× Cookies are disabled! This site requires cookies to be enabled to work properly
SHA256: be6175f1ca6ca9f688520a0be0600454a0449cd4879ab63dad46dfb1b8660523
File name: 6d0ef874716ae8a9438fbbe99fefc2ec.virus
Detection ratio: 31 / 57
Analysis date: 2016-09-24 20:52:06 UTC ( 2 years, 4 months ago ) View latest
Antivirus Result Update
Ad-Aware Gen:Variant.Graftor.304178 20160924
AhnLab-V3 Trojan/Win32.Tuhkit.N2112824741 20160924
Arcabit Trojan.Graftor.D4A432 20160924
Avast Win32:Malware-gen 20160924
Avira (no cloud) TR/Dropper.Gen 20160924
AVware Trojan.Win32.Generic!BT 20160924
BitDefender Gen:Variant.Graftor.304178 20160924
Bkav HW32.Packed.F653 20160924
CrowdStrike Falcon (ML) malicious_confidence_100% (D) 20160725
Cyren W32/Trojan.TXFL-6042 20160924
DrWeb Trojan.Siggen6.58358 20160924
Emsisoft Gen:Variant.Graftor.304178 (B) 20160924
ESET-NOD32 a variant of Win32/Kryptik.FGQX 20160924
F-Secure Gen:Variant.Graftor.304178 20160924
GData Gen:Variant.Graftor.304178 20160924
Sophos ML trojan.win32.ramnit.a 20160917
K7AntiVirus Trojan ( 004f90801 ) 20160924
K7GW Trojan ( 004f90801 ) 20160924
Kaspersky Trojan-Banker.Win32.Tuhkit.cw 20160924
Malwarebytes Trojan.Boaxxe 20160924
McAfee Artemis!6D0EF874716A 20160923
McAfee-GW-Edition BehavesLike.Win32.PWSZbot.cc 20160924
Microsoft TrojanDownloader:Win32/Talalpek.A 20160924
eScan Gen:Variant.Graftor.304178 20160924
Panda Trj/Zbot.S 20160924
Qihoo-360 HEUR/QVM20.1.0000.Malware.Gen 20160924
Rising Malware.Generic!Ok1SHy0yGSE@2 (thunder) 20160924
Sophos AV Mal/Generic-S 20160924
Symantec Heur.AdvML.C 20160924
TrendMicro-HouseCall TROJ_GEN.R011H0CIO16 20160924
VIPRE Trojan.Win32.Generic!BT 20160924
AegisLab 20160924
Alibaba 20160923
Antiy-AVL 20160924
AVG 20160924
Baidu 20160924
CAT-QuickHeal 20160924
ClamAV 20160924
CMC 20160921
Comodo 20160924
F-Prot 20160924
Fortinet 20160924
Ikarus 20160924
Jiangmin 20160924
Kingsoft 20160924
NANO-Antivirus 20160924
nProtect 20160924
SUPERAntiSpyware 20160924
Tencent 20160924
TheHacker 20160922
TotalDefense 20160920
TrendMicro 20160924
VBA32 20160923
ViRobot 20160924
Yandex 20160924
Zillya 20160924
Zoner 20160924
The file being studied is a Portable Executable file! More specifically, it is a Win32 EXE file for the Windows GUI subsystem.
Packers identified
PEiD Ste@lth PE 1.01 -> BGCorp
PE header basic information
Target machine Intel 386 or later processors and compatible processors
Compilation timestamp 2012-07-14 10:54:05
Entry Point 0x0000476A
Number of sections 3
PE sections
PE imports
AuthzFreeResourceManager
AuthzAddSidsToContext
AuthzFreeAuditEvent
AuthzFreeContext
GetStdHandle
WaitForSingleObject
GetOEMCP
GetTickCount
CreateMailslotA
LoadLibraryA
GetAtomNameA
GetCurrentProcessId
DeleteFileW
GetProcAddress
CreateWaitableTimerW
CreateMutexA
GlobalAddAtomW
ReleaseSemaphore
MapViewOfFile
GetCompressedFileSizeA
FindNextFileA
GetACP
GetStringTypeW
GetGeoInfoW
GetThreadPriority
GetEnvironmentVariableA
InterlockedDecrement
IsBadReadPtr
GetFullPathNameW
FindResourceA
lstrcpyn
InterlockedIncrement
UrlCanonicalizeA
PathCompactPathW
UrlGetPartW
UrlIsA
UrlGetLocationW
PathCommonPrefixA
PathCombineA
UrlIsNoHistoryA
UrlCombineW
PathAppendW
UrlUnescapeA
UrlCreateFromPathW
PathIsRootW
Number of PE resources by type
RT_DIALOG 1
GHAR 1
Number of PE resources by language
NEUTRAL 2
PE resources
Debug information
ExifTool file metadata
MIMEType
application/octet-stream

Subsystem
Windows GUI

MachineType
Intel 386 or later, and compatibles

FileTypeExtension
exe

TimeStamp
2012:07:14 11:54:05+01:00

FileType
Win32 EXE

PEType
PE32

CodeSize
132096

LinkerVersion
7.1

EntryPoint
0x476a

InitializedDataSize
8192

SubsystemVersion
4.0

ImageVersion
5.1

OSVersion
5.1

UninitializedDataSize
0

File identification
MD5 6d0ef874716ae8a9438fbbe99fefc2ec
SHA1 805662fab58717b107d4e536fa40ac3b6020c881
SHA256 be6175f1ca6ca9f688520a0be0600454a0449cd4879ab63dad46dfb1b8660523
ssdeep
3072:InnnnLkj6oIgkGxCLhXQ2CRhnA1tvZnRa8VwO1sG0WLMtQ05I3Zz:InnnnLkmvKI7CRhnmvZQ8VB1h0Wd0+

authentihash 13546f30c511e942ad2aa0aa959771350f854559878464504fb5a0b727185196
imphash cdc482480e5df466b58387b019af5d6d
File size 138.0 KB ( 141312 bytes )
File type Win32 EXE
Magic literal
PE32 executable for MS Windows (GUI) Intel 80386 32-bit

TrID Win32 Dynamic Link Library (generic) (43.5%)
Win32 Executable (generic) (29.8%)
Generic Win/DOS Executable (13.2%)
DOS Executable Generic (13.2%)
Tags
stealth peexe

VirusTotal metadata
First submission 2016-09-24 20:52:06 UTC ( 2 years, 4 months ago )
Last submission 2016-09-24 20:52:06 UTC ( 2 years, 4 months ago )
File names 6d0ef874716ae8a9438fbbe99fefc2ec.virus
No comments. No VirusTotal Community member has commented on this item yet, be the first one to do so!

Leave your comment...

?
Post comment

You have not signed in. Only registered users can leave comments, sign in and have a voice!

No votes. No one has voted on this item yet, be the first one to do so!
Condensed report! The following is a condensed report of the behaviour of the file when executed in a controlled environment. The actions and events described were either performed by the file itself or by any other process launched by the executed file or subjected to code injection by the executed file.
Opened files
Read files
Written files
Deleted files
Created processes
Code injections in the following processes
Created mutexes
Opened mutexes
Opened service managers
Opened services
Runtime DLLs
HTTP requests
DNS requests
TCP connections
UDP communications