× Cookies are disabled! This site requires cookies to be enabled to work properly
SHA256: cb297608d4d8e031e4c665a70c9715e7c7e88364db7d19c8b676f1a212df3bde
File name: 2050e03ca119580f74cca14cc6e97462.exe
Detection ratio: 9 / 55
Analysis date: 2017-02-13 19:27:09 UTC ( 2 years ago ) View latest
Antivirus Result Update
AegisLab Psw.Generic13.Uwh!c 20170213
Avast Win32:Malware-gen 20170213
AVG PSW.Generic13.UWH 20170213
AVware Trojan.Win32.Generic!BT 20170213
ESET-NOD32 a variant of Win32/Spy.Delf.QLK 20170213
Ikarus Trojan-Spy.Agent 20170213
McAfee Artemis!E41D2DC76E16 20170213
McAfee-GW-Edition BehavesLike.Win32.Dropper.th 20170213
VIPRE Trojan.Win32.Generic!BT 20170213
Ad-Aware 20170213
AhnLab-V3 20170213
Alibaba 20170213
ALYac 20170213
Antiy-AVL 20170213
Arcabit 20170213
Avira (no cloud) 20170213
Baidu 20170213
BitDefender 20170213
Bkav 20170213
CAT-QuickHeal 20170213
ClamAV 20170213
CMC 20170213
Comodo 20170213
CrowdStrike Falcon (ML) 20170130
Cyren 20170213
Emsisoft 20170213
Endgame 20170208
F-Prot 20170213
F-Secure 20170213
Fortinet 20170213
GData 20170213
Sophos ML 20170203
Jiangmin 20170213
K7AntiVirus 20170213
K7GW 20170213
Kaspersky 20170213
Kingsoft 20170213
Malwarebytes 20170213
Microsoft 20170213
eScan 20170213
NANO-Antivirus 20170213
nProtect 20170213
Panda 20170213
Qihoo-360 20170213
Rising 20170213
Sophos AV 20170213
SUPERAntiSpyware 20170213
Symantec 20170213
Tencent 20170213
TheHacker 20170211
TrendMicro 20170213
Trustlook 20170213
VBA32 20170213
ViRobot 20170213
WhiteArmor 20170202
Yandex 20170212
Zillya 20170210
Zoner 20170213
The file being studied is a Portable Executable file! More specifically, it is a Win32 EXE file for the Windows GUI subsystem.
PE header basic information
Target machine Intel 386 or later processors and compatible processors
Entry Point 0x0016CE20
Number of sections 7
PE sections
Overlays
MD5 98895bf869a32f29fdb78de324195fe4
File type ASCII text
Offset 1951232
Size 19
Entropy 3.51
PE imports
RegOpenKeyExA
RegSetValueExA
RegFlushKey
RegCloseKey
RegCreateKeyExA
ImageList_GetImageCount
ImageList_BeginDrag
ImageList_Destroy
ImageList_AddMasked
InitCommonControls
ImageList_Replace
ImageList_DragLeave
ImageList_Remove
ImageList_DragShowNolock
ImageList_DrawIndirect
ImageList_DragMove
ImageList_Create
ImageList_DrawEx
ImageList_EndDrag
ImageList_Copy
ImageList_DragEnter
ImageList_Add
ImageList_SetImageCount
GetCharABCWidthsW
SetMapMode
GetWindowOrgEx
GetTextMetricsA
GetCharABCWidthsA
CombineRgn
GetROP2
GetViewportOrgEx
GetObjectType
GetTextExtentPointA
SetPixel
IntersectClipRect
CreateEllipticRgn
EqualRgn
CreateDIBitmap
GetDIBits
ExtCreateRegion
SetTextAlign
GetDCOrgEx
StretchBlt
Pie
SetWindowExtEx
Arc
SetViewportExtEx
ExtCreatePen
SetBkColor
GetBkColor
SetRectRgn
TextOutW
CreateFontIndirectW
OffsetRgn
CreateFontIndirectA
LPtoDP
GetBitmapBits
ExcludeClipRect
OffsetViewportOrgEx
SetBkMode
RectInRegion
PtInRegion
GetRegionData
BitBlt
EnumFontFamiliesA
GetObjectA
FillRgn
CreateBrushIndirect
SelectPalette
CreatePenIndirect
ExtSelectClipRgn
SetROP2
