× Cookies are disabled! This site requires cookies to be enabled to work properly
SHA256: ca23269f4a5c0801df888a66e54e44a0d2ed12023990332831d26eac346cdecc
File name: d84f1e61dd4861dd6ccf227a6174d71d.exe
Detection ratio: 18 / 55
Analysis date: 2016-06-05 07:41:38 UTC ( 2 years, 10 months ago ) View latest
Antivirus Result Update
Ad-Aware Gen:Variant.Razy.63015 20160605
Arcabit Trojan.Razy.DF627 20160605
Avast Win32:Malware-gen 20160605
AVG Crypt5.BPLX 20160605
Baidu Win32.Trojan.WisdomEyes.151026.9950.9962 20160603
BitDefender Gen:Variant.Razy.63015 20160605
Emsisoft Gen:Variant.Razy.63015 (B) 20160605
ESET-NOD32 a variant of Win32/Kryptik.EZBJ 20160604
F-Secure Gen:Variant.Razy.63015 20160604
GData Gen:Variant.Razy.63015 20160605
Kaspersky Trojan.Win32.Inject.aaanu 20160605
Malwarebytes Trojan.Crypt 20160605
McAfee W32/PinkSbot-BZ!D84F1E61DD48 20160605
McAfee-GW-Edition BehavesLike.Win32.Dropper.fh 20160605
eScan Gen:Variant.Razy.63015 20160605
Panda Trj/GdSda.A 20160604
Qihoo-360 QVM20.1.Malware.Gen 20160605
Sophos AV Mal/Qbot-N 20160605
AegisLab 20160604
AhnLab-V3 20160604
Alibaba 20160603
ALYac 20160605
Antiy-AVL 20160605
Avira (no cloud) 20160604
Baidu-International 20160604
Bkav 20160604
CAT-QuickHeal 20160604
ClamAV 20160605
CMC 20160602
Comodo 20160605
Cyren 20160605
DrWeb 20160605
F-Prot 20160605
Fortinet 20160605
Ikarus 20160605
Jiangmin 20160605
K7AntiVirus 20160605
K7GW 20160605
Kingsoft 20160605
Microsoft 20160605
NANO-Antivirus 20160605
nProtect 20160603
Rising 20160605
SUPERAntiSpyware 20160605
Symantec 20160605
Tencent 20160605
TheHacker 20160604
TrendMicro 20160605
TrendMicro-HouseCall 20160605
VBA32 20160603
VIPRE 20160605
ViRobot 20160604
Yandex 20160604
Zillya 20160603
Zoner 20160605
The file being studied is a Portable Executable file! More specifically, it is a Win32 EXE file for the Windows command line subsystem.
PE header basic information
Target machine Intel 386 or later processors and compatible processors
Compilation timestamp 2016-06-03 10:50:24
Entry Point 0x00001023
Number of sections 6
PE sections
PE imports
IsSystemResumeAutomatic
OutputDebugStringA
GetModuleFileNameW
SHGetFileInfoA
ExtractIconA
ShellExecuteExA
SHEmptyRecycleBinW
ExtractIconExA
SHFileOperationW
DoEnvironmentSubstA
SHEmptyRecycleBinA
DragQueryPoint
ExtractAssociatedIconW
DoEnvironmentSubstW
SHInvokePrinterCommandA
SHFreeNameMappings
ShellAboutW
SHQueryRecycleBinA
SHGetDiskFreeSpaceExW
ShellExecuteA
SHAppBarMessage
Shell_NotifyIconA
GetClassInfoA
SetMessageExtraInfo
GetWindowRect
GetInputState
LoadStringA
ReleaseCapture
CheckRadioButton
GetDialogBaseUnits
OemToCharBuffW
GetFocus
ChangeClipboardChain
ShowWindow
MapVirtualKeyExA
FindWindowA
SetScrollPos
SetActiveWindow
RtmGetEnumNextHops
RtmReleaseDestInfo
RtmGetExactMatchDestination
RtmCreateNextHopEnum
RtmDeregisterEntity
RtmLockDestination
RtmGetEntityMethods
RtmGetNextHopPointer
RtmCreateRouteListEnum
RtmReleaseEntityInfo
RtmGetLessSpecificDestination
RtmRegisterEntity
RtmReleaseRouteInfo
RtmGetEntityInfo
RtmGetChangeStatus
RtmInvokeMethod
RtmGetOpaqueInformationPointer
RtmBlockMethods
RtmReleaseNextHops
RtmCreateRouteEnum
RtmFindNextHop
RtmGetRoutePointer
RtmGetExactMatchRoute
RtmGetNextHopInfo
RtmDeregisterFromChangeNotification
RtmGetEnumDests
RtmReleaseRoutes
RtmGetMostSpecificDestination
CoInternetGetSecurityUrl
RegisterBindStatusCallback
HlinkNavigateString
HlinkGoBack
HlinkSimpleNavigateToString
URLOpenStreamA
RegisterFormatEnumerator
GetSoftwareUpdateInfo
WriteHitLogging
UrlMkGetSessionOption
ExifTool file metadata
MIMEType
application/octet-stream

Subsystem
Windows command line

MachineType
Intel 386 or later, and compatibles

FileTypeExtension
exe

TimeStamp
2016:06:03 11:50:24+01:00

FileType
Win32 EXE

PEType
PE32

CodeSize
131072

LinkerVersion
6.0

EntryPoint
0x1023

InitializedDataSize
212992

SubsystemVersion
4.0

ImageVersion
0.0

OSVersion
4.0

UninitializedDataSize
0

File identification
MD5 d84f1e61dd4861dd6ccf227a6174d71d
SHA1 13fda4e4563e0e23c20d5e479842602571b5fcf4
SHA256 ca23269f4a5c0801df888a66e54e44a0d2ed12023990332831d26eac346cdecc
ssdeep
6144:Izlnwdvj5WtBzNPSMZBbnhOHdnpxxdIltwQ7:28d2fPSMZBVQnRIIQ7

authentihash 4c43b961992ecbd33c51f57cb9fd8b85244b64bd35d56264b0c1d7fe2cc0e277
imphash 56b263829697755b1dfdb172ee2f7593
File size 340.0 KB ( 348160 bytes )
File type Win32 EXE
Magic literal
PE32 executable for MS Windows (console) Intel 80386 32-bit

TrID Win32 Executable (generic) (52.9%)
Generic Win/DOS Executable (23.5%)
DOS Executable Generic (23.5%)
Tags
peexe

VirusTotal metadata
First submission 2016-06-05 07:41:38 UTC ( 2 years, 10 months ago )
Last submission 2016-06-05 07:41:38 UTC ( 2 years, 10 months ago )
File names d84f1e61dd4861dd6ccf227a6174d71d.exe
No comments. No VirusTotal Community member has commented on this item yet, be the first one to do so!

Leave your comment...

?
Post comment

You have not signed in. Only registered users can leave comments, sign in and have a voice!

No votes. No one has voted on this item yet, be the first one to do so!
Condensed report! The following is a condensed report of the behaviour of the file when executed in a controlled environment. The actions and events described were either performed by the file itself or by any other process launched by the executed file or subjected to code injection by the executed file.
Opened files
Read files
Written files
Copied files
Deleted files
Created processes
Shell commands
Created mutexes
Opened mutexes
Runtime DLLs
UDP communications