× Cookies are disabled! This site requires cookies to be enabled to work properly
SHA256: baf0ffc6c4acb9d40266061502b853d0bddc770fe8271ecb0517f909f842d781
File name: 74ca342b2df9e926155f181ce458ae494977a691
Detection ratio: 7 / 56
Analysis date: 2015-06-27 01:09:31 UTC ( 3 years, 9 months ago ) View latest
Antivirus Result Update
Avira (no cloud) TR/Crypt.Xpack.202480 20150627
Bkav HW32.Packed.F4C1 20150626
ESET-NOD32 Win32/Spy.Zbot.ACB 20150627
Kaspersky UDS:DangerousObject.Multi.Generic 20150627
Malwarebytes Backdoor.Bot 20150627
McAfee-GW-Edition BehavesLike.Win32.Downloader.dc 20150626
TrendMicro-HouseCall TROJ_CRYPWALL.SMF 20150627
Ad-Aware 20150627
AegisLab 20150626
Yandex 20150626
AhnLab-V3 20150626
Alibaba 20150626
ALYac 20150627
Antiy-AVL 20150626
Arcabit 20150627
Avast 20150627
AVG 20150626
AVware 20150627
Baidu-International 20150626
BitDefender 20150627
ByteHero 20150627
CAT-QuickHeal 20150626
ClamAV 20150626
Comodo 20150627
Cyren 20150627
DrWeb 20150627
Emsisoft 20150627
F-Prot 20150626
F-Secure 20150626
Fortinet 20150626
GData 20150627
Ikarus 20150626
Jiangmin 20150626
K7AntiVirus 20150626
K7GW 20150626
Kingsoft 20150627
McAfee 20150627
Microsoft 20150627
eScan 20150627
NANO-Antivirus 20150626
nProtect 20150626
Panda 20150626
Qihoo-360 20150627
Rising 20150626
Sophos AV 20150626
SUPERAntiSpyware 20150627
Symantec 20150627
Tencent 20150627
TheHacker 20150626
TotalDefense 20150626
TrendMicro 20150627
VBA32 20150626
VIPRE 20150627
ViRobot 20150627
Zillya 20150626
Zoner 20150627
The file being studied is a Portable Executable file! More specifically, it is a Win32 EXE file for the Windows GUI subsystem.
PE header basic information
Target machine Intel 386 or later processors and compatible processors
Compilation timestamp 2015-06-25 13:48:54
Entry Point 0x0000437F
Number of sections 4
PE sections
Overlays
MD5 a8a6515820a7bd87e891580daaab9ab4
File type data
Offset 266240
Size 512
Entropy 7.58
PE imports
ImageList_ReplaceIcon
GetStartupInfoA
GetModuleHandleA
FindFirstFileA
GetDriveTypeA
CreateFileA
FindClose
CloseHandle
GetLogicalDrives
FindNextFileA
GetModuleFileNameA
Ord(1775)
Ord(3998)
Ord(4080)
Ord(537)
Ord(4710)
Ord(3597)
Ord(527)
Ord(3136)
Ord(4524)
Ord(554)
Ord(1842)
Ord(5237)
Ord(4303)
Ord(5577)
Ord(5259)
Ord(1089)
Ord(6375)
Ord(4403)
Ord(4589)
Ord(3798)
Ord(6052)
Ord(3259)
Ord(2252)
Ord(5290)
Ord(2446)
Ord(5214)
Ord(5301)
Ord(807)
Ord(4163)
Ord(5856)
Ord(4964)
Ord(6215)
Ord(547)
Ord(536)
Ord(2915)
Ord(2652)
Ord(815)
Ord(2723)
Ord(366)
Ord(922)
Ord(641)
Ord(2494)
Ord(796)
Ord(4532)
Ord(5277)
Ord(2514)
Ord(4953)
Ord(4425)
Ord(4272)
Ord(3454)
Ord(4696)
Ord(4441)
Ord(4284)
Ord(1134)
Ord(941)
Ord(4465)
Ord(4108)
Ord(2862)
Ord(5300)
Ord(2379)
Ord(3797)
Ord(6175)
Ord(338)
Ord(1669)
Ord(4627)
Ord(1168)
Ord(3738)
Ord(4853)
Ord(384)
Ord(1942)
Ord(2982)
Ord(3481)
Ord(617)
Ord(3172)
Ord(4526)
Ord(4507)
Ord(4234)
Ord(825)
Ord(3081)
Ord(5199)
Ord(5307)
Ord(4242)
Ord(4823)
Ord(2390)
Ord(2542)
Ord(4424)
Ord(540)
Ord(5076)
Ord(4078)
Ord(3059)
Ord(2554)
Ord(4376)
Ord(6376)
Ord(5282)
Ord(4614)
Ord(2117)
Ord(3350)
Ord(1727)
Ord(823)
Ord(813)
Ord(2725)
Ord(4998)
Ord(5472)
Ord(2096)
Ord(4457)
Ord(800)
Ord(3749)
Ord(4610)
Ord(4899)
Ord(4427)
Ord(4274)
Ord(5261)
Ord(4079)
Ord(3058)
Ord(1146)
Ord(5100)
Ord(3147)
Ord(2124)
Ord(535)
Ord(2621)
Ord(4892)
Ord(2879)
Ord(1726)
Ord(4077)
Ord(4508)
Ord(6336)
Ord(4890)
Ord(3748)
Ord(3262)
Ord(5653)
Ord(674)
Ord(975)
Ord(1576)
Ord(5243)
Ord(5252)
Ord(4353)
Ord(2583)
Ord(4244)
Ord(5065)
Ord(5253)
Ord(1665)
Ord(4407)
Ord(4426)
Ord(6117)
Ord(4204)
Ord(3346)
Ord(858)
Ord(2396)
Ord(4159)
Ord(6662)
Ord(3831)
Ord(520)
Ord(6374)
Ord(5280)
Ord(986)
Ord(4612)
Ord(3825)
Ord(2976)
Ord(2535)
Ord(303)
Ord(4613)
Ord(3198)
Ord(2985)
Ord(3922)
Ord(5240)
Ord(6080)
Ord(4151)
Ord(2649)
Ord(4000)
Ord(4436)
Ord(2818)
Ord(2510)
Ord(2626)
Ord(1776)
Ord(3399)
Ord(6000)
Ord(4623)
Ord(324)
Ord(296)
Ord(4238)
Ord(794)
Ord(3830)
Ord(5103)
Ord(2385)
Ord(4961)
Ord(4349)
Ord(2878)
Ord(6625)
Ord(3079)
Ord(2512)
Ord(652)
Ord(4387)
Ord(4723)
Ord(4420)
Ord(2055)
Ord(3996)
Ord(4837)
Ord(5241)
Ord(4129)
Ord(2399)
Ord(5012)
Ord(2648)
Ord(3303)
Ord(3065)
Ord(5714)
Ord(5289)
Ord(5910)
Ord(4545)
Ord(3734)
Ord(3403)
Ord(4277)
Ord(2820)
Ord(4615)
Ord(4622)
Ord(561)
Ord(1746)
Ord(4543)
Ord(4486)
Ord(924)
Ord(4529)
Ord(4341)
Ord(529)
Ord(4698)
Ord(4370)
Ord(2627)
Ord(4588)
Ord(5163)
Ord(6055)
Ord(6199)
Ord(5265)
Ord(5731)
Ord(4858)
Ord(5710)
Ord(4432)
Ord(5740)
Ord(5302)
Ord(1825)
Ord(4531)
Ord(1849)
_except_handler3
__p__fmode
__CxxFrameHandler
_acmdln
_exit
_adjust_fdiv
_mbscmp
_setmbcp
__dllonexit
_onexit
strcpy
exit
_XcptFilter
__getmainargs
_initterm
_controlfp
__p__commode
__setusermatherr
__set_app_type
SendMessageA
EnableWindow
GetClientRect
LoadIconA
UpdateWindow
Number of PE resources by type
RT_STRING 14
Struct(241) 2
RT_BITMAP 2
27 1
RT_DIALOG 1
RT_ICON 1
RT_MENU 1
RT_ACCELERATOR 1
RT_GROUP_ICON 1
Number of PE resources by language
ENGLISH US 21
NEUTRAL 3
PE resources
ExifTool file metadata
MIMEType
application/octet-stream

