× Cookies are disabled! This site requires cookies to be enabled to work properly
SHA256: bd56609c386a6b5bc18254c7327d221af182193eee5008f6e405ab5c1215b070
File name: vir4.ttt
Detection ratio: 52 / 61
Analysis date: 2017-03-21 16:14:56 UTC ( 1 year, 3 months ago )
Antivirus Result Update
Ad-Aware Gen:Variant.Sirefef.433 20170321
AegisLab Troj.W32.Generic!c 20170321
AhnLab-V3 Win-Trojan/Inject.239104 20170321
ALYac Gen:Variant.Sirefef.433 20170321
Antiy-AVL Trojan[Backdoor]/Win32.ZAccess 20170321
Arcabit Trojan.Sirefef.433 20170321
Avast Win32:Evo-gen [Susp] 20170321
AVG ScreenLocker_s.KI 20170321
Avira (no cloud) BDS/ZAccess.2396164 20170321
AVware Trojan.Win32.Kryptik.yc (v) 20170321
BitDefender Gen:Variant.Sirefef.433 20170321
Bkav W32.MeylieLTG.Trojan 20170321
Comodo TrojWare.Win32.Kryptik.BMYG 20170321
CrowdStrike Falcon (ML) malicious_confidence_100% (D) 20170130
DrWeb Trojan.Siggen5.60587 20170321
Emsisoft Gen:Variant.Sirefef.433 (B) 20170321
Endgame malicious (high confidence) 20170317
ESET-NOD32 a variant of Win32/Kryptik.BNFW 20170321
F-Secure Gen:Variant.Sirefef.433 20170321
Fortinet W32/Kryptik.Y!tr 20170321
GData Gen:Variant.Sirefef.433 20170321
Ikarus Trojan.Crypt_s 20170321
Sophos ML ransom.win32.nymaim.f 20170203
Jiangmin Trojan.Generic.fzce 20170321
K7AntiVirus Trojan ( 0048ce571 ) 20170321
K7GW Trojan ( 0048ce571 ) 20170320
Kaspersky HEUR:Trojan.Win32.Generic 20170321
Kingsoft Win32.Hack.ZAccess.en.(kcloud) 20170321
Malwarebytes Trojan.FakeApach 20170321
McAfee ZeroAccess-FEC!18F4D13F7670 20170321
McAfee-GW-Edition ZeroAccess-FEC!18F4D13F7670 20170321
Microsoft Trojan:Win32/Sirefef.P 20170321
eScan Gen:Variant.Sirefef.433 20170321
NANO-Antivirus Trojan.Win32.TrjGen.csigzc 20170321
Palo Alto Networks (Known Signatures) generic.ml 20170321
Panda Trj/Genetic.gen 20170321
Qihoo-360 Win32/Trojan.e6d 20170321
Rising Trojan.Generic (cloud:QGLdQOSWeYI) 20170321
SentinelOne (Static ML) static engine - malicious 20170315
Sophos AV Mal/EncPk-AKS 20170321
SUPERAntiSpyware Trojan.Agent/Gen-FalComp 20170321
Symantec Trojan.Zeroaccess.C 20170321
Tencent Win32.Backdoor.Zaccess.Ebrg 20170321
TheHacker Trojan/Kryptik.bnmb 20170321
TrendMicro BKDR_SIREFEF.PHP 20170321
TrendMicro-HouseCall BKDR_SIREFEF.PHP 20170321
VBA32 Backdoor.ZAccess 20170321
VIPRE Trojan.Win32.Kryptik.yc (v) 20170321
Webroot Malicious 20170321
Yandex Backdoor.ZAccess!JHmwZMsi+Qs 20170320
Zillya Trojan.Kryptik.Win32.953170 20170321
ZoneAlarm by Check Point HEUR:Trojan.Win32.Generic 20170321
Alibaba 20170321
Baidu 20170321
CAT-QuickHeal 20170321
ClamAV 20170321
CMC 20170317
Cyren 20170321
F-Prot 20170321
nProtect 20170321
Symantec Mobile Insight 20170321
Trustlook 20170321
ViRobot 20170321
WhiteArmor 20170315
Zoner 20170321
The file being studied is a Portable Executable file! More specifically, it is a Win32 EXE file for the Windows GUI subsystem.
FileVersionInfo properties
Copyright
Copyright 2012 The Apashe Software Foundation.

