× Cookies are disabled! This site requires cookies to be enabled to work properly
SHA256: c641a369cdecce9927f2429ac7ffe3be2d2f0d88924dc45af29f93e9c560bceb
File name: 298816b0c36c52c14221d6c997502f97.virus
Detection ratio: 29 / 53
Analysis date: 2016-02-06 06:48:36 UTC ( 2 years, 8 months ago )
Antivirus Result Update
Ad-Aware Gen:Variant.Barys.51393 20160206
Antiy-AVL Trojan[PSW]/Win32.Fareit 20160206
Arcabit Trojan.Barys.DC8C1 20160206
Avast Win32:Malware-gen 20160206
AVG Inject3.ZMJ 20160205
BitDefender Gen:Variant.Barys.51393 20160206
Comodo TrojWare.Win32.Injector.~CRFI 20160206
DrWeb Trojan.PWS.Stealer.13052 20160206
Emsisoft Gen:Variant.Barys.51393 (B) 20160206
ESET-NOD32 a variant of Win32/Injector.CRFI 20160206
F-Secure Gen:Variant.Barys.51393 20160206
Fortinet W32/Injector.CRFI!tr 20160206
GData Gen:Variant.Barys.51393 20160206
Ikarus Trojan.Win32.Injector 20160206
K7AntiVirus Riskware ( 0040eff71 ) 20160206
K7GW Riskware ( 0040eff71 ) 20160206
Kaspersky Trojan-PSW.Win32.Fareit.bmqe 20160206
Malwarebytes Spyware.Pony 20160206
McAfee Fareit-FCZ!298816B0C36C 20160206
McAfee-GW-Edition BehavesLike.Win32.Virut.cc 20160206
Microsoft PWS:Win32/Fareit 20160206
eScan Gen:Variant.Barys.51393 20160206
NANO-Antivirus Trojan.Win32.Stealer.dzzoho 20160206
Qihoo-360 Win32/Trojan.114 20160206
Rising PE:Malware.Generic/QRS!1.9E2D [F] 20160206
Sophos AV Mal/Generic-S 20160206
Symantec Suspicious.Cloud.7.F 20160205
TrendMicro TROJ_GEN.R021C0DB516 20160206
VIPRE Trojan.Win32.Generic!BT 20160206
AegisLab 20160206
Yandex 20160205
AhnLab-V3 20160205
Alibaba 20160204
Baidu-International 20160205
Bkav 20160204
ByteHero 20160206
CAT-QuickHeal 20160206
ClamAV 20160204
CMC 20160205
Cyren 20160206
F-Prot 20160129
Jiangmin 20160206
nProtect 20160205
Panda 20160205
SUPERAntiSpyware 20160206
Tencent 20160206
TheHacker 20160206
TotalDefense 20160206
TrendMicro-HouseCall 20160206
VBA32 20160204
ViRobot 20160206
Zillya 20160206
Zoner 20160206
The file being studied is a Portable Executable file! More specifically, it is a Win32 EXE file for the Windows GUI subsystem.
PE header basic information
Target machine Intel 386 or later processors and compatible processors
Compilation timestamp 2016-01-29 08:06:25
Entry Point 0x00001000
Number of sections 5
PE sections
Overlays
MD5 f1d3ff8443297732862df21dc4e57262
File type ASCII text
Offset 135168
Size 4
Entropy 0.00
PE imports
InitCommonControls
DeleteDC
GetObjectType
BitBlt
GetStockObject
CreateBitmap
SetPixel
GetDIBits
GetObjectW
SelectObject
CreateDIBSection
CreateCompatibleDC
DeleteObject
HeapFree
GetStdHandle
LoadLibraryW
GetVersionExW
FreeLibrary
HeapDestroy
HeapAlloc
TlsAlloc
SetConsoleCtrlHandler
GetCurrentProcessId
GetProcAddress
GetConsoleScreenBufferInfo
WideCharToMultiByte
WriteFile
CloseHandle
HeapReAlloc
GetModuleHandleW
InitializeCriticalSection
HeapCreate
CreateFileW
AllocConsole
ExitProcess
GetCurrentThreadId
malloc
memset
fabs
floor
fclose
wcsncpy
fseek
fread
free
ceil
wcslen
ftell
pow
memcpy
CoInitialize
GetWindowThreadProcessId
RegisterClassExW
BeginPaint
MessageBoxW
EndPaint
DestroyIcon
EnableWindow
FillRect
ShowCursor
IsWindowVisible
DefWindowProcW
EnumWindows
LoadIconW
CreateWindowExW
ShowWindow
IsWindowEnabled
GetForegroundWindow
InvalidateRect
DestroyWindow
timeEndPeriod
Number of PE resources by type
RT_MANIFEST 1
RT_VERSION 1
Number of PE resources by language
ENGLISH US 2
PE resources
ExifTool file metadata
UninitializedDataSize
0

