× Cookies are disabled! This site requires cookies to be enabled to work properly
SHA256: c6906207826fd8b30a0c4a27b9b50e7f9b1fa55aea8c582ebb4b6a8c6b5fc52e
File name: c6906207826fd8b30a0c4a27b9b50e7f9b1fa55aea8c582ebb4b6a8c6b5fc52e....
Detection ratio: 40 / 57
Analysis date: 2015-08-19 13:39:40 UTC ( 1 year, 10 months ago )
Antivirus Result Update
Ad-Aware Gen:Variant.Graftor.168504 20150819
Yandex Trojan.Cossta!VufoTbLKVVU 20150818
AhnLab-V3 Trojan/Win32.Backdoor 20150819
ALYac Gen:Variant.Graftor.168504 20150819
Antiy-AVL Trojan/Win32.Cossta 20150819
Arcabit Trojan.Graftor.D29238 20150819
Avast Win32:Trojan-gen 20150819
AVG Generic35.CETY 20150819
Avira (no cloud) TR/Rogue.1588433 20150819
AVware Trojan.Win32.Generic!BT 20150819
Baidu-International Trojan.Win32.Cossta.abji 20150819
BitDefender Gen:Variant.Graftor.168504 20150819
Comodo UnclassifiedMalware 20150819
Cyren W32/Trojan.ZPGW-2087 20150819
DrWeb Trojan.MulDrop5.10061 20150819
Emsisoft Gen:Variant.Graftor.168504 (B) 20150819
ESET-NOD32 a variant of Win32/Agent.VYP 20150819
F-Secure Gen:Variant.Graftor.168504 20150819
Fortinet W32/Cossta.ABJI!tr 20150819
GData Gen:Variant.Graftor.168504 20150819
Ikarus Trojan.Win32.Cossta 20150819
Jiangmin Trojan/Cossta.for 20150818
K7AntiVirus Riskware ( 0049c6851 ) 20150819
K7GW Riskware ( 0049c6851 ) 20150819
Kaspersky Trojan.Win32.Cossta.abji 20150819
Kingsoft Win32.Troj.Cossta.ab.(kcloud) 20150819
McAfee Artemis!B6021AADC937 20150819
McAfee-GW-Edition Artemis!Trojan 20150819
Microsoft Trojan:Win32/Skeeyah.A!rfn 20150819
eScan Gen:Variant.Graftor.168504 20150819
NANO-Antivirus Trojan.Win32.Cossta.cuhpoq 20150819
Panda Trj/CI.A 20150819
Qihoo-360 Win32/Trojan.196 20150819
Rising PE:Trojan.Win32.Generic.1686189E!377886878 20150817
Sophos Mal/Generic-S 20150819
Symantec Trojan.Tapaoux 20150818
TrendMicro TROJ_GEN.R047C0EH715 20150819
VBA32 Trojan.Cossta 20150819
VIPRE Trojan.Win32.Generic!BT 20150819
Zillya Trojan.Agent.Win32.560518 20150819
AegisLab 20150819
Alibaba 20150819
Bkav 20150819
ByteHero 20150819
CAT-QuickHeal 20150819
ClamAV 20150819
CMC 20150819
F-Prot 20150819
Malwarebytes 20150819
nProtect 20150819
SUPERAntiSpyware 20150818
Tencent 20150819
TheHacker 20150818
TotalDefense 20150819
TrendMicro-HouseCall 20150819
ViRobot 20150819
Zoner 20150819
The file being studied is a Portable Executable file! More specifically, it is a Win32 EXE file for the Windows GUI subsystem.
PE header basic information
Target machine Intel 386 or later processors and compatible processors
Compilation timestamp 2014-01-08 10:11:51
Entry Point 0x00006A40
Number of sections 3
PE sections
Overlays
MD5 6e1e9ddda1707b95587579428739c095
File type data
Offset 77824
Size 1784
Entropy 7.28
PE imports
GetLastError
GetEnvironmentVariableA
HeapFree
GetStdHandle
EnterCriticalSection
LCMapStringW
SetHandleCount
GetFileAttributesA
GetOEMCP
LCMapStringA
CopyFileA
HeapAlloc
TlsAlloc
FlushFileBuffers
GetEnvironmentStringsW
GetVersionExA
LoadLibraryA
RtlUnwind
GetModuleFileNameA
GetLocalTime
FreeEnvironmentStringsA
DeleteCriticalSection
GetStartupInfoA
GetEnvironmentStrings
GetLocaleInfoA
GetFileSize
CreateDirectoryA
DeleteFileA
WideCharToMultiByte
UnhandledExceptionFilter
TlsGetValue
MultiByteToWideChar
FreeEnvironmentStringsW
GetCommandLineA
GetProcAddress
SetStdHandle
CreateMutexA
SetFilePointer
GetCPInfo
GetStringTypeA
GetModuleHandleA
ReadFile
lstrcpyA
GetCurrentProcess
CloseHandle
GetComputerNameA
GetACP
HeapReAlloc
GetStringTypeW
GetCurrentThreadId
SetFileAttributesA
MoveFileA
TerminateProcess
InterlockedDecrement
InitializeCriticalSection
HeapCreate
WriteFile
VirtualFree
HeapDestroy
Sleep
GetFileType
SetEndOfFile
TlsSetValue
CreateFileA
ExitProcess
GetVersion
InterlockedIncrement
VirtualAlloc
SetLastError
LeaveCriticalSection
SHGetSpecialFolderPathA
wsprintfA
socket
recv
inet_addr
send
WSACleanup
WSAStartup
gethostbyname
connect
htons
closesocket
ExifTool file metadata
MIMEType
application/octet-stream

