× Cookies are disabled! This site requires cookies to be enabled to work properly
SHA256: cca1f8ba0be872ec86755e3defbb23c8fe4a272a6b4f7ec651302c5cddc5e183
File name: ext2.exe
Detection ratio: 32 / 56
Analysis date: 2016-09-27 10:32:30 UTC ( 2 years, 2 months ago )
Antivirus Result Update
Ad-Aware Trojan.GenericKD.3546087 20160927
AhnLab-V3 Malware/Win32.Generic.N2112676099 20160927
ALYac Trojan.GenericKD.3546087 20160927
Antiy-AVL Trojan[:HEUR]/Win32.AGeneric 20160927
Arcabit Trojan.Generic.D361BE7 20160927
Avast Sf:Nuclear-A [Trj] 20160927
AVG Win32/DH{TxxTUQ?} 20160927
Avira (no cloud) TR/PSW.Fareit.iloen 20160927
AVware Trojan.Win32.Generic!BT 20160927
Baidu Win32.Trojan.WisdomEyes.151026.9950.9973 20160927
BitDefender Trojan.GenericKD.3546087 20160927
CrowdStrike Falcon (ML) malicious_confidence_62% (W) 20160725
ESET-NOD32 a variant of Win32/PSW.Fareit.P 20160927
F-Secure Trojan.GenericKD.3546087 20160927
GData Trojan.GenericKD.3546087 20160927
Ikarus Trojan-PWS.Fareit 20160927
Sophos ML trojan.win32.gudra.a 20160917
Jiangmin Trojan.Generic.aiwmt 20160927
Kaspersky HEUR:Trojan.Win32.Generic 20160927
Malwarebytes Trojan.InfoStealer 20160927
McAfee Artemis!1178DEDB2EFC 20160923
McAfee-GW-Edition BehavesLike.Win32.Downloader.ch 20160926
Microsoft PWS:Win32/Fareit 20160927
eScan Trojan.GenericKD.3546087 20160927
Qihoo-360 Win32/Trojan.PSW.5cd 20160927
Sophos AV Mal/Generic-S 20160927
Symantec Trojan.Gen 20160927
Tencent Win32.Trojan.Psw.Dvzs 20160927
TrendMicro TROJ_GEN.R00UC0DIP16 20160927
TrendMicro-HouseCall TROJ_GEN.R00UC0DIP16 20160927
VBA32 BScope.Trojan-Dropper.Injector 20160926
VIPRE Trojan.Win32.Generic!BT 20160927
AegisLab 20160927
Alibaba 20160927
Bkav 20160926
CAT-QuickHeal 20160927
ClamAV 20160927
CMC 20160921
Comodo 20160927
Cyren 20160927
DrWeb 20160927
F-Prot 20160926
Fortinet 20160927
K7AntiVirus 20160927
K7GW 20160927
Kingsoft 20160927
NANO-Antivirus 20160927
nProtect 20160927
Panda 20160926
Rising 20160927
SUPERAntiSpyware 20160927
TheHacker 20160927
ViRobot 20160927
Yandex 20160926
Zillya 20160926
Zoner 20160927
The file being studied is a Portable Executable file! More specifically, it is a Win32 EXE file for the Windows GUI subsystem.
PE header basic information
Target machine Intel 386 or later processors and compatible processors
Compilation timestamp 2016-08-09 13:19:54
Entry Point 0x000061FB
Number of sections 4
PE sections
PE imports
CryptDestroyKey
RegCloseKey
RegQueryValueExA
LookupAccountSidA
CryptHashData
RegQueryValueExW
CryptImportKey
CryptCreateHash
CryptDeriveKey
OpenProcessToken
RegOpenKeyExW
RegOpenKeyW
RegOpenKeyExA
GetTokenInformation
CryptReleaseContext
GetUserNameW
RegEnumKeyExW
CryptAcquireContextW
CryptDecrypt
CryptDestroyHash
CryptGetUserKey
RegEnumValueW
CryptSetKeyParam
CredFree
CredEnumerateW
GetCurrentHwProfileA
CryptExportKey
CryptGetHashParam
CertEnumCertificatesInStore
CryptUnprotectData
CryptAcquireCertificatePrivateKey
CertCloseStore
CertOpenSystemStoreW
SetCurrentDirectoryW
WriteProcessMemory
VirtualAllocEx
lstrlenA
lstrcmpiA
WaitForSingleObject
GetVersionExW
FreeLibrary
ExitProcess
GlobalUnlock
GetVersionExA
LoadLibraryA
GetFileSize
RtlUnwind
GetFileAttributesW
CreateProcessW
GetCurrentProcess
GetWindowsDirectoryW
GetCurrentDirectoryW
VirtualFreeEx
LocalAlloc
UnhandledExceptionFilter
lstrlenW
GetVolumeInformationW
MultiByteToWideChar
DeleteFileW
GetProcAddress
GetPrivateProfileIntW
InterlockedCompareExchange
GetThreadContext
GetPrivateProfileStringW
GetComputerNameW
GetModuleFileNameW
ExpandEnvironmentStringsW
WideCharToMultiByte
MapViewOfFile
GetModuleHandleA
lstrcmpA
FindNextFileW
InterlockedExchange
SetUnhandledExceptionFilter
WriteFile
ReadFile
FindFirstFileW
GlobalLock
GetModuleHandleW
CreateFileMappingW
SetThreadContext
LocalFree
TerminateProcess
ResumeThread
LoadLibraryW
GetSystemDirectoryW
lstrcmpiW
GetEnvironmentVariableA
UnmapViewOfFile
GetTempPathW
CreateFileW
VirtualQuery
VirtualFree
FindClose
Sleep
GetPrivateProfileSectionNamesW
VirtualAlloc
SetCurrentDirectoryA
CloseHandle
SHGetFolderPathW
StrStrA
StrStrIA
StrRChrIW
StrStrIW
PathAppendW
StrCmpNIA
StrStrW
WinHttpConnect
WinHttpQueryHeaders
WinHttpReadData
WinHttpCloseHandle
WinHttpQueryDataAvailable
WinHttpWriteData
WinHttpCrackUrl
WinHttpReceiveResponse
WinHttpOpen
WinHttpOpenRequest
WinHttpSendRequest
GetAddrInfoW
WSAStartup
WSAStringToAddressW
WSACleanup
FreeAddrInfoW
Ord(173)
malloc
realloc
memset
__dllonexit
isdigit
_vsnwprintf
_amsg_exit
??2@YAPAXI@Z
_lock
_onexit
_snprintf
memcmp
isspace
_strrev
_unlock
??3@YAXPAX@Z
free
atoi
memcpy
strstr
memmove
_initterm
CreateStreamOnHGlobal
OleUninitialize
OleInitialize
CoCreateInstance
StgOpenStorage
GetHGlobalFromStream
CoTaskMemFree
Debug information
ExifTool file metadata
MIMEType
application/octet-stream

