× Cookies are disabled! This site requires cookies to be enabled to work properly
SHA256: d12526fc430fa213d77f8523a89c92c5f4e0d11deacbaf5c160a16f87ed5adc3
File name: 3a128a9e8668c0181d214c20898f4a00.exe
Detection ratio: 52 / 57
Analysis date: 2016-12-14 22:00:27 UTC ( 11 months, 1 week ago )
Antivirus Result Update
Ad-Aware Trojan.GenericKD.1731489 20161214
AegisLab Troj.W32.Sharik.syv!c 20161214
AhnLab-V3 Trojan/Win32.Agent.C423126 20161214
ALYac Trojan.GenericKD.1731489 20161214
Antiy-AVL Trojan/Win32.Sharik 20161214
Arcabit Trojan.Generic.D1A6BA1 20161214
Avast Win32:Trojan-gen 20161214
AVG Lebros.UV 20161214
Avira (no cloud) TR/Crypt.EPACK.hzidt.10 20161214
AVware Win32.Malware!Drop 20161214
Baidu Win32.Trojan.Kryptik.ho 20161207
BitDefender Trojan.GenericKD.1731489 20161214
Bkav W32.eHeur.Malware09 20161214
CAT-QuickHeal TrojanDownloader.Dofoil 20161214
ClamAV Win.Trojan.Agent-1428659 20161214
Comodo UnclassifiedMalware 20161214
CrowdStrike Falcon (ML) malicious_confidence_100% (W) 20161024
Cyren W32/Backdoor.TMQE-7709 20161214
DrWeb BackDoor.Tishop.122 20161214
Emsisoft Trojan.GenericKD.1731489 (B) 20161214
ESET-NOD32 Win32/TrojanDownloader.Zurgop.BK 20161214
F-Prot W32/Backdoor2.HVCI 20161214
F-Secure Trojan.GenericKD.1731489 20161214
Fortinet W32/Sharik.SYV!tr 20161214
GData Trojan.GenericKD.1731489 20161214
Ikarus Trojan.Win32.Sharik 20161214
Sophos ML virus.win32.virut.bn 20161202
Jiangmin Trojan.Sharik.it 20161214
K7AntiVirus Trojan ( 0040f8c71 ) 20161214
K7GW Trojan ( 0040f8c71 ) 20161214
Kaspersky Trojan.Win32.Sharik.syv 20161214
Malwarebytes Spyware.Zbot.VXGen 20161214
McAfee Generic.dx!3A128A9E8668 20161214
McAfee-GW-Edition Generic.dx!3A128A9E8668 20161214
Microsoft TrojanDownloader:Win32/Dofoil.T 20161214
eScan Trojan.GenericKD.1731489 20161214
NANO-Antivirus Trojan.Win32.Sharik.efhhof 20161214
Panda Generic Malware 20161214
Qihoo-360 HEUR/Malware.QVM20.Gen 20161214
Rising Trojan.Generic-DfAqmzac67O (cloud) 20161214
Sophos AV Troj/Agent-AHQI 20161214
Symantec Trojan.Smoaler 20161214
Tencent Win32.Trojan.Sharik.Ljag 20161214
TotalDefense Win32/Dofoil.JKZaXc 20161214
TrendMicro TROJ_DLOADER.RGP 20161214
TrendMicro-HouseCall TROJ_DLOADER.RGP 20161214
VBA32 Malware-Cryptor.ImgChk 20161214
VIPRE Win32.Malware!Drop 20161214
ViRobot Trojan.Win32.Z.Sharik.117760[h] 20161214
Yandex Trojan.DL.Zurgop!5g1nWwyT184 20161214
Zillya Trojan.Sharik.Win32.700 20161214
Zoner Trojan.Zurgop.BK 20161214
Alibaba 20161214
CMC 20161214
Kingsoft 20161214
nProtect 20161214
SUPERAntiSpyware 20161214
TheHacker 20161214
Trustlook 20161214
WhiteArmor 20161212
The file being studied is a Portable Executable file! More specifically, it is a Win32 EXE file for the Windows GUI subsystem.
PE header basic information
Target machine Intel 386 or later processors and compatible processors
Compilation timestamp 2011-03-16 17:00:43
Entry Point 0x0000C4BA
Number of sections 4
PE sections
PE imports
GetTempPathA
FlushViewOfFile
GlobalWire
XRegThunkEntry
acmFormatDetailsW
acmDriverDetailsW
acmDriverMessage
acmDriverAddW
acmDriverClose
acmDriverRemove
acmFilterDetailsA
acmFormatTagEnumW
acmFormatEnumA
acmFilterTagEnumA
acmMessage32
acmMetrics
acmFilterEnumA
acmFormatTagDetailsW
acmStreamConvert
acmStreamSize
acmFilterTagEnumW
acmFilterDetailsW
acmFilterTagDetailsW
acmFilterChooseA
ToAsciiEx
WinStationSendWindowMessage
WinStationSendMessageW
ServerQueryInetConnectorInformationA
WinStationSendMessageA
_WinStationCallback
_WinStationNotifyLogoff
ServerQueryInetConnectorInformationW
WinStationInstallLicense
WinStationEnumerateA
WinStationGetProcessSid
_WinStationReInitializeSecurity
WinStationQueryInformationW
_WinStationShadowTarget
WinStationQueryInformationA
WinStationGetAllProcesses
WinStationVirtualOpen
LogonIdFromWinStationNameW
WinStationReset
WinStationOpenServerA
_WinStationCheckForApplicationName
WinStationConnectW
WinStationFreeGAPMemory
WinStationServerPing
_WinStationWaitForConnect
WinStationWaitSystemEvent
WinStationDisconnect
WinStationQueryUpdateRequired
WinStationGenerateLicense
CryptCATCDFEnumMembersByCDFTagEx
CryptCATCatalogInfoFromContext
CryptSIPPutSignedDataMsg
CryptCATPutCatAttrInfo
WVTAsn1SpcIndirectDataContentEncode
OpenPersonalTrustDBDialog
HTTPSFinalProv
CryptSIPGetSignedDataMsg
CryptCATGetAttrInfo
CryptCATAdminAddCatalog
CryptCATGetMemberInfo
WintrustAddDefaultForUsage
WVTAsn1SpcStatementTypeEncode
CryptSIPRemoveSignedDataMsg
TrustDecode
SoftpubCheckCert
WTHelperGetAgencyInfo
FindCertsByIssuer
WintrustSetRegPolicyFlags
CryptCATAdminCalcHashFromFileHandle
CryptCATEnumerateMember
WTHelperGetFileHandle
CryptCATClose
CryptCATGetCatAttrInfo
WintrustRemoveActionID
WintrustGetDefaultForUsage
CryptCATEnumerateAttr
WinVerifyTrust
WVTAsn1SpcSpOpusInfoEncode
Number of PE resources by type
RT_STRING 11
RT_RCDATA 9
RT_VERSION 9
RT_PLUGPLAY 6
Struct(18) 6
RT_VXD 6
RT_GROUP_CURSOR 6
RT_MENU 6
RT_FONTDIR 6
RT_ACCELERATOR 6
RT_ANIICON 5
RT_DIALOG 3
RT_FONT 3
RT_BITMAP 3
RT_ANICURSOR 3
RT_ICON 2
RT_CURSOR 2
Number of PE resources by language
ARABIC BAHRAIN 92
PE resources
Debug information
ExifTool file metadata
MIMEType
application/octet-stream

