× Cookies are disabled! This site requires cookies to be enabled to work properly
SHA256: caf06bf994c23108018141f0e0e8c27a0adc038ae95707f55d9ee3a7b68cf9de
File name: 1.gif
Detection ratio: 12 / 58
Analysis date: 2017-02-23 18:41:54 UTC ( 1 year, 11 months ago ) View latest
Antivirus Result Update
AegisLab Troj.Downloader.W32.Lopin.l03S 20170223
Avast Win32:Malware-gen 20170223
Avira (no cloud) TR/Crypt.ZPACK.wkhch 20170223
Baidu Win32.Trojan.WisdomEyes.16070401.9500.9999 20170223
CrowdStrike Falcon (ML) malicious_confidence_100% (D) 20170130
Endgame malicious (high confidence) 20170222
Sophos ML trojandropper.win32.sality.au 20170203
Kaspersky UDS:DangerousObject.Multi.Generic 20170223
McAfee-GW-Edition BehavesLike.Win32.Downloader.dc 20170223
Sophos AV Mal/Generic-S 20170223
Symantec Trojan.Gen.8 20170223
Webroot Malicious 20170223
Ad-Aware 20170223
AhnLab-V3 20170223
Alibaba 20170223
ALYac 20170223
Antiy-AVL 20170223
Arcabit 20170223
AVG 20170223
AVware 20170223
BitDefender 20170223
Bkav 20170223
CAT-QuickHeal 20170223
ClamAV 20170223
CMC 20170223
Comodo 20170223
Cyren 20170223
DrWeb 20170223
Emsisoft 20170223
ESET-NOD32 20170223
F-Prot 20170223
F-Secure 20170223
Fortinet 20170223
GData 20170223
Ikarus 20170223
Jiangmin 20170223
K7AntiVirus 20170223
K7GW 20170223
Kingsoft 20170223
Malwarebytes 20170223
McAfee 20170223
Microsoft 20170223
eScan 20170223
NANO-Antivirus 20170223
nProtect 20170223
Panda 20170223
Qihoo-360 20170223
Rising 20170223
SUPERAntiSpyware 20170223
Tencent 20170223
TheHacker 20170223
TrendMicro 20170223
TrendMicro-HouseCall 20170223
Trustlook 20170223
VBA32 20170223
VIPRE 20170223
ViRobot 20170223
WhiteArmor 20170222
Yandex 20170222
Zillya 20170223
Zoner 20170223
The file being studied is a Portable Executable file! More specifically, it is a Win32 EXE file for the Windows GUI subsystem.
PE header basic information
Target machine Intel 386 or later processors and compatible processors
Compilation timestamp 2016-05-10 03:04:39
Entry Point 0x000029CD
Number of sections 3
PE sections
Overlays
MD5 d2c559473b7344a1cb1d02cc6907ca92
File type data
Offset 234496
Size 186
Entropy 6.86
PE imports
CertAlgIdToOID
CertGetNameStringA
CertOpenStore
CertDuplicateStore
CertCompareCertificate
CertControlStore
CertFindAttribute
CertSaveStore
CryptFindOIDInfo
CertNameToStrA
CertCreateContext
CertCreateCRLContext
CertFindCRLInStore
ConnectionRead
ConnectionError
ConnectionWrite
ErrMsgParam
CheckADsError
FindSheet
CrackName
ErrMsg
lstrcat
GetProfileStringW
OpenSemaphoreW
ResumeThread
GlobalAddAtomW
GetProcAddress
LoadLibraryA
GetGeoInfoA
CreateMutexA
WaitForSingleObject
InterlockedExchange
LoadLibraryExW
SetErrorMode
GetFullPathNameW
CreateFileMappingA
CreateFileA
GetSystemDirectoryA
GetPrivateProfileIntW
lstrcpyn
FindFirstVolumeW
Chkdsk
FormatEx
Recover
Extend
Number of PE resources by type
RT_RCDATA 3
RT_DIALOG 1
Number of PE resources by language
ENGLISH US 4
PE resources
Debug information
ExifTool file metadata
MIMEType
application/octet-stream

Subsystem
Windows GUI

SubsystemVersion
4.0

MachineType
Intel 386 or later, and compatibles

TimeStamp
2016:05:10 04:04:39+01:00

FileType
Win32 EXE

PEType
PE32

CodeSize
24576

LinkerVersion
7.6

FileTypeExtension
exe

InitializedDataSize
208896

ImageFileCharacteristics
No relocs, Executable, No line numbers, No symbols, 32-bit

EntryPoint
0x29cd

OSVersion
5.1

ImageVersion
5.1

UninitializedDataSize
0

File identification
MD5 d2ae8561b7c500fa1916479139ddaa98
SHA1 c60f028e57362aafe6cb12e475bca9e32115a753
SHA256 caf06bf994c23108018141f0e0e8c27a0adc038ae95707f55d9ee3a7b68cf9de
ssdeep
6144:+aplBxkfTMj2/dWk+7Hl24sPli9UZbLdNDcgLgaq:ppEMjwkk+79clWUJjz6

authentihash 91b633de5c31420edc9afc69f30912ad614b2d3a1100b908641fe9f511a402af
imphash fefecf122ca72f0c2acde8e20d7df35e
File size 229.2 KB ( 234682 bytes )
File type Win32 EXE
Magic literal
PE32 executable for MS Windows (GUI) Intel 80386 32-bit

TrID Win32 Dynamic Link Library (generic) (38.4%)
Win32 Executable (generic) (26.3%)
OS/2 Executable (generic) (11.8%)
Generic Win/DOS Executable (11.6%)
DOS Executable Generic (11.6%)
Tags
peexe suspicious-udp overlay

VirusTotal metadata
First submission 2017-02-23 15:03:07 UTC ( 1 year, 11 months ago )
Last submission 2017-03-27 23:49:37 UTC ( 1 year, 10 months ago )
File names VirusShare_d2ae8561b7c500fa1916479139ddaa98
aa
1.gif
caf06bf994c23108018141f0e0e8c27a0adc038ae95707f55d9ee3a7b68cf9de
user.php
xDa6kn4.rtf
ugcyd.exe
No comments. No VirusTotal Community member has commented on this item yet, be the first one to do so!

Leave your comment...

?
Post comment

You have not signed in. Only registered users can leave comments, sign in and have a voice!

No votes. No one has voted on this item yet, be the first one to do so!
Condensed report! The following is a condensed report of the behaviour of the file when executed in a controlled environment. The actions and events described were either performed by the file itself or by any other process launched by the executed file or subjected to code injection by the executed file.
Opened files
Read files
Written files
Moved files
Created processes
Shell commands
Code injections in the following processes
Created mutexes
Opened mutexes
Searched windows
Opened service managers
Opened services
Runtime DLLs
UDP communications