× Cookies are disabled! This site requires cookies to be enabled to work properly
SHA256: cf324f78c081a7454b8fe1d9fdeef35fb41bcc25f58247735193aa8e20573133
File name: 57099c05a56ae660e6b6068325ccfb42
Detection ratio: 31 / 55
Analysis date: 2016-07-20 23:05:20 UTC ( 2 years, 9 months ago ) View latest
Antivirus Result Update
Ad-Aware Trojan.GenericKD.3401365 20160720
AhnLab-V3 Trojan/Win32.MDA.N2046852828 20160720
ALYac Trojan.GenericKD.3401365 20160720
Antiy-AVL Trojan/Win32.TSGeneric 20160720
Arcabit Trojan.Generic.D33E695 20160720
Avast Win32:Dropper-gen [Drp] 20160720
AVG Inject3.AXZD 20160720
Avira (no cloud) TR/Dldr.Agent.jphj 20160720
AVware Trojan.Win32.Generic!BT 20160720
BitDefender Trojan.GenericKD.3401365 20160720
Cyren W32/Trojan.ORAW-0093 20160720
Emsisoft Trojan.GenericKD.3401365 (B) 20160720
ESET-NOD32 Win32/TrojanDownloader.VB.QZA 20160720
F-Secure Trojan.GenericKD.3401365 20160720
Fortinet W32/Malicious_Behavior.VEX 20160720
GData Trojan.GenericKD.3401365 20160720
K7AntiVirus Trojan ( 004f43c21 ) 20160720
K7GW Trojan ( 004f43c21 ) 20160720
Kaspersky UDS:DangerousObject.Multi.Generic 20160720
McAfee RDN/Generic Downloader.x 20160720
McAfee-GW-Edition BehavesLike.Win32.Virut.fh 20160720
Microsoft Trojan:Win32/Dynamer!ac 20160720
eScan Trojan.GenericKD.3401365 20160720
NANO-Antivirus Trojan.Win32.Bifrost.eemgjv 20160720
nProtect Trojan.GenericKD.3401365 20160720
Panda Trj/GdSda.A 20160720
Qihoo-360 HEUR/QVM07.1.6DE6.Malware.Gen 20160721
Sophos AV Mal/Generic-S 20160720
Symantec Trojan.Gen.2 20160720
TrendMicro TROJ_GEN.R0C1C0DGF16 20160720
VIPRE Trojan.Win32.Generic!BT 20160720
AegisLab 20160720
Alibaba 20160720
Baidu 20160720
Bkav 20160720
CAT-QuickHeal 20160720
ClamAV 20160720
CMC 20160715
Comodo 20160720
DrWeb 20160720
F-Prot 20160720
Ikarus 20160720
Jiangmin 20160720
Kingsoft 20160721
Malwarebytes 20160720
SUPERAntiSpyware 20160721
Tencent 20160721
TheHacker 20160720
TotalDefense 20160720
TrendMicro-HouseCall 20160720
VBA32 20160720
ViRobot 20160720
Yandex 20160717
Zillya 20160720
Zoner 20160720
The file being studied is a Portable Executable file! More specifically, it is a Win32 EXE file for the Windows GUI subsystem.
PE header basic information
Target machine Intel 386 or later processors and compatible processors
Compilation timestamp 2016-07-11 07:28:56
Entry Point 0x0000C995
Number of sections 4
PE sections
PE imports
RegCloseKey
RegQueryValueExA
RegSetValueExA
GetFileSecurityA
RegCreateKeyExA
RegOpenKeyExA
SetFileSecurityA
GetWindowExtEx
SetMapMode
GetWindowOrgEx
SetBkMode
PatBlt
SetWindowOrgEx
GetNearestColor
GetCurrentPositionEx
SaveDC
TextOutA
CreateFontIndirectA
GetTextMetricsA
CreateRectRgnIndirect
LPtoDP
CombineRgn
SetStretchBltMode
GetROP2
GetViewportOrgEx
Rectangle
GetObjectA
GetDeviceCaps
CreateDCA
LineTo
DeleteDC
RestoreDC
GetMapMode
OffsetViewportOrgEx
CreateBitmap
EndDoc
GetStretchBltMode
StartPage
DeleteObject
IntersectClipRect
BitBlt
GetBkMode
GetClipBox
StretchDIBits
SetTextColor
CreatePatternBrush
StartDocA
SelectObject
MoveToEx
SetAbortProc
ExcludeClipRect
CreatePen
RectVisible
GetStockObject
SetViewportOrgEx
ScaleWindowExtEx
GetCharWidthA
ExtTextOutA
PtVisible
SetTextAlign
ScaleViewportExtEx
SelectClipRgn
GetPolyFillMode
GetTextAlign
GetTextFaceA
CreateCompatibleDC
SetROP2
EndPage
CreateRectRgn
SetViewportExtEx
GetTextExtentPoint32A
SetPolyFillMode
AbortDoc
CreateCompatibleBitmap
SetWindowExtEx
GetTextColor
CreateSolidBrush
DPtoLP
Escape
GetViewportExtEx
SetBkColor
GetBkColor
SetRectRgn
CreateFontA
GetStdHandle
FileTimeToSystemTime
GetFileAttributesA
HeapDestroy
IsBadCodePtr
FreeEnvironmentStringsA
DeleteCriticalSection
GetCurrentProcess
LocalAlloc
lstrcatA
SetErrorMode
FreeEnvironmentStringsW
SetStdHandle
GetFileTime
GetCPInfo
GetStringTypeA
WriteFile
GetSystemTimeAsFileTime
HeapReAlloc
GetStringTypeW
GetFullPathNameA
FreeLibrary
LocalFree
MoveFileA
InitializeCriticalSection
LoadResource
GlobalHandle
FindClose
TlsGetValue
FormatMessageA
SetLastError
GetEnvironmentVariableA
GlobalFindAtomA
ExitProcess
GetVersionExA
GetModuleFileNameA
GetVolumeInformationA
UnhandledExceptionFilter
InterlockedDecrement
MultiByteToWideChar
GetModuleHandleA
GlobalAddAtomA
SetUnhandledExceptionFilter
MulDiv
