× Cookies are disabled! This site requires cookies to be enabled to work properly
SHA256: c24433a564ef6d33d3653365eef938a5fc93282124c15da27959cf06d6e78126
File name: fc2_d19_trl.exe
Detection ratio: 0 / 58
Analysis date: 2016-03-26 18:43:20 UTC ( 2 years, 2 months ago ) View latest
Antivirus Result Update
Ad-Aware 20160326
AegisLab 20160326
Yandex 20160316
AhnLab-V3 20160326
Alibaba 20160323
ALYac 20160326
Antiy-AVL 20160326
Arcabit 20160326
Avast 20160326
AVG 20160326
Avira (no cloud) 20160326
AVware 20160326
Baidu 20160325
Baidu-International 20160326
BitDefender 20160326
Bkav 20160326
ByteHero 20160326
CAT-QuickHeal 20160326
ClamAV 20160326
CMC 20160322
Comodo 20160326
Cyren 20160326
DrWeb 20160326
Emsisoft 20160326
ESET-NOD32 20160326
F-Prot 20160326
F-Secure 20160326
Fortinet 20160326
GData 20160326
Ikarus 20160326
Jiangmin 20160326
K7AntiVirus 20160326
K7GW 20160323
Kaspersky 20160326
Kingsoft 20160326
Malwarebytes 20160326
McAfee 20160326
McAfee-GW-Edition 20160326
Microsoft 20160326
eScan 20160326
NANO-Antivirus 20160326
nProtect 20160325
Panda 20160326
Qihoo-360 20160326
Rising 20160326
Sophos AV 20160326
SUPERAntiSpyware 20160326
Symantec 20160326
Tencent 20160326
TheHacker 20160325
TotalDefense 20160326
TrendMicro 20160326
TrendMicro-HouseCall 20160326
VBA32 20160325
VIPRE 20160326
ViRobot 20160326
Zillya 20160326
Zoner 20160326
The file being studied is a Portable Executable file! More specifically, it is a Win32 EXE file for the Windows GUI subsystem.
Packers identified
F-PROT UPX
PE header basic information
Target machine Intel 386 or later processors and compatible processors
Compilation timestamp 1992-06-19 22:22:17
Entry Point 0x00065190
Number of sections 3
PE sections
Overlays
MD5 d6d48b72b3489a1c6c0709385895cea6
File type data
Offset 144896
Size 9965941
Entropy 8.00
PE imports
LoadLibraryA
ExitProcess
GetProcAddress
RegCloseKey
InitCommonControls
BitBlt
CoInitialize
LoadTypeLib
ShellExecuteA
VerQueryValueA
Number of PE resources by type
RT_STRING 8
RT_ICON 4
RT_RCDATA 4
RT_DIALOG 2
RT_MANIFEST 1
RT_GROUP_ICON 1
Number of PE resources by language
NEUTRAL 20
PE resources
ExifTool file metadata
MIMEType
application/octet-stream

Subsystem
Windows GUI

MachineType
Intel 386 or later, and compatibles

FileTypeExtension
exe

TimeStamp
1992:06:20 00:22:17+02:00

FileType
Win32 EXE

PEType
PE32

CodeSize
139264

LinkerVersion
2.25

EntryPoint
0x65190

InitializedDataSize
8192

SubsystemVersion
4.0

ImageVersion
0.0

OSVersion
1.0

UninitializedDataSize
274432

File identification
MD5 946889ff136dfc117b2bac850e2b0418
SHA1 1ae7e570958f4fdb39a0d3803eec19eed3ae13eb
SHA256 c24433a564ef6d33d3653365eef938a5fc93282124c15da27959cf06d6e78126
ssdeep
196608:9uRkQsERtgGf+PmqgYcdZDNjkRdOBhaSb8y/5l5JkQBok2t7NjVDnq5X30r0P/cW:9dQdRFUmqgYcPHvN5FkQBsJjVDWH0rGX

authentihash 552d7364cfcf5e01b6d8f2ec0828c23dd84c71256455838e8890278c6cbb2885
imphash 47913b68f1b7d2f7585792df7a7249bc
File size 9.6 MB ( 10110837 bytes )
File type Win32 EXE
Magic literal
PE32 executable for MS Windows (GUI) Intel 80386 32-bit

TrID UPX compressed Win32 Executable (32.6%)
Win32 EXE Yoda's Crypter (32.0%)
DOS Borland compiled Executable (generic) (12.0%)
Win32 Dynamic Link Library (generic) (7.9%)
Win32 Executable (generic) (5.4%)
Tags
peexe upx overlay

VirusTotal metadata
First submission 2015-10-13 18:14:27 UTC ( 2 years, 8 months ago )
Last submission 2018-06-16 18:03:25 UTC ( 3 days ago )
File names fc2_d19_trl.exe
C24433A564EF6D33D3653365EEF938A5FC93282124C15DA27959CF06D6E78126.exe
735320
3e5619c1c3e87a1c7454fc64ed06b23f009be12b
No comments. No VirusTotal Community member has commented on this item yet, be the first one to do so!

Leave your comment...

?
Post comment

You have not signed in. Only registered users can leave comments, sign in and have a voice!

No votes. No one has voted on this item yet, be the first one to do so!
Condensed report! The following is a condensed report of the behaviour of the file when executed in a controlled environment. The actions and events described were either performed by the file itself or by any other process launched by the executed file or subjected to code injection by the executed file.
Opened files
Read files
Written files
Deleted files
Created mutexes
Hooking activity
Runtime DLLs
Additional details
The file installs an application-defined hook procedure into a hook chain. You would install a hook procedure to monitor the system for certain types of events. These events are associated either with a specific thread or with all threads in the same desktop as the calling thread. This is done making use of the SetWindowsHook Windows API function.