GetTextColor
DeleteObject
CreateCompatibleDC
GetWindowExtEx
PatBlt
CreatePen
GetClipBox
Rectangle
GetDeviceCaps
PaintRgn
LineTo
DeleteDC
GetMapMode
GetObjectW
RealizePalette
CreatePatternBrush
ExtTextOutW
CreateBitmap
RectVisible
GetStockObject
ExtTextOutA
SelectClipRgn
RoundRect
GetTextAlign
GetTextExtentPoint32A
SetWindowOrgEx
SelectObject
GetViewportExtEx
SetTextCharacterExtra
GetTextExtentPoint32W
CreatePolygonRgn
Polygon
GetRgnBox
SaveDC
MaskBlt
GetRandomRgn
GetTextExtentExPointA
RestoreDC
GetPixel
GetTextExtentExPointW
CreateDIBSection
SetTextColor
ExtFloodFill
GetCurrentObject
MoveToEx
EnumFontFamiliesExW
SetViewportOrgEx
SetArcDirection
CreateRoundRectRgn
EnumFontFamiliesExA
SetStretchBltMode
PolyBezier
Chord
SetBrushOrgEx
CreateRectRgn
GetClipRgn
SetPolyFillMode
CreateCompatibleBitmap
CreateSolidBrush
Polyline
DPtoLP
Ellipse
SetThreadLocale
GetStdHandle
FileTimeToDosDateTime
GetConsoleOutputCP
GetFileAttributesA
SetEvent
FindFirstFileW
GetFileAttributesW
GetLocalTime
FreeEnvironmentStringsA
DeleteCriticalSection
GetCurrentProcess
GetConsoleMode
GetLocaleInfoA
LocalAlloc
GetLocaleInfoW
GetFileTime
FindResourceExA
WideCharToMultiByte
WriteFile
WaitForSingleObject
EnumResourceLanguagesA
ResumeThread
SetFileAttributesA
GetExitCodeProcess
LocalFree
MoveFileA
GetThreadPriority
InitializeCriticalSection
LoadResource
FindClose
TlsGetValue
FormatMessageA
SetFileAttributesW
SetLastError
PeekNamedPipe
SuspendThread
GetModuleFileNameW
TryEnterCriticalSection
HeapAlloc
GetModuleFileNameA
EnumCalendarInfoA
GetVolumeInformationA
SetThreadPriority
GetUserDefaultLCID
MultiByteToWideChar
MoveFileW
CreateMutexA
SetFilePointer
CreateThread
GlobalAddAtomA
SetUnhandledExceptionFilter
MulDiv
ExitThread
SetCurrentDirectoryW
GlobalAlloc
LocalFileTimeToFileTime
SetEndOfFile
GetCurrentThreadId
SetCurrentDirectoryA
CloseHandle
HeapFree
EnterCriticalSection
TerminateThread
FreeLibrary
QueryPerformanceCounter
GetTickCount
TlsAlloc
GetVersionExA
LoadLibraryA
GetSystemDirectoryA
GlobalSize
GetStartupInfoA
GetDateFormatA
CreateDirectoryA
DeleteFileA
GetWindowsDirectoryA
ReadProcessMemory
CreateDirectoryW
DeleteFileW
GetProcAddress
GetProcessHeap
CompareStringW
GlobalReAlloc
RemoveDirectoryW
FindNextFileW
EnumResourceNamesA
CompareStringA
FindNextFileA
GlobalLock
CreateFileW
CreateEventA
TlsSetValue
CreateFileA
ExitProcess
LeaveCriticalSection
GetLastError
DosDateTimeToFileTime
GlobalDeleteAtom
GetEnvironmentStringsA
GetThreadLocale
GlobalUnlock
RemoveDirectoryA
FileTimeToLocalFileTime
SizeofResource
GetCurrentDirectoryW
GetCurrentProcessId
LockResource
SetFileTime
GetCommandLineW
GetCurrentDirectoryA
GetCommandLineA
EnumResourceTypesA
QueryPerformanceFrequency
GetModuleHandleA
ReadFile
FindFirstFileA
GetACP
FreeResource
VirtualFree
Sleep
FindResourceA
ResetEvent
OleUninitialize
CoUninitialize
CoInitialize
OleInitialize
CoCreateInstance
CLSIDFromProgID
GetErrorInfo
VariantCopy
SafeArrayAccessData
SafeArrayGetLBound
SafeArrayGetElement
SafeArrayPtrOfIndex
SysAllocStringLen
SafeArrayUnaccessData
VariantClear
