× Cookies are disabled! This site requires cookies to be enabled to work properly
SHA256: d5cbb94a2ccaf7f37e42ab7d97da7991209ae231b1ea6814f6c583b59ae66ca4
File name: malware3.exe
Detection ratio: 3 / 56
Analysis date: 2016-05-20 09:58:20 UTC ( 3 years ago ) View latest
Antivirus Result Update
McAfee-GW-Edition BehavesLike.Win32.Expiro.ch 20160520
Qihoo-360 QVM20.1.Malware.Gen 20160520
Rising Malware.Generic!yfrJBhd4xrE@1 (Thunder) 20160520
Ad-Aware 20160520
AegisLab 20160520
AhnLab-V3 20160520
Alibaba 20160520
ALYac 20160520
Antiy-AVL 20160520
Arcabit 20160520
Avast 20160520
AVG 20160520
Avira (no cloud) 20160520
AVware 20160520
Baidu 20160520
Baidu-International 20160520
BitDefender 20160520
Bkav 20160519
CAT-QuickHeal 20160518
ClamAV 20160520
CMC 20160520
Comodo 20160520
Cyren 20160520
DrWeb 20160520
Emsisoft 20160520
ESET-NOD32 20160520
F-Prot 20160520
F-Secure 20160520
Fortinet 20160520
GData 20160520
Ikarus 20160520
Jiangmin 20160520
K7AntiVirus 20160520
K7GW 20160520
Kaspersky 20160520
Kingsoft 20160520
Malwarebytes 20160520
McAfee 20160520
Microsoft 20160520
eScan 20160520
NANO-Antivirus 20160520
nProtect 20160519
Panda 20160519
Sophos AV 20160520
SUPERAntiSpyware 20160520
Symantec 20160520
Tencent 20160520
TheHacker 20160519
TrendMicro 20160520
TrendMicro-HouseCall 20160520
VBA32 20160519
VIPRE 20160520
ViRobot 20160520
Yandex 20160519
Zillya 20160519
Zoner 20160520
The file being studied is a Portable Executable file! More specifically, it is a Win32 EXE file for the Windows GUI subsystem.
FileVersionInfo properties
Copyright
Copyright (C) 2007-2012 All rights Reserved.

