× Cookies are disabled! This site requires cookies to be enabled to work properly
SHA256: bcb37ecb919c5304becfdfda4add502e000de058594a6ed4d80967c088be2ba4
File name: malware3.exe
Detection ratio: 7 / 56
Analysis date: 2016-05-16 12:36:29 UTC ( 3 years ago ) View latest
Antivirus Result Update
Baidu Win32.Trojan.WisdomEyes.151026.9950.9998 20160516
McAfee-GW-Edition BehavesLike.Win32.Ransomware.ch 20160516
Qihoo-360 QVM20.1.Malware.Gen 20160516
Rising Malware.XPACK-HIE/Heur!1.9C48 20160516
Symantec Suspicious.Cloud.7.F 20160516
VBA32 BScope.Trojan-Dropper.Injector 20160516
Zillya Trojan.PCryptGen.Win32.4 20160516
Ad-Aware 20160516
AegisLab 20160516
AhnLab-V3 20160516
Alibaba 20160516
ALYac 20160516
Antiy-AVL 20160516
Arcabit 20160516
Avast 20160516
AVG 20160516
Avira (no cloud) 20160516
AVware 20160511
Baidu-International 20160516
BitDefender 20160516
Bkav 20160514
CAT-QuickHeal 20160516
ClamAV 20160516
CMC 20160516
Comodo 20160516
Cyren 20160516
DrWeb 20160516
Emsisoft 20160516
ESET-NOD32 20160516
F-Prot 20160516
F-Secure 20160516
Fortinet 20160516
GData 20160516
Ikarus 20160516
Jiangmin 20160516
K7AntiVirus 20160516
K7GW 20160516
Kaspersky 20160516
Kingsoft 20160516
Malwarebytes 20160516
McAfee 20160516
Microsoft 20160516
eScan 20160516
NANO-Antivirus 20160516
nProtect 20160516
Panda 20160515
Sophos AV 20160516
SUPERAntiSpyware 20160516
Tencent 20160516
TheHacker 20160516
TrendMicro 20160516
TrendMicro-HouseCall 20160516
VIPRE 20160516
ViRobot 20160516
Yandex 20160515
Zoner 20160516
The file being studied is a Portable Executable file! More specifically, it is a Win32 EXE file for the Windows GUI subsystem.
FileVersionInfo properties
Copyright
Copyright (C) 2007-2012 All rights Reserved.

