× Cookies are disabled! This site requires cookies to be enabled to work properly
SHA256: c03ed84e85e67186f952bd36e1e0b264139edd4da8001d4f54b6ab775b5f9f81
File name: ba9536cb341b1ec5d92f5a3ffbd91f46209bfe5e
Detection ratio: 9 / 55
Analysis date: 2016-01-27 01:55:11 UTC ( 3 years, 2 months ago ) View latest
Antivirus Result Update
Avast Win32:Malware-gen 20160127
Avira (no cloud) TR/Crypt.Xpack.431976 20160127
Baidu-International Adware.Win32.iBryte.ELTE 20160126
ESET-NOD32 Win32/TrojanDownloader.Agent.BXE 20160127
Kaspersky Trojan.Win32.Waldek.btf 20160127
Malwarebytes Trojan.Agent 20160127
Microsoft TrojanSpy:Win32/Ursnif.HN 20160127
Panda Trj/Agent.PS 20160126
Qihoo-360 QVM07.1.Malware.Gen 20160127
Ad-Aware 20160126
AegisLab 20160126
Yandex 20160126
AhnLab-V3 20160126
Alibaba 20160126
ALYac 20160127
Antiy-AVL 20160126
Arcabit 20160126
AVG 20160126
AVware 20160111
BitDefender 20160126
ByteHero 20160127
CAT-QuickHeal 20160125
ClamAV 20160127
CMC 20160111
Comodo 20160127
Cyren 20160127
DrWeb 20160127
Emsisoft 20160127
F-Prot 20160127
F-Secure 20160126
Fortinet 20160126
GData 20160127
Ikarus 20160127
Jiangmin 20160127
K7AntiVirus 20160126
K7GW 20160126
McAfee 20160127
McAfee-GW-Edition 20160127
eScan 20160127
NANO-Antivirus 20160127
nProtect 20160126
Rising 20160126
Sophos AV 20160127
SUPERAntiSpyware 20160127
Symantec 20160126
Tencent 20160127
TheHacker 20160124
TotalDefense 20160126
TrendMicro 20160127
TrendMicro-HouseCall 20160127
VBA32 20160126
VIPRE 20160127
ViRobot 20160127
Zillya 20160126
Zoner 20160126
The file being studied is a Portable Executable file! More specifically, it is a Win32 EXE file for the Windows GUI subsystem.
PE header basic information
Target machine Intel 386 or later processors and compatible processors
Compilation timestamp 2005-12-26 19:57:51
Entry Point 0x00006E9E
Number of sections 4
PE sections
PE imports
GetSidSubAuthorityCount
LsaLookupNames
OpenProcessToken
LsaAddAccountRights
GetTrusteeTypeA
BuildTrusteeWithNameA
GetEffectiveRightsFromAclW
ImageList_SetOverlayImage
ImageList_DragShowNolock
Ord(6)
InitializeFlatSB
ImageList_ReplaceIcon
Ord(13)
PlayMetaFileRecord
CreatePolygonRgn
DeleteEnhMetaFile
GetSystemPaletteEntries
OffsetRgn
SetColorSpace
GetCurrentPositionEx
GetTextMetricsA
AnimatePalette
GetMetaRgn
GetTextMetricsW
GetObjectType
GetDeviceCaps
CreateDCA
EndDoc
StartPage
GetRegionData
GetICMProfileW
CreateBrushIndirect
CreateRectRgnIndirect
SetTextCharacterExtra
CreateRoundRectRgn
SelectClipRgn
CloseFigure
EnumICMProfilesW
ResetDCW
DeleteObject
GetDriveTypeA
LZDone
BeginUpdateResourceW
ConnectNamedPipe
__p__fmode
_mbsnset
log
strrchr
_CIpow
_mbspbrk
__STRINGTOLD
__getmainargs
_initterm
_controlfp
feof
towupper
__set_app_type
RasEnumConnectionsA
RasEnumDevicesW
RasEditPhonebookEntryA
RasEnumDevicesA
RasHangUpW
RasEnumEntriesA
SHSetValueW
PathIsDirectoryA
PathIsRootA
SHSetValueA
PathIsPrefixW
PathIsDirectoryW
StrFormatByteSizeW
PathCompactPathExW
PathAddBackslashA
PathCombineA
StrCatW
StrCSpnIA
PathMakeSystemFolderW
StrCSpnW
PathRelativePathToW
PathRenameExtensionW
PathCompactPathA
StrIsIntlEqualA
PathRemoveFileSpecW
SHDeleteKeyA
PathStripPathA
SHRegEnumUSValueW
PathRemoveFileSpecA
StrToIntW
SHRegCloseUSKey
PathGetArgsA
StrDupA
PathSearchAndQualifyA
IMPQueryIMEW
ChangeDisplaySettingsW
GetParent
DrawTextExW
DrawStateA
EnumWindows
PostQuitMessage
MessageBeep
GetSystemMetrics
GetClipboardViewer
DdeCreateStringHandleA
AppendMenuA
RegisterClipboardFormatA
EnumChildWindows
LoadCursorFromFileW
InvalidateRect
GetDlgItemInt
SetDlgItemTextW
GetTabbedTextExtentW
MapDialogRect
GetClassInfoA
DrawIconEx
BeginDeferWindowPos
TileWindows
UnpackDDElParam
GetKeyboardLayoutList
GetKeyNameTextW
InsertMenuA
DdeClientTransaction
LoadIconA
WaitForInputIdle
ValidateRect
EnumDesktopWindows
GetClassNameW
DialogBoxIndirectParamA
CharToOemA
ReplaceTextA
CommDlgExtendedError
Number of PE resources by type
RT_RCDATA 6
RT_DIALOG 2
RT_ICON 1
RT_GROUP_ICON 1
RT_VERSION 1
Number of PE resources by language
BULGARIAN DEFAULT 6
LATVIAN DEFAULT 3
ENGLISH US 2
PE resources
ExifTool file metadata
UninitializedDataSize
0

