× Cookies are disabled! This site requires cookies to be enabled to work properly
SHA256: c18ba0ae6dcf33de6a6eed3982a5e9db9ea7645fc0754364fae7e74f1fd053e0
File name: Project VDC.exe
Detection ratio: 46 / 65
Analysis date: 2017-09-24 23:18:07 UTC ( 10 months, 4 weeks ago )
Antivirus Result Update
Antiy-AVL RiskWare[RiskTool]/Win32.AGeneric 20170924
Arcabit Application.Miner.AP 20170924
Avast Win32:Malware-gen 20170924
AVG Win32:Malware-gen 20170924
Avira (no cloud) PUA/BitCoinMiner.ewrq 20170923
AVware Trojan.Win32.Generic!BT 20170923
Baidu Win32.Trojan.WisdomEyes.16070401.9500.9734 20170922
BitDefender Trojan.GenericKD.4678056 20170924
CAT-QuickHeal Trojan.SvcMiner 20170923
ClamAV Win.Trojan.Coinminer-14 20170924
Comodo ApplicUnwnt 20170924
CrowdStrike Falcon (ML) malicious_confidence_90% (D) 20170804
Cylance Unsafe 20170925
Cyren W64/Coinminer.N 20170924
DrWeb Trojan.BtcMine.1065 20170924
Emsisoft Trojan.GenericKD.4678056 (B) 20170924
Endgame malicious (high confidence) 20170821
ESET-NOD32 Win64/CoinMiner.J 20170924
F-Prot W64/Coinminer.N 20170924
F-Secure Trojan.GenericKD.4678056 20170924
Fortinet Riskware/CMDOW 20170924
GData Trojan.GenericKD.4678056 20170924
Ikarus PUA.Generic 20170924
Sophos ML heuristic 20170914
Jiangmin RiskTool.BitCoinMiner.acr 20170924
K7AntiVirus Trojan ( 004bbc001 ) 20170924
K7GW Hacktool ( 655367771 ) 20170924
Kaspersky not-a-virus:RiskTool.Win32.Generic 20170924
Malwarebytes RiskWare.BitCoinMiner 20170924
MAX malware (ai score=80) 20170924
McAfee CoinMiner 20170924
McAfee-GW-Edition BehavesLike.Win32.Dropper.rc 20170924
eScan Trojan.GenericKD.4678056 20170924
NANO-Antivirus Riskware.Win64.BtcMine.ejdoui 20170924
Panda Trj/CI.A 20170924
Rising Trojan.CoinMiner!1.ACBA (CLOUD) 20170924
SentinelOne (Static ML) static engine - malicious 20170806
Sophos AV Troj/Miner-BP 20170923
Symantec ML.Attribute.HighConfidence 20170923
TrendMicro HKTL_COINMINE.GD 20170924
TrendMicro-HouseCall HKTL_COINMINE.GD 20170924
VBA32 Trojan.Win64.BitMiner 20170922
VIPRE Trojan.Win32.Generic!BT 20170924
Yandex Riskware.Agent! 20170908
Zillya Trojan.CoinMiner.Win32.2871 20170922
ZoneAlarm by Check Point not-a-virus:RiskTool.Win32.Generic 20170924
Ad-Aware 20170924
AegisLab 20170924
AhnLab-V3 20170923
Alibaba 20170911
ALYac 20170924
Avast-Mobile 20170923
CMC 20170920
Kingsoft 20170925
Microsoft 20170924
nProtect 20170924
Palo Alto Networks (Known Signatures) 20170925
Qihoo-360 20170925
SUPERAntiSpyware 20170924
Symantec Mobile Insight 20170922
Tencent 20170925
TheHacker 20170921
TotalDefense 20170924
Trustlook 20170925
ViRobot 20170924
Webroot 20170925
WhiteArmor 20170829
Zoner 20170924
The file being studied is a Portable Executable file! More specifically, it is a Win32 EXE file for the Windows GUI subsystem.
Packers identified
F-PROT RAR, UPX
PE header basic information
Target machine Intel 386 or later processors and compatible processors
Compilation timestamp 2014-12-02 10:07:30
Entry Point 0x0001D5DB
Number of sections 4
PE sections
Overlays
MD5 038cefc69d1386e67d83cc639c527a70
File type application/x-rar
Offset 432640
Size 4459116
Entropy 8.00
PE imports
RegCreateKeyExW
RegCloseKey
OpenProcessToken
RegSetValueExW
RegOpenKeyExW
SetFileSecurityW
AdjustTokenPrivileges
LookupPrivilegeValueW
RegQueryValueExW
InitCommonControlsEx
GetSaveFileNameW
GetOpenFileNameW
CommDlgExtendedError
GetDeviceCaps
DeleteDC
SelectObject