File version 5, 5, 3, 3
PE header basic information
Target machine Intel 386 or later processors and compatible processors
Compilation timestamp 2016-05-20 07:02:03
Entry Point 0x00007CB8
Number of sections 6
PE sections
PE imports
RegCreateKeyExW
RegCloseKey
RegCreateKeyW
OpenServiceW
ControlService
RegEnumKeyW
DeleteService
RegQueryValueExW
GetNamedSecurityInfoW
RegOpenKeyA
RegisterEventSourceW
OpenProcessToken
DeregisterEventSource
RegOpenKeyExW
SetTokenInformation
RegisterServiceCtrlHandlerExW
CreateServiceW
GetTokenInformation
DuplicateTokenEx
SetServiceStatus
BuildExplicitAccessWithNameW
CreateProcessAsUserW
SetEntriesInAclW
RevertToSelf
StartServiceW
RegSetValueExW
EnumDependentServicesW
OpenSCManagerW
ReportEventW
QueryServiceStatusEx
StartServiceCtrlDispatcherW
CloseServiceHandle
ChangeServiceConfigW
SetNamedSecurityInfoW
BeginPath
AddFontMemResourceEx
CloseFigure
GetStdHandle
FileTimeToDosDateTime
FileTimeToSystemTime
GetFileAttributesA
WaitForSingleObject
GetDriveTypeA
lstrcmpW
GetLocalTime
DeleteCriticalSection
GetCurrentProcess
GetDriveTypeW
GetConsoleMode
GetLocaleInfoA
LocalAlloc
lstrcatA
SetErrorMode
GetFileInformationByHandle
HeapSize
GetFullPathNameA
GetFileTime
FindResourceExA
GetCPInfo
lstrcmpiA
InterlockedExchange
WriteFile
GetSystemTimeAsFileTime
EnumResourceLanguagesA
GetDiskFreeSpaceA
GetStringTypeW
SetFileAttributesA
FreeLibrary
LocalFree
MoveFileA
ResumeThread
GetProcAddress
LoadResource
GlobalHandle
InterlockedDecrement
GetProfileIntA
GetStringTypeExA
SetLastError
GetUserDefaultUILanguage
InitializeCriticalSection
LocalLock
GetUserDefaultLangID
GetModuleFileNameW
GlobalFindAtomA
HeapAlloc
FlushFileBuffers
RemoveDirectoryA
RaiseException
HeapSetInformation
GetVolumeInformationA
LoadLibraryExA
GetPrivateProfileStringA
SetThreadPriority
UnhandledExceptionFilter
TlsGetValue
MultiByteToWideChar
FormatMessageA
GetModuleHandleA
CreateThread
GetSystemDirectoryW
GetSystemDefaultUILanguage
GlobalAddAtomA
SetUnhandledExceptionFilter
ConvertDefaultLocale
MulDiv
IsProcessorFeaturePresent
SetEnvironmentVariableA
SetPriorityClass
TerminateProcess
FindCloseChangeNotification
GetNumberFormatA
FindNextChangeNotification
SearchPathA
FindAtomA
SetEndOfFile
GetCurrentThreadId
LeaveCriticalSection
SetCurrentDirectoryA
WriteConsoleW
InitializeCriticalSectionAndSpinCount
HeapFree
EnterCriticalSection
SetHandleCount
LoadLibraryW
SetEvent
QueryPerformanceCounter
GetTickCount
TlsAlloc
VirtualProtect
GetVersionExA
LoadLibraryA
RtlUnwind
GlobalFindAtomW
GlobalSize
UnlockFile
DosDateTimeToFileTime
lstrlenA
GetFileSize
GlobalDeleteAtom
GetPrivateProfileIntA
CreateDirectoryA
DeleteFileA
GetWindowsDirectoryA
GetStartupInfoW
GlobalLock
GetProcessHeap
CompareStringW
GetFileSizeEx
GlobalReAlloc
FreeEnvironmentStringsW
lstrcmpA
lstrcpyA
CompareStringA
GetTempFileNameA
CreateFileMappingA
DuplicateHandle
WaitForMultipleObjects
ExpandEnvironmentStringsA
GetTimeZoneInformation
CreateFileW
CreateEventA
IsDebuggerPresent
GetFileType
TlsSetValue
CreateFileA
LocalUnlock
InterlockedIncrement
GetLastError
IsValidCodePage
LocalReAlloc
SystemTimeToFileTime
LCMapStringW
FindFirstChangeNotificationA
GetSystemInfo
LocalFileTimeToFileTime
GlobalFree
GetConsoleCP
FindResourceW
GlobalGetAtomNameA
GetThreadLocale
GetEnvironmentStringsW
GlobalUnlock
LockFile
GetModuleFileNameA
GetShortPathNameA
OpenFile
FileTimeToLocalFileTime
SizeofResource
GetCurrentDirectoryW
WritePrivateProfileStringA
GetCurrentProcessId
LockResource
SetFileTime
lstrlenW
HeapQueryInformation
GetCurrentDirectoryA
WinExec
GetCommandLineA
GetCurrentThread
GetTempPathA
SuspendThread
QueryPerformanceFrequency
MapViewOfFile
TlsFree
SetFilePointer
GlobalFlags
CloseHandle
lstrcpynA
GetACP
CopyFileA
GetModuleHandleW
FreeResource
SetStdHandle
CreateProcessA
WideCharToMultiByte
CompareFileTime
HeapCreate
FindResourceExW
Sleep
GetFileAttributesExA
FindResourceA
GetOEMCP
ResetEvent
GetModuleInformation
GetModuleFileNameExW
SHEmptyRecycleBinW
SHGetSpecialFolderPathW
PathFindFileNameW
PathFileExistsW
PathRemoveFileSpecW
PathQuoteSpacesW
StrStrIW
PathAppendW
PathCombineW
SetFocus
MapWindowPoints
GetMonitorInfoW
GetForegroundWindow
GetParent
LoadIconA
GetWindow
GetMessageW
EnumWindows
DefWindowProcW
KillTimer
DestroyMenu
TrackMouseEvent
PostQuitMessage
ShowWindow
MessageBeep
LoadMenuW
SetWindowPos
RemoveMenu
GetWindowThreadProcessId
SetWindowLongW
IsWindow
PeekMessageW
GetWindowRect
EnableWindow
LoadStringA
EnumChildWindows
AppendMenuW
CharLowerW
DestroyCursor
TranslateMessage
IsWindowEnabled
GetWindowDC
PostMessageW
TrackPopupMenuEx
DispatchMessageW
GetCursorPos
ReleaseDC
UpdateLayeredWindow
CreatePopupMenu
SendMessageW
UnregisterClassA
TranslateAcceleratorW
PtInRect
IsWindowVisible
DestroyWindow
SetWindowTextW
GetMenuItemInfoW
DrawTextW
LoadImageW
MonitorFromWindow
ScreenToClient
InvalidateRect
SetTimer
CallWindowProcW
GetClassNameW
LoadStringW
GetKeyboardLayout
GetMenuItemCount
MonitorFromPoint
GetClientRect
GetWindowTextW
LoadCursorW
GetFocus
GetWindowLongW
CharNextW
SetCursor
VerQueryValueW
WTSEnumerateSessionsW
WTSFreeMemory
_except_handler3
malloc
_CIsin
free
exit
_CIcos
__set_app_type
CoInitialize
Ord(8)
OleUIBusyW
Number of PE resources by type
RT_ICON 10
RT_DIALOG 1
RT_VERSION 1
RT_GROUP_ICON 1
Number of PE resources by language
ENGLISH US 12
ENGLISH NEUTRAL 1
PE resources
Debug information
ExifTool file metadata
SpecialBuild
2015.05.13

