× Cookies are disabled! This site requires cookies to be enabled to work properly
SHA256: d7bd83b1d90cf748dc7768eb0d5e1c84f71847a0a4997ade51ddeeb134e7ae8f
File name: 389a633aa5958626d84f637b7b2ac71b
Detection ratio: 34 / 57
Analysis date: 2016-04-11 22:03:26 UTC ( 2 years, 10 months ago ) View latest
Antivirus Result Update
Ad-Aware Gen:Variant.Razy.37488 20160411
AegisLab Troj.W32.Gen.ltlT 20160411
AhnLab-V3 Malware/Gen.Generic 20160411
ALYac Gen:Variant.Razy.37488 20160411
Antiy-AVL Trojan/Win32.TSGeneric 20160411
Arcabit Trojan.Razy.D9270 20160411
Avast Win32:Malware-gen 20160411
AVG Crypt5.AVRR 20160411
AVware Trojan.Win32.Generic!BT 20160411
BitDefender Gen:Variant.Razy.37488 20160411
Bkav HW32.Packed.9DB4 20160411
Cyren W32/Trojan.BTSX-0234 20160411
DrWeb Trojan.Inject2.19310 20160411
Emsisoft Gen:Variant.Razy.37488 (B) 20160411
ESET-NOD32 a variant of Win32/Kryptik.ETIW 20160411
F-Prot W32/S-11ee5b68!Eldorado 20160411
F-Secure Gen:Variant.Razy.37488 20160411
Fortinet W32/Dridex.M!tr 20160404
GData Gen:Variant.Razy.37488 20160411
Ikarus Trojan.Win32.Crypt 20160411
Kaspersky HEUR:Trojan.Win32.Generic 20160411
Malwarebytes Trojan.Dridex 20160411
McAfee W32/PinkSbot-BS!389A633AA595 20160411
McAfee-GW-Edition BehavesLike.Win32.Expiro.dc 20160411
Microsoft Backdoor:Win32/Qakbot.T 20160411
eScan Gen:Variant.Razy.37488 20160411
NANO-Antivirus Trojan.Win32.Kryptik.eblpdm 20160411
Panda Trj/GdSda.A 20160411
Qihoo-360 HEUR/QVM20.1.0000.Malware.Gen 20160411
Rising PE:Malware.XPACK-LNR/Heur!1.5594 [F] 20160411
Sophos AV Mal/Qbot-N 20160411
Tencent Win32.Trojan.Kryptik.Llhq 20160411
TrendMicro TROJ_GEN.R00YC0DDB16 20160411
VIPRE Trojan.Win32.Generic!BT 20160411
Alibaba 20160411
Avira (no cloud) 20160411
Baidu 20160411
Baidu-International 20160411
CAT-QuickHeal 20160411
ClamAV 20160408
CMC 20160408
Comodo 20160411
Jiangmin 20160411
K7AntiVirus 20160411
K7GW 20160404
Kingsoft 20160411
nProtect 20160411
SUPERAntiSpyware 20160411
Symantec 20160411
TheHacker 20160411
TotalDefense 20160411
TrendMicro-HouseCall 20160411
VBA32 20160410
ViRobot 20160411
Yandex 20160411
Zillya 20160411
Zoner 20160411
The file being studied is a Portable Executable file! More specifically, it is a Win32 EXE file for the Windows command line subsystem.
PE header basic information
Target machine Intel 386 or later processors and compatible processors
Compilation timestamp 2016-04-06 07:45:51
Entry Point 0x00007150
Number of sections 5
PE sections
PE imports
PlayMetaFileRecord
GdiComment
SelectObject
SetStretchBltMode
CreateBrushIndirect
SetICMProfileA
ExtTextOutA
GetGraphicsMode
SetViewportOrgEx
GetLogColorSpaceW
CreateRoundRectRgn
BeginPath
LineDDA
RealizePalette
SetSystemPaletteUse
StretchDIBits
lstrcatA
lstrlenA
GetModuleFileNameW
CompareStringA
FreeConsole
MprInfoBlockQuerySize
MprAdminIsDomainRasServer
MprAdminInterfaceGetCredentialsEx
MprAdminMIBEntryCreate
MprAdminInterfaceTransportRemove
MprInfoBlockSet
MprAdminMIBServerConnect
MprAdminTransportCreate
RpcBindingToStringBindingA
NdrFullPointerXlatFree
NdrNonConformantStringMarshall
NdrConformantVaryingStructMemorySize
NdrNonEncapsulatedUnionFree
RpcProtseqVectorFreeW
NdrConformantStringMarshall
NdrPointerUnmarshall
RpcNetworkIsProtseqValidA
RpcStringBindingParseA
RpcMgmtEpEltInqBegin
SetupDiGetDeviceInterfaceAlias
SetupDiGetDeviceInstallParamsA
SetupDiOpenDeviceInfoA
SetupCopyErrorA
SetupDiOpenDeviceInterfaceA
SetupGetSourceFileSizeA
SetupDiInstallClassW
SetupScanFileQueueW
SetupDiGetDriverInstallParamsA
SetupQueueCopyA
SetupInitializeFileLogA
EndDeferWindowPos
GetMessageA
GetSystemMetrics
GetWindowModuleFileNameA
AppendMenuA
SendMessageW
PaintDesktop
FillRect
CreateAcceleratorTableW
ModifyMenuW
GetCapture
CascadeWindows
RegisterDeviceNotificationW
GetThreadDesktop
DragDetect
PrintDlgA
CommDlgExtendedError
PageSetupDlgW
PageSetupDlgA
GetOpenFileNameW
SetColorProfileElementReference
CreateColorTransformA
DisassociateColorProfileFromDeviceW
CloseColorProfile
OpenColorProfileA
CreateMultiProfileTransform
GetColorProfileHeader
EnumColorProfilesW
UnregisterCMMW
UninstallColorProfileA
SetColorProfileHeader
GetStandardColorSpaceProfileA
GetNamedProfileInfo
ZwProtectVirtualMemory
NtOpenEvent
RtlGetLongestNtPathLength
ZwQueryInformationThread
NtQueryVolumeInformationFile
LdrDisableThreadCalloutsForDll
NtQueryDirectoryFile
NtSetInformationProcess
NtQueryInformationFile
RtlExtendedLargeIntegerDivide
RtlLargeIntegerSubtract
RtlCopyUnicodeString
RtlNtStatusToDosError
ZwAllocateVirtualMemory
ZwMapViewOfSection
NtQueryInformationProcess
RtlQueryProcessDebugInformation
CoGetInstanceFromFile
MonikerCommonPrefixWith
OleGetAutoConvert
DoDragDrop
CoEnableCallCancellation
STGMEDIUM_UserFree
StgGetIFillLockBytesOnFile
OleSetContainedObject
CoRegisterMallocSpy
StringFromCLSID
CreateOleAdviseHolder
CoGetClassObject
CoRegisterClassObject
HBITMAP_UserFree
StgOpenStorage
CoQueryAuthenticationServices
CoRevertToSelf
StgIsStorageFile
HMENU_UserSize
HDC_UserSize
CoSuspendClassObjects
StgOpenAsyncDocfileOnIFillLockBytes
BindMoniker
PdhComputeCounterStatistics
PdhOpenQueryA
PdhExpandCounterPathW
PdhExpandWildCardPathA
PdhSetCounterScaleFactor
PdhParseCounterPathA
PdhGetFormattedCounterArrayW
PdhUpdateLogW
PdhGetDataSourceTimeRangeW
PdhGetDefaultPerfCounterA
PdhEnumObjectsW
PdhSetDefaultRealTimeDataSource
PdhParseInstanceNameW
PdhParseCounterPathW
PdhValidatePathW
PdhCollectQueryData
ExifTool file metadata
MIMEType
application/octet-stream