Original name ab.exe
Internal name ac.exe
File version 2.4.3
Description ApacheBench command line utility
PE header basic information
Target machine Intel 386 or later processors and compatible processors
Compilation timestamp 2013-10-22 19:15:03
Entry Point 0x00002404
Number of sections 6
PE sections
PE imports
RegCreateKeyExW
SetSecurityDescriptorDacl
RegCloseKey
GetUserNameW
RegQueryValueExA
RegOpenKeyExW
InitializeSecurityDescriptor
RegOpenKeyExA
RegQueryValueExW
RegSetValueExW
_TrackMouseEvent
GetDeviceCaps
SelectObject
RoundRect
CreateFontIndirectW
DeleteObject
CreatePen
GetPixel
CreateSolidBrush
BitBlt
CreateCompatibleDC
GetTextExtentPoint32W
CreateCompatibleBitmap
GetLayout
WaitForSingleObject
HeapDestroy
GetFileAttributesW
VerifyVersionInfoW
DeleteCriticalSection
GetCurrentProcess
LocalAlloc
SetErrorMode
WideCharToMultiByte
InterlockedExchange
FindResourceExW
GetSystemTimeAsFileTime
Thread32First
HeapReAlloc
FreeLibrary
LocalFree
FormatMessageW
GetExitCodeProcess
InitializeCriticalSection
OutputDebugStringW
GetLogicalDriveStringsW
FindClose
InterlockedDecrement
QueryDosDeviceW
GetFullPathNameW
SetLastError
DeviceIoControl
LoadResource
GetModuleFileNameW
IsDebuggerPresent
HeapAlloc
VerSetConditionMask
HeapSetInformation
UnhandledExceptionFilter
LoadLibraryExW
MultiByteToWideChar
GetSystemDirectoryW
SetUnhandledExceptionFilter
MulDiv
IsProcessorFeaturePresent
TerminateProcess
GetVersion
SetCurrentDirectoryW
GlobalAlloc
SetEndOfFile
GetCurrentThreadId
InterlockedIncrement
CreateToolhelp32Snapshot
InitializeCriticalSectionAndSpinCount
HeapFree
EnterCriticalSection
LoadLibraryW
GetVersionExW
SetEvent
QueryPerformanceCounter
GetTickCount
LoadLibraryA
GetFileSize
OpenProcess
GetStartupInfoW
GetProcAddress
GetPrivateProfileIntW
GetProcessHeap
WriteFile
ResetEvent
Thread32Next
DuplicateHandle
WaitForMultipleObjects
ExpandEnvironmentStringsA
CreateEventW
CreateFileW
LeaveCriticalSection
GetLastError
GlobalFree
OpenEventW
GlobalUnlock
Process32NextW
SizeofResource
GetCurrentProcessId
LockResource
HeapSize
InterlockedCompareExchange
Process32FirstW
RaiseException
SetFilePointer
ReadFile
CloseHandle
GlobalLock
GetModuleHandleW
GetFileAttributesExW
HeapCreate
FindResourceW
CreateProcessW
Sleep
DragQueryFileW
SHGetSpecialFolderPathW
ShellExecuteExW
DragFinish
SHAppBarMessage
RegisterWindowMessageW
GetForegroundWindow
GetParent
EqualRect
OffsetRect
FindWindowW
TrackMouseEvent
CreatePopupMenu
DrawStateW
FillRect
LoadMenuW
GetSystemMetrics
MessageBoxW
DestroyIcon
GetWindowRect
InflateRect
EnableWindow
UnhookWindowsHookEx
LoadIconW
DrawIcon
IsMenu
PostMessageW
InvalidateRect
SendMessageW
GetMenuItemID
GetKeyState
ReleaseDC
GetIconInfo
GetMenu
GetSubMenu
GetLastActivePopup
wsprintfW
DrawIconEx
LoadStringW
GetClientRect
SystemParametersInfoW
BringWindowToTop
IsWindow
IsIconic
ScreenToClient
DeleteMenu
CallNextHookEx
DrawFocusRect
AppendMenuW
SetTimer
LoadImageW
GetActiveWindow
GetMenuItemCount
CopyRect
SetWindowsHookExW
LoadCursorW
GetSystemMenu
GetFocus
GetDC
GetWindowLongW
SetForegroundWindow
SetCursor
IsChild
TranslateAcceleratorW
auxGetVolume
CoInitializeEx
CoTaskMemAlloc
CreateStreamOnHGlobal
Number of PE resources by type
RT_BITMAP 1
RT_VERSION 1
RT_MANIFEST 1
Number of PE resources by language
ENGLISH US 3
PE resources
Debug information
ExifTool file metadata
SubsystemVersion
5.0