File version 5, 1, 3, 0
PE header basic information
Target machine Intel 386 or later processors and compatible processors
Compilation timestamp 2016-05-16 08:59:05
Entry Point 0x0000757E
Number of sections 5
PE sections
PE imports
RegCreateKeyExW
RegCloseKey
RegCreateKeyW
OpenServiceW
ControlService
RegOpenKeyExW
DeleteService
RegQueryValueExW
GetNamedSecurityInfoW
RegOpenKeyA
RegisterEventSourceW
OpenProcessToken
DeregisterEventSource
RegEnumKeyW
SetTokenInformation
RegisterServiceCtrlHandlerExW
CreateServiceW
GetTokenInformation
DuplicateTokenEx
SetServiceStatus
BuildExplicitAccessWithNameW
CreateProcessAsUserW
SetEntriesInAclW
RevertToSelf
StartServiceW
RegSetValueExW
EnumDependentServicesW
OpenSCManagerW
ReportEventW
QueryServiceStatusEx
StartServiceCtrlDispatcherW
CloseServiceHandle
ChangeServiceConfigW
SetNamedSecurityInfoW
BeginPath
AnimatePalette
CloseFigure
ReplaceFileA
GetStdHandle
FileTimeToDosDateTime
FileTimeToSystemTime
GetFileAttributesA
WaitForSingleObject
GetDriveTypeA
HeapDestroy
SetFileTime
lstrcmpW
GetLocalTime
GetProfileIntA
DeleteCriticalSection
GetCurrentProcess
GetDriveTypeW
GetConsoleMode
GetLocaleInfoA
LocalAlloc
lstrcatA
SetErrorMode
FreeEnvironmentStringsW
GlobalFindAtomA
SetFileAttributesA
GetFileTime
FindResourceExA
GetCPInfo
lstrcmpiA
InterlockedExchange
WriteFile
GetSystemTimeAsFileTime
EnumResourceLanguagesA
GetDiskFreeSpaceA
GetStringTypeW
GetFullPathNameA
SetEvent
LocalFree
MoveFileA
ResumeThread
InitializeCriticalSection
LoadResource
GlobalHandle
InterlockedDecrement
FormatMessageA
GetStringTypeExA
SetLastError
GetUserDefaultUILanguage
LocalLock
GetUserDefaultLangID
GetModuleFileNameW
CopyFileA
HeapAlloc
FlushFileBuffers
RemoveDirectoryA
QueryPerformanceFrequency
HeapSetInformation
GetVolumeInformationA
LoadLibraryExA
GetPrivateProfileStringA
SetThreadPriority
UnhandledExceptionFilter
TlsGetValue
MultiByteToWideChar
FindNextChangeNotification
GetModuleHandleA
GlobalAddAtomW
CreateThread
GetSystemDirectoryW
GetSystemDefaultUILanguage
GlobalAddAtomA
SetUnhandledExceptionFilter
ConvertDefaultLocale
MulDiv
IsProcessorFeaturePresent
SetEnvironmentVariableA
SetPriorityClass
TerminateProcess
FindCloseChangeNotification
GetNumberFormatA
GlobalAlloc
LocalFileTimeToFileTime
SetEndOfFile
GetCurrentThreadId
GetProcAddress
SetCurrentDirectoryA
WriteConsoleW
InitializeCriticalSectionAndSpinCount
HeapFree
EnterCriticalSection
SetHandleCount
LoadLibraryW
FreeLibrary
QueryPerformanceCounter
GetTickCount
TlsAlloc
VirtualProtect
GetVersionExA
LoadLibraryA
RtlUnwind
GlobalSize
LeaveCriticalSection
UnlockFile
SystemTimeToFileTime
WinExec
GetFileSize
GlobalDeleteAtom
GetPrivateProfileIntA
CreateDirectoryA
DeleteFileA
GetWindowsDirectoryA
GetStartupInfoW
WaitForMultipleObjects
GetProcessHeap
CompareStringW
GetFileSizeEx
GlobalReAlloc
GetFileInformationByHandle
lstrcmpA
lstrcpyA
EnumResourceNamesA
CompareStringA
GetTempFileNameA
CreateFileMappingA
DuplicateHandle
ExpandEnvironmentStringsA
SuspendThread
GetCurrentDirectoryW
GetModuleFileNameA
GetTimeZoneInformation
CreateFileW
CreateEventA
IsDebuggerPresent
GetFileType
TlsSetValue
CreateFileA
LocalUnlock
InterlockedIncrement
GetLastError
LocalReAlloc
DosDateTimeToFileTime
LCMapStringW
FindFirstChangeNotificationA
GetSystemInfo
lstrlenA
GlobalFree
GetConsoleCP
GlobalGetAtomNameA
GetThreadLocale
GlobalUnlock
GetEnvironmentStringsW
GetTempPathA
LockFile
lstrlenW
GetShortPathNameA
OpenFile
FileTimeToLocalFileTime
SizeofResource
SearchPathA
WritePrivateProfileStringA
GetCurrentProcessId
LockResource
CompareFileTime
HeapQueryInformation
GetCurrentDirectoryA
HeapSize
SetStdHandle
GetCommandLineA
GetCurrentThread
EnumResourceTypesA
RaiseException
MapViewOfFile
TlsFree
SetFilePointer
GlobalFlags
AddAtomA
CloseHandle
lstrcpynA
GetACP
GlobalLock
GetModuleHandleW
GetVersion
FreeResource
FindResourceExW
CreateProcessA
WideCharToMultiByte
IsValidCodePage
HeapCreate
FindResourceW
Sleep
GetFileAttributesExA
FindResourceA
GetOEMCP
ResetEvent
GetModuleInformation
GetModuleFileNameExW
SHGetSpecialFolderPathW
SHEmptyRecycleBinW
PathFindFileNameW
PathFileExistsW
PathRemoveFileSpecW
PathQuoteSpacesW
StrStrIW
PathAppendW
PathCombineW
SetFocus
TrackPopupMenuEx
GetMonitorInfoW
GetParent
LoadIconA
DestroyWindow
EnumWindows
DefWindowProcW
KillTimer
DestroyMenu
TrackMouseEvent
GetMessageW
PostQuitMessage
ShowWindow
MessageBeep
LoadMenuW
SetWindowPos
RemoveMenu
GetWindowThreadProcessId
SetWindowLongW
IsWindow
PeekMessageW
GetWindowRect
EnableWindow
UnregisterClassA
EnumChildWindows
MapWindowPoints
AppendMenuW
GetWindowDC
DestroyCursor
CharNextW
IsWindowEnabled
GetWindow
PostMessageW
CharUpperA
DispatchMessageW
GetWindowLongW
GetCursorPos
ReleaseDC
UpdateLayeredWindow
CreatePopupMenu
SendMessageW
LoadStringA
TranslateAcceleratorW
PtInRect
IsWindowVisible
LoadStringW
SetWindowTextW
DrawTextW
CallWindowProcW
MonitorFromWindow
ScreenToClient
InvalidateRect
SetTimer
LoadImageW
GetClassNameW
GetKeyboardLayout
GetMenuItemCount
MonitorFromPoint
GetClientRect
GetWindowTextW
GetDesktopWindow
LoadCursorW
GetFocus
GetTopWindow
SetForegroundWindow
TranslateMessage
SetCursor
GetMenuItemInfoW
VerQueryValueW
WTSEnumerateSessionsW
WTSFreeMemory
_except_handler3
exit
_CIsin
_CIcos
__set_app_type
CoInitialize
Number of PE resources by type
RT_VERSION 1
Number of PE resources by language
ENGLISH US 1
PE resources
Debug information
ExifTool file metadata
SpecialBuild
2015.03.13