Subsystem
Windows command line

MachineType
Intel 386 or later, and compatibles

FileTypeExtension
exe

TimeStamp
2016:04:06 08:45:51+01:00

FileType
Win32 EXE

PEType
PE32

CodeSize
32768

LinkerVersion
6.0

EntryPoint
0x7150

InitializedDataSize
225280

SubsystemVersion
4.0

ImageVersion
0.0

OSVersion
4.0

UninitializedDataSize
0

File identification
MD5 389a633aa5958626d84f637b7b2ac71b
SHA1 4fe8d0e97e94db2468004e0a605d8edc5b9da265
SHA256 d7bd83b1d90cf748dc7768eb0d5e1c84f71847a0a4997ade51ddeeb134e7ae8f
ssdeep
3072:jQ244FNFZmHAOlasRi1ImSwOyMyhTxU/0BRu7jTRySiPdlbN8Oq4Rz2SqPVZPu4y:ck9kH/aWiumSUMyhuVUSiPbrB2SSIJ

authentihash 8c7448300a0da055cb53528a9a6fa1805fd3a2a727928bc0286bff3b0618fcd0
imphash 40a234203b295822bded07c23539f680
File size 256.0 KB ( 262144 bytes )
File type Win32 EXE
Magic literal
PE32 executable for MS Windows (console) Intel 80386 32-bit

TrID Win32 Dynamic Link Library (generic) (43.5%)
Win32 Executable (generic) (29.8%)
Generic Win/DOS Executable (13.2%)
DOS Executable Generic (13.2%)
Tags
peexe

VirusTotal metadata
First submission 2016-04-11 22:03:26 UTC ( 2 years, 10 months ago )
Last submission 2016-04-11 22:03:26 UTC ( 2 years, 10 months ago )
No comments. No VirusTotal Community member has commented on this item yet, be the first one to do so!

Leave your comment...

?
Post comment

You have not signed in. Only registered users can leave comments, sign in and have a voice!

No votes. No one has voted on this item yet, be the first one to do so!
Condensed report! The following is a condensed report of the behaviour of the file when executed in a controlled environment. The actions and events described were either performed by the file itself or by any other process launched by the executed file or subjected to code injection by the executed file.
Opened files
Read files
Written files
Copied files
Deleted files
Created processes
Shell commands
Created mutexes
Opened mutexes
Runtime DLLs
UDP communications