× Cookies are disabled! This site requires cookies to be enabled to work properly
SHA256: d7f33b5251f73092599881436d59501534243d5e9620dedb7d5e96afeeb82fb7
File name: 9c4392d6af5095c495e319c2c11a4593.virus
Detection ratio: 55 / 58
Analysis date: 2017-03-01 18:53:33 UTC ( 1 year, 10 months ago )
Antivirus Result Update
Ad-Aware Win32.Neshta.A 20170301
AegisLab W32.Neshta.tn9H 20170301
AhnLab-V3 Win32/Neshta 20170301
ALYac Win32.Neshta.A 20170301
Antiy-AVL Virus/Win32.Neshta.a 20170301
Arcabit Win32.Neshta.A 20170301
Avast Win32:Apanas [Trj] 20170301
AVG SHeur4.AVOB 20170301
Avira (no cloud) W32/Neshta.A 20170301
AVware Virus.Win32.Neshta.a (v) 20170301
Baidu Win32.Virus.Neshta.a 20170301
BitDefender Win32.Neshta.A 20170301
Bkav W32.NeshtaB.PE 20170301
CAT-QuickHeal W32.Neshta.C8 20170301
ClamAV Win.Trojan.Neshuta-1 20170301
CMC Virus.Win32.Neshta!O 20170301
Comodo Win32.Neshta.A 20170301
CrowdStrike Falcon (ML) malicious_confidence_100% (D) 20170130
Cyren W32/HLLP.41472 20170301
DrWeb Win32.HLLP.Neshta 20170301
Emsisoft Win32.Neshta.A (B) 20170301
Endgame malicious (high confidence) 20170222
ESET-NOD32 Win32/Neshta.A 20170301
F-Prot W32/HLLP.41472 20170301
F-Secure Win32.Neshta.A 20170301
Fortinet W32/Neshta.A 20170301
GData Win32.Neshta.A 20170301
Ikarus Virus.Win32.Neshta 20170301
Sophos ML virus.win32.neshta.a 20170203
Jiangmin Virus.Neshta.a 20170301
K7AntiVirus Virus ( 700000131 ) 20170301
K7GW Virus ( 700000131 ) 20170301
Kaspersky Virus.Win32.Neshta.a 20170228
Kingsoft Win32.Neshta.nl.30720 20170301
McAfee W32/HLLP.41472.e 20170301
McAfee-GW-Edition BehavesLike.Win32.HLLP.tc 20170301
Microsoft Virus:Win32/Neshta.A 20170301
eScan Win32.Neshta.A 20170301
NANO-Antivirus Virus.Win32.Neshta.cdby 20170301
nProtect Virus/W32.Neshta 20170301
Panda W32/Neshta.A 20170301
Qihoo-360 Virus.Win32.Neshta.B 20170301
Rising Win32.Netsha.a (classic) 20170301
Sophos AV W32/Bloat-A 20170301
Symantec W32.Neshuta 20170301
Tencent Virus.Win32.Neshta.a 20170301
TheHacker W32/Netshta.gen 20170228
TotalDefense Win32/Neshta.A 20170301
TrendMicro PE_NESHTA.A 20170301
VBA32 Virus.Win32.Neshta.a 20170301
VIPRE Virus.Win32.Neshta.a (v) 20170301
ViRobot Win32.Neshta.Gen.A[h] 20170301
Yandex Win32.Neshta.A 20170225
Zillya Virus.Neshta.Win32.1 20170301
Zoner Win32.Neshta.A 20170301
Alibaba 20170228
Malwarebytes 20170301
SUPERAntiSpyware 20170301
Trustlook 20170301
Webroot 20170301
WhiteArmor 20170222
The file being studied is a Portable Executable file! More specifically, it is a Win32 EXE file for the Windows GUI subsystem.
PE header basic information
Target machine Intel 386 or later processors and compatible processors
Compilation timestamp 1992-06-19 22:22:17
Entry Point 0x000080E4
Number of sections 8
PE sections
Overlays
MD5 46aea6a2e6cb04b9cd7edd4ac3a25c1f
File type data
Offset 41472
Size 9957947
Entropy 8.00
PE imports
RegOpenKeyExA
RegSetValueExA
RegQueryValueExA
RegCloseKey
SetDIBits
GetObjectA
DeleteDC
SelectObject
CreateSolidBrush
GetDIBits
BitBlt
CreateDIBSection
CreateCompatibleDC
DeleteObject
CreateCompatibleBitmap
StretchDIBits
GetLastError
GetStdHandle
EnterCriticalSection
ReleaseMutex
GetFileAttributesA
FreeLibrary
ExitProcess
GetThreadLocale
GetModuleFileNameA
GetFileSize
RtlUnwind
WinExec
DeleteCriticalSection
GetStartupInfoA
GetLocaleInfoA
LocalAlloc
CreateDirectoryA
DeleteFileA
GetWindowsDirectoryA
UnhandledExceptionFilter
GetShortPathNameA
GetCommandLineA
CloseHandle
CreateMutexA
SetFilePointer
GetTempPathA
RaiseException
GetModuleHandleA
ReadFile
WriteFile
FindFirstFileA
FindNextFileA
GetCurrentThreadId
SetFileAttributesA
GetDriveTypeA
LocalFree
GetLogicalDriveStringsA
GetLocalTime
InitializeCriticalSection
VirtualFree
FindