× Cookies are disabled! This site requires cookies to be enabled to work properly
SHA256: d7a3315f872243c28bd95fb75ed3b007821a2dea25f78afd8cbaaca1d853ef4f
File name: Inhabitants
Detection ratio: 50 / 67
Analysis date: 2017-12-06 19:01:57 UTC ( 2 months, 2 weeks ago )
Antivirus Result Update
Ad-Aware Gen:Variant.Symmi.65186 20171206
AegisLab Uds.Dangerousobject.Multi!c 20171206
AhnLab-V3 Malware/Win32.Generic.C1989228 20171206
ALYac Gen:Variant.Symmi.65186 20171206
Antiy-AVL Trojan/Win32.SGeneric 20171206
Arcabit Trojan.Symmi.DFEA2 20171206
Avast Win32:Malware-gen 20171206
AVG Win32:Malware-gen 20171206
Avira (no cloud) TR/Agent.418305 20171206
AVware Trojan.Win32.Generic!BT 20171206
BitDefender Gen:Variant.Symmi.65186 20171206
CAT-QuickHeal Backdoor.Noancooe 20171206
Comodo UnclassifiedMalware 20171206
CrowdStrike Falcon (ML) malicious_confidence_70% (W) 20171016
Cybereason malicious.1b8fb7 20171103
Cylance Unsafe 20171206
Cyren W32/Cryptowall.A.gen!Eldorado 20171206
DrWeb Trojan.Siggen6.61965 20171206
Emsisoft Gen:Variant.Symmi.65186 (B) 20171206
Endgame malicious (high confidence) 20171130
ESET-NOD32 Win32/Injector.CZKK 20171206
F-Prot W32/Cryptowall.A.gen!Eldorado 20171206
F-Secure Gen:Variant.Symmi.65186 20171206
Fortinet W32/Injector.CZKK!tr 20171206
GData Gen:Variant.Symmi.65186 20171206
Ikarus Trojan.Win32.Injector 20171206
Jiangmin Trojan.Ekstak.dby 20171206
K7AntiVirus Riskware ( 0040eff71 ) 20171205
K7GW Riskware ( 0040eff71 ) 20171206
Kaspersky Trojan.Win32.Ekstak.doh 20171206
Malwarebytes Trojan.Injector 20171206
MAX malware (ai score=100) 20171206
McAfee RDN/Generic BackDoor 20171206
McAfee-GW-Edition RDN/Generic BackDoor 20171206
eScan Gen:Variant.Symmi.65186 20171206
NANO-Antivirus Trojan.Win32.TrjGen.edqjwa 20171206
Panda Trj/GdSda.A 20171206
Qihoo-360 Win32/Trojan.Multi.daf 20171206
Sophos AV Troj/Ransom-DEC 20171206
Symantec Infostealer 20171206
Tencent Win32.Backdoor.Netwire.Kiuy 20171206
TrendMicro BKDR_NOANCOOE.OW 20171206
TrendMicro-HouseCall BKDR_NOANCOOE.OW 20171206
VBA32 Trojan.Ekstak 20171206
VIPRE Trojan.Win32.Generic!BT 20171206
ViRobot Trojan.Win32.Agent.417792.AB 20171206
Webroot W32.Trojan.Gen 20171206
Yandex Trojan.Injector!0tnEi8lqyc4 20171205
Zillya Trojan.Injector.Win32.386381 20171206
ZoneAlarm by Check Point Trojan.Win32.Ekstak.doh 20171206
Alibaba 20171206
Avast-Mobile 20171206
Baidu 20171206
Bkav 20171206
ClamAV 20171206
CMC 20171206
eGambit 20171206
Sophos ML 20170914
Kingsoft 20171206
Microsoft 20171206
nProtect 20171206
Palo Alto Networks (Known Signatures) 20171206
Rising 20171206
SentinelOne (Static ML) 20171113
SUPERAntiSpyware 20171206
Symantec Mobile Insight 20171206
TheHacker 20171205
Trustlook 20171206
WhiteArmor 20171204
Zoner 20171206
The file being studied is a Portable Executable file! More specifically, it is a Win32 EXE file for the Windows GUI subsystem.
FileVersionInfo properties
Copyright
Copyright ? 2016

