× Cookies are disabled! This site requires cookies to be enabled to work properly
SHA256: bdcd2446361be70ac12a6756029dee6dedbf0dfdd04f6ef9f97b578e9424c336
File name: malware2.exe
Detection ratio: 4 / 56
Analysis date: 2016-03-24 11:44:30 UTC ( 1 year, 8 months ago ) View latest
Antivirus Result Update
AhnLab-V3 Win-Trojan/Lockycrypt.Gen 20160324
eScan Gen:Variant.Razy.33834 20160324
Qihoo-360 QVM20.1.Malware.Gen 20160324
Rising PE:Malware.XPACK-HIE/Heur!1.9C48 [F] 20160324
Ad-Aware 20160324
AegisLab 20160324
Yandex 20160316
Alibaba 20160323
ALYac 20160324
Antiy-AVL 20160324
Arcabit 20160324
Avast 20160324
AVG 20160324
Avira (no cloud) 20160324
AVware 20160324
Baidu 20160324
Baidu-International 20160324
BitDefender 20160324
Bkav 20160324
ByteHero 20160324
CAT-QuickHeal 20160323
ClamAV 20160324
CMC 20160322
Comodo 20160324
Cyren 20160324
DrWeb 20160324
Emsisoft 20160324
ESET-NOD32 20160324
F-Prot 20160324
F-Secure 20160324
Fortinet 20160324
GData 20160324
Ikarus 20160324
Jiangmin 20160324
K7AntiVirus 20160324
K7GW 20160323
Kaspersky 20160324
Malwarebytes 20160324
McAfee 20160324
McAfee-GW-Edition 20160324
Microsoft 20160324
NANO-Antivirus 20160324
nProtect 20160324
Panda 20160324
Sophos AV 20160324
SUPERAntiSpyware 20160324
Symantec 20160323
Tencent 20160324
TheHacker 20160323
TrendMicro 20160324
TrendMicro-HouseCall 20160324
VBA32 20160324
VIPRE 20160324
ViRobot 20160324
Zillya 20160324
Zoner 20160324
The file being studied is a Portable Executable file! More specifically, it is a Win32 EXE file for the Windows GUI subsystem.
PE header basic information
Target machine Intel 386 or later processors and compatible processors
Compilation timestamp 2016-03-24 06:26:07
Entry Point 0x000085B4
Number of sections 5
PE sections
PE imports
RegCreateKeyExW
RegCloseKey
OpenServiceW
AdjustTokenPrivileges
ControlService
LookupPrivilegeValueW
RegDeleteValueW
RegDeleteKeyW
DeleteService
RegQueryValueExW
CloseServiceHandle
OpenProcessToken
QueryServiceStatus
RegOpenKeyExW
SetTokenInformation
RegOpenKeyW
CreateServiceW
DuplicateTokenEx
GetNamedSecurityInfoW
RegQueryInfoKeyW
RegEnumKeyExW
CreateProcessAsUserW
SetEntriesInAclW
RevertToSelf
StartServiceW
RegSetValueExW
FreeSid
OpenSCManagerW
RegEnumValueW
AllocateAndInitializeSid
SetNamedSecurityInfoW
InitCommonControlsEx
DeleteDC
SetBitmapBits
SetBkMode
SaveDC
CreateFontW
RestoreDC
DeleteObject
SelectObject
CreateDIBSection
CreateCompatibleDC
GetBitmapBits
CreateCompatibleBitmap
SetTextColor
GetIpForwardTable
GetStdHandle
GetDriveTypeW
GetConsoleOutputCP
WaitForSingleObject
HeapDestroy
GetPrivateProfileSectionNamesW
GetFileAttributesW
GetLocalTime
DeleteCriticalSection
GetCurrentProcess
OpenFileMappingW
GetConsoleMode
GetLocaleInfoA
GetVolumeInformationW
OpenWaitableTimerW
GetLogicalDrives
FreeEnvironmentStringsW
GetLocaleInfoW
SetStdHandle
WideCharToMultiByte
GetStringTypeA
InterlockedExchange
WriteFile
GetTimeZoneInformation
GetSystemTimeAsFileTime
HeapReAlloc
GetStringTypeW
FreeLibrary
LocalFree
InitializeCriticalSection
OutputDebugStringW
InterlockedDecrement
Process32FirstW
WritePrivateProfileStringW
SetLastError
DeviceIoControl
GlobalFindAtomW
LoadResource
GetModuleFileNameW
IsDebuggerPresent
ExitProcess
GetModuleFileNameA
lstrcmpiW
EnumSystemLocalesA
OpenWaitableTimerA
SetConsoleCtrlHandler
UnhandledExceptionFilter
TlsGetValue
MultiByteToWideChar
FatalAppExitA
MapViewOfFile
FlushInstructionCache
GetPrivateProfileStringW
SetFilePointer
CreateThread
MoveFileExW
GlobalAddAtomA
SetUnhandledExceptionFilter
CreateMutexW
ReadFile
IsProcessorFeaturePresent
ExitThread
SetEnvironmentVariableA
GlobalMemoryStatus
WriteConsoleA
