× Cookies are disabled! This site requires cookies to be enabled to work properly
SHA256: c80f41d9478e338bd574feb6199720865d3cdbfe5b50577fe5142eeaf75f2852
File name: 2de9359096e9153cc41ea7c9c3c318fc
Detection ratio: 11 / 54
Analysis date: 2016-02-06 18:32:00 UTC ( 3 years, 1 month ago )
Antivirus Result Update
Avast Win32:Malware-gen 20160206
Avira (no cloud) TR/Crypt.Xpack.443583 20160206
Cyren W32/Rovnix.C.gen!Eldorado 20160206
DrWeb BackDoor.IRC.NgrBot.42 20160206
ESET-NOD32 a variant of Win32/Kryptik.EMYN 20160206
F-Prot W32/Agent.XL.gen!Eldorado 20160129
Kaspersky Trojan.Win32.Inject.vuom 20160206
Malwarebytes Backdoor.Andromeda 20160206
McAfee-GW-Edition BehavesLike.Win32.MysticCompressor.fh 20160206
Qihoo-360 QVM41.1.Malware.Gen 20160206
Rising PE:Trojan.Kryptik!1.A32E [F] 20160206
Ad-Aware 20160206
AegisLab 20160206
Yandex 20160206
AhnLab-V3 20160206
Alibaba 20160204
Antiy-AVL 20160206
Arcabit 20160206
AVG 20160206
Baidu-International 20160206
BitDefender 20160206
Bkav 20160204
ByteHero 20160206
CAT-QuickHeal 20160206
ClamAV 20160206
CMC 20160205
Comodo 20160206
Emsisoft 20160206
F-Secure 20160206
Fortinet 20160206
GData 20160206
Ikarus 20160206
Jiangmin 20160206
K7AntiVirus 20160206
K7GW 20160206
McAfee 20160206
Microsoft 20160206
eScan 20160206
NANO-Antivirus 20160206
nProtect 20160205
Panda 20160206
Sophos AV 20160206
SUPERAntiSpyware 20160206
Symantec 20160205
Tencent 20160206
TheHacker 20160206
TotalDefense 20160206
TrendMicro 20160206
TrendMicro-HouseCall 20160206
VBA32 20160204
VIPRE 20160206
ViRobot 20160206
Zillya 20160206
Zoner 20160206
The file being studied is a Portable Executable file! More specifically, it is a Win32 EXE file for the Windows GUI subsystem.
PE header basic information
Target machine Intel 386 or later processors and compatible processors
Compilation timestamp 2016-02-05 12:45:50
Entry Point 0x0000C0B6
Number of sections 5
PE sections
Overlays
MD5 04fbaa2a67a3d91325f98023fd9b6c4c
File type data
Offset 360448
Size 512
Entropy 7.58
PE imports
RegCreateKeyExW
RegDeleteKeyA
RegDeleteValueW
RegCloseKey
AdjustTokenPrivileges
OpenProcessToken
RegSetValueExW
RegQueryValueExA
RegEnumValueW
RegEnumKeyW
RegDeleteKeyW
RegSetValueExA
RegDeleteValueA
RegOpenKeyExW
RegCreateKeyExA
RegOpenKeyExA
RegCreateKeyA
LookupPrivilegeValueA
RegEnumKeyExA
RegQueryInfoKeyA
RegQueryValueExW
ImageList_Create
Ord(17)
InitCommonControlsEx
ImageList_Destroy
ImageList_AddMasked
GetObjectA
GetDeviceCaps
TranslateCharsetInfo
AddFontResourceA
GetObjectW
DeleteDC
RemoveFontResourceA
SetBkMode
CreateFontIndirectW
CreateBrushIndirect
GetStockObject
GetTextExtentExPointW
SelectObject
ExtCreateRegion
BitBlt
SetBkColor
CreateFontW
CreateCompatibleDC
DeleteObject
CreateCompatibleBitmap
SetTextColor
GetStdHandle
FileTimeToDosDateTime
GetConsoleOutputCP
GetOverlappedResult
GetDriveTypeA
GetExitCodeProcess
FreeEnvironmentStringsA
DeleteCriticalSection
GetCurrentProcess
GetCurrentDirectoryA
GetConsoleMode
GetLocaleInfoA
LocalAlloc
UnhandledExceptionFilter
FreeEnvironmentStringsW
GetLocaleInfoW
SetStdHandle
GetFileTime
GetTempPathA
WideCharToMultiByte
GetFileAttributesA
GetStringTypeA
WriteFile
GetSystemTimeAsFileTime
HeapReAlloc
GetStringTypeW
GetFullPathNameA
FreeLibrary
MoveFileA
ConnectNamedPipe
GetEnvironmentVariableA
LoadResource
FindClose
InterlockedDecrement
FormatMessageA
SetLastError
GetProcAddress
OutputDebugStringW
RemoveDirectoryW
IsDebuggerPresent
ExitProcess
FlushFileBuffers
GetModuleFileNameA
EnumCalendarInfoA
EnumSystemLocalesA
LoadLibraryExA
GetPrivateProfileStringA
EnumSystemLocalesW
TlsGetValue
MultiByteToWideChar
GetLocalTime
CreateMutexA
GetModuleHandleA
DisconnectNamedPipe
GetExitCodeThread
Module32Next
SetUnhandledExceptionFilter
GetSystemDirectoryA
MoveFileExA
SetEnvironmentVariableA
TerminateProcess
WriteConsoleA
VirtualQuery
SetEndOfFile
GetCurrentThreadId
LeaveCriticalSection
WriteConsoleW
InitializeCriticalSectionAndSpinCount
HeapFree
EnterCriticalSection
SetHandleCount
GetOEMCP
QueryPerformanceCounter
GetTickCount
TlsAlloc
GetVersionExA
LoadLibraryA
RtlUnwind
GetStartupInfoA
GetDateFormatA
DecodePointer
GetFileSize
CreateDirectoryA
DeleteFileA
GetWindowsDirectoryA
GetUserDefaultLCID
GetSystemInfo
GetProcessHeap
CompareStringW
FindFirstFileA
GetDiskFreeSpaceA
CompareStringA
GetTempFileNameA
FindNextFileA
IsValidLocale
ExpandEnvironmentStringsA
GetTimeZoneInformation
GetFileType
TlsSetValue
CreateFileA
HeapAlloc
InterlockedIncrement
GetLastError
DosDateTimeToFileTime
LCMapStringW
CreateNamedPipeW
lstrlenA
GetConsoleCP
LCMapStringA
GetProcessTimes
GetThreadLocale
GetEnvironmentStringsW
GetShortPathNameA
SwitchToThread
GetEnvironmentStrings
GetCurrentProcessId
LockResource
GetCPInfo
HeapSize
GetCommandLineA
RaiseException
Module32First
TlsFree
SetFilePointer
ReadFile
CloseHandle
GetACP
GetModuleHandleW
FileTimeToLocalFileTime
CreateProcessA
IsValidCodePage
HeapCreate
VirtualFree
Sleep
FindResourceA
VirtualAlloc
ShellExecuteExA
SHBrowseForFolderW
SHChangeNotify
SHFileOperationW
ShellExecuteW
SHGetPathFromIDListW
SHGetSpecialFolderLocation
SHGetFileInfoW
SHGetPathFromIDListA
ShellExecuteA
SHGetValueA
SHStrDupW
SHDeleteKeyW
RedrawWindow
SetWindowRgn
ReleaseDC
BeginPaint
OffsetRect
DefWindowProcA
ShowWindow
GetSystemMetrics
SetWindowPos
GetParent
CharToOemBuffA
OemToCharBuffA
GetWindowRect
DispatchMessageA
EndPaint
UnhookWindowsHookEx
PostMessageA
MoveWindow
CharUpperBuffA
MessageBoxA
PeekMessageA
SetWindowLongA
TranslateMessage
SetScrollInfo
RegisterShellHookWindow
SystemParametersInfoA
SetWindowTextA
DestroyIcon
LoadStringA
GetLastActivePopup
IsWindowVisible
EnumWindows
SendMessageA
GetDlgItem
CreateDialogParamA
RegisterClassA
CallNextHookEx
SendMessageTimeoutA
CreateWindowExA
LoadIconA
SetWindowsHookExA
LoadImageA
GetDC
RegisterClassExA
GetKeyboardType
ExitWindowsEx
DestroyWindow
CreateStreamOnHGlobal
OleUninitialize
CoUninitialize
CoInitialize
OleInitialize
CoInitializeEx
CoCreateInstance
PropVariantClear
CoTaskMemFree
CoSetProxyBlanket
Number of PE resources by type
RT_MANIFEST 1
RT_HTML 1
Number of PE resources by language
ENGLISH NZ 1
SERBIAN ARABIC ALGERIA 1
PE resources
ExifTool file metadata
MIMEType
application/octet-stream