LinkerVersion
6.0

ImageVersion
0.0

FileSubtype
0

FileVersionNumber
0.119.45.68

LanguageCode
Neutral

FileFlagsMask
0x003f

CharacterSet
Unicode

InitializedDataSize
262144

EntryPoint
0x6e9e

OriginalFileName
Objected.exe

MIMEType
application/octet-stream

FileVersion
144, 44, 85, 4

TimeStamp
2005:12:26 20:57:51+01:00

FileType
Win32 EXE

PEType
PE32

ProductVersion
102, 117, 162, 12

SubsystemVersion
4.0

OSVersion
4.0

FileOS
Windows NT 32-bit

Subsystem
Windows GUI

MachineType
Intel 386 or later, and compatibles

CompanyName
Pro Softnet Corp.

CodeSize
28672

ProductName
Regulatory Meteorite

ProductVersionNumber
0.123.39.80

FileTypeExtension
exe

ObjectFileType
Executable application

File identification
MD5 8bac9ccda8d3a02a7af2e67b134c82fb
SHA1 ba9536cb341b1ec5d92f5a3ffbd91f46209bfe5e
SHA256 c03ed84e85e67186f952bd36e1e0b264139edd4da8001d4f54b6ab775b5f9f81
ssdeep
3072:BZs3MTCedU5Vweym0yIDe94oHF4gb7coHC8w2ZCrvFvPfg4gjARPKpm2:vLPdsVxFKe9XHboiwmw1PfgBjUP92

authentihash 7048c43809a8ec1d3120e251749f5a79d633789aa11c85d23e7bfbc3d1034b23
imphash 766309cd346b19447ed55af64d9cf595
File size 176.0 KB ( 180224 bytes )
File type Win32 EXE
Magic literal
PE32 executable for MS Windows (GUI) Intel 80386 32-bit

TrID Win32 Dynamic Link Library (generic) (43.5%)
Win32 Executable (generic) (29.8%)
Generic Win/DOS Executable (13.2%)
DOS Executable Generic (13.2%)
Tags
suspicious-dns peexe

VirusTotal metadata
First submission 2016-01-27 01:55:11 UTC ( 3 years, 2 months ago )
Last submission 2016-01-27 01:55:11 UTC ( 3 years, 2 months ago )
No comments. No VirusTotal Community member has commented on this item yet, be the first one to do so!

Leave your comment...

?
Post comment

You have not signed in. Only registered users can leave comments, sign in and have a voice!

No votes. No one has voted on this item yet, be the first one to do so!
Condensed report! The following is a condensed report of the behaviour of the file when executed in a controlled environment. The actions and events described were either performed by the file itself or by any other process launched by the executed file or subjected to code injection by the executed file.
Opened files
Read files
Written files
Deleted files
Created processes
Shell commands
Opened mutexes
Opened service managers
Runtime DLLs
DNS requests
TCP connections
UDP communications