Subsystem
Windows GUI

MachineType
Intel 386 or later, and compatibles

TimeStamp
2014:01:08 11:11:51+01:00

FileType
Win32 EXE

PEType
PE32

CodeSize
53248

LinkerVersion
6.0

FileTypeExtension
exe

InitializedDataSize
32768

SubsystemVersion
4.0

EntryPoint
0x6a40

OSVersion
4.0

ImageVersion
0.0

UninitializedDataSize
0

File identification
MD5 b6021aadc9379c73bdc4ba55bbb6d4d2
SHA1 8ad09dc64843624c3f86e08445636cd56977786a
SHA256 c6906207826fd8b30a0c4a27b9b50e7f9b1fa55aea8c582ebb4b6a8c6b5fc52e
ssdeep
1536:w3ZKG7qbRFiJUJBNDlnDV0Tk+eB5SQ05WVtplTe:qZJ7qbRFiOJBNrph0UVtp9e

authentihash f046a5d1197cae1aeda85b44d940fd78e09a556da56f3086791eec34823ad105
imphash ed48342de32a4c2cbbc2ff00ee6fc198
File size 77.7 KB ( 79608 bytes )
File type Win32 EXE
Magic literal
PE32 executable for MS Windows (GUI) Intel 80386 32-bit

TrID Win32 Executable MS Visual C++ (generic) (42.2%)
Win64 Executable (generic) (37.3%)
Win32 Dynamic Link Library (generic) (8.8%)
Win32 Executable (generic) (6.0%)
Generic Win/DOS Executable (2.7%)
Tags
peexe overlay

VirusTotal metadata
First submission 2014-02-27 07:59:54 UTC ( 3 years, 3 months ago )
Last submission 2015-08-19 13:39:40 UTC ( 1 year, 10 months ago )
File names wdlps32.exe
c6906207826fd8b30a0c4a27b9b50e7f9b1fa55aea8c582ebb4b6a8c6b5fc52e.exe
c6906207826fd8b30a0c4a27b9b50e7f9b1fa55aea8c582ebb4b6a8c6b5fc52e.exe
c6906207826fd8b30a0c4a27b9b50e7f9b1fa55aea8c582ebb4b6a8c6b5fc52e.Min3r0s
No comments. No VirusTotal Community member has commented on this item yet, be the first one to do so!

Leave your comment...

?
Post comment

You have not signed in. Only registered users can leave comments, sign in and have a voice!

No votes. No one has voted on this item yet, be the first one to do so!
Condensed report! The following is a condensed report of the behaviour of the file when executed in a controlled environment. The actions and events described were either performed by the file itself or by any other process launched by the executed file or subjected to code injection by the executed file.
Opened files
Read files
Written files
Copied files
Moved files
Deleted files
Created processes
Created mutexes
Opened mutexes
Runtime DLLs