LinkerVersion
9.0

ImageVersion
0.0

FileVersionNumber
2.4.3.0

UninitializedDataSize
0

LanguageCode
English (U.S.)

FileFlagsMask
0x0000

CharacterSet
Unicode

InitializedDataSize
68608

EntryPoint
0x2404

OriginalFileName
ab.exe

MIMEType
application/octet-stream

LegalCopyright
Copyright 2012 The Apashe Software Foundation.

FileVersion
2.4.3

TimeStamp
2013:10:22 20:15:03+01:00

FileType
Win32 EXE

PEType
PE32

InternalName
ac.exe

ProductVersion
2.4.3

FileDescription
ApacheBench command line utility

OSVersion
5.0

FileOS
Win32

Subsystem
Windows GUI

MachineType
Intel 386 or later, and compatibles

CompanyName
Crash Software Foundazion

CodeSize
188928

FileSubtype
0

ProductVersionNumber
2.4.3.0

FileTypeExtension
exe

ObjectFileType
Executable application

File identification
MD5 18f4d13f7670866f96822e4683137dd6
SHA1 bf72e602f6499e604e5c14c7a63300c6aff84fde
SHA256 bd56609c386a6b5bc18254c7327d221af182193eee5008f6e405ab5c1215b070
ssdeep
3072:tlz0BlTB7Re/5P9px58egfy6gM/TVNpWYODmsW58wce1ijbkUE0kUE1lVF1lVF2:3z0DFAPEeqJnyDY58wce1

authentihash 05684a09d7737d1cd15a4bc8668b90589c857f9bb0049b51f4b219b4605b994d
imphash adeb135f7aa0dae9d5b40d7978614ac3
File size 233.5 KB ( 239104 bytes )
File type Win32 EXE
Magic literal
PE32 executable for MS Windows (GUI) Intel 80386 32-bit

TrID Win32 Executable MS Visual C++ (generic) (42.2%)
Win64 Executable (generic) (37.3%)
Win32 Dynamic Link Library (generic) (8.8%)
Win32 Executable (generic) (6.0%)
Generic Win/DOS Executable (2.7%)
Tags
peexe

VirusTotal metadata
First submission 2013-10-24 18:24:33 UTC ( 4 years, 8 months ago )
Last submission 2017-03-21 16:14:56 UTC ( 1 year, 3 months ago )
File names 715.exe
malware
13.exe_
index.html.1F881E17[1].html
index.html.1F881E17[2].html
e602f6499e604e5c14c7a63300c6aff84fde
?b28b06f01e219d58efba9fe0d1fe1bb3
index.html.1F881E17.html.exe
zeroaccess
vir4.ttt
test
ab.exe
ac.exe
sus4
index.html.1F881E17.html
Advanced heuristic and reputation engines
Symantec reputation Suspicious.Insight
No comments. No VirusTotal Community member has commented on this item yet, be the first one to do so!

Leave your comment...

?
Post comment

You have not signed in. Only registered users can leave comments, sign in and have a voice!

No votes. No one has voted on this item yet, be the first one to do so!