× Cookies are disabled! This site requires cookies to be enabled to work properly
SHA256: c20fff01ea21b78ae29f417934a9da2eaf963de0e47b408ab50eb5905fd343e6
File name: ebc51f6facae5d8bb3d41bc3eca56f67.exe
Detection ratio: 46 / 60
Analysis date: 2017-03-14 04:41:16 UTC ( 6 months, 1 week ago )
Antivirus Result Update
Ad-Aware Trojan.GenericKD.4238169 20170313
AegisLab Troj.Downloader.W32.Upatre!c 20170314
ALYac Trojan.GenericKD.4238169 20170314
Arcabit Trojan.Generic.D40AB59 20170314
Avast Win32:Malware-gen 20170314
AVG Atros5.LMX 20170314
Avira (no cloud) TR/Crypt.Xpack.ezpvg 20170314
AVware Trojan.Win32.Generic!BT 20170314
BitDefender Trojan.GenericKD.4238169 20170314
Bkav W32.FamVT.RazyNHmA.Trojan 20170313
CAT-QuickHeal Trojan.Dynamer 20170314
Comodo UnclassifiedMalware 20170314
CrowdStrike Falcon (ML) malicious_confidence_100% (W) 20170130
Cyren W32/Trojan.KESK-3236 20170314
DrWeb Trojan.DownLoader23.49911 20170314
Emsisoft Trojan.GenericKD.4238169 (B) 20170314
Endgame malicious (moderate confidence) 20170222
ESET-NOD32 a variant of Win32/GenKryptik.SOJ 20170314
F-Secure Trojan.GenericKD.4238169 20170314
Fortinet W32/GenKryptik.SNJ!tr 20170314
GData Trojan.GenericKD.4238169 20170314
Ikarus Trojan.Win32.Krypt 20170313
Sophos ML virtool.win32.ceeinject.gf 20170203
K7AntiVirus Trojan ( 005039ae1 ) 20170314
K7GW Trojan ( 005039ae1 ) 20170313
Kaspersky HEUR:Trojan.Win32.Generic 20170314
Malwarebytes Backdoor.Bot 20170314
McAfee RDN/Generic.grp 20170314
McAfee-GW-Edition RDN/Generic.grp 20170314
Microsoft Trojan:Win32/Dynamer!ac 20170313
eScan Trojan.GenericKD.4238169 20170314
NANO-Antivirus Trojan.Win32.Upatre.ekyibn 20170314
nProtect Trojan-Downloader/W32.Upatre.180224.E 20170314
Palo Alto Networks (Known Signatures) generic.ml 20170314
Panda Trj/GdSda.A 20170313
Sophos AV Mal/Generic-S 20170314
Symantec Backdoor.Trojan 20170313
Tencent Win32.Trojan-downloader.Upatre.Anzh 20170314
TrendMicro TROJ_UPATRE.YYSUI 20170314
TrendMicro-HouseCall TROJ_UPATRE.YYSUI 20170314
VIPRE Trojan.Win32.Generic!BT 20170314
ViRobot Trojan.Win32.S.Injector.180224[h] 20170314
Webroot W32.Malware.Gen 20170314
Yandex Trojan.DL.Upatre! 20170312
Zillya Downloader.Upatre.Win32.62972 20170313
ZoneAlarm by Check Point HEUR:Trojan.Win32.Generic 20170314
AhnLab-V3 20170313
Alibaba 20170228
Antiy-AVL 20170314
Baidu 20170313
ClamAV 20170313
CMC 20170314
F-Prot 20170314
Jiangmin 20170314
Kingsoft 20170314
Qihoo-360 20170314
Rising None
SUPERAntiSpyware 20170314
TheHacker 20170311
Trustlook 20170314
VBA32 20170313
WhiteArmor 20170303
Zoner 20170314
The file being studied is a Portable Executable file! More specifically, it is a Win32 EXE file for the Windows GUI subsystem.
FileVersionInfo properties
Copyright
Copyright © 2016-2017 Cold War is unleashed