Subsystem
Windows GUI

MachineType
Intel 386 or later, and compatibles

TimeStamp
2011:03:16 18:00:43+01:00

FileType
Win32 EXE

PEType
PE32

CodeSize
57344

LinkerVersion
8.0

FileTypeExtension
exe

InitializedDataSize
335872

SubsystemVersion
4.0

EntryPoint
0xc4ba

OSVersion
4.0

ImageVersion
10.2

UninitializedDataSize
0

Compressed bundles
File identification
MD5 3a128a9e8668c0181d214c20898f4a00
SHA1 46b4bd409b4be965547b252100166bd3db6d1e50
SHA256 d12526fc430fa213d77f8523a89c92c5f4e0d11deacbaf5c160a16f87ed5adc3
ssdeep
1536:yi7leyCSqU4llf3DiR/9bMeO8fWZ/DWk93bGUGxSYVHHQ36HHqWolMO1TYvdlo:PxPKrPMg9Nf9LGtxlVHw36nqW3S8

authentihash 25770e39efd9736bee457ab3e377c7171d02355bbd823b171c1cee77c6c1e368
imphash a6fa7f325215679775902b1b91399fa0
File size 115.0 KB ( 117760 bytes )
File type Win32 EXE
Magic literal
PE32 executable for MS Windows (GUI) Intel 80386 32-bit

TrID Win32 Dynamic Link Library (generic) (43.5%)
Win32 Executable (generic) (29.8%)
Generic Win/DOS Executable (13.2%)
DOS Executable Generic (13.2%)
Tags
peexe

VirusTotal metadata
First submission 2014-06-25 15:47:27 UTC ( 3 years, 5 months ago )
Last submission 2014-11-05 18:24:30 UTC ( 3 years ago )
File names qvscd.xdp
order_id_7836247823678423678462387.ex_
d12526fc430fa213d77f8523a89c92c5f4e0d11deacbaf5c160a16f87ed5adc3.exe
3a128a9e8668c0181d214c20898f4a00
file-7166935_exe
vti-rescan
3a128a9e8668c0181d214c20898f4a00
3a128a9e8668c0181d214c20898f4a00.exe
zurgop
46b4bd409b4be965547b252100166bd3db6d1e50
order_id_7836247823678423678462387.exe
Advanced heuristic and reputation engines
Symantec reputation Suspicious.Insight
No comments. No VirusTotal Community member has commented on this item yet, be the first one to do so!

Leave your comment...

?
Post comment

You have not signed in. Only registered users can leave comments, sign in and have a voice!

No votes. No one has voted on this item yet, be the first one to do so!
Condensed report! The following is a condensed report of the behaviour of the file when executed in a controlled environment. The actions and events described were either performed by the file itself or by any other process launched by the executed file or subjected to code injection by the executed file.
Searched windows
Runtime DLLs
HTTP requests
DNS requests
TCP connections