× Cookies are disabled! This site requires cookies to be enabled to work properly
SHA256: c74d63ad1ac608dcde827d7a50564cfe1ddb87d4f9d0c03ab98bfb241eb417f0
File name: 79b4fe558c52a7c61df5369c6fb6b98e
Detection ratio: 23 / 57
Analysis date: 2016-05-10 05:50:21 UTC ( 2 years, 9 months ago ) View latest
Antivirus Result Update
Ad-Aware Gen:Variant.Symmi.63635 20160510
ALYac Gen:Variant.Symmi.63635 20160510
Arcabit Trojan.Symmi.DF893 20160510
Avast Win32:Malware-gen 20160510
AVG Crypt5.BFZZ 20160510
Avira (no cloud) TR/Crypt.ZPACK.iwin 20160510
AVware Trojan.Win32.Generic!BT 20160510
BitDefender Gen:Variant.Symmi.63635 20160510
Bkav HW32.Packed.53A7 20160509
ESET-NOD32 a variant of Win32/Kryptik.EWNY 20160509
F-Secure Gen:Variant.Symmi.63635 20160510
Fortinet W32/Waldek.EWNY!tr 20160510
GData Gen:Variant.Symmi.63635 20160510
Ikarus Trojan.Win32.Crypt 20160509
Kaspersky Trojan.Win32.Waldek.mmy 20160510
McAfee Artemis!79B4FE558C52 20160510
McAfee-GW-Edition BehavesLike.Win32.PWSZbot.dh 20160510
eScan Gen:Variant.Symmi.63635 20160510
Qihoo-360 QVM07.1.Malware.Gen 20160510
Rising Malware.XPACK-HIE/Heur!1.9C48-FcjXSeaZJlR (Cloud) 20160510
Sophos AV Mal/Generic-S 20160510
Tencent Win32.Trojan.Waldek.Akfk 20160510
VIPRE Trojan.Win32.Generic!BT 20160510
AegisLab 20160510
AhnLab-V3 20160509
Alibaba 20160510
Antiy-AVL 20160510
Baidu 20160506
Baidu-International 20160509
CAT-QuickHeal 20160510
ClamAV 20160509
CMC 20160510
Comodo 20160510
Cyren 20160510
DrWeb 20160510
Emsisoft 20160503
F-Prot 20160510
Jiangmin 20160510
K7AntiVirus 20160509
K7GW 20160510
Kingsoft 20160510
Malwarebytes 20160509
Microsoft 20160510
NANO-Antivirus 20160510
nProtect 20160509
Panda 20160509
SUPERAntiSpyware 20160510
Symantec 20160510
TheHacker 20160510
TotalDefense 20160510
TrendMicro 20160510
TrendMicro-HouseCall 20160510
VBA32 20160505
ViRobot 20160510
Yandex 20160508
Zillya 20160508
Zoner 20160510
The file being studied is a Portable Executable file! More specifically, it is a Win32 EXE file for the Windows command line subsystem.
PE header basic information
Target machine Intel 386 or later processors and compatible processors
Compilation timestamp 2013-06-08 03:34:38
Entry Point 0x000269F0
Number of sections 4
PE sections
PE imports
SymGetSymFromName
CheckSumMappedFile
SymGetLineFromAddr
MapDebugInformation
StackWalk
SymSetOptions
ImagehlpApiVersionEx
SymCleanup
SymInitialize
MakeSureDirectoryPathExists
SymLoadModule
SymGetSearchPath
_adjust_fdiv
__p__fmode
_acmdln
__p__commode
__setusermatherr
ceil
exit
_XcptFilter
atol
__getmainargs
_controlfp
_initterm
__set_app_type
VariantChangeType
SysStringByteLen
SafeArrayCreate
SafeArrayAllocDescriptor
SysReAllocString
QueryPathOfRegTypeLib
SysAllocStringByteLen
VariantInit
GetOpenFileNameA
OleUninitialize
CoResumeClassObjects
CLSIDFromProgID
StgOpenStorage
CoFreeUnusedLibraries
CoGetCurrentProcess
CoLoadLibrary
CoDisconnectObject
OleSetContainedObject
Number of PE resources by type
RT_MENU 6
RT_DIALOG 3
RT_ACCELERATOR 2
RT_VERSION 1
Number of PE resources by language
ENGLISH AUS 12
PE resources
ExifTool file metadata
SubsystemVersion
4.0

LinkerVersion
8.0

ImageVersion
0.0

FileVersionNumber
0.72.4.36

UninitializedDataSize
0

LanguageCode
Neutral

FileFlagsMask
0x003f

CharacterSet
Unicode

InitializedDataSize
196608

EntryPoint
0x269f0

OriginalFileName
Shin.exe

MIMEType
application/octet-stream

LegalCopyright
Copyright 2012

FileVersion
49, 217, 6, 61

TimeStamp
2013:06:08 03:34:38+00:00

FileType
Win32 EXE

PEType
PE32

InternalName
Teen

ProductVersion
1, 145, 250, 197

FileDescription
Unsuitable

OSVersion
4.0

FileOS
Windows NT 32-bit

Subsystem
Windows command line

MachineType
Intel 386 or later, and compatibles

CompanyName
CybelSoft

CodeSize
155648

FileSubtype
0

ProductVersionNumber
0.170.122.94

FileTypeExtension
exe

ObjectFileType
Executable application

File identification
MD5 79b4fe558c52a7c61df5369c6fb6b98e
SHA1 af37c269af7e8bdf88567756f401036efc0032d6
SHA256 c74d63ad1ac608dcde827d7a50564cfe1ddb87d4f9d0c03ab98bfb241eb417f0
ssdeep
3072:O8Kvkvo9WtMZ+MtwMGJ0m7Uylb2RBNZeWBwFpwB7l/Uy/D79Ax7vyzFTB/IdfCV3:BmkAQtMIlfG3kFpwj8y/Fc7sF1/KUGO

authentihash bd3bc8203f641404d78b1ef2947d62af3f3d0760862f8a059078e6be382a7446
imphash 58beb03885d55386f7f857b7fb7fb8eb
File size 228.0 KB ( 233472 bytes )
File type Win32 EXE
Magic literal
PE32 executable for MS Windows (console) Intel 80386 32-bit

TrID Win32 Executable MS Visual C++ (generic) (42.2%)
Win64 Executable (generic) (37.3%)
Win32 Dynamic Link Library (generic) (8.8%)
Win32 Executable (generic) (6.0%)
Generic Win/DOS Executable (2.7%)
Tags
peexe

VirusTotal metadata
First submission 2016-05-10 05:50:21 UTC ( 2 years, 9 months ago )
Last submission 2017-11-11 01:31:53 UTC ( 1 year, 3 months ago )
File names 79B4FE558C52A7C61DF5369C6FB6B98E.exe
No comments. No VirusTotal Community member has commented on this item yet, be the first one to do so!

Leave your comment...

?
Post comment

You have not signed in. Only registered users can leave comments, sign in and have a voice!

No votes. No one has voted on this item yet, be the first one to do so!
Condensed report! The following is a condensed report of the behaviour of the file when executed in a controlled environment. The actions and events described were either performed by the file itself or by any other process launched by the executed file or subjected to code injection by the executed file.
Opened files
Read files
Created mutexes
Opened mutexes
Opened service managers
Runtime DLLs
UDP communications