Product Inhabitants
Original name Inhabitants.exe
Internal name Inhabitants
File version 1, 0, 0, 1
Description Inhabitants
PE header basic information
Target machine Intel 386 or later processors and compatible processors
Compilation timestamp 2016-05-29 13:56:05
Entry Point 0x0000C60C
Number of sections 6
PE sections
PE imports
RegCreateKeyExW
RegDeleteValueW
GetFileSecurityW
RegCloseKey
RegSetValueExW
RegOpenKeyExW
RegEnumKeyW
RegCreateKeyW
RegOpenKeyW
RegDeleteKeyW
RegSetValueW
SetFileSecurityW
RegQueryValueExW
RegQueryValueW
Ord(17)
ImageList_Destroy
StartDocW
GetTextMetricsW
SetMapMode
TextOutW
CreateFontIndirectW
PatBlt
GetClipBox
GetNearestColor
GetCurrentPositionEx
SaveDC
CreateRectRgnIndirect
LPtoDP
PtVisible
SetStretchBltMode
GetROP2
GetWindowExtEx
CombineRgn
GetViewportOrgEx
CreateBitmap
Rectangle
GetDeviceCaps
ExcludeClipRect
OffsetViewportOrgEx
DeleteDC
EndDoc
RestoreDC
SetBkMode
GetWindowOrgEx
GetCharWidthW
CreateDCW
CreateSolidBrush
StartPage
IntersectClipRect
GetTextFaceW
GetBkMode
GetStretchBltMode
SetTextColor
CreatePatternBrush
SelectObject
RectVisible
ExtTextOutW
GetObjectW
SetAbortProc
GetTextExtentPoint32W
GetPolyFillMode
MoveToEx
BitBlt
CreateDIBitmap
SetViewportOrgEx
ScaleWindowExtEx
SetBkColor
ExtTextOutA
LineTo
GetTextExtentPointA
SetTextAlign
SetROP2
SelectClipRgn
CreateCompatibleDC
GetTextAlign
CreateFontW
StretchDIBits
GetBkColor
CreatePen
ScaleViewportExtEx
EndPage
CreateRectRgn
AbortDoc
DeleteObject
GetTextExtentPoint32A
SetPolyFillMode
GetMapMode
SetRectRgn
SetWindowExtEx
GetTextColor
SetWindowOrgEx
DPtoLP
GetStockObject
Escape
GetViewportExtEx
SetViewportExtEx
CreateCompatibleBitmap
GetStdHandle
FileTimeToSystemTime
HeapDestroy
IsBadCodePtr
GetFileAttributesW
lstrcmpW
FreeEnvironmentStringsA
DeleteCriticalSection
GetCurrentProcess
LocalAlloc
UnhandledExceptionFilter
SetErrorMode
FreeEnvironmentStringsW
lstrcatW
SetStdHandle
GetFileTime
GetCPInfo
LoadLibraryW
GetStringTypeA
GetDiskFreeSpaceW
WriteFile
HeapReAlloc
GetStringTypeW
FreeLibrary
LocalFree
FormatMessageW
GetEnvironmentVariableA
LoadResource
GlobalHandle
FindClose
TlsGetValue
MoveFileW
GetFullPathNameW
GetCurrentThread
SetLastError
InitializeCriticalSection
GlobalFindAtomW
GetModuleFileNameW
HeapAlloc
GetVersionExA
GetModuleFileNameA
GetStringTypeExW
lstrcmpiW
GetVolumeInformationW
InterlockedDecrement
MultiByteToWideChar
GetPrivateProfileStringW
GetModuleHandleA
GlobalAddAtomW
GlobalAddAtomA
SetUnhandledExceptionFilter
MulDiv
SetEnvironmentVariableA
TerminateProcess
GlobalAlloc
LocalFileTimeToFileTime
SetEndOfFile
GetVersion
InterlockedIncrement
HeapFree
EnterCriticalSection
SetHandleCount
lstrcmpiA
GetLastError
GetOEMCP
GetTickCount
IsBadWritePtr
TlsAlloc
FlushFileBuffers
LoadLibraryA
RtlUnwind
GetStartupInfoA
UnlockFile
GetFileSize
GlobalDeleteAtom
GetStartupInfoW
DeleteFileW
GlobalLock
GetPrivateProfileIntW
GetTempFileNameW
CompareStringW
lstrcpyW
GlobalReAlloc
lstrcmpA
GetCurrentThreadId
GetProfileStringA
CompareStringA
FindFirstFileW
DuplicateHandle
GetProcAddress
GetTimeZoneInformation
CreateFileW
GetFileType
TlsSetValue
CreateFileA
ExitProcess
LeaveCriticalSection
GlobalGetAtomNameW
LocalReAlloc
SystemTimeToFileTime
LCMapStringW
GetShortPathNameW
lstrlenA
GlobalFree
LCMapStringA
GetThreadLocale
GetEnvironmentStringsW
GlobalUnlock
LockFile
lstrlenW
FileTimeToLocalFileTime
GetEnvironmentStrings
GetCurrentDirectoryW
LockResource
SetFileTime
GetCommandLineW
WideCharToMultiByte
HeapSize
GetCommandLineA
WritePrivateProfileStringW
lstrcpynW
RaiseException
TlsFree
SetFilePointer
ReadFile
GlobalFlags
CloseHandle
GetACP
GetModuleHandleW
SizeofResource
HeapCreate
FindResourceW
VirtualFree
IsBadReadPtr
GetProcessVersion