StretchBlt
GetObjectW
CreateDIBSection
CreateCompatibleDC
DeleteObject
CreateCompatibleBitmap
GetStdHandle
GetConsoleOutputCP
FileTimeToSystemTime
WaitForSingleObject
GetFileAttributesW
SystemTimeToTzSpecificLocalTime
FreeEnvironmentStringsA
DeleteCriticalSection
GetCurrentProcess
OpenFileMappingW
GetConsoleMode
GetLocaleInfoA
FreeEnvironmentStringsW
GetLocaleInfoW
SetStdHandle
WideCharToMultiByte
GetStringTypeA
GetTempPathW
GetSystemTimeAsFileTime
HeapReAlloc
GetStringTypeW
GetOEMCP
GetExitCodeProcess
InitializeCriticalSection
FindClose
InterlockedDecrement
MoveFileW
SetFileAttributesW
SetLastError
GetSystemTime
DeviceIoControl
GetModuleFileNameW
IsDebuggerPresent
ExitProcess
GetModuleFileNameA
SetThreadPriority
UnhandledExceptionFilter
TlsGetValue
MultiByteToWideChar
SetFilePointer
GetFullPathNameW
CreateThread
SetEnvironmentVariableW
MoveFileExW
SetUnhandledExceptionFilter
TzSpecificLocalTimeToSystemTime
TerminateProcess
CreateSemaphoreW
WriteConsoleA
SetCurrentDirectoryW
GlobalAlloc
LocalFileTimeToFileTime
SetEndOfFile
GetCurrentThreadId
InterlockedIncrement
GetNumberFormatW
WriteConsoleW
InitializeCriticalSectionAndSpinCount
HeapFree
EnterCriticalSection
SetHandleCount
LoadLibraryW
GetVersionExW
FreeLibrary
QueryPerformanceCounter
GetTickCount
TlsAlloc
FlushFileBuffers
LoadLibraryA
RtlUnwind
GetStartupInfoA
GetDateFormatW
SetEvent
DeleteFileW
GetProcAddress
CreateFileMappingW
CompareStringW
WriteFile
RemoveDirectoryW
ExpandEnvironmentStringsW
FindNextFileW
CreateDirectoryW
ResetEvent
FindFirstFileW
GetProcessAffinityMask
CreateEventW
CreateFileW
GetFileType
TlsSetValue
CreateFileA
HeapAlloc
LeaveCriticalSection
GetLastError
SystemTimeToFileTime
LCMapStringW
GetShortPathNameW
HeapCreate
GetConsoleCP
LCMapStringA
GetTimeFormatW
GetEnvironmentStringsW
IsDBCSLeadByte
FileTimeToLocalFileTime
GetEnvironmentStrings
GetCurrentDirectoryW
GetCurrentProcessId
SetFileTime
GetCommandLineW
GetCPInfo
HeapSize
GetCommandLineA
RaiseException
ReleaseSemaphore
MapViewOfFile
TlsFree
GetModuleHandleA
ReadFile
CloseHandle
GetACP
GetModuleHandleW
GetLongPathNameW
IsValidCodePage
UnmapViewOfFile
FindResourceW
VirtualFree
Sleep
VirtualAlloc
CreateHardLinkW
VariantInit
SHBrowseForFolderW
SHChangeNotify
SHFileOperationW
SHGetPathFromIDListW
SHGetSpecialFolderLocation
ShellExecuteExW
SHGetFileInfoW
SHGetMalloc
SHAutoComplete
MapWindowPoints
SetFocus
GetParent
UpdateWindow
EndDialog
LoadBitmapW
SetWindowTextW
DefWindowProcW
GetWindowTextW
GetMessageW
ShowWindow
SetWindowPos
wvsprintfW
GetSystemMetrics
SetWindowLongW
IsWindow
SendMessageW
GetWindowRect
EnableWindow
CharUpperW
DialogBoxParamW
SendDlgItemMessageW
GetDlgItemTextW
PostMessageW
GetSysColor
SetDlgItemTextW
GetDC
GetWindowLongW
ReleaseDC
DestroyIcon
TranslateMessage
IsWindowVisible
LoadStringW
GetClientRect
GetDlgItem
GetWindow
OemToCharBuffA
DispatchMessageW
MessageBoxW
PeekMessageW
GetClassNameW
CopyRect
WaitForInputIdle
LoadCursorW
LoadIconW
FindWindowExW
CreateWindowExW
RegisterClassExW
SetForegroundWindow
DestroyWindow
CreateStreamOnHGlobal
CoCreateInstance
CLSIDFromString
OleInitialize
OleUninitialize
Number of PE resources by type
RT_ICON 10
RT_STRING 9
RT_DIALOG 6
RT_MANIFEST 1
RT_BITMAP 1
RT_GROUP_ICON 1
Number of PE resources by language
RUSSIAN NEUTRAL 17
NEUTRAL DEFAULT 11
PE resources
Debug information
ExifTool file metadata
MIMEType
application/octet-stream