VirtualQueryEx
SetEndOfFile
GetCurrentThreadId
LeaveCriticalSection
WriteConsoleW
CreateToolhelp32Snapshot
AreFileApisANSI
InitializeCriticalSectionAndSpinCount
HeapFree
EnterCriticalSection
SetHandleCount
LoadLibraryW
OpenThread
GetVersionExW
SetEvent
QueryPerformanceCounter
GetTickCount
TlsAlloc
FlushFileBuffers
LoadLibraryA
RtlUnwind
GetStartupInfoA
GetDateFormatA
GetFileSize
AddAtomA
OpenProcess
GetModuleHandleW
GetStartupInfoW
ReadProcessMemory
CreateDirectoryW
DeleteFileW
GetProcAddress
GetPrivateProfileIntW
VirtualProtectEx
GetProcessHeap
GetTempFileNameW
CreateFileMappingW
CompareStringW
GetFileSizeEx
RemoveDirectoryW
ExpandEnvironmentStringsW
FindNextFileW
GetTimeFormatA
FindFirstFileW
IsValidLocale
GetUserDefaultLCID
GetPrivateProfileSectionW
GetTempPathW
CreateEventW
CreateFileW
GetFileType
TlsSetValue
CreateFileA
HeapAlloc
InterlockedIncrement
GetLastError
LoadLibraryExW
SystemTimeToFileTime
LCMapStringW
UnmapViewOfFile
lstrlenA
GetConsoleCP
FindResourceW
LCMapStringA
GetEnvironmentStringsW
lstrlenW
Process32NextW
VirtualFree
CancelWaitableTimer
Module32FirstW
SizeofResource
GetCurrentProcessId
LockResource
ProcessIdToSessionId
GetCommandLineW
GetCPInfo
HeapSize
InterlockedCompareExchange
CancelIo
GetCurrentThread
RaiseException
GetDiskFreeSpaceExW
TlsFree
GetModuleHandleA
Module32NextW
CloseHandle
GetACP
GetVersion
IsValidCodePage
HeapCreate
FindResourceExW
CreateProcessW
Sleep
TerminateProcess
VirtualAlloc
GetOEMCP
CompareStringA
AlphaBlend
GradientFill
CreateErrorInfo
VariantChangeType
SysStringLen
VarUI4FromStr
VariantClear
SysAllocString
VariantInit
GetErrorInfo
SysFreeString
SysAllocStringByteLen
SetErrorInfo
QueryWorkingSet
GetProcessMemoryInfo
GetModuleInformation
GetModuleFileNameExW
SHFileOperationW
SHGetSpecialFolderPathW
SHGetMalloc
PathStripPathW
SHDeleteKeyW
PathFindFileNameW
PathFileExistsW
PathRemoveFileSpecW
StrStrIW
PathAppendW
PathFindExtensionW
PathGetDriveNumberW
PathIsDirectoryW
PathRemoveExtensionW
MapWindowPoints
SetFocus
GetMonitorInfoW
GetClassInfoExW
PostQuitMessage
EnumWindows
DefWindowProcW
GetParent
KillTimer
DestroyMenu
TrackMouseEvent
GetMessageW
ShowWindow
MessageBeep
LoadMenuW
SetWindowPos
RemoveMenu
GetWindowThreadProcessId
SetWindowLongW
IsWindow
PeekMessageW
GetWindowRect
RegisterClassExW
UnregisterClassA
CharUpperW
EnumChildWindows
AppendMenuW
GetWindowDC
DestroyCursor
TranslateMessage
IsWindowEnabled
GetWindow
PostMessageW
InvalidateRect
DispatchMessageW
GetCursorPos
ReleaseDC
UpdateLayeredWindow
CreatePopupMenu
SendMessageW
LoadStringA
TranslateAcceleratorW
DestroyWindow
wsprintfW
PtInRect
LoadStringW
SetWindowTextW
SetTimer
DrawTextW
LoadImageW
MonitorFromWindow
ScreenToClient
TrackPopupMenuEx
CharNextW
CallWindowProcW
GetClassNameW
GetMenuItemCount
MonitorFromPoint
GetClientRect
GetWindowTextW
GetDesktopWindow
LoadCursorW
GetFocus
LoadAcceleratorsW
GetWindowLongW
SetForegroundWindow
GetMenuItemInfoW
SetCursor
CreateEnvironmentBlock
DestroyEnvironmentBlock
VerQueryValueW
GetFileVersionInfoW
GetFileVersionInfoSizeW
WinHttpSetOption
WinHttpConnect
WinHttpQueryHeaders
WinHttpSendRequest
WinHttpCloseHandle
WinHttpReceiveResponse
WinHttpOpen
WinHttpOpenRequest
WinHttpReadData
WTSEnumerateSessionsW
WTSFreeMemory
_except_handler3
_exit
_CIsin
__set_app_type
CoUninitialize
CoInitialize
CoTaskMemAlloc
CoCreateGuid
CoTaskMemRealloc
CoCreateInstance
CoInitializeSecurity
CoTaskMemFree
CoSetProxyBlanket
OleUIBusyW
Ord(8)
Number of PE resources by type
RT_ICON 12
RT_BITMAP 1
RT_GROUP_ICON 1
RT_VERSION 1
Number of PE resources by language
ENGLISH US 15
PE resources
Debug information
ExifTool file metadata
SubsystemVersion
5.1