InitializedDataSize
100864

ImageVersion
0.0

FileVersionNumber
9.5.21.6193

LanguageCode
English (British)

FileFlagsMask
0x0000

CharacterSet
Unicode

LinkerVersion
2.5

FileTypeExtension
exe

MIMEType
application/octet-stream

Subsystem
Windows GUI

TimeStamp
2016:01:29 09:06:25+01:00

FileType
Win32 EXE

PEType
PE32

SubsystemVersion
4.0

OSVersion
4.0

FileOS
Win32

LegalCopyright
(C) 2016 Poleaxes Artily Pathogeny. All rights reserved.

MachineType
Intel 386 or later, and compatibles

CompanyName
NVIDIA Corporation

CodeSize
34816

FileSubtype
0

ProductVersionNumber
26.40.8.4203

EntryPoint
0x1000

ObjectFileType
Dynamic link library

File identification
MD5 298816b0c36c52c14221d6c997502f97
SHA1 479edcd760c5eae5fb8bd22373702e325969bb80
SHA256 c641a369cdecce9927f2429ac7ffe3be2d2f0d88924dc45af29f93e9c560bceb
ssdeep
3072:eIcI2nIzVt6/n+hMnCsQbIUH/PLw4brt7vtq+rmrEVDtSAt:eIHj6/+hMGbpfM4b51qDUtxt

authentihash 73e8211d6f7cc22dcfd153af44f0bd01ab8b54c68862274dc3705a829a5d8ef5
imphash e5348ddbaa7c98d968914e19b4b689b7
File size 132.0 KB ( 135172 bytes )
File type Win32 EXE
Magic literal
PE32 executable for MS Windows (GUI) Intel 80386 32-bit

TrID Win32 Executable MS Visual C++ (generic) (64.4%)
Win32 Dynamic Link Library (generic) (13.5%)
Win32 Executable (generic) (9.3%)
Win16/32 Executable Delphi generic (4.2%)
Generic Win/DOS Executable (4.1%)
Tags
peexe overlay

VirusTotal metadata
First submission 2016-02-06 06:48:36 UTC ( 2 years, 8 months ago )
Last submission 2016-02-06 06:48:36 UTC ( 2 years, 8 months ago )
File names 298816b0c36c52c14221d6c997502f97.virus
No comments. No VirusTotal Community member has commented on this item yet, be the first one to do so!

Leave your comment...

?
Post comment

You have not signed in. Only registered users can leave comments, sign in and have a voice!

No votes. No one has voted on this item yet, be the first one to do so!
Condensed report! The following is a condensed report of the behaviour of the file when executed in a controlled environment. The actions and events described were either performed by the file itself or by any other process launched by the executed file or subjected to code injection by the executed file.
Opened files
Read files
Opened service managers
Opened services
Runtime DLLs
HTTP requests
DNS requests
TCP connections
UDP communications