Product Cold War is unleashed
File version 1.0.0.0
Description Cold War is unleashed
PE header basic information
Target machine Intel 386 or later processors and compatible processors
Compilation timestamp 2017-01-25 13:50:32
Entry Point 0x0000448B
Number of sections 4
PE sections
PE imports
GetStockObject
GetStdHandle
GetDriveTypeW
GetConsoleOutputCP
ReleaseMutex
WaitForSingleObject
HeapDestroy
GetFileAttributesW
FreeEnvironmentStringsA
DeleteCriticalSection
GetCurrentProcess
GetConsoleMode
GetLocaleInfoA
LocalAlloc
UnhandledExceptionFilter
FreeEnvironmentStringsW
SetStdHandle
WideCharToMultiByte
GetStringTypeA
WriteFile
GetSystemTimeAsFileTime
HeapReAlloc
GetStringTypeW
GetExitCodeProcess
LocalFree
FormatMessageW
InitializeCriticalSection
GetLogicalDriveStringsW
FindClose
TlsGetValue
QueryDosDeviceW
FormatMessageA
GetFullPathNameW
SetLastError
DeviceIoControl
CopyFileW
GetModuleFileNameW
IsDebuggerPresent
ExitProcess
FlushFileBuffers
GetModuleFileNameA
lstrcmpiW
GetVolumeInformationW
InterlockedDecrement
MultiByteToWideChar
GetPrivateProfileStringW
SetFilePointer
GetSystemDirectoryW
SetUnhandledExceptionFilter
CreateMutexW
TerminateProcess
WriteConsoleA
SetCurrentDirectoryW
GlobalAlloc
GetDiskFreeSpaceExW
GetCurrentThreadId
LeaveCriticalSection
WriteConsoleW
HeapFree
EnterCriticalSection
SetHandleCount
LoadLibraryW
GetOEMCP
QueryPerformanceCounter
GetTickCount
TlsAlloc
GetVersionExA
LoadLibraryA
RtlUnwind
FreeLibrary
GetStartupInfoA
GetWindowsDirectoryW
GetDateFormatW
CreateDirectoryW
DeleteFileW
GetProcAddress
GetPrivateProfileIntW
GetProcessHeap
GetTimeFormatW
ExpandEnvironmentStringsW
FindNextFileW
FindFirstFileW
IsValidLocale
lstrcmpW
GetPrivateProfileSectionW
GetTempPathW
CreateFileW
GetFileType
TlsSetValue
CreateFileA
HeapAlloc
InterlockedIncrement
GetLastError
LocalReAlloc
LCMapStringW
lstrlenA
GlobalFree
GetConsoleCP
LCMapStringA
GetEnvironmentStringsW
lstrlenW
VirtualFree
GetEnvironmentStrings
GetCurrentDirectoryW
GetCurrentProcessId
GetCommandLineW
GetCPInfo
HeapSize
GetCommandLineA
RaiseException
TlsFree
GetModuleHandleA
ReadFile
CloseHandle
OpenMutexW
GetACP
HeapCreate
OpenEventW
CreateProcessW
Sleep
VirtualAlloc
ShellExecuteW
UpdateWindow
GetMessageW
DefWindowProcW
FindWindowW
KillTimer
PostQuitMessage
ShowWindow
MessageBeep
SetWindowLongW
MessageBoxW
PeekMessageW
RegisterClassExW
MessageBoxA
TranslateMessage
MessageBoxIndirectW
CheckDlgButton
DispatchMessageW
CreateDialogParamW
SendMessageW
LoadStringA
SetWindowTextW
GetDlgItem
CharPrevW
SetTimer
IsDialogMessageW
SetDlgItemTextW
LoadCursorW
LoadIconW
CreateWindowExW
MsgWaitForMultipleObjects
GetWindowLongW
SetForegroundWindow
CharNextW
GetKeyboardType
DestroyWindow
VerQueryValueW
GetFileVersionInfoW
GetFileVersionInfoSizeW
CoUninitialize
CoCreateInstance
CoInitialize
CLSIDFromProgID
Number of PE resources by type
RT_DIALOG 6
RT_STRING 4
RT_BITMAP 1
RT_VERSION 1
RT_MANIFEST 1
Number of PE resources by language
RUSSIAN 11
NEUTRAL 1
ENGLISH US 1
PE resources
ExifTool file metadata
SubsystemVersion
4.0

LinkerVersion
8.0

ImageVersion
0.0

FileSubtype
0

FileVersionNumber
1.0.0.0

UninitializedDataSize
0

LanguageCode
Neutral

FileFlagsMask
0x0000

CharacterSet
Unicode

InitializedDataSize
172032

EntryPoint
0x448b

MIMEType
application/octet-stream

Subsystem
Windows GUI

FileVersion
1.0.0.0

TimeStamp
2017:01:25 14:50:32+01:00

FileType
Win32 EXE

PEType
PE32

FileDescription
Cold War is unleashed

OSVersion
4.0

FileOS
Win32

LegalCopyright
Copyright 2016-2017 Cold War is unleashed

MachineType
Intel 386 or later, and compatibles

CompanyName
Cold War is unleashed

CodeSize
49152

ProductName
Cold War is unleashed

ProductVersionNumber
1.0.0.0

FileTypeExtension
exe

ObjectFileType
Executable application

File identification
MD5 ebc51f6facae5d8bb3d41bc3eca56f67
SHA1 cf3fc0d8a0c0fff4e1305a8e1e16a17d1d58181a
SHA256 c20fff01ea21b78ae29f417934a9da2eaf963de0e47b408ab50eb5905fd343e6
ssdeep
3072:JP1pHg99P56PEuiBLEKCZ86/f6m71hFEs1Ns2wkfA2pLt1s6gtwl6y:JP/A9aACKv+ymhf1NseAQtB6y

authentihash 7a37a0655713d6b2a27704e7e785da53c2893ff94e360329a9d3b21ecaa051d3
imphash 3f66d94c23e1b6f674dc4d793e8bb019
File size 176.0 KB ( 180224 bytes )
File type Win32 EXE
Magic literal
PE32 executable for MS Windows (GUI) Intel 80386 32-bit

TrID Win32 Executable MS Visual C++ (generic) (42.2%)
Win64 Executable (generic) (37.3%)
Win32 Dynamic Link Library (generic) (8.8%)
Win32 Executable (generic) (6.0%)
Generic Win/DOS Executable (2.7%)
Tags
peexe

VirusTotal metadata
First submission 2017-01-26 09:51:00 UTC ( 8 months ago )
Last submission 2017-03-14 04:41:16 UTC ( 6 months, 1 week ago )
File names ebc51f6facae5d8bb3d41bc3eca56f67.exe
y4opofkq.exe
Advanced heuristic and reputation engines
No comments. No VirusTotal Community member has commented on this item yet, be the first one to do so!

Leave your comment...

?
Post comment

You have not signed in. Only registered users can leave comments, sign in and have a voice!

No votes. No one has voted on this item yet, be the first one to do so!
Condensed report! The following is a condensed report of the behaviour of the file when executed in a controlled environment. The actions and events described were either performed by the file itself or by any other process launched by the executed file or subjected to code injection by the executed file.
Opened files
Created processes
Opened mutexes
Runtime DLLs
UDP communications