× Cookies are disabled! This site requires cookies to be enabled to work properly
SHA256: d6690d361fc81ebb7a7665a155eb663a0f22c2e11639da67e17ced37b61a39c9
File name: cat6873[1].tmp
Detection ratio: 5 / 57
Analysis date: 2016-11-19 23:33:50 UTC ( 2 years, 4 months ago ) View latest
Antivirus Result Update
Baidu Win32.Trojan.WisdomEyes.16070401.9500.9607 20161118
CrowdStrike Falcon (ML) malicious_confidence_88% (D) 20161024
Sophos ML trojan.win32.rimecud.a 20161018
Qihoo-360 HEUR/QVM20.1.0000.Malware.Gen 20161120
Symantec Heur.AdvML.B 20161119
Ad-Aware 20161119
AegisLab 20161119
AhnLab-V3 20161119
Alibaba 20161118
ALYac 20161119
Antiy-AVL 20161119
Arcabit 20161120
Avast 20161120
AVG 20161120
Avira (no cloud) 20161119
AVware 20161120
BitDefender 20161120
Bkav 20161119
CAT-QuickHeal 20161119
ClamAV 20161119
CMC 20161119
Comodo 20161119
Cyren 20161120
DrWeb 20161120
Emsisoft 20161120
ESET-NOD32 20161119
F-Prot 20161120
F-Secure 20161120
Fortinet 20161120
GData 20161119
Ikarus 20161119
Jiangmin 20161119
K7AntiVirus 20161119
K7GW 20161119
Kaspersky 20161119
Kingsoft 20161120
Malwarebytes 20161119
McAfee 20161119
McAfee-GW-Edition 20161119
Microsoft 20161119
eScan 20161119
NANO-Antivirus 20161119
nProtect 20161119
Panda 20161119
Rising 20161119
Sophos AV 20161119
SUPERAntiSpyware 20161119
Tencent 20161120
TheHacker 20161117
TotalDefense 20161119
TrendMicro 20161119
TrendMicro-HouseCall 20161119
VBA32 20161118
VIPRE 20161119
ViRobot 20161119
Yandex 20161119
Zillya 20161118
Zoner 20161119
The file being studied is a Portable Executable file! More specifically, it is a Win32 EXE file for the Windows GUI subsystem.
PE header basic information
Target machine Intel 386 or later processors and compatible processors
Compilation timestamp 2001-06-19 19:05:42
Entry Point 0x00002218
Number of sections 4
PE sections
PE imports
ChooseColorW
GetSaveFileNameW
ReplaceTextW
PageSetupDlgW
GetSaveFileNameA
dwOKSubclass
GetSystemTime
HeapFree
LCMapStringW
SetHandleCount
GetSystemInfo
GetEnvironmentStringsA
GetOEMCP
LCMapStringA
HeapAlloc
GetEnvironmentStringsW
lstrcmpW
FreeEnvironmentStringsA
GetCurrentProcess
GetEnvironmentStrings
GetFileSize
GetWindowsDirectoryA
FreeEnvironmentStringsW
DeleteFileW
GetProcessHeap
GetNumberOfConsoleFonts
GetStringTypeA
GetModuleHandleA
MulDiv
GetSystemDirectoryA
GetModuleHandleW
VirtualAlloc
GetEnvironmentVariableW
strtol
cos
??_Fbad_typeid@@QAEXXZ
_atoi64
__pioinfo
NdrConformantVaryingArrayBufferSize
NdrVaryingArrayUnmarshall
GetWindowThreadProcessId
DefFrameProcA
SetWindowLongW
ShowCaret
EndPaint
BeginPaint
GetSysColorBrush
IsWindowEnabled
SetWindowLongA
GetWindowLongW
DefMDIChildProcA
ShowWindow
InvalidateRect
waveInOpen
waveInPrepareHeader
mmioStringToFOURCCW
waveInAddBuffer
midiDisconnect
mmioGetInfo
mciSendCommandW
mciGetCreatorTask
waveInClose
waveInUnprepareHeader
mciGetDeviceIDA
waveOutGetDevCapsW
waveInReset
setsockopt
WSASetEvent
getsockopt
WSAGetServiceClassInfoW
WSAAsyncSelect
recvfrom
ntohs
WPUCompleteOverlappedRequest
sendto
getpeername
getservbyport
WSARecvDisconnect
WSCInstallNameSpace
socket
getservbyname
setsockopt
GetAddressByNameA
getsockopt
WSACancelBlockingCall
inet_addr
rresvport
WSACleanup
WSAStartup
gethostbyname
WEP
WSAAsyncGetProtoByNumber
WSAAsyncGetServByPort
getprotobynumber
GetServiceA
Number of PE resources by type
RT_ICON 1
RT_STRING 1
RT_DIALOG 1
RT_GROUP_ICON 1
Number of PE resources by language
ENGLISH US 4
PE resources
ExifTool file metadata
MIMEType
application/octet-stream

Subsystem
Windows GUI

MachineType
Intel 386 or later, and compatibles

FileTypeExtension
exe

TimeStamp
2001:06:19 20:05:42+01:00

FileType
Win32 EXE

PEType
PE32

CodeSize
10752

LinkerVersion
6.0

EntryPoint
0x2218

InitializedDataSize
317440

SubsystemVersion
5.1

ImageVersion
0.0

OSVersion
5.1

UninitializedDataSize
4096

File identification
MD5 8a9f991fb4c414aae1eaaeb2d8be297a
SHA1 2dd4963b0d67824078d6f7bb9475474c844bb32d
SHA256 d6690d361fc81ebb7a7665a155eb663a0f22c2e11639da67e17ced37b61a39c9
ssdeep
6144:r97uA11MKPNuZEIAv3ZdPv7KCZcgkvtQbc9LnzEwqG3FXhdm+/:DbJzPTxcHtGcVn4Wd

authentihash 1b8333438dd150a0796c9150da608ad3377ab8e2290fe0ffd5ed139c704cfb23
imphash 32a33a3e4bc0346a3dc5b7fdc5d33d12
File size 305.5 KB ( 312832 bytes )
File type Win32 EXE
Magic literal
PE32 executable for MS Windows (GUI) Intel 80386 32-bit

TrID Windows screen saver (46.4%)
Win32 Dynamic Link Library (generic) (23.3%)
Win32 Executable (generic) (15.9%)
Generic Win/DOS Executable (7.1%)
DOS Executable Generic (7.0%)
Tags
peexe

VirusTotal metadata
First submission 2016-11-19 23:33:50 UTC ( 2 years, 4 months ago )
Last submission 2016-11-19 23:33:50 UTC ( 2 years, 4 months ago )
File names cat6873[1].tmp
No comments. No VirusTotal Community member has commented on this item yet, be the first one to do so!

Leave your comment...

?
Post comment

You have not signed in. Only registered users can leave comments, sign in and have a voice!

No votes. No one has voted on this item yet, be the first one to do so!
Condensed report! The following is a condensed report of the behaviour of the file when executed in a controlled environment. The actions and events described were either performed by the file itself or by any other process launched by the executed file or subjected to code injection by the executed file.
Opened files
Created processes
Opened mutexes
Runtime DLLs
UDP communications