Subsystem
Windows GUI

MachineType
Intel 386 or later, and compatibles

TimeStamp
2014:12:02 11:07:30+01:00

FileType
Win32 EXE

PEType
PE32

CodeSize
165376

LinkerVersion
9.0

FileTypeExtension
exe

InitializedDataSize
266240

SubsystemVersion
5.0

EntryPoint
0x1d5db

OSVersion
5.0

ImageVersion
0.0

UninitializedDataSize
0

Compressed bundles
File identification
MD5 3f950a8d4f8f895d06f60e7f33d9053a
SHA1 eea18186a2381fcda896fe19df0ddf29c3c53ab5
SHA256 c18ba0ae6dcf33de6a6eed3982a5e9db9ea7645fc0754364fae7e74f1fd053e0
ssdeep
98304:ZKuuBIp3UqfGmQudgx5vV5hn25J07wNgxP5C6o3KAD9WuvtY7pHMz:ZQmpHdf45j05J07xxCl3dMuVYVi

authentihash 295d0d95aae8f743bd8677f638001baafd997ae8a53571f02dbcceb8a8263ca5
imphash 4cfda23baf1e2e983ddfeca47a5c755a
File size 4.7 MB ( 4891756 bytes )
File type Win32 EXE
Magic literal
PE32 executable for MS Windows (GUI) Intel 80386 32-bit

TrID Win32 Executable MS Visual C++ (generic) (67.4%)
Win32 Dynamic Link Library (generic) (14.2%)
Win32 Executable (generic) (9.7%)
Generic Win/DOS Executable (4.3%)
DOS Executable Generic (4.3%)
Tags
peexe upx overlay

VirusTotal metadata
First submission 2017-09-24 23:18:07 UTC ( 10 months, 4 weeks ago )
Last submission 2017-09-24 23:18:07 UTC ( 10 months, 4 weeks ago )
File names Project VDC.exe
No comments. No VirusTotal Community member has commented on this item yet, be the first one to do so!

Leave your comment...

?
Post comment

You have not signed in. Only registered users can leave comments, sign in and have a voice!

No votes. No one has voted on this item yet, be the first one to do so!
Condensed report! The following is a condensed report of the behaviour of the file when executed in a controlled environment. The actions and events described were either performed by the file itself or by any other process launched by the executed file or subjected to code injection by the executed file.
Opened files
Read files
Runtime DLLs
UDP communications