× Cookies are disabled! This site requires cookies to be enabled to work properly
SHA256: d78fb2c23422471657a077ff68906d6f6b639d7b7b00ef269fa3a2ce1b38710a
File name: vir3.ttt
Detection ratio: 57 / 69
Analysis date: 2018-10-05 00:41:43 UTC ( 1 week, 4 days ago )
Antivirus Result Update
Ad-Aware Gen:Variant.Kazy.274505 20181005
AegisLab Trojan.Win32.Manna.4!c 20181004
AhnLab-V3 Win-Trojan/Agent.135168.YW 20181004
ALYac Gen:Variant.Kazy.274505 20181004
Antiy-AVL Trojan/Win32.Unknown 20181005
Arcabit Trojan.Kazy.D43049 20181004
Avast Win32:Kryptik-OSJ [Trj] 20181005
AVG Win32:Kryptik-OSJ [Trj] 20181005
Avira (no cloud) HEUR/AGEN.1010801 20181004
AVware Trojan.Win32.Generic!BT 20180925
BitDefender Gen:Variant.Kazy.274505 20181004
Bkav W32.MeylieLTA.Trojan 20181003
CAT-QuickHeal Trojan.Ramdo 20181004
CMC Trojan.Win32.Manna!O 20181004
Comodo UnclassifiedMalware 20181005
CrowdStrike Falcon (ML) malicious_confidence_100% (W) 20180723
Cybereason malicious.67fd26 20180225
Cylance Unsafe 20181005
Cyren W32/Trojan.RSPZ-8026 20181005
DrWeb Trojan.Siggen5.60586 20181005
Emsisoft Gen:Variant.Kazy.274505 (B) 20181005
Endgame malicious (high confidence) 20180730
ESET-NOD32 a variant of Win32/Kryptik.BNOA 20181005
F-Secure Gen:Variant.Kazy.274505 20181004
Fortinet W32/Kryptik.BNKB 20181005
GData Gen:Variant.Kazy.274505 20181005
Ikarus Trojan.Win32.Crypt 20181004
Sophos ML heuristic 20180717
Jiangmin Trojan/Manna.ba 20181004
K7AntiVirus Trojan ( 0048d0221 ) 20181004
K7GW Trojan ( 0048d0221 ) 20181003
Kaspersky Trojan.Win32.Manna.arn 20181005
Kingsoft Win32.Troj.Generic.a.(kcloud) 20181005
MAX malware (ai score=100) 20181005
McAfee Redyms-FDEM!C73134F67FD2 20181005
McAfee-GW-Edition Redyms-FDEM!C73134F67FD2 20181004
Microsoft Trojan:Win32/Ramdo.A 20181004
eScan Gen:Variant.Kazy.274505 20181005
NANO-Antivirus Trojan.Win32.Manna.draxob 20181005
Palo Alto Networks (Known Signatures) generic.ml 20181005
Panda Trj/Genetic.gen 20181004
Qihoo-360 Win32/Trojan.626 20181005
Rising Trojan.Kryptik!8.8 (CLOUD) 20181005
SentinelOne (Static ML) static engine - malicious 20180926
Sophos AV Mal/Generic-S 20181004
Symantec Trojan.Manna 20181004
TACHYON Trojan/W32.Manna.135168.B 20181005
Tencent Win32.Trojan.Inject.Udkj 20181005
TheHacker Trojan/Kryptik.bnoa 20181001
TotalDefense Win32/Tnega.XAFO!suspicious 20181004
TrendMicro TSPY_KRYPTIK.ABC 20181004
TrendMicro-HouseCall TSPY_KRYPTIK.ABC 20181005
VIPRE Trojan.Win32.Generic!BT 20181005
Webroot W32.Trojan.Gen 20181005
Yandex Trojan.Manna!hNjJZxigU8g 20181004
Zillya Trojan.Manna.Win32.629 20181003
ZoneAlarm by Check Point Trojan.Win32.Manna.arn 20181004
Alibaba 20180921
Avast-Mobile 20181004
Babable 20180918
Baidu 20180930
ClamAV 20181004
eGambit 20181005
F-Prot 20181005
Malwarebytes 20181005
SUPERAntiSpyware 20181004
Symantec Mobile Insight 20181001
Trustlook 20181005
VBA32 20181004
ViRobot 20181004
Zoner 20181004
The file being studied is a Portable Executable file! More specifically, it is a Win32 EXE file for the Windows GUI subsystem.
PE header basic information
Target machine Intel 386 or later processors and compatible processors
Compilation timestamp 2012-11-06 19:06:55
Entry Point 0x000189D0
Number of sections 4
PE sections
PE imports
GdiFlush
GetUserDefaultUILanguage
GetLastError
GetStdHandle
GetUserDefaultLangID
ReleaseMutex
WaitForSingleObject
GetOEMCP
IsDebuggerPresent
ExitProcess
GetThreadLocale
GetCurrentProcessId
GetLogicalDrives
GetCommandLineA
GetProcAddress
GetCurrentThread
SuspendThread
GetSystemDefaultLangID
CreateSemaphoreA
SetFilePointer
WriteFile
GetUserDefaultLCID
LocalFree
ResumeThread
lstrcpyA
FatalExit
CreateEventA
AllocConsole
Sleep
CreateFileA
OutputDebugStringA
GetModuleHandleA
SHReleaseThreadRef
SetDoubleClickTime
GetCaretBlinkTime
GetForegroundWindow
SendMessageA
PostMessageA
GetDesktopWindow
MessageBoxA
GetClassInfoExA
CreateDialogParamA
CloseClipboard
GetWindow
GetSysColor
RegisterClassA
OpenClipboard
WSACleanup
OleUninitialize
CoSuspendClassObjects
CoInitialize
ExifTool file metadata
MIMEType
application/octet-stream

