× Cookies are disabled! This site requires cookies to be enabled to work properly
SHA256: bb0f17417ce646d6c116103c6650d2e6aa9f5083a4ff607bcbf4110687eb6acb
File name: 17cdcddcdcdcdccdeeee.exe
Detection ratio: 45 / 57
Analysis date: 2016-09-30 07:46:47 UTC ( 2 years, 4 months ago ) View latest
Antivirus Result Update
Ad-Aware Gen:Variant.Coantor.35 20160930
AegisLab Troj.W32.Garrun!c 20160930
AhnLab-V3 Trojan/Win32.Garrun.N2089063796 20160930
ALYac Gen:Variant.Coantor.35 20160930
Antiy-AVL Trojan/Win32.Garrun 20160930
Arcabit Trojan.Coantor.35 20160930
Avast Win32:Malware-gen 20160930
AVG Generic_r.MSU 20160930
Avira (no cloud) TR/Crypt.Xpack.fixz 20160930
AVware Trojan.Win32.Generic!BT 20160930
Baidu Win32.Trojan.Kryptik.arg 20160930
BitDefender Gen:Variant.Coantor.35 20160930
Bkav W32.FamVT.RazyNHmA.Trojan 20160930
CAT-QuickHeal Trojan.Lethic 20160930
CrowdStrike Falcon (ML) malicious_confidence_100% (W) 20160725
Cyren W32/S-e2e07e9d!Eldorado 20160930
DrWeb Trojan.PWS.Steam.12079 20160930
Emsisoft Gen:Variant.Coantor.35 (B) 20160930
ESET-NOD32 a variant of Win32/Kryptik.FFHA 20160930
F-Prot W32/S-e2e07e9d!Eldorado 20160926
F-Secure Gen:Variant.Coantor.35 20160930
Fortinet W32/Garrun.CSU!tr 20160930
GData Gen:Variant.Coantor.35 20160930
Sophos ML trojan.win32.lethic.b 20160928
Jiangmin Trojan.Garrun.kf 20160930
K7AntiVirus Trojan ( 004f6eb91 ) 20160930
K7GW Trojan ( 004f6eb91 ) 20160930
Kaspersky Trojan.Win32.Garrun.csw 20160930
Malwarebytes Backdoor.Andromeda 20160930
McAfee GenericR-ILC!02CB9995542E 20160930
McAfee-GW-Edition BehavesLike.Win32.PWSZbot.ch 20160929
Microsoft Trojan:Win32/Lethic.B 20160930
eScan Gen:Variant.Coantor.35 20160930
NANO-Antivirus Trojan.Win32.Xpack.efwony 20160930
Panda Trj/Genetic.gen 20160929
Qihoo-360 HEUR/QVM09.0.6023.Malware.Gen 20160930
Sophos AV Mal/Generic-S 20160930
SUPERAntiSpyware Trojan.Agent/Gen-Kryptik 20160930
Symantec Trojan Horse 20160930
Tencent Win32.Trojan.Garrun.Fih 20160930
TrendMicro TROJ_GEN.R021C0DHS16 20160930
TrendMicro-HouseCall TROJ_GEN.R021C0DHS16 20160930
VIPRE Trojan.Win32.Generic!BT 20160930
Yandex Trojan.Garrun! 20160929
Zillya Trojan.Garrun.Win32.1242 20160929
Alibaba 20160930
ClamAV 20160930
CMC 20160928
Comodo 20160930
Ikarus 20160929
Kingsoft 20160930
nProtect 20160930
Rising 20160930
TheHacker 20160930
VBA32 20160929
ViRobot 20160930
Zoner 20160930
The file being studied is a Portable Executable file! More specifically, it is a Win32 EXE file for the Windows GUI subsystem.
PE header basic information
Target machine Intel 386 or later processors and compatible processors
Compilation timestamp 2016-08-25 07:10:50
Entry Point 0x00004262
Number of sections 4
PE sections
PE imports
RegDeleteKeyA
RegCloseKey
RegQueryValueExA
RegSetValueExA
RegDeleteValueA
RegCreateKeyExA
RegOpenKeyExA
RegEnumKeyA
RegEnumValueA
GetStdHandle
GetConsoleOutputCP
GetFileAttributesA
HeapDestroy
GetFileAttributesW
FreeEnvironmentStringsA
DeleteCriticalSection
GetCurrentProcess
GetConsoleMode
GetLocaleInfoA
FreeEnvironmentStringsW
GetLocaleInfoW
SetStdHandle
GetCPInfo
GetStringTypeA
WriteFile
GetSystemTimeAsFileTime
HeapReAlloc
GetStringTypeW
SetFileAttributesA
FreeLibrary
MoveFileA
InitializeCriticalSection
TlsGetValue
SetFileAttributesW
SetLastError
IsDebuggerPresent
HeapAlloc
GetVersionExA
GetModuleFileNameA
EnumSystemLocalesA
UnhandledExceptionFilter
InterlockedDecrement
MultiByteToWideChar
GetModuleHandleA
SetUnhandledExceptionFilter
SetEnvironmentVariableA
TerminateProcess
WriteConsoleA
SetEndOfFile
GetCurrentThreadId
LeaveCriticalSection
WriteConsoleW
HeapFree
EnterCriticalSection
SetHandleCount
GetOEMCP
QueryPerformanceCounter
GetTickCount
TlsAlloc
FlushFileBuffers
LoadLibraryA
RtlUnwind
GetStartupInfoA
GetFullPathNameA
GetUserDefaultLCID
GetProcessHeap
CompareStringW
CompareStringA
IsValidLocale
GetProcAddress
GetTimeZoneInformation
CreateFileW
GetFileType
TlsSetValue
CreateFileA
ExitProcess
InterlockedIncrement
GetLastError
DosDateTimeToFileTime
LCMapStringW
GetConsoleCP
LCMapStringA
GetEnvironmentStringsW
IsDBCSLeadByte
GetEnvironmentStrings
GetCurrentProcessId
SetFileTime
GetCurrentDirectoryA
HeapSize
GetCommandLineA
RaiseException
TlsFree
SetFilePointer
ReadFile
GlobalFlags
CloseHandle
GetACP
WideCharToMultiByte
IsValidCodePage
HeapCreate
VirtualFree
Sleep
VirtualAlloc
SHGetFileInfoA
SHGetSpecialFolderLocation
SHBrowseForFolderA
SHGetPathFromIDListA
ShellExecuteA
SHFileOperationA
EndDialog
KillTimer
SetProcessDefaultLayout
ShowWindow
SetWindowPos
CharToOemBuffA
MessageBoxW
DispatchMessageA
EnableWindow
PostMessageA
CharUpperW
DialogBoxParamW
MessageBoxA
SetWindowLongA
wvsprintfA
TranslateMessage
DialogBoxParamA
GetWindow
CharUpperA
SetWindowTextA
LoadStringA
GetSystemMetrics
SendMessageA
LoadStringW
SetWindowTextW
GetDlgItem
IsWindow
GetWindowLongA
FindWindowExA
SetTimer
GetClientRect
CopyRect
OemToCharBuffA
GetWindowTextA
DestroyWindow
Number of PE resources by type
RT_DIALOG 12
RT_MANIFEST 1
Number of PE resources by language
ENGLISH US 12
ENGLISH AUS 1
PE resources
ExifTool file metadata
MIMEType
application/octet-stream

