× Cookies are disabled! This site requires cookies to be enabled to work properly
SHA256: c58d7d641ffdfe88e2ee654b97faef08b94fec8fd65859dccab275f092609831
File name: ffc572dca9037020ebcfa890e05ae8d3
Detection ratio: 31 / 57
Analysis date: 2016-05-31 06:15:19 UTC ( 2 years, 10 months ago ) View latest
Antivirus Result Update
Ad-Aware Gen:Variant.Razy.57768 20160531
AhnLab-V3 Malware/Win32.Generic 20160531
ALYac Gen:Variant.Razy.57768 20160531
Arcabit Trojan.Razy.DE1A8 20160531
AVG Downloader.Generic14.AXCV 20160531
Avira (no cloud) TR/Crypt.ZPACK.kxwu 20160530
AVware Trojan.Win32.Generic!BT 20160531
Baidu Win32.Trojan.WisdomEyes.151026.9950.9990 20160530
BitDefender Gen:Variant.Razy.57768 20160531
Cyren W32/Trojan.KWHQ-2243 20160531
Emsisoft Gen:Variant.Razy.57768 (B) 20160531
ESET-NOD32 Win32/TrojanDownloader.Agent.CFH 20160531
F-Secure Gen:Variant.Razy.57768 20160531
Fortinet W32/Agent.CFH!tr 20160531
GData Gen:Variant.Razy.57768 20160531
K7AntiVirus Trojan-Downloader ( 004e141d1 ) 20160530
K7GW Trojan-Downloader ( 004e141d1 ) 20160531
Kaspersky Trojan.Win32.Agent.nevjxw 20160531
McAfee Artemis!FFC572DCA903 20160531
McAfee-GW-Edition BehavesLike.Win32.Sality.cc 20160530
Microsoft Trojan:Win32/Dynamer!ac 20160531
eScan Gen:Variant.Razy.57768 20160531
NANO-Antivirus Trojan.Win32.ZPACK.ecnwfq 20160531
Panda Trj/Genetic.gen 20160530
Qihoo-360 Win32/Trojan.8ae 20160531
Rising Malware.XPACK-HIE/Heur!1.9C48-HqQLtsTwcNQ (Cloud) 20160530
Sophos AV Mal/Generic-S 20160531
Symantec Trojan.Gen 20160531
Tencent Win32.Trojan.Agent.Eilh 20160531
TrendMicro TROJ_GEN.R00JC0DEN16 20160531
VIPRE Trojan.Win32.Generic!BT 20160531
AegisLab 20160531
Alibaba 20160531
Antiy-AVL 20160531
Avast 20160531
Baidu-International 20160530
Bkav 20160528
CAT-QuickHeal 20160531
ClamAV 20160531
CMC 20160530
Comodo 20160531
DrWeb 20160531
F-Prot 20160531
Ikarus 20160531
Jiangmin 20160531
Kingsoft 20160531
Malwarebytes 20160530
nProtect 20160530
SUPERAntiSpyware 20160530
TheHacker 20160530
TotalDefense 20160531
TrendMicro-HouseCall 20160531
VBA32 20160530
ViRobot 20160531
Yandex 20160530
Zillya 20160531
Zoner 20160531
The file being studied is a Portable Executable file! More specifically, it is a Win32 EXE file for the Windows GUI subsystem.
PE header basic information
Target machine Intel 386 or later processors and compatible processors
Compilation timestamp 2013-08-06 18:26:21
Entry Point 0x0001ACC7
Number of sections 4
PE sections
PE imports
GetDriveTypeW
FileTimeToSystemTime
CopyFileA
GetTickCount
ReplaceFileW
LoadLibraryA
WaitForSingleObjectEx
GetStartupInfoA
GetLocaleInfoA
CreateDirectoryA
GetDateFormatW
TlsGetValue
DeleteFileW
GetProcAddress
GetProcessHeap
GetFileTime
GetVolumeNameForVolumeMountPointA
SetEnvironmentVariableW
GetDiskFreeSpaceW
ReadFile
CreateSemaphoreW
WriteFile
CreateMutexW
GetSystemDirectoryA
HeapReAlloc
MoveFileExA
WriteConsoleA
GetExpandedNameW
OpenSemaphoreA
InterlockedDecrement
MoveFileW
DefineDosDeviceA
GetVersion
SHGetFileInfoA
ShellMessageBoxW
SHGetDataFromIDListW
FindExecutableA
ExtractIconExA
SHCreateShellItem
SHChangeNotify
ShellAboutW
Win32DeleteFile
StrChrA
DragQueryFileA
SHBindToParent
SHGetMalloc
SHGetFolderLocation
SHFileOperationA
SE_DllLoaded
SE_InstallBeforeInit
Number of PE resources by type
RT_DIALOG 4
RT_VERSION 1
Number of PE resources by language
ENGLISH US 5
PE resources
Debug information
ExifTool file metadata
MIMEType
application/octet-stream

Subsystem
Windows GUI

MachineType
Intel 386 or later, and compatibles

FileTypeExtension
exe

TimeStamp
2013:08:06 20:26:21+02:00

FileType
Win32 EXE

PEType
PE32

CodeSize
113664

LinkerVersion
6.0

ImageFileCharacteristics
No relocs, Executable, No line numbers, No symbols, 32-bit

Warning
Possibly corrupt Version resource

EntryPoint
0x1acc7

InitializedDataSize
9728

SubsystemVersion
4.0

ImageVersion
0.0

OSVersion
4.0

UninitializedDataSize
0

File identification
MD5 ffc572dca9037020ebcfa890e05ae8d3
SHA1 02f6afc0b800ab1b9df8615ccf4b9e8b92943b5f
SHA256 c58d7d641ffdfe88e2ee654b97faef08b94fec8fd65859dccab275f092609831
ssdeep
3072:aewKBS09FOzuVbTIb1GiKNrNjFAhapd7T4jnEa:5wKR4+bTiQicfmaC

authentihash f9ad734b2495fd58332c53b0ef2b8c4ed184b7bce673756801b2a0bd5fc2db34
imphash 1e3625767310b09fa1cc8ce66076300d
File size 121.5 KB ( 124416 bytes )
File type Win32 EXE
Magic literal
PE32 executable for MS Windows (GUI) Intel 80386 32-bit

TrID Win32 Dynamic Link Library (generic) (38.4%)
Win32 Executable (generic) (26.3%)
OS/2 Executable (generic) (11.8%)
Generic Win/DOS Executable (11.6%)
DOS Executable Generic (11.6%)
Tags
peexe

VirusTotal metadata
First submission 2016-05-31 06:15:19 UTC ( 2 years, 10 months ago )
Last submission 2019-01-08 19:05:05 UTC ( 3 months, 2 weeks ago )
File names BB0.TMP.EXE
No comments. No VirusTotal Community member has commented on this item yet, be the first one to do so!

Leave your comment...

?
Post comment

You have not signed in. Only registered users can leave comments, sign in and have a voice!

No votes. No one has voted on this item yet, be the first one to do so!
Condensed report! The following is a condensed report of the behaviour of the file when executed in a controlled environment. The actions and events described were either performed by the file itself or by any other process launched by the executed file or subjected to code injection by the executed file.
Opened files
Read files
Written files
Deleted files
Created processes
Code injections in the following processes
Created mutexes
Opened mutexes
Opened service managers
Opened services
Runtime DLLs
HTTP requests
DNS requests
TCP connections
UDP communications