SetEnvironmentVariableA
TerminateProcess
GlobalAlloc
LocalFileTimeToFileTime
SetEndOfFile
GetVersion
InterlockedIncrement
HeapFree
EnterCriticalSection
SetHandleCount
lstrcmpiA
GetOEMCP
GetTickCount
IsBadWritePtr
TlsAlloc
FlushFileBuffers
LoadLibraryA
RtlUnwind
GetStartupInfoA
UnlockFile
GetFileSize
GlobalDeleteAtom
DeleteFileA
GlobalLock
CompareStringW
GlobalReAlloc
lstrcmpA
FindFirstFileA
GetDiskFreeSpaceA
CompareStringA
GetTempFileNameA
DuplicateHandle
GetProcAddress
GetTimeZoneInformation
GetFileType
TlsSetValue
CreateFileA
HeapAlloc
LeaveCriticalSection
GetLastError
LocalReAlloc
SystemTimeToFileTime
LCMapStringW
lstrlenA
GlobalFree
LCMapStringA
GlobalGetAtomNameA
GetThreadLocale
GetEnvironmentStringsW
GlobalUnlock
LockFile
lstrlenW
FileTimeToLocalFileTime
GetEnvironmentStrings
WritePrivateProfileStringA
LockResource
SetFileTime
WideCharToMultiByte
HeapSize
GetCommandLineA
GetCurrentThread
RaiseException
TlsFree
SetFilePointer
ReadFile
GlobalFlags
CloseHandle
lstrcpynA
GetACP
GetCurrentThreadId
SizeofResource
HeapCreate
lstrcpyA
VirtualFree
IsBadReadPtr
GetProcessVersion
FindResourceA
VirtualAlloc
VariantChangeType
SafeArrayAccessData
VariantTimeToSystemTime
SysStringLen
SysAllocStringLen
SafeArrayGetUBound
SafeArrayUnaccessData
VariantClear
SysAllocString
VariantCopy
SafeArrayGetElemsize
SafeArrayGetLBound
SafeArrayGetDim
SysAllocStringByteLen
SysFreeString
Ord(253)
DragFinish
DragQueryFileA
SetFocus
RegisterClipboardFormatA
GetMessagePos
SetMenuItemBitmaps
SetRectEmpty
DestroyMenu
PostQuitMessage
GetForegroundWindow
LoadBitmapA
SetWindowPos
GetNextDlgTabItem
IsWindow
DispatchMessageA
EndPaint
GrayStringA
WindowFromPoint
GetMessageTime
SetActiveWindow
GetDC
GetCursorPos
DrawTextA
GetDlgCtrlID
GetClassInfoA
GetMenu
CreateWindowExA
SendMessageA
GetClientRect
SetScrollPos
CallNextHookEx
LoadAcceleratorsA
GetWindowTextLengthA
CopyAcceleratorTableA
ClientToScreen
GetTopWindow
LockWindowUpdate
ScrollWindow
GetWindowTextA
DestroyWindow
GetMessageA
GetParent
UpdateWindow
SetPropA
EqualRect
ShowScrollBar
ShowWindow
GetPropA
GetNextDlgGroupItem
GetDesktopWindow
GetTabbedTextExtentA
EnableWindow
PeekMessageA
TranslateMessage
IsWindowEnabled
GetWindow
CharUpperA
LoadStringA
SetParent
IsZoomed
GetWindowPlacement
EnableMenuItem
RegisterClassA
GetMenuItemCount
TabbedTextOutA
GetWindowLongA
SetTimer
GetActiveWindow
ShowOwnedPopups
FillRect
CopyRect
DeferWindowPos
ReleaseDC
UnregisterClassA
PtInRect
IsChild
IsDialogMessageA
MapWindowPoints
PostMessageA
BeginPaint
OffsetRect
GetScrollPos
KillTimer
CharNextA
RegisterWindowMessageA
DefWindowProcA
SendDlgItemMessageA
GetSystemMetrics
IsIconic
SetScrollRange
GetWindowRect
InflateRect
InvertRect
SetCapture
ReleaseCapture
IntersectRect
SetWindowLongA
EndDialog
RemovePropA
SetWindowTextA
CheckMenuItem
GetSubMenu
GetLastActivePopup
GetDCEx
GetDlgItem
GetMenuCheckMarkDimensions
BringWindowToTop
ScreenToClient
GetClassLongA
CreateDialogIndirectParamA
LoadCursorA
LoadIconA
TrackPopupMenu
SetWindowsHookExA
GetMenuStringA
GetMenuState
GetSystemMenu
ReuseDDElParam
GetMenuItemID
SetForegroundWindow
PostThreadMessageA
MapDialogRect
GetScrollRange
GetScrollInfo
LoadMenuA
SetWindowContextHelpId
GetCapture
FindWindowA
MessageBeep
GetSysColorBrush
BeginDeferWindowPos
AppendMenuA
UnhookWindowsHookEx
SetDlgItemTextA
MoveWindow
CallWindowProcA
MessageBoxA
GetWindowDC
DestroyCursor
AdjustWindowRectEx
GetSysColor
SetScrollInfo
GetKeyState
EndDeferWindowPos
SystemParametersInfoA
IsWindowVisible
UnpackDDElParam
WinHelpA
UnionRect
SetRect
DeleteMenu
InvalidateRect
wsprintfA
TranslateAcceleratorA
ValidateRect
IsRectEmpty
GetClassNameA
GetFocus
ModifyMenuA
SetMenu
SetCursor
OpenPrinterA
DocumentPropertiesA
ClosePrinter
GetFileTitleA
GetOpenFileNameA
PrintDlgA
GetSaveFileNameA
CommDlgExtendedError
OleUninitialize
CoTaskMemFree
OleInitialize
StgCreateDocfileOnILockBytes
OleFlushClipboard
CLSIDFromProgID
CoRevokeClassObject
CoFreeUnusedLibraries
CoRegisterMessageFilter
StgOpenStorageOnILockBytes
OleIsCurrentClipboard
CoTaskMemAlloc
CLSIDFromString
CreateILockBytesOnHGlobal
CoGetClassObject
Number of PE resources by type
EDG 2
Number of PE resources by language
NEUTRAL 2
PE resources
ExifTool file metadata
MIMEType
application/octet-stream