Subsystem
Windows GUI

MachineType
Intel 386 or later, and compatibles

FileTypeExtension
exe

TimeStamp
2016:08:09 14:19:54+01:00

FileType
Win32 EXE

PEType
PE32

CodeSize
66560

LinkerVersion
14.0

EntryPoint
0x61fb

InitializedDataSize
37376

SubsystemVersion
5.1

ImageVersion
0.0

OSVersion
5.1

UninitializedDataSize
0

File identification
MD5 1178dedb2efc5aa4b5248bb093ceb4d6
SHA1 41c0c21918989a8465c196b5f8b7849cfb645537
SHA256 cca1f8ba0be872ec86755e3defbb23c8fe4a272a6b4f7ec651302c5cddc5e183
ssdeep
1536:zbB0LLkdJKeqg1E2Iw/ipkv6S1RiihUngsVtPqgIqEgFB6+BHa/qqXkNq:zbWUjKT72Iw6pkvpiiEZHsqqXkU

authentihash 84f2551195889abb26eadce93a4b29e13fa47348a39d58a555854704bd172319
imphash 13966655ccdf0e73e053535c9e5b2a49
File size 101.5 KB ( 103936 bytes )
File type Win32 EXE
Magic literal
PE32 executable for MS Windows (GUI) Intel 80386 32-bit

TrID Win32 Executable MS Visual C++ (generic) (42.2%)
Win64 Executable (generic) (37.3%)
Win32 Dynamic Link Library (generic) (8.8%)
Win32 Executable (generic) (6.0%)
Generic Win/DOS Executable (2.7%)
Tags
peexe

VirusTotal metadata
First submission 2016-09-23 08:49:22 UTC ( 2 years, 2 months ago )
Last submission 2016-09-27 10:32:30 UTC ( 2 years, 2 months ago )
File names ext2.exe
No comments. No VirusTotal Community member has commented on this item yet, be the first one to do so!

Leave your comment...

?
Post comment

You have not signed in. Only registered users can leave comments, sign in and have a voice!

No votes. No one has voted on this item yet, be the first one to do so!
Condensed report! The following is a condensed report of the behaviour of the file when executed in a controlled environment. The actions and events described were either performed by the file itself or by any other process launched by the executed file or subjected to code injection by the executed file.
Opened files
Created processes
Terminated processes
Opened mutexes
Runtime DLLs
UDP communications