FindResourceA
VirtualAlloc
VariantChangeType
VariantTimeToSystemTime
SysStringLen
RegisterTypeLib
SysAllocStringLen
VariantClear
SysAllocString
VariantCopy
LoadTypeLib
SysFreeString
Ord(253)
DragQueryFileW
DragFinish
SHGetFileInfoW
ExtractIconW
SetFocus
GetMessagePos
RedrawWindow
SetMenuItemBitmaps
LoadBitmapW
MoveWindow
DestroyMenu
PostQuitMessage
GetForegroundWindow
SetWindowPos
GetNextDlgTabItem
IsWindow
GrayStringW
EndPaint
GetWindowLongA
WindowFromPoint
GetMessageTime
SetActiveWindow
GetDC
GetCursorPos
MapDialogRect
GetDlgCtrlID
GetClassInfoA
GetMenu
IsDialogMessageW
CharUpperW
SendMessageA
UnregisterClassW
GetClientRect
DrawTextW
SetScrollPos
CallNextHookEx
GetWindowTextLengthA
ClientToScreen
GetTopWindow
CopyAcceleratorTableW
GetWindowTextW
RegisterClipboardFormatW
ExcludeUpdateRgn
GetWindowTextLengthW
LoadAcceleratorsW
ScrollWindow
GetWindowTextA
PtInRect
IsRectEmpty
GetParent
UpdateWindow
SetPropA
GetPropW
EqualRect
ShowScrollBar
GetMessageW
ShowWindow
GetPropA
GetNextDlgGroupItem
SetPropW
ValidateRect
PeekMessageW
GetTabbedTextExtentA
EnableWindow
LockWindowUpdate
GetSystemMenu
GetMenuCheckMarkDimensions
TranslateMessage
IsWindowEnabled
GetWindow
SetParent
RegisterClassW
IsZoomed
GetWindowPlacement
LoadStringW
SetWindowLongW
EnableMenuItem
InvertRect
GetSubMenu
GetDCEx
GetActiveWindow
ShowOwnedPopups
FillRect
CopyRect
DeferWindowPos
IsWindowUnicode
GetClassInfoW
CreateWindowExW
TabbedTextOutW
GetWindowLongW
DestroyWindow
IsChild
MapWindowPoints
RegisterWindowMessageW
BeginPaint
OffsetRect
DefWindowProcW
GetScrollPos
KillTimer
CharNextA
DefWindowProcA
SendDlgItemMessageA
GetSystemMetrics
IsIconic
SetScrollRange
GetWindowRect
InflateRect
SetCapture
ReleaseCapture
IntersectRect
SetWindowLongA
SendDlgItemMessageW
PostMessageW
GetScrollInfo
RemovePropA
CheckMenuItem
DrawFocusRect
GetLastActivePopup
SetWindowTextW
SetTimer
GetDlgItem
RemovePropW
BringWindowToTop
FindWindowW
ScreenToClient
SetWindowsHookExA
PostThreadMessageW
GetMenuItemCount
GetMenuState
SetWindowsHookExW
LoadCursorW
LoadIconW
ReuseDDElParam
GetMenuItemID
InsertMenuW
SetForegroundWindow
GetMenuStringW
CreateDialogIndirectParamW
ReleaseDC
GetScrollRange
EndDialog
HideCaret
SetWindowContextHelpId
GetCapture
MessageBeep
LoadMenuW
ShowCaret
wvsprintfW
GetSysColorBrush
BeginDeferWindowPos
MessageBoxW
SendMessageW
UnhookWindowsHookEx
SetRectEmpty
AppendMenuW
GetWindowDC
DestroyCursor
AdjustWindowRectEx
GetSysColor
SetDlgItemTextW
SetScrollInfo
GetKeyState
EndDeferWindowPos
DestroyIcon
IsWindowVisible
WinHelpW
GetDesktopWindow
UnpackDDElParam
SetCursorPos
SystemParametersInfoW
DispatchMessageW
SetRect
DeleteMenu
InvalidateRect
CharNextW
CallWindowProcW
GetClassNameW
DrawTextA
DefDlgProcA
ModifyMenuW
CallWindowProcA
GetClassNameA
GetFocus
wsprintfW
SetCursor
SetMenu
TranslateAcceleratorW
ClosePrinter
DocumentPropertiesW
OpenPrinterW
GetFileTitleW
CommDlgExtendedError
GetSaveFileNameW
PrintDlgW
GetOpenFileNameW
OleUninitialize
CoTaskMemFree
CoInitialize
OleInitialize
StgCreateDocfileOnILockBytes
OleFlushClipboard
CoUninitialize
CoCreateInstance
CLSIDFromProgID
CoRevokeClassObject
CoFreeUnusedLibraries
CoRegisterMessageFilter
StgOpenStorageOnILockBytes
OleIsCurrentClipboard
CoRegisterClassObject
CoTaskMemAlloc
CLSIDFromString
CreateILockBytesOnHGlobal
CoGetClassObject
OleUIBusyW
Number of PE resources by type
RT_STRING 25
RT_DIALOG 7
RT_BITMAP 5
RT_CURSOR 4
RT_GROUP_CURSOR 2
Struct(240) 2
RT_ACCELERATOR 2
RT_ICON 1
Struct(241) 1
RT_MENU 1
RT_VERSION 1
RT_GROUP_ICON 1
Number of PE resources by language
CHINESE SIMPLIFIED 46
ROMANIAN 2
SPANISH 2
GERMAN AUSTRIAN 1
SPANISH MODERN 1
PE resources
ExifTool file metadata
SubsystemVersion
4.0