Subsystem
Windows GUI

SubsystemVersion
4.0

MachineType
Intel 386 or later, and compatibles

TimeStamp
2012:11:06 20:06:55+01:00

FileType
Win32 EXE

PEType
PE32

CodeSize
114688

LinkerVersion
7.1

FileTypeExtension
exe

InitializedDataSize
28672

ImageFileCharacteristics
Executable, No line numbers, No symbols, 32-bit

EntryPoint
0x189d0

OSVersion
4.0

ImageVersion
0.0

UninitializedDataSize
0

File identification
MD5 c73134f67fd261dedbc1b685b49d1fa4
SHA1 e129d6ffce20075e1c4c6f3a758fe3e4481e66be
SHA256 d78fb2c23422471657a077ff68906d6f6b639d7b7b00ef269fa3a2ce1b38710a
ssdeep
1536:XayQ12/ku73a4ywqMLZ7jLwCeDKP16VvHga7wjdsyXUuEYoBx1sa89O+cP6q7OBd:3Qksu7a5E9j8CbkVwsyXja2Ohiq7MVj

authentihash 99a98aa258db6cabde81b503527571c6bbf8ba507109f804d3427f1ec6496854
imphash e7081b7dd1091991fae90eff6e4fd7ed
File size 132.0 KB ( 135168 bytes )
File type Win32 EXE
Magic literal
PE32 executable for MS Windows (GUI) Intel 80386 32-bit

TrID Win64 Executable (generic) (61.7%)
Win32 Dynamic Link Library (generic) (14.7%)
Win32 Executable (generic) (10.0%)
OS/2 Executable (generic) (4.5%)
Generic Win/DOS Executable (4.4%)
Tags
peexe

VirusTotal metadata
First submission 2013-10-23 14:40:48 UTC ( 4 years, 11 months ago )
Last submission 2018-05-15 00:05:54 UTC ( 5 months ago )
File names index.html.B4BA1577[1].html
12.exe_
index.html.B4BA1577.html.exe
d78fb2c23422471657a077ff68906d6f6b639d7b7b00ef269fa3a2ce1b38710a.bin
?35523bb81eca604f9ebd1748879f3fc1
d6ffce20075e1c4c6f3a758fe3e4481e66be
3.exe
3G1iZGNl.bin.part
d78fb2c23422471657a077ff68906d6f6b639d7b7b00ef269fa3a2ce1b38710a
vti-rescan
vir3.ttt
index.html.51620EC7.html
index.html.B4BA1577.html
HPM3UTIL.EXE
Advanced heuristic and reputation engines
Symantec reputation Suspicious.Insight
No comments. No VirusTotal Community member has commented on this item yet, be the first one to do so!

Leave your comment...

?
Post comment

You have not signed in. Only registered users can leave comments, sign in and have a voice!

No votes. No one has voted on this item yet, be the first one to do so!
Condensed report! The following is a condensed report of the behaviour of the file when executed in a controlled environment. The actions and events described were either performed by the file itself or by any other process launched by the executed file or subjected to code injection by the executed file.
Opened files
Read files
Written files
Created processes
Opened mutexes
Runtime DLLs
Additional details
The file uses the IsDebuggerPresent Windows API function in order to see whether it is being debugged.