UninitializedDataSize
0

LinkerVersion
8.0

ImageVersion
8.0

FileVersionNumber
5.5.3.3

LanguageCode
English (U.S.)

FileFlagsMask
0x0000

CharacterSet
Windows, Latin1

InitializedDataSize
128512

PrivateBuild
2015.05.13

EntryPoint
0x7cb8

MIMEType
application/octet-stream

LegalCopyright
Copyright (C) 2007-2012 All rights Reserved.

FileVersion
5, 5, 3, 3

TimeStamp
2016:05:20 08:02:03+01:00

FileType
Win32 EXE

PEType
PE32

ProductVersion
5, 5, 3, 3

SubsystemVersion
5.1

OSVersion
5.1

FileOS
Win32

Subsystem
Windows GUI

MachineType
Intel 386 or later, and compatibles

CompanyName
Accmeware Corporation

CodeSize
71168

FileSubtype
0

ProductVersionNumber
5.5.3.3

FileTypeExtension
exe

ObjectFileType
Executable application

Compressed bundles
File identification
MD5 c6206924fe6cbdccb1676a65032762e0
SHA1 683ff2aea5f7e4e44eae95b856d46da71c528f0a
SHA256 d5cbb94a2ccaf7f37e42ab7d97da7991209ae231b1ea6814f6c583b59ae66ca4
ssdeep
3072:x5dV+/JWsLe6oIhl+ykZtkud2vaPnw929uFfE:xHV+hWsDoI7+ykZtkudbYsQ

authentihash 062af25b9d9a2674aee97426b850f546c04305171aa5233ee3740f012e08a0a0
imphash 0256bc65d520daeb6545dbc24a8998c4
File size 152.0 KB ( 155648 bytes )
File type Win32 EXE
Magic literal
PE32 executable for MS Windows (GUI) Intel 80386 32-bit

TrID Win32 Executable MS Visual C++ (generic) (42.2%)
Win64 Executable (generic) (37.3%)
Win32 Dynamic Link Library (generic) (8.8%)
Win32 Executable (generic) (6.0%)
Generic Win/DOS Executable (2.7%)
Tags
peexe

VirusTotal metadata
First submission 2016-05-20 09:58:20 UTC ( 3 years ago )
Last submission 2017-08-06 08:40:27 UTC ( 1 year, 9 months ago )
File names malware3.exe
No comments. No VirusTotal Community member has commented on this item yet, be the first one to do so!

Leave your comment...

?
Post comment

You have not signed in. Only registered users can leave comments, sign in and have a voice!

No votes. No one has voted on this item yet, be the first one to do so!
Condensed report! The following is a condensed report of the behaviour of the file when executed in a controlled environment. The actions and events described were either performed by the file itself or by any other process launched by the executed file or subjected to code injection by the executed file.
Opened files
Read files
Written files
Moved files
Deleted files
Created processes
Shell commands
Code injections in the following processes
Created mutexes
Opened mutexes
Searched windows
Opened service managers
Opened services
Runtime DLLs
Additional details
The file uses the IsDebuggerPresent Windows API function in order to see whether it is being debugged.
HTTP requests
TCP connections
UDP communications