LinkerVersion
6.0

ImageVersion
0.0

FileSubtype
0

FileVersionNumber
1.0.0.1

UninitializedDataSize
0

LanguageCode
Italian (Swiss)

FileFlagsMask
0x003f

CharacterSet
Windows, Hebrew

InitializedDataSize
172032

EntryPoint
0xc60c

OriginalFileName
Inhabitants.exe

MIMEType
application/octet-stream

LegalCopyright
Copyright ? 2016

FileVersion
1, 0, 0, 1

TimeStamp
2016:05:29 14:56:05+01:00

FileType
Win32 EXE

PEType
PE32

InternalName
Inhabitants

ProductVersion
1, 0, 0, 1

FileDescription
Inhabitants

OSVersion
4.0

FileOS
Windows NT 32-bit

Subsystem
Windows GUI

MachineType
Intel 386 or later, and compatibles

CodeSize
258048

ProductName
Inhabitants

ProductVersionNumber
1.0.0.1

FileTypeExtension
exe

ObjectFileType
Executable application

Execution parents
Compressed bundles
File identification
MD5 de8517147501bb8972fb16635580f3ba
SHA1 7f806c1ceca11217110c85ffb8ce4d076179b40a
SHA256 d7a3315f872243c28bd95fb75ed3b007821a2dea25f78afd8cbaaca1d853ef4f
ssdeep
6144://Hh9jZTy8hoqfYaSWe3mUrdxtkU9rNgA2rVzTL+Q0D:3Hh9pRpfYaSqUrd7kygAiTn

authentihash ddf8be58b898abd864de2c54e949fa298906b09dc283f4f4138ac92c1f2126a0
imphash cec79a6297290d5daef5ce90f8bec4ed
File size 408.0 KB ( 417792 bytes )
File type Win32 EXE
Magic literal
PE32 executable for MS Windows (GUI) Intel 80386 32-bit

TrID Windows ActiveX control (49.9%)
InstallShield setup (18.4%)
Win32 Executable MS Visual C++ (generic) (13.3%)
Win64 Executable (generic) (11.8%)
Win32 Dynamic Link Library (generic) (2.8%)
Tags
peexe

VirusTotal metadata
First submission 2016-05-29 19:34:39 UTC ( 1 year, 9 months ago )
Last submission 2017-12-06 19:01:57 UTC ( 2 months, 2 weeks ago )
File names sample.exe
@.cmd
flash.exe
Inhabitants
flash.exe
.cmd.exe
7f806c1ceca11217110c85ffb8ce4d076179b40a
Inhabitants.exe
cftmon.exe
76yttt.exe
de8517147501bb8972fb16635580f3ba.exe
@.cmd
No comments. No VirusTotal Community member has commented on this item yet, be the first one to do so!

Leave your comment...

?
Post comment

You have not signed in. Only registered users can leave comments, sign in and have a voice!

No votes. No one has voted on this item yet, be the first one to do so!
Condensed report! The following is a condensed report of the behaviour of the file when executed in a controlled environment. The actions and events described were either performed by the file itself or by any other process launched by the executed file or subjected to code injection by the executed file.
Opened files
Read files
Written files
Created processes
Code injections in the following processes
Opened mutexes
Runtime DLLs
UDP communications