Subsystem
Windows GUI

MachineType
Intel 386 or later, and compatibles

TimeStamp
2016:02:05 13:45:50+01:00

FileType
Win32 EXE

PEType
PE32

CodeSize
121344

LinkerVersion
9.0

FileTypeExtension
exe

InitializedDataSize
238080

SubsystemVersion
5.0

EntryPoint
0xc0b6

OSVersion
5.0

ImageVersion
0.0

UninitializedDataSize
0

File identification
MD5 2de9359096e9153cc41ea7c9c3c318fc
SHA1 d6c7ddf2d570d614dd64eb7fa954bc11093c7790
SHA256 c80f41d9478e338bd574feb6199720865d3cdbfe5b50577fe5142eeaf75f2852
ssdeep
6144:dCHhz8cx09mMfAOnONV5YPP+YjzCWizQuhHn3ozyiN0SNe:QBnumUg5eZjzKzQuhH3xiN0v

authentihash e99a9aee94ac2d6799b7c7d90441be97e37908867028d324a915cd4c5c2ed623
imphash 0abb5fde008329288eab980e20430d8e
File size 352.5 KB ( 360960 bytes )
File type Win32 EXE
Magic literal
PE32 executable for MS Windows (GUI) Intel 80386 32-bit

TrID Win32 Executable MS Visual C++ (generic) (67.4%)
Win32 Dynamic Link Library (generic) (14.2%)
Win32 Executable (generic) (9.7%)
Generic Win/DOS Executable (4.3%)
DOS Executable Generic (4.3%)
Tags
peexe overlay

VirusTotal metadata
First submission 2016-02-06 18:32:00 UTC ( 3 years, 1 month ago )
Last submission 2016-02-06 18:32:00 UTC ( 3 years, 1 month ago )
No comments. No VirusTotal Community member has commented on this item yet, be the first one to do so!

Leave your comment...

?
Post comment

You have not signed in. Only registered users can leave comments, sign in and have a voice!

No votes. No one has voted on this item yet, be the first one to do so!
Condensed report! The following is a condensed report of the behaviour of the file when executed in a controlled environment. The actions and events described were either performed by the file itself or by any other process launched by the executed file or subjected to code injection by the executed file.
Opened files
Read files
Written files
Copied files
Deleted files
Created processes
Code injections in the following processes
Created mutexes
Opened mutexes
Searched windows
Opened service managers
Opened services
Runtime DLLs
UDP communications