Subsystem
Windows GUI

MachineType
Intel 386 or later, and compatibles

FileTypeExtension
exe

TimeStamp
2016:07:11 08:28:56+01:00

FileType
Win32 EXE

PEType
PE32

CodeSize
212992

LinkerVersion
6.0

EntryPoint
0xc995

InitializedDataSize
90112

SubsystemVersion
4.0

ImageVersion
0.0

OSVersion
4.0

UninitializedDataSize
0

File identification
MD5 57099c05a56ae660e6b6068325ccfb42
SHA1 1b99675c1db140d171d61d875816f80744ff9295
SHA256 cf324f78c081a7454b8fe1d9fdeef35fb41bcc25f58247735193aa8e20573133
ssdeep
6144:bNKHaaNvmc2xg2+gUjU+iciVnHJwo8U+1o:xKHaac16QUj8ciEo8bo

authentihash 9054d2db75390f47b93b33517ea2c2aae66b749cded5b2361e7bf0a4ac991398
imphash 49e8a6a3965ee5ecaf28fe0f7f7996c8
File size 300.0 KB ( 307200 bytes )
File type Win32 EXE
Magic literal
PE32 executable for MS Windows (GUI) Intel 80386 32-bit

TrID Win32 Executable MS Visual C++ (generic) (35.8%)
Win64 Executable (generic) (31.7%)
Windows screen saver (15.0%)
Win32 Dynamic Link Library (generic) (7.5%)
Win32 Executable (generic) (5.1%)
Tags
peexe

VirusTotal metadata
First submission 2016-07-20 23:05:20 UTC ( 2 years, 9 months ago )
Last submission 2016-07-20 23:05:20 UTC ( 2 years, 9 months ago )
File names cf324f78c081a7454b8fe1d9fdeef35fb41bcc25f58247735193aa8e20573133.exe
No comments. No VirusTotal Community member has commented on this item yet, be the first one to do so!

Leave your comment...

?
Post comment

You have not signed in. Only registered users can leave comments, sign in and have a voice!

No votes. No one has voted on this item yet, be the first one to do so!
Condensed report! The following is a condensed report of the behaviour of the file when executed in a controlled environment. The actions and events described were either performed by the file itself or by any other process launched by the executed file or subjected to code injection by the executed file.
Opened files
Read files
Written files
Created processes
Code injections in the following processes
Opened mutexes
Runtime DLLs
UDP communications