiByteToWideChar
LeaveCriticalSection
GetModuleHandleA
CreateThread
SetEnvironmentVariableW
MoveFileExW
GetSystemDirectoryW
SetUnhandledExceptionFilter
ExitThread
SetEnvironmentVariableA
TerminateProcess
CreateSemaphoreW
WriteConsoleA
GlobalAlloc
LocalFileTimeToFileTime
SetEndOfFile
GetCurrentThreadId
GetProcAddress
WriteConsoleW
InitializeCriticalSectionAndSpinCount
HeapFree
EnterCriticalSection
SetHandleCount
TerminateThread
lstrcmpiA
GetVersionExW
GetExitCodeProcess
QueryPerformanceCounter
GetTickCount
TlsAlloc
VirtualProtect
FlushFileBuffers
LoadLibraryA
RtlUnwind
FreeLibrary
GetStartupInfoA
GetWindowsDirectoryW
GetFileSize
SetErrorMode
GetStartupInfoW
SetEvent
DeleteFileW
GlobalLock
GetProcessHeap
CreateFileMappingW
CompareStringW
RemoveDirectoryW
GetFileInformationByHandle
FindNextFileW
CreateDirectoryW
ResetEvent
FindFirstFileW
IsValidLocale
DuplicateHandle
GetUserDefaultLCID
GetProcessAffinityMask
CreateEventW
CreateFileW
CreateEventA
GetFileType
TlsSetValue
CreateFileA
HeapAlloc
InterlockedIncrement
GetLastError
SystemTimeToFileTime
LCMapStringW
GetShortPathNameW
UnmapViewOfFile
GetSystemInfo
GlobalFree
GetConsoleCP
LCMapStringA
GetEnvironmentStringsW
GlobalUnlock
CreateProcessW
GetEnvironmentStrings
GetCurrentDirectoryW
GetCurrentProcessId
LockResource
SetFileTime
GetCommandLineW
GetCPInfo
HeapSize
GetCommandLineA
GetCurrentThread
ExpandEnvironmentStringsW
RaiseException
CompareStringA
ReleaseSemaphore
MapViewOfFile
TlsFree
SetFilePointer
ReadFile
CloseHandle
GetACP
GetModuleHandleW
FreeResource
SizeofResource
IsValidCodePage
HeapCreate
FindResourceW
VirtualFree
Sleep
VirtualAlloc
CreateHardLinkW
[+] SHELL32.dll
SHGetSpecialFolderPathW
SHCreateDirectoryExW
[+] USER32.dll
SetWindowRgn
BeginPaint
DefWindowProcW
KillTimer
GetMessageW
PostQuitMessage
GetSystemMetrics
MessageBoxW
EndPaint
MoveWindow
TranslateMessage
PostMessageW
DispatchMessageW
SendMessageW
UnregisterClassW
SetWindowTextW
AllowSetForegroundWindow
DrawTextW
InvalidateRect
SetTimer
GetClientRect
LoadCursorW
LoadIconW
CreateWindowExW
RegisterClassExW
Number of PE resources by type
RT_MANIFEST 1
Number of PE resources by language
NEUTRAL 1
PE resources
ExifTool file metadata
MIMEType
application/octet-stream

Subsystem
Windows GUI

MachineType
Intel 386 or later, and compatibles

TimeStamp
2016:10:05 20:30:42+01:00

FileType
Win32 EXE

PEType
PE32

CodeSize
37888

LinkerVersion
9.0

FileTypeExtension
exe

InitializedDataSize
280064

SubsystemVersion
5.0

EntryPoint
0x3838

OSVersion
5.0

ImageVersion
0.0

UninitializedDataSize
0

File identification
MD5 11a70cbb9c539fa457f61e8d26d7531f
SHA1 101e75e61bbfb4943dc988b7669838c1a6de93a2
SHA256 b9aec91341dfbf4c13f5b4b040aa87eec1c439c2d5ec24002dac51e99e0bf998
ssdeep
3072:VJVXARzC+9QgIKfmGT6cVfm8/0l8tdUFm9eCf4qoVbbclG4Pi+u3iBnl+tbl9U/E:V3CzZEY6kumm8kWl4qo9O7m3DqV6zh

authentihash e58ee837c5398be1689210d839b017c13d4cc0381961c2e6cfb39146ec653711
imphash 00d1762c53c425141d896dfbe3a2f117
File size 236.0 KB ( 241664 bytes )
File type Win32 EXE
Magic literal
PE32 executable for MS Windows (GUI) Intel 80386 32-bit

TrID Win32 Executable MS Visual C++ (generic) (67.4%)
Win32 Dynamic Link Library (generic) (14.2%)
Win32 Executable (generic) (9.7%)
Generic Win/DOS Executable (4.3%)
DOS Executable Generic (4.3%)
Tags
peexe

VirusTotal metadata
First submission 2016-10-18 13:12:21 UTC ( 2 years, 4 months ago )
Last submission 2016-10-18 13:12:21 UTC ( 2 years, 4 months ago )
No comments. No VirusTotal Community member has commented on this item yet, be the first one to do so!
More comments

Leave your comment...

?
Post comment

You have not signed in. Only registered users can leave comments, sign in and have a voice!

Sign in Join the community
No votes. No one has voted on this item yet, be the first one to do so!
More votes
Condensed report! The following is a condensed report of the behaviour of the file when executed in a controlled environment. The actions and events described were either performed by the file itself or by any other process launched by the executed file or subjected to code injection by the executed file.
Opened files
Read files
Written files
Code injections in the following processes
Created mutexes
Runtime DLLs
Blog | Twitter | Contact us | ToS | Privacy policy