× Cookies are disabled! This site requires cookies to be enabled to work properly
SHA256: ceaa9677ac0de0129ab8f9e7e86c52d71386bdc304335f81799aad1f9aaaceb3
File name: b5fe7a5f01836d8ffb12e2418f78b36751215388
Detection ratio: 31 / 57
Analysis date: 2016-11-27 13:17:11 UTC ( 2 years, 4 months ago )
Antivirus Result Update
Ad-Aware Trojan.GenericKD.3753424 20161127
AhnLab-V3 Trojan/Win32.Tuhkit.R191026 20161127
ALYac Trojan.GenericKD.3753424 20161127
Antiy-AVL Trojan[Banker]/Win32.Tuhkit 20161127
Arcabit Trojan.Generic.D3945D0 20161127
AVG Generic_s.LGG 20161127
Avira (no cloud) TR/Crypt.ZPACK.izplk 20161127
AVware Trojan.Win32.Generic!BT 20161127
Baidu Win32.Trojan.WisdomEyes.16070401.9500.9999 20161126
BitDefender Trojan.GenericKD.3753424 20161127
CrowdStrike Falcon (ML) malicious_confidence_100% (D) 20161024
Cyren W32/Trojan.YJMW-6139 20161127
Emsisoft Trojan.GenericKD.3753424 (B) 20161127
ESET-NOD32 a variant of Win32/Kryptik.FKJD 20161127
F-Secure Trojan.GenericKD.3753424 20161127
Fortinet W32/Tuhkit.RU!tr 20161127
GData Trojan.GenericKD.3753424 20161127
Ikarus Trojan.Win32.Crypt 20161127
Sophos ML generic.a 20161018
Kaspersky Trojan-Banker.Win32.Tuhkit.ru 20161127
McAfee Trojan-FKJT!1EC5453A2C1B 20161127
McAfee-GW-Edition BehavesLike.Win32.Expiro.cc 20161127
eScan Trojan.GenericKD.3753424 20161127
Panda Trj/GdSda.A 20161127
Qihoo-360 HEUR/QVM20.1.0000.Malware.Gen 20161127
Rising Malware.Generic!ZCZQCRP7GsO@2 (thunder) 20161127
Sophos AV Mal/Generic-S 20161127
Symantec Heur.AdvML.B 20161127
Tencent Win32.Trojan-banker.Tuhkit.Ecuv 20161127
TrendMicro-HouseCall TROJ_GEN.R0EAH0CKP16 20161127
VIPRE Trojan.Win32.Generic!BT 20161127
AegisLab 20161127
Alibaba 20161125
Avast 20161127
Bkav 20161126
CAT-QuickHeal 20161126
ClamAV 20161127
CMC 20161127
Comodo 20161127
DrWeb 20161127
F-Prot 20161127
Jiangmin 20161124
K7AntiVirus 20161127
K7GW 20161127
Kingsoft 20161127
Malwarebytes 20161127
Microsoft 20161127
NANO-Antivirus 20161127
nProtect 20161127
SUPERAntiSpyware 20161127
TheHacker 20161126
TotalDefense 20161127
TrendMicro 20161127
Trustlook 20161127
VBA32 20161125
ViRobot 20161127
WhiteArmor 20161125
Yandex 20161126
Zillya 20161125
Zoner 20161127
The file being studied is a Portable Executable file! More specifically, it is a Win32 EXE file for the Windows GUI subsystem.
PE header basic information
Target machine Intel 386 or later processors and compatible processors
Compilation timestamp 2014-10-29 20:36:29
Entry Point 0x0000308B
Number of sections 3
PE sections
PE imports
RegRestoreKeyA
IsValidAcl
RegDeleteValueW
RegLoadKeyA
IsValidSid
ReadEventLogA
OpenEventLogW
RegReplaceKeyW
RegOpenKeyW
RegEnumKeyA
InitializeSid
CryptSignHashA
DowngradeAPL
ComPlusMigrate
SetSetupOpen
CertDeleteCRLFromStore
CertAlgIdToOID
CertGetNameStringA
CertDuplicateStore
CertCompareCertificate
CertCloseStore
CryptEnumOIDInfo
CertFindChainInStore
CertFindAttribute
CertSaveStore
CryptFindOIDInfo
CertFindCRLInStore
GetGeoInfoA
LoadLibraryExA
CreateEventW
ReleaseMutex
GetFileSize
GetNumberFormatA
FindFirstFileA
GetProfileIntA
lstrcmp
GetProfileStringA
WaitForSingleObject
LoadLibraryA
GetProcAddress
ReadFile
CreateNamedPipeW
FileTimeToLocalFileTime
Number of PE resources by type
IRIS 1
UNA 1
ARA 1
RT_MENU 1
RT_BITMAP 1
JATE 1
RT_VERSION 1
Number of PE resources by language
ENGLISH US 7
PE resources
Debug information
ExifTool file metadata
MIMEType
application/octet-stream

Subsystem
Windows GUI

MachineType
Intel 386 or later, and compatibles

TimeStamp
2014:10:29 21:36:29+01:00

FileType
Win32 EXE

PEType
PE32

CodeSize
144384

LinkerVersion
7.1

Warning
Possibly corrupt Version resource

FileTypeExtension
exe

InitializedDataSize
10752

SubsystemVersion
4.0

EntryPoint
0x308b

OSVersion
5.1

ImageVersion
5.1

UninitializedDataSize
0

File identification
MD5 1ec5453a2c1b4aa8b51c8a0767e2cc5e
SHA1 b5fe7a5f01836d8ffb12e2418f78b36751215388
SHA256 ceaa9677ac0de0129ab8f9e7e86c52d71386bdc304335f81799aad1f9aaaceb3
ssdeep
3072:jCv3prbraeSNRf63TtUHhCVKHmWmUt/INYBHZd:ey3/qTtM2KG81Iw5

authentihash 3762aeccd9f1e70751b8db9a0452a1d81ac7812950dc3715294a35cfc3774338
imphash 0066ed971daafcbf0b37e33c85a5a255
File size 152.5 KB ( 156160 bytes )
File type Win32 EXE
Magic literal
PE32 executable for MS Windows (GUI) Intel 80386 32-bit

TrID Win32 Dynamic Link Library (generic) (43.5%)
Win32 Executable (generic) (29.8%)
Generic Win/DOS Executable (13.2%)
DOS Executable Generic (13.2%)
Tags
peexe

VirusTotal metadata
First submission 2016-11-27 13:17:11 UTC ( 2 years, 4 months ago )
Last submission 2016-11-27 13:17:11 UTC ( 2 years, 4 months ago )
No comments. No VirusTotal Community member has commented on this item yet, be the first one to do so!

Leave your comment...

?
Post comment

You have not signed in. Only registered users can leave comments, sign in and have a voice!

No votes. No one has voted on this item yet, be the first one to do so!
Condensed report! The following is a condensed report of the behaviour of the file when executed in a controlled environment. The actions and events described were either performed by the file itself or by any other process launched by the executed file or subjected to code injection by the executed file.
Created processes
Created mutexes
Opened mutexes
Runtime DLLs
DNS requests
UDP communications