Subsystem
Windows GUI

MachineType
Intel 386 or later, and compatibles

FileTypeExtension
exe

TimeStamp
2015:06:25 14:48:54+01:00

FileType
Win32 EXE

PEType
PE32

CodeSize
16384

LinkerVersion
6.0

EntryPoint
0x437f

InitializedDataSize
245760

SubsystemVersion
4.0

ImageVersion
0.0

OSVersion
4.0

UninitializedDataSize
0

File identification
MD5 4cc42ade231c3aa7697bc9c8763b09bf
SHA1 74ca342b2df9e926155f181ce458ae494977a691
SHA256 baf0ffc6c4acb9d40266061502b853d0bddc770fe8271ecb0517f909f842d781
ssdeep
6144:EtFGps1U53qKZAu5/QUD4i0GX3e/V9zm0YIIwZvEax+NrNJVN4:EtFaqpq//uqO/V9zmFCiax+RNJVO

authentihash 6519f69d5919d3cbaf9f8c2818a6b80072882240b999371a571a4dc9dba83b01
imphash 6a73308ce28d069c0c1e9f2a9965cd5c
File size 260.5 KB ( 266752 bytes )
File type Win32 EXE
Magic literal
PE32 executable for MS Windows (GUI) Intel 80386 32-bit

TrID Win32 Executable MS Visual C++ (generic) (67.3%)
Win32 Dynamic Link Library (generic) (14.2%)
Win32 Executable (generic) (9.7%)
Generic Win/DOS Executable (4.3%)
DOS Executable Generic (4.3%)
Tags
peexe overlay

VirusTotal metadata
First submission 2015-06-27 01:09:31 UTC ( 3 years, 9 months ago )
Last submission 2015-06-27 01:09:31 UTC ( 3 years, 9 months ago )
Advanced heuristic and reputation engines
Symantec reputation Suspicious.Insight
No comments. No VirusTotal Community member has commented on this item yet, be the first one to do so!

Leave your comment...

?
Post comment

You have not signed in. Only registered users can leave comments, sign in and have a voice!

No votes. No one has voted on this item yet, be the first one to do so!
Condensed report! The following is a condensed report of the behaviour of the file when executed in a controlled environment. The actions and events described were either performed by the file itself or by any other process launched by the executed file or subjected to code injection by the executed file.
Opened files
Read files
Written files
Created processes
Code injections in the following processes
Opened mutexes
Runtime DLLs