× Cookies are disabled! This site requires cookies to be enabled to work properly
SHA256: c99fbaaa08dbcb586a4c15aafac174c0f386dfcd5194f27fc1c2646e9f2e017f
File name: 150dfc3d0accc20a70fbce1d5dff4884.virus
Detection ratio: 39 / 57
Analysis date: 2016-09-24 16:32:10 UTC ( 2 years, 4 months ago )
Antivirus Result Update
Ad-Aware Gen:Variant.Razy.95322 20160924
AhnLab-V3 Trojan/Win32.Tuhkit.N2109054140 20160924
ALYac Gen:Variant.Razy.95322 20160922
Antiy-AVL Trojan[Banker]/Win32.Tuhkit 20160924
Arcabit Trojan.Razy.D1745A 20160924
Avast Win32:Malware-gen 20160924
AVG Downloader.Generic14.BEVS 20160924
Avira (no cloud) TR/Crypt.ZPACK.rpgvw 20160924
AVware Trojan.Win32.Generic!BT 20160924
Baidu Win32.Trojan.Elenoocka.a 20160924
BitDefender Gen:Variant.Razy.95322 20160924
Bkav HW32.Packed.719D 20160924
CrowdStrike Falcon (ML) malicious_confidence_100% (D) 20160725
Cyren W32/Trojan.KZJQ-1663 20160924
DrWeb Trojan.Siggen6.58358 20160924
Emsisoft Gen:Variant.Razy.95322 (B) 20160924
ESET-NOD32 Win32/TrojanDownloader.Agent.CFH 20160924
F-Secure Gen:Variant.Razy.95322 20160924
Fortinet Malware_Generic.P0 20160924
GData Gen:Variant.Razy.95322 20160924
Ikarus Trojan-Downloader.Win32.Agent 20160924
Sophos ML trojan.win32.ramnit.a 20160917
K7AntiVirus Trojan-Downloader ( 004e141d1 ) 20160924
K7GW Trojan-Downloader ( 004e141d1 ) 20160924
Kaspersky Trojan-Banker.Win32.Tuhkit.bd 20160924
Malwarebytes Ransom.FileLocker 20160924
McAfee Artemis!150DFC3D0ACC 20160923
McAfee-GW-Edition BehavesLike.Win32.PWSZbot.cc 20160924
eScan Gen:Variant.Razy.95322 20160924
Panda Trj/GdSda.A 20160924
Qihoo-360 HEUR/QVM20.1.0000.Malware.Gen 20160924
Rising Malware.Generic!6aukseCqUgU@2 (thunder) 20160924
Sophos AV Mal/Generic-S 20160924
Symantec Trojan.Gen 20160924
Tencent Win32.Trojan-banker.Tuhkit.Duwj 20160924
TrendMicro TROJ_GEN.R0CCC0VIL16 20160924
TrendMicro-HouseCall TROJ_GEN.R0CCC0VIL16 20160924
VIPRE Trojan.Win32.Generic!BT 20160924
Yandex Trojan.PWS.Tuhkit! 20160924
AegisLab 20160924
Alibaba 20160923
CAT-QuickHeal 20160924
ClamAV 20160924
CMC 20160921
Comodo 20160924
F-Prot 20160924
Jiangmin 20160924
Kingsoft 20160924
Microsoft 20160924
NANO-Antivirus 20160924
nProtect 20160924
SUPERAntiSpyware 20160924
TheHacker 20160922
VBA32 20160923
ViRobot 20160924
Zillya 20160924
Zoner 20160924
The file being studied is a Portable Executable file! More specifically, it is a Win32 EXE file for the Windows GUI subsystem.
Packers identified
PEiD Ste@lth PE 1.01 -> BGCorp
PE header basic information
Target machine Intel 386 or later processors and compatible processors
Compilation timestamp 2012-07-14 10:54:05
Entry Point 0x00004001
Number of sections 3
PE sections
PE imports
CreateWaitableTimerW
GetCurrentProcess
GetVolumeInformationA
GetFullPathNameW
RemoveDirectoryA
CreateFileA
MapViewOfFile
InterlockedIncrement
WaitForSingleObject
LoadLibraryA
GetOEMCP
FindNextFileA
InterlockedDecrement
GetComputerNameExW
OpenJobObjectW
GetProcessVersion
DeleteFileW
GetProcAddress
FindResourceA
GetGeoInfoW
GetCurrentThread
TraceSQLFetch
TraceSQLCancel
TraceSQLConnect
TraceSQLError
TraceSQLBindCol
UrlCreateFromPathA
UrlGetPartW
PathCompactPathA
UrlCombineA
PathAppendA
UrlIsA
UrlGetLocationW
PathCombineA
UrlIsNoHistoryA
UrlUnescapeA
UrlCanonicalizeW
UrlHashA
UrlCompareW
Number of PE resources by type
SART 9
RT_DIALOG 1
Number of PE resources by language
NEUTRAL 10
PE resources
Debug information
ExifTool file metadata
MIMEType
application/octet-stream

Subsystem
Windows GUI

MachineType
Intel 386 or later, and compatibles

TimeStamp
2012:07:14 11:54:05+01:00

FileType
Win32 EXE

PEType
PE32

CodeSize
126464

LinkerVersion
7.0

FileTypeExtension
exe

InitializedDataSize
33792

SubsystemVersion
4.0

EntryPoint
0x4001

OSVersion
5.1

ImageVersion
5.1

UninitializedDataSize
0

File identification
MD5 150dfc3d0accc20a70fbce1d5dff4884
SHA1 ac2a6e6c824a232d5f7185b0cd3d564be3bbed21
SHA256 c99fbaaa08dbcb586a4c15aafac174c0f386dfcd5194f27fc1c2646e9f2e017f
ssdeep
3072:innnnnJnNaxM0yqttwS2zz84pq5wja/IwpknU9gu4MqYln/n/n/n/n/n/n/n/n/n:innnnnhMxbrttaz87wMIwpknU9bQKn/n

authentihash b568afb7c06f9f961b35d67da6fea2f9173a537274ed1d68d9a5c5b225ad5439
imphash fd005dec9ff0a8b2bedb8f629c14bfa8
File size 157.5 KB ( 161280 bytes )
File type Win32 EXE
Magic literal
PE32 executable for MS Windows (GUI) Intel 80386 32-bit

TrID Win32 Dynamic Link Library (generic) (43.5%)
Win32 Executable (generic) (29.8%)
Generic Win/DOS Executable (13.2%)
DOS Executable Generic (13.2%)
Tags
peexe stealth

VirusTotal metadata
First submission 2016-09-24 16:32:10 UTC ( 2 years, 4 months ago )
Last submission 2016-09-24 16:32:10 UTC ( 2 years, 4 months ago )
File names 150dfc3d0accc20a70fbce1d5dff4884.virus
No comments. No VirusTotal Community member has commented on this item yet, be the first one to do so!

Leave your comment...

?
Post comment

You have not signed in. Only registered users can leave comments, sign in and have a voice!

No votes. No one has voted on this item yet, be the first one to do so!
Condensed report! The following is a condensed report of the behaviour of the file when executed in a controlled environment. The actions and events described were either performed by the file itself or by any other process launched by the executed file or subjected to code injection by the executed file.
Created processes
Created mutexes
Opened mutexes
Runtime DLLs
DNS requests
TCP connections
UDP communications