LinkerVersion
9.0

ImageVersion
0.0

FileSubtype
0

FileVersionNumber
4.1.0.612

UninitializedDataSize
0

LanguageCode
English (U.S.)

FileFlagsMask
0x0000

CharacterSet
Unicode

InitializedDataSize
103424

EntryPoint
0x85b4

OriginalFileName
Sivscheduler_admin.exe

MIMEType
application/octet-stream

LegalCopyright
Copyright Southsoftware.com, 2002-2015

FileVersion
4.1.0.612

TimeStamp
2016:03:24 07:26:07+01:00

FileType
Win32 EXE

PEType
PE32

InternalName
!dvanced Task Scheduler 32-bit Edition

ProductVersion
4.1.0.612

FileDescription
Advanced Task Scheduler 32-bit Edition

OSVersion
5.1

FileOS
Windows NT 32-bit

Subsystem
Windows GUI

MachineType
Intel 386 or later, and compatibles

CompanyName
Southsoftware.com

CodeSize
62976

ProductName
Advanced Task Scheduler 32-bit Edition

ProductVersionNumber
4.1.0.612

FileTypeExtension
exe

ObjectFileType
Executable application

Compressed bundles
File identification
MD5 f5d668c551cecb12f6404214fb0c8251
SHA1 ae2c77498fd7fd89955950b344406d8987670bd5
SHA256 bdcd2446361be70ac12a6756029dee6dedbf0dfdd04f6ef9f97b578e9424c336
ssdeep
3072:U/t5WEwWQObXiTm8vikffKUl7xixJS1/yJ4KsyAL2E3:0eEwWPXi3vFE

authentihash 7780bc3a828dbcd75c1ae7607ef0f31f43ecd3bf9836004d057b107ebd974952
imphash 4b9620f92ba11e4da67fc35170ee995d
File size 159.5 KB ( 163328 bytes )
File type Win32 EXE
Magic literal
PE32 executable for MS Windows (GUI) Intel 80386 32-bit

TrID Win32 Executable MS Visual C++ (generic) (42.2%)
Win64 Executable (generic) (37.3%)
Win32 Dynamic Link Library (generic) (8.8%)
Win32 Executable (generic) (6.0%)
Generic Win/DOS Executable (2.7%)
Tags
peexe

VirusTotal metadata
First submission 2016-03-24 11:44:28 UTC ( 1 year, 8 months ago )
Last submission 2016-07-18 14:32:41 UTC ( 1 year, 4 months ago )
File names 8VU6K9SC3WUV9K5m.exe
FPAyNIrOdljgrp.exe
o3isua
malware2.exe
No comments. No VirusTotal Community member has commented on this item yet, be the first one to do so!

Leave your comment...

?
Post comment

You have not signed in. Only registered users can leave comments, sign in and have a voice!

No votes. No one has voted on this item yet, be the first one to do so!
Condensed report! The following is a condensed report of the behaviour of the file when executed in a controlled environment. The actions and events described were either performed by the file itself or by any other process launched by the executed file or subjected to code injection by the executed file.
Opened files
Read files
Created mutexes
Opened mutexes
Opened service managers
Opened services
Runtime DLLs
HTTP requests
TCP connections
UDP communications