× Cookies are disabled! This site requires cookies to be enabled to work properly
SHA256: d193de89f70c1049999eabf12a3523b01c695bb536ece4de8ddc62ac71a12424
File name: d193de89f70c1049999eabf12a3523b01c695bb536ece4de8ddc62ac71a12424.bin
Detection ratio: 15 / 61
Analysis date: 2017-06-14 11:40:31 UTC ( 1 year, 7 months ago ) View latest
Antivirus Result Update
AegisLab Ml.Attribute.Gen!c 20170614
Baidu Win32.Trojan.WisdomEyes.16070401.9500.9829 20170613
Bkav W32.eHeur.Malware12 20170614
CrowdStrike Falcon (ML) malicious_confidence_100% (D) 20170420
ESET-NOD32 Win32/Spy.Ursnif.AO 20170614
Sophos ML heuristic 20170607
Kaspersky Backdoor.Win32.Androm.nmke 20170614
Malwarebytes Trojan.Downloader 20170614
McAfee-GW-Edition BehavesLike.Win32.Downloader.dc 20170613
SentinelOne (Static ML) static engine - malicious 20170516
Symantec ML.Attribute.HighConfidence 20170614
TrendMicro Mal_SageCrypt-1h 20170614
TrendMicro-HouseCall Suspicious_GEN.F47V0614 20170614
Webroot W32.Trojan.Gen 20170614
ZoneAlarm by Check Point Backdoor.Win32.Androm.nmke 20170614
Ad-Aware 20170614
AhnLab-V3 20170614
Alibaba 20170614
ALYac 20170614
Antiy-AVL 20170614
Arcabit 20170614
Avast 20170614
AVG 20170614
Avira (no cloud) 20170614
AVware 20170614
BitDefender 20170614
CAT-QuickHeal 20170614
ClamAV 20170614
CMC 20170614
Comodo 20170614
Cyren 20170614
DrWeb 20170614
Emsisoft 20170614
Endgame 20170612
F-Prot 20170614
F-Secure 20170614
Fortinet 20170614
GData 20170614
Ikarus 20170614
Jiangmin 20170613
K7AntiVirus 20170614
K7GW 20170614
Kingsoft 20170614
McAfee 20170614
Microsoft 20170614
eScan 20170614
NANO-Antivirus 20170614
nProtect 20170614
Palo Alto Networks (Known Signatures) 20170614
Panda 20170613
Qihoo-360 20170614
Rising 20170614
Sophos AV 20170614
SUPERAntiSpyware 20170614
Symantec Mobile Insight 20170614
Tencent 20170614
TheHacker 20170612
Trustlook 20170614
VBA32 20170614
VIPRE 20170614
ViRobot 20170614
WhiteArmor 20170614
Yandex 20170613
Zillya 20170613
Zoner 20170614
The file being studied is a Portable Executable file! More specifically, it is a Win32 EXE file for the Windows GUI subsystem.
PE header basic information
Target machine Intel 386 or later processors and compatible processors
Compilation timestamp 2016-11-30 21:25:02
Entry Point 0x00006EE4
Number of sections 4
PE sections
PE imports
LookupPrivilegeValueA
LogonUserW
OpenProcessToken
GetUserNameW
CryptGetDefaultProviderA
ImpersonateLoggedOnUser
GetNamedSecurityInfoA
RegQueryValueExW
AVIStreamLength
AVIStreamOpenFromFileA
AVIFileInit
AVIStreamGetFrame
AVIStreamSampleToTime
AVIStreamGetFrameClose
AVIStreamGetFrameOpen
AVIStreamInfoA
ImageList_Create
Ord(17)
ImageList_Draw
ImageList_Add
FindTextA
CreatePen
SaveDC
TextOutA
GetTextMetricsA
CombineRgn
UpdateColors
GetPixel
Rectangle
GetDeviceCaps
ExcludeClipRect
LineTo
DeleteDC
SetDCPenColor
BitBlt
CreateDIBSection
SetTextColor
GetObjectA
CreateFontA
CreateEllipticRgn
MoveToEx
GetStockObject
ExtTextOutA
SetTextAlign
CreateCompatibleDC
CreateRectRgn
SelectObject
GetTextExtentPoint32A
RestoreDC
SetBkColor
DeleteObject
CreateCompatibleBitmap
AreFileApisANSI
GetLastError
InitializeCriticalSectionAndSpinCount
HeapFree
GetStdHandle
EnterCriticalSection
LCMapStringW
GetModuleFileNameW
GlobalFree
GetConsoleCP
GetOEMCP
QueryPerformanceCounter
GetComputerNameW
IsDebuggerPresent
ExitProcess
TlsAlloc
GlobalUnlock
GetEnvironmentStringsW
FlushFileBuffers
GetModuleFileNameA
GlobalAlloc
RtlUnwind
LoadLibraryA
IsProcessorFeaturePresent
HeapAlloc
DeleteCriticalSection
GetCurrentProcess
GetWindowsDirectoryW
GetConsoleMode
DecodePointer
GetCurrentProcessId
SetLastError
lstrcatA
ReadConsoleW
WideCharToMultiByte
UnhandledExceptionFilter
LoadLibraryExW
MultiByteToWideChar
HeapSize
SetFilePointerEx
FreeEnvironmentStringsW
GetCPInfo
GetCommandLineA
GetProcAddress
GetStartupInfoW
SetStdHandle
RaiseException
CreateThread
LoadLibraryW
TlsFree
GetModuleHandleA
ReadFile
SetUnhandledExceptionFilter
WriteFile
InterlockedIncrement
CloseHandle
GetSystemTimeAsFileTime
GetACP
HeapReAlloc
GetStringTypeW
GetModuleHandleW
FreeLibrary
LocalFree
TerminateProcess
TlsGetValue
GetModuleHandleExW
IsValidCodePage
OutputDebugStringW
lstrcpyA
CreateFileW
GlobalHandle
GlobalLock
CreateEventA
InterlockedDecrement
Sleep
GetFileType
SetEndOfFile
TlsSetValue
EncodePointer
GetCurrentThreadId
GetProcessHeap
LocalAlloc
WriteConsoleW
LeaveCriticalSection
acmDriverClose
DrawDibOpen
DrawDibDraw
SysFreeString
SysAllocString
glTranslatef
glTexCoord2f
glTexSubImage2D
glClearColor
glVertex3f
glTexParameteri
glShadeModel
glClear
glDepthFunc
glEnd
glHint
glBegin
glRotatef
glTexImage2D
glEnable
glLoadIdentity
glTexGeni
glClearDepth
StrPBrkA
PathStripToRootA
GetMessageA
SetWindowRgn
UpdateWindow
GetScrollInfo
BeginPaint
OffsetRect
KillTimer
ChangeDisplaySettingsA
PostQuitMessage
DefWindowProcA
ShowWindow
SetClassLongA
LoadBitmapA
GetClipboardData
GetParent
GetWindowThreadProcessId
GetWindowRect
DispatchMessageA
EndPaint
WindowFromPoint
MessageBoxA
GetWindowDC
SetWindowLongA
TranslateMessage
IsWindowEnabled
GetSysColor
SetScrollInfo
RegisterClassExA
DrawTextA
UpdateLayeredWindow
GetIconInfo
wsprintfA
SendMessageA
GetClientRect
SetTimer
ClientToScreen
SetRect
GetClassLongA
ScreenToClient
GetWindowLongA
GetWindowTextLengthA
CreateWindowExA
LoadCursorA
LoadIconA
FillRect
GetFocus
GetDC
ReleaseDC
ScrollWindow
SetCursor
DestroyWindow
IsThemeActive
DrawThemeBackground
waveOutUnprepareHeader
SendDriverMessage
waveOutWrite
waveOutClose
EapHostPeerFreeMemory
EapHostPeerGetMethods
EapHostPeerFreeErrorMemory
GdipAlloc
GdipCreateFromHDC
CoCreateInstance
CoInitialize
ReadFmtUserTypeStg
PdhBrowseCountersA
Number of PE resources by type
RT_DIALOG 12
AFX_DIALOG_LAYOUT 5
RCDATA 5
RT_MANIFEST 1
Number of PE resources by language
ENGLISH US 23
PE resources
ExifTool file metadata
MIMEType
application/octet-stream

