× Cookies are disabled! This site requires cookies to be enabled to work properly
SHA256: d34a3447d2b4ba05bdddc4ce583a577d107e7abee1f9bc08f65af33bee49fa7c
File name: chjvrd.exe.txt
Detection ratio: 4 / 56
Analysis date: 2015-10-08 09:56:37 UTC ( 3 years, 4 months ago ) View latest
Antivirus Result Update
Avast Win32:Malware-gen 20151008
ESET-NOD32 Win32/Sopinar.C 20151008
Kaspersky Trojan.Win32.Inject.vjch 20151008
Panda Generic Suspicious 20151008
Ad-Aware 20151008
AegisLab 20151008
Yandex 20151004
AhnLab-V3 20151008
Alibaba 20151008
ALYac 20151008
Antiy-AVL 20151008
Arcabit 20151008
AVG 20151008
Avira (no cloud) 20151008
AVware 20151008
Baidu-International 20151008
BitDefender 20151008
Bkav 20151007
ByteHero 20151008
CAT-QuickHeal 20151008
ClamAV 20151007
CMC 20151008
Comodo 20151008
Cyren 20151008
DrWeb 20151008
Emsisoft 20151008
F-Prot 20151008
F-Secure 20151008
Fortinet 20151008
GData 20151008
Ikarus 20151008
Jiangmin 20151005
K7AntiVirus 20151008
K7GW 20151008
Kingsoft 20151008
Malwarebytes 20151008
McAfee 20151008
McAfee-GW-Edition 20151008
Microsoft 20151008
eScan 20151008
NANO-Antivirus 20151008
nProtect 20151008
Qihoo-360 20151008
Rising 20151007
Sophos AV 20151008
SUPERAntiSpyware 20151008
Symantec 20151006
Tencent 20151008
TheHacker 20151006
TrendMicro 20151008
TrendMicro-HouseCall 20151008
VBA32 20151007
VIPRE 20151008
ViRobot 20151008
Zillya 20151007
Zoner 20151008
The file being studied is a Portable Executable file! More specifically, it is a Win32 EXE file for the Windows GUI subsystem.
PE header basic information
Target machine Intel 386 or later processors and compatible processors
Compilation timestamp 2014-09-07 21:44:03
Entry Point 0x0000FA35
Number of sections 5
PE sections
PE imports
RegEnumValueW
RegCloseKey
RegDeleteKeyW
CryptAcquireContextA
RegDeleteValueW
RegEnumKeyExW
RegOpenKeyExW
RegEnumValueA
RegCreateKeyExA
RegOpenKeyExA
RegDeleteValueA
RegQueryValueExW
CryptDestroyHash
GetLastError
InitializeCriticalSection
HeapFree
GetStdHandle
EnterCriticalSection
LCMapStringW
SetHandleCount
GetLocaleInfoW
GetVersionExW
FreeLibrary
QueryPerformanceCounter
HeapDestroy
ExitProcess
IsBadWritePtr
TlsAlloc
GetEnvironmentStringsW
GetVersionExA
LoadLibraryA
WaitForSingleObjectEx
RtlUnwind
GetModuleFileNameA
FreeEnvironmentStringsA
DeleteCriticalSection
GetStartupInfoA
EnumSystemLocalesA
GetEnvironmentStrings
GetLocaleInfoA
InterlockedIncrement
GetUserDefaultLCID
IsValidCodePage
GetCPInfo
UnhandledExceptionFilter
InterlockedDecrement
MultiByteToWideChar
FatalAppExitA
SetFilePointerEx
FreeEnvironmentStringsW
GetCommandLineA
GetProcAddress
GetStringTypeA
GetFileType
GetTimeZoneInformation
CompareStringW
HeapAlloc
WideCharToMultiByte
TlsFree
SetFilePointer
InterlockedExchange
WriteFile
GetCurrentProcess
CompareStringA
IsValidLocale
GetACP
HeapReAlloc
GetStringTypeW
GetModuleHandleW
SetEnvironmentVariableA
GetOEMCP
TerminateProcess
LCMapStringA
GetEnvironmentVariableA
HeapCreate
VirtualFree
TlsGetValue
Sleep
SetLastError
TlsSetValue
GetCurrentThreadId
GetVersion
GetCurrentThread
VirtualAlloc
GetModuleHandleA
LeaveCriticalSection
SHQueryValueExA
Number of PE resources by type
RT_MANIFEST 1
RT_STRING 1
Number of PE resources by language
ENGLISH US 2
PE resources
ExifTool file metadata
MIMEType
application/octet-stream

Subsystem
Windows GUI

MachineType
Intel 386 or later, and compatibles

TimeStamp
2014:09:07 22:44:03+01:00

FileType
Win32 EXE

PEType
PE32

CodeSize
98304

LinkerVersion
7.1

FileTypeExtension
exe

InitializedDataSize
36864

SubsystemVersion
4.0

EntryPoint
0xfa35

OSVersion
4.0

ImageVersion
0.0

UninitializedDataSize
0

File identification
MD5 0d9c5833e99d4cdd1c25e67b097afd49
SHA1 4ccb208932176058e0b506137071da32b5a0992a
SHA256 d34a3447d2b4ba05bdddc4ce583a577d107e7abee1f9bc08f65af33bee49fa7c
ssdeep
3072:Nfj8krjn5RSZ0kJ7AxJidV4yE/2Zdk+Tows7:1Vrjn5RSZ0G7+JiD4yEnB7

authentihash 9b22e62a733592a9ad616b77f694edbb12659d391108b1248cc41577af2628d3
imphash 5e826728266faa569320def191c5171b
File size 132.0 KB ( 135168 bytes )
File type Win32 EXE
Magic literal
PE32 executable for MS Windows (GUI) Intel 80386 32-bit

TrID Win32 Executable MS Visual C++ (generic) (67.3%)
Win32 Dynamic Link Library (generic) (14.2%)
Win32 Executable (generic) (9.7%)
Generic Win/DOS Executable (4.3%)
DOS Executable Generic (4.3%)
Tags
peexe

VirusTotal metadata
First submission 2015-10-08 09:56:37 UTC ( 3 years, 4 months ago )
Last submission 2015-10-08 09:56:37 UTC ( 3 years, 4 months ago )
File names runas.exe
chjvrd.exe.txt
No comments. No VirusTotal Community member has commented on this item yet, be the first one to do so!

Leave your comment...

?
Post comment

You have not signed in. Only registered users can leave comments, sign in and have a voice!

No votes. No one has voted on this item yet, be the first one to do so!
Condensed report! The following is a condensed report of the behaviour of the file when executed in a controlled environment. The actions and events described were either performed by the file itself or by any other process launched by the executed file or subjected to code injection by the executed file.
Created mutexes
Runtime DLLs