Subsystem
Windows GUI

MachineType
Intel 386 or later, and compatibles

FileTypeExtension
exe

TimeStamp
2016:08:25 08:10:50+01:00

FileType
Win32 EXE

PEType
PE32

CodeSize
89088

LinkerVersion
9.0

EntryPoint
0x4262

InitializedDataSize
93696

SubsystemVersion
5.0

ImageVersion
0.0

OSVersion
5.0

UninitializedDataSize
0

File identification
MD5 02cb9995542e45d300679b81c6fa69e7
SHA1 aa332a19cbd8ac78c24d5ad178048145a50e1c25
SHA256 bb0f17417ce646d6c116103c6650d2e6aa9f5083a4ff607bcbf4110687eb6acb
ssdeep
1536:Bh7hMOVawgfgOwNow3MhUGl+YmPpElNeHfwpk0AoG1RC/ayyAad9+XrDZSZBs48r:BhSbgOw0RmqCoJ1vad9+Xr1p48SRhaV

authentihash 44b480c7876d61592720bbd06bc5577cfc4e2f128fdcd4277a336829b43fc6d8
imphash 7d72ae52b2364839863c994ff3737d90
File size 148.5 KB ( 152064 bytes )
File type Win32 EXE
Magic literal
PE32 executable for MS Windows (GUI) Intel 80386 32-bit

TrID Win32 Executable MS Visual C++ (generic) (41.0%)
Win64 Executable (generic) (36.3%)
Win32 Dynamic Link Library (generic) (8.6%)
Win32 Executable (generic) (5.9%)
OS/2 Executable (generic) (2.6%)
Tags
peexe

VirusTotal metadata
First submission 2016-08-25 07:40:49 UTC ( 2 years, 5 months ago )
Last submission 2016-08-25 07:40:49 UTC ( 2 years, 5 months ago )
File names 17cdcddcdcdcdccdeeee.exe
svckost37.exe
No comments. No VirusTotal Community member has commented on this item yet, be the first one to do so!

Leave your comment...

?
Post comment

You have not signed in. Only registered users can leave comments, sign in and have a voice!

No votes. No one has voted on this item yet, be the first one to do so!
Condensed report! The following is a condensed report of the behaviour of the file when executed in a controlled environment. The actions and events described were either performed by the file itself or by any other process launched by the executed file or subjected to code injection by the executed file.
Runtime DLLs
UDP communications