Subsystem
Windows GUI

MachineType
Intel 386 or later, and compatibles

FileTypeExtension
exe

TimeStamp
2016:11:30 22:25:02+01:00

FileType
Win32 EXE

PEType
PE32

CodeSize
93184

LinkerVersion
11.0

EntryPoint
0x6ee4

InitializedDataSize
153600

SubsystemVersion
5.1

ImageVersion
0.0

OSVersion
5.1

UninitializedDataSize
0

File identification
MD5 b5d7506e6a80aea257c0219047ce4b03
SHA1 8cb2a5d7209cbf2c1326d2d5e5fd2a79226193c7
SHA256 d193de89f70c1049999eabf12a3523b01c695bb536ece4de8ddc62ac71a12424
ssdeep
6144:+lmPgeaiihL7KRXN/P8UHVfJzAGWePy6Llx:02FehLc9bZyT6px

authentihash 5c11125b2d8bca1124560d03868e517deb7c436aa16c550e417d8a6249382e9d
imphash 4c76a559cd50740f256767ea21c465db
File size 242.0 KB ( 247808 bytes )
File type Win32 EXE
Magic literal
PE32 executable for MS Windows (GUI) Intel 80386 32-bit

TrID Win32 Executable MS Visual C++ (generic) (41.0%)
Win64 Executable (generic) (36.3%)
Win32 Dynamic Link Library (generic) (8.6%)
Win32 Executable (generic) (5.9%)
OS/2 Executable (generic) (2.6%)
Tags
peexe

VirusTotal metadata
First submission 2017-06-13 18:25:08 UTC ( 1 year, 7 months ago )
Last submission 2018-03-27 20:35:16 UTC ( 9 months, 3 weeks ago )
File names d193de89f70c1049999eabf12a3523b01c695bb536ece4de8ddc62ac71a12424.bin
b5d7506e6a80aea257c0219047ce4b03
No comments. No VirusTotal Community member has commented on this item yet, be the first one to do so!

Leave your comment...

?
Post comment

You have not signed in. Only registered users can leave comments, sign in and have a voice!

No votes. No one has voted on this item yet, be the first one to do so!
Condensed report! The following is a condensed report of the behaviour of the file when executed in a controlled environment. The actions and events described were either performed by the file itself or by any other process launched by the executed file or subjected to code injection by the executed file.
Opened files
Created processes
Created mutexes
Opened mutexes
Searched windows
Opened service managers
Opened services
Runtime DLLs
UDP communications