× Cookies are disabled! This site requires cookies to be enabled to work properly
SHA256: bcda15e384994cce072c6aa69321fd22968b23616db6801ea96e5f3796b8c843
File name: 3dc5bc875a48be073d69a285730d7331
Detection ratio: 23 / 57
Analysis date: 2016-05-09 01:54:31 UTC ( 2 years, 9 months ago ) View latest
Antivirus Result Update
Ad-Aware Trojan.Generic.16740714 20160508
Arcabit Trojan.Generic.DFF716A 20160509
Avast Win32:Malware-gen 20160509
Avira (no cloud) TR/Crypt.ZPACK.euvl 20160508
AVware Trojan.Win32.Generic!BT 20160509
Baidu Win32.Trojan.WisdomEyes.151026.9950.9999 20160506
BitDefender Trojan.Generic.16740714 20160509
ESET-NOD32 a variant of Win32/Kryptik.EWBY 20160509
F-Secure Trojan.Generic.16740714 20160508
GData Trojan.Generic.16740714 20160509
K7GW Trojan ( 004ec5f11 ) 20160509
Kaspersky Trojan.Win32.Agent.nevchl 20160509
McAfee Artemis!3DC5BC875A48 20160508
McAfee-GW-Edition BehavesLike.Win32.Backdoor.ch 20160508
Microsoft Trojan:Win32/Dynamer!ac 20160509
eScan Trojan.Generic.16740714 20160509
Panda Trj/Genetic.gen 20160508
Qihoo-360 QVM20.1.Malware.Gen 20160509
Rising Malware.XPACK-HIE/Heur!1.9C48 20160508
Sophos AV Mal/Generic-S 20160508
Symantec Suspicious.Cloud.7.L 20160509
Tencent Win32.Trojan.Agent.Loif 20160509
VIPRE Trojan.Win32.Generic!BT 20160509
AegisLab 20160508
AhnLab-V3 20160508
Alibaba 20160508
ALYac 20160508
Antiy-AVL 20160508
AVG 20160509
Baidu-International 20160508
Bkav 20160506
CAT-QuickHeal 20160507
ClamAV 20160509
CMC 20160506
Comodo 20160508
Cyren 20160509
DrWeb 20160509
Emsisoft 20160503
F-Prot 20160509
Fortinet 20160509
Ikarus 20160508
Jiangmin 20160509
K7AntiVirus 20160508
Kingsoft 20160509
Malwarebytes 20160508
NANO-Antivirus 20160509
nProtect 20160504
SUPERAntiSpyware 20160508
TheHacker 20160508
TotalDefense 20160509
TrendMicro 20160509
TrendMicro-HouseCall 20160509
VBA32 20160505
ViRobot 20160508
Yandex 20160508
Zillya 20160508
Zoner 20160508
The file being studied is a Portable Executable file! More specifically, it is a Win32 EXE file for the Windows GUI subsystem.
PE header basic information
Target machine Intel 386 or later processors and compatible processors
Compilation timestamp 2013-08-18 21:42:37
Entry Point 0x0001F4F7
Number of sections 4
PE sections
PE imports
CoRegCleanup
SetupOpen
DowngradeAPL
ErrMsgParam
ErrMsg
CrackName
GetDriveTypeW
FileTimeToSystemTime
lstrlenA
CopyFileA
GetTickCount
LoadLibraryA
WaitForSingleObjectEx
GetStartupInfoA
GetWindowsDirectoryW
GetLocaleInfoA
Heap32First
CreateDirectoryA
GetDateFormatW
GetLongPathNameA
GetProcAddress
GetFileTime
ReadFile
CloseHandle
FindNextFileA
GetSystemDirectoryA
MoveFileExA
MoveFileA
WriteConsoleA
OpenEventW
GetLogicalDriveStringsW
InterlockedDecrement
IsBadStringPtrA
DefineDosDeviceA
CreateHardLinkW
SHGetFileInfoA
ShellAboutA
SHCreateShellItem
DragFinish
SHGetFolderLocation
SHChangeNotify
DuplicateIcon
DllUnregisterServer
DragQueryPoint
DragAcceptFiles
SHGetDataFromIDListA
DragQueryFileA
SHFileOperationA
SHGetMalloc
FindExecutableA
Number of PE resources by type
RT_RCDATA 1
SEPR 1
Number of PE resources by language
ENGLISH US 2
PE resources
Debug information
ExifTool file metadata
MIMEType
application/octet-stream

Subsystem
Windows GUI

MachineType
Intel 386 or later, and compatibles

FileTypeExtension
exe

TimeStamp
2013:08:18 22:42:37+01:00

FileType
Win32 EXE

PEType
PE32

CodeSize
129536

LinkerVersion
6.0

EntryPoint
0x1f4f7

InitializedDataSize
10240

SubsystemVersion
4.0

ImageVersion
0.0

OSVersion
4.0

UninitializedDataSize
0

Compressed bundles
File identification
MD5 3dc5bc875a48be073d69a285730d7331
SHA1 82698a0556564cb90b933d1d81be111664e98fa0
SHA256 bcda15e384994cce072c6aa69321fd22968b23616db6801ea96e5f3796b8c843
ssdeep
1536:ep61L39y1bXIdNoKbMZ4/gUou2cN44GHCvXKiX/1I2ZkG8hyDyIM8IepvdbTxm+P:G61jgZIdKH0prN442npUDyIMVGPW

authentihash 9d6d8e1f3efb3b7400ec3de99ddade194f69a77c22b2812796884a79ab1e56f5
imphash cabf582e7266284f3c23b147a8451501
File size 137.5 KB ( 140800 bytes )
File type Win32 EXE
Magic literal
PE32 executable for MS Windows (GUI) Intel 80386 32-bit

TrID Win32 Dynamic Link Library (generic) (38.4%)
Win32 Executable (generic) (26.3%)
OS/2 Executable (generic) (11.8%)
Generic Win/DOS Executable (11.6%)
DOS Executable Generic (11.6%)
Tags
peexe

VirusTotal metadata
First submission 2016-05-09 01:54:31 UTC ( 2 years, 9 months ago )
Last submission 2018-07-17 16:58:24 UTC ( 7 months ago )
File names FCBA.TMP
No comments. No VirusTotal Community member has commented on this item yet, be the first one to do so!

Leave your comment...

?
Post comment

You have not signed in. Only registered users can leave comments, sign in and have a voice!

No votes. No one has voted on this item yet, be the first one to do so!
Condensed report! The following is a condensed report of the behaviour of the file when executed in a controlled environment. The actions and events described were either performed by the file itself or by any other process launched by the executed file or subjected to code injection by the executed file.
Opened files
Read files
Written files
Moved files
Deleted files
Created processes
Code injections in the following processes
Created mutexes
Opened mutexes
Opened service managers
Opened services
Runtime DLLs
HTTP requests
DNS requests
TCP connections
UDP communications