× Cookies are disabled! This site requires cookies to be enabled to work properly
SHA256: d6d64c61dada8b5ccfa970356057a6c2c7697f084922744c5a2e29aff079647b
File name: Aug_1st_java.exe
Detection ratio: 16 / 55
Analysis date: 2016-08-04 12:40:47 UTC ( 2 years, 6 months ago ) View latest
Antivirus Result Update
AegisLab Troj.W32.Generic!c 20160804
AhnLab-V3 Trojan/Win32.Agent.N2068040881 20160804
Antiy-AVL Trojan[:HEUR]/Win32.AGeneric 20160804
Baidu Win32.Trojan.WisdomEyes.151026.9950.9999 20160804
DrWeb Trojan.DownLoad3.43078 20160804
Fortinet PossibleThreat 20160804
Ikarus Trojan-Dropper.Win32.Dorifel 20160804
Jiangmin Trojan.Generic.agmkl 20160804
K7AntiVirus Riskware ( 0040eff71 ) 20160804
K7GW Riskware ( 0040eff71 ) 20160804
Kaspersky HEUR:Trojan.Win32.Generic 20160804
McAfee RDN/Generic.grp 20160804
McAfee-GW-Edition BehavesLike.Win32.Downloader.cc 20160804
Sophos AV Mal/Generic-S 20160804
Symantec Trojan.Gen 20160804
TrendMicro-HouseCall TROJ_GEN.R047H06H416 20160804
Ad-Aware 20160804
Alibaba 20160804
ALYac 20160804
Arcabit 20160804
Avast 20160804
AVG 20160804
Avira (no cloud) 20160804
AVware 20160804
BitDefender 20160804
Bkav 20160804
CAT-QuickHeal 20160803
ClamAV 20160804
CMC 20160804
Comodo 20160804
Cyren 20160804
Emsisoft 20160804
ESET-NOD32 20160804
F-Prot 20160804
F-Secure 20160804
GData 20160804
Kingsoft 20160804
Malwarebytes 20160804
Microsoft 20160804
eScan 20160804
NANO-Antivirus 20160804
nProtect 20160804
Panda 20160803
Qihoo-360 20160804
SUPERAntiSpyware 20160804
Tencent 20160804
TheHacker 20160804
TotalDefense 20160804
TrendMicro 20160804
VBA32 20160804
VIPRE 20160804
ViRobot 20160803
Yandex 20160803
Zillya 20160804
Zoner 20160804
The file being studied is a Portable Executable file! More specifically, it is a Win32 EXE file for the Windows GUI subsystem.
PE header basic information
Target machine Intel 386 or later processors and compatible processors
Compilation timestamp 2012-04-17 08:12:32
Entry Point 0x00001EBD
Number of sections 5
PE sections
Overlays
MD5 43b32f39f84f1ff7bc7702f939a826c9
File type data
Offset 51200
Size 113498
Entropy 7.90
PE imports
GetLastError
InitializeCriticalSectionAndSpinCount
HeapFree
GetStdHandle
EnterCriticalSection
LCMapStringW
HeapCreate
GetOEMCP
GetEnvironmentStringsW
IsDebuggerPresent
HeapAlloc
TlsAlloc
VirtualProtect
GetVersionExA
GetModuleFileNameA
RtlUnwind
LoadLibraryA
GetProcessId
FreeEnvironmentStringsA
DeleteCriticalSection
GetCurrentProcess
SizeofResource
GetLocaleInfoA
GetFileSize
SetHandleCount
LockResource
LCMapStringA
GetCurrentDirectoryA
UnhandledExceptionFilter
InterlockedDecrement
MultiByteToWideChar
HeapSize
InterlockedIncrement
FreeEnvironmentStringsW
GetCPInfo
GetCommandLineA
GetProcAddress
GetStringTypeA
GetProcessHeap
WideCharToMultiByte
TlsFree
ReadFile
SetUnhandledExceptionFilter
WriteFile
GetStartupInfoA
CloseHandle
GetSystemTimeAsFileTime
TerminateProcess
GetACP
HeapReAlloc
GetStringTypeW
GetModuleHandleW
IsWow64Process
GetEnvironmentStrings
QueryPerformanceCounter
IsValidCodePage
LoadResource
VirtualFree
TlsGetValue
Sleep
GetFileType
GetTickCount
TlsSetValue
CreateFileA
ExitProcess
GetCurrentThreadId
FindResourceA
VirtualAlloc
GetCurrentProcessId
SetLastError
LeaveCriticalSection
Number of PE resources by type
RT_ICON 2
BINARY 1
RT_MANIFEST 1
RT_GROUP_ICON 1
Number of PE resources by language
ENGLISH US 5
PE resources
ExifTool file metadata
MIMEType
application/octet-stream

Subsystem
Windows GUI

MachineType
Intel 386 or later, and compatibles

FileTypeExtension
exe

TimeStamp
2012:04:17 09:12:32+01:00

FileType
Win32 EXE

PEType
PE32

CodeSize
27648

LinkerVersion
9.0

EntryPoint
0x1ebd

InitializedDataSize
22528

SubsystemVersion
5.0

ImageVersion
0.0

OSVersion
5.0

UninitializedDataSize
0

File identification
MD5 b1380af637b4011e674644e0a1a53a64
SHA1 4297e2c5cae19ffbcf475234e0867bad826fc1bf
SHA256 d6d64c61dada8b5ccfa970356057a6c2c7697f084922744c5a2e29aff079647b
ssdeep
3072:3q2P3J5rfz0t37O0lOdmN8L1f1i+S0oXBjOah87qC5Vlz:aePfz0BOroqd1fSrRjOqmX

authentihash f193f89e78b223af65034b1da1814053aaffbe102b504bb914832861772780c8
imphash 0a43bbbd25be8f25b0d31f0952c2ad19
File size 160.8 KB ( 164698 bytes )
File type Win32 EXE
Magic literal
PE32 executable for MS Windows (GUI) Intel 80386 32-bit

TrID Win32 Executable MS Visual C++ (generic) (42.2%)
Win64 Executable (generic) (37.3%)
Win32 Dynamic Link Library (generic) (8.8%)
Win32 Executable (generic) (6.0%)
Generic Win/DOS Executable (2.7%)
Tags
peexe overlay

VirusTotal metadata
First submission 2016-08-01 04:45:50 UTC ( 2 years, 6 months ago )
Last submission 2017-11-24 02:57:29 UTC ( 1 year, 3 months ago )
File names b1380af637b4011e674644e0a1a53a64
Aug_1st_java.exe
d6d64c61dada8b5ccfa970356057a6c2c7697f084922744c5a2e29aff079647b.exe
b1380af637b4011e674644e0a1a53a64.virus
java.exe
trojan_doxer.exe
d6d64c61dada8b5ccfa970356057a6c2c7697f084922744c5a2e29aff079647b
Advanced heuristic and reputation engines
TrendMicro-HouseCall
TrendMicro's heuristic engine has flagged this file as: Suspicious_GEN.F47V0801.

No comments. No VirusTotal Community member has commented on this item yet, be the first one to do so!

Leave your comment...

?
Post comment

You have not signed in. Only registered users can leave comments, sign in and have a voice!

No votes. No one has voted on this item yet, be the first one to do so!
Condensed report! The following is a condensed report of the behaviour of the file when executed in a controlled environment. The actions and events described were either performed by the file itself or by any other process launched by the executed file or subjected to code injection by the executed file.
Opened files
Read files
Created processes
Opened mutexes
Runtime DLLs