SafeArrayCreate
SysReAllocStringLen
SafeArrayGetUBound
SafeArrayRedim
SysFreeString
SafeArrayPutElement
VariantInit
VariantChangeTypeEx
DragAcceptFiles
DragQueryFileW
DragFinish
ShellExecuteA
DragQueryFileA
RedrawWindow
GetForegroundWindow
SetWindowRgn
DrawTextW
DrawStateA
EnableScrollBar
DestroyMenu
PostQuitMessage
DrawStateW
LoadBitmapA
SetWindowPos
WindowFromDC
IsWindow
SetTimer
DispatchMessageA
EndPaint
ScrollWindowEx
GetWindowLongA
SetMenuItemInfoA
CharUpperBuffA
WindowFromPoint
CharUpperBuffW
SetMenuItemInfoW
SetActiveWindow
GetDC
GetCursorPos
ChildWindowFromPointEx
GetClassInfoA
GetMenu
UnregisterClassA
IsClipboardFormatAvailable
SendMessageA
UnregisterClassW
GetClassInfoW
SetCaretPos
CharLowerBuffA
CallNextHookEx
GetWindowTextLengthA
CharUpperA
GetTopWindow
OpenClipboard
GetWindowTextW
EnumClipboardFormats
LoadImageA
GetWindowTextLengthW
MsgWaitForMultipleObjects
GetActiveWindow
GetWindowTextA
InvalidateRgn
GetKeyState
DestroyWindow
DrawEdge
GetParent
UpdateWindow
SetPropA
CreateCaret
ShowWindow
GetCaretPos
DrawFrameControl
GetClipboardFormatNameA
PeekMessageW
EnableWindow
SetWindowPlacement
ShowWindowAsync
PeekMessageA
TranslateMessage
IsWindowEnabled
GetWindow
DestroyCaret
SetClipboardData
InsertMenuItemA
GetIconInfo
SetParent
RegisterClassW
GetSystemMetrics
IsZoomed
GetWindowPlacement
SetWindowLongW
DrawMenuBar
EnableMenuItem
RegisterClassA
TrackPopupMenuEx
GetSubMenu
EnumPropsA
CreateWindowExA
OemToCharA
ShowOwnedPopups
FillRect
EnumThreadWindows
GetSysColorBrush
CreateWindowExW
ReleaseDC
CreateMenu
GetUpdateRect
CharToOemA
MapWindowPoints
MapVirtualKeyA
SetCapture
BeginPaint
OffsetRect
DefWindowProcW
KillTimer
GetMenuItemInfoA
DefWindowProcA
GetClipboardData
CharLowerA
IsIconic
GetWindowRect
InflateRect
PostMessageA
ReleaseCapture
SetWindowLongA
RemovePropA
CreatePopupMenu
ShowCaret
DrawFocusRect
SetWindowTextW
GetDCEx
BringWindowToTop
ClientToScreen
LoadCursorA
LoadIconA
CountClipboardFormats
SetWindowsHookExA
GetMenuItemCount
GetDesktopWindow
GetSystemMenu
DispatchMessageW
SetForegroundWindow
SetFocus
GetMenuItemInfoW
EmptyClipboard
CharLowerBuffW
IntersectRect
GetScrollInfo
HideCaret
CreateIconIndirect
GetCapture
ScreenToClient
SetWindowTextA
MessageBeep
SetClassLongA
RemoveMenu
GetWindowThreadProcessId
ShowScrollBar
MessageBoxW
SendMessageW
GetPropA
SetMenu
RegisterClipboardFormatA
IsRectEmpty
MessageBoxA
IsMenu
GetWindowDC
DestroyCursor
AdjustWindowRectEx
GetSysColor
SetScrollInfo
CopyImage
SystemParametersInfoA
SetSysColors
GetDoubleClickTime
DestroyIcon
GetKeyNameTextA
GetWindowLongW
IsWindowVisible
SetCursorPos
FrameRect
SetRect
DeleteMenu
InvalidateRect
CallWindowProcW
DrawTextA
GetClientRect
CallWindowProcA
GetClassNameA
GetFocus
InsertMenuItemW
CloseClipboard
UnhookWindowsHookEx
SetCursor
GetFileVersionInfoSizeA
GetFileVersionInfoA
VerQueryValueA
Number of PE resources by type
RT_RCDATA 20
RT_GROUP_CURSOR 12
RT_CURSOR 12
RT_DIALOG 1
Number of PE resources by language
NEUTRAL 45
PE resources
ExifTool file metadata
MIMEType
application/octet-stream