UninitializedDataSize
0

LinkerVersion
6.0

ImageVersion
0.0

FileVersionNumber
5.1.3.0

LanguageCode
English (U.S.)

FileFlagsMask
0x0000

ImageFileCharacteristics
Executable, No line numbers, No symbols, 32-bit

CharacterSet
Windows, Latin1

InitializedDataSize
96256

PrivateBuild
2015.01.13

EntryPoint
0x757e

MIMEType
application/octet-stream

LegalCopyright
Copyright (C) 2007-2012 All rights Reserved.

FileVersion
5, 1, 3, 0

TimeStamp
2016:05:16 09:59:05+01:00

FileType
Win32 EXE

PEType
PE32

ProductVersion
5, 1, 3, 0

SubsystemVersion
5.0

OSVersion
5.0

FileOS
Win32

Subsystem
Windows GUI

MachineType
Intel 386 or later, and compatibles

CompanyName
Accmeware Corporation

CodeSize
68608

FileSubtype
0

ProductVersionNumber
5.1.3.0

FileTypeExtension
exe

ObjectFileType
Executable application

Compressed bundles
File identification
MD5 a7f32cf81237c342200ac6bd21c31ac9
SHA1 2702f88c2f3223edc4f4808ca0c57291c21fd20c
SHA256 bcb37ecb919c5304becfdfda4add502e000de058594a6ed4d80967c088be2ba4
ssdeep
1536:ddeNqTkECPawtkDwqF3Q9GNyr++JZe8ZJe0lkfsRRVM4e9rh8muezQ:dd68k+3gjVi8ZamRVM1hlu

authentihash 14eaae7c6956fb9b3a8d37b5d6bad034755c0f3a5e115b96a46c356837bd7b83
imphash afcb00103323fa1c962d0ec7af89e1ba
File size 114.0 KB ( 116736 bytes )
File type Win32 EXE
Magic literal
PE32 executable for MS Windows (GUI) Intel 80386 32-bit

TrID Win64 Executable (generic) (61.7%)
Win32 Dynamic Link Library (generic) (14.7%)
Win32 Executable (generic) (10.0%)
OS/2 Executable (generic) (4.5%)
Generic Win/DOS Executable (4.4%)
Tags
peexe

VirusTotal metadata
First submission 2016-05-16 12:36:29 UTC ( 3 years ago )
Last submission 2018-10-09 16:31:22 UTC ( 7 months, 2 weeks ago )
File names malware3.exe
876jh5g4g4
YiZuek.xltm
a7f32cf81237c342200ac6bd21c31ac9.exe
a7f32cf81237c342200ac6bd21c31ac9
876jh5g4g4.exe
876jh5g4g4.exe
No comments. No VirusTotal Community member has commented on this item yet, be the first one to do so!

Leave your comment...

?
Post comment

You have not signed in. Only registered users can leave comments, sign in and have a voice!

No votes. No one has voted on this item yet, be the first one to do so!
Condensed report! The following is a condensed report of the behaviour of the file when executed in a controlled environment. The actions and events described were either performed by the file itself or by any other process launched by the executed file or subjected to code injection by the executed file.
Opened files
Read files
Written files
Moved files
Deleted files
Created processes
Shell commands
Code injections in the following processes
Created mutexes
Opened mutexes
Searched windows
Opened service managers
Opened services
Runtime DLLs
Additional details
The file uses the IsDebuggerPresent Windows API function in order to see whether it is being debugged.
HTTP requests
TCP connections