Subsystem
Windows GUI

MachineType
Intel 386 or later, and compatibles

TimeStamp
0000:00:00 00:00:00

FileType
Win32 EXE

PEType
PE32

CodeSize
1490512

LinkerVersion
2.64

ImageFileCharacteristics
No relocs, Executable, No line numbers, No symbols, 32-bit

FileTypeExtension
exe

InitializedDataSize
421772

SubsystemVersion
4.0

EntryPoint
0x16ce20

OSVersion
4.0

ImageVersion
1.0

UninitializedDataSize
21988

File identification
MD5 e41d2dc76e16fdc6ea1e8cd753a77f85
SHA1 13e469d1d2c1fbb1211489e0449b964ffb0f5f89
SHA256 cb297608d4d8e031e4c665a70c9715e7c7e88364db7d19c8b676f1a212df3bde
ssdeep
24576:NDYX5yKAT6LNnGTfB1TBhJ7jQik5lewnTYp5MZvFYN8HC0zhKsbgAxT1BFCm7QeO:tciTdWznTlFI8ps8aWRy15dc7eb4TbK7

authentihash c94e7ce89452473d6dfc5444ee578d175307b944bd798c18479f3d8af5ab63c7
imphash 3d8d552d1f755d2f331b5ecf40d052f1
File size 1.9 MB ( 1951251 bytes )
File type Win32 EXE
Magic literal
PE32 executable for MS Windows (GUI) Intel 80386 32-bit

TrID Win32 Executable MS Visual C++ (generic) (41.0%)
Win64 Executable (generic) (36.3%)
Win32 Dynamic Link Library (generic) (8.6%)
Win32 Executable (generic) (5.9%)
OS/2 Executable (generic) (2.6%)
Tags
peexe overlay

VirusTotal metadata
First submission 2017-02-13 16:18:05 UTC ( 2 years ago )
Last submission 2017-02-23 01:55:44 UTC ( 1 year, 11 months ago )
File names aa
2050e03ca119580f74cca14cc6e97462.exe
output.107812499.txt
5cqo.cpl
cb297608d4d8e031e4c665a70c9715e7c7e88364db7d19c8b676f1a212df3bde
VirusShare_e41d2dc76e16fdc6ea1e8cd753a77f85
No comments. No VirusTotal Community member has commented on this item yet, be the first one to do so!

Leave your comment...

?
Post comment

You have not signed in. Only registered users can leave comments, sign in and have a voice!

No votes. No one has voted on this item yet, be the first one to do so!
Condensed report! The following is a condensed report of the behaviour of the file when executed in a controlled environment. The actions and events described were either performed by the file itself or by any other process launched by the executed file or subjected to code injection by the executed file.
Opened files
Read files
Written files
Deleted files
Created processes
Shell commands
Code injections in the following processes
Created mutexes
Opened mutexes
Opened service managers
Opened services
Hooking activity
Runtime DLLs
Additional details
The file installs an application-defined hook procedure into a hook chain. You would install a hook procedure to monitor the system for certain types of events. These events are associated either with a specific thread or with all threads in the same desktop as the calling thread. This is done making use of the SetWindowsHook Windows API function.
HTTP requests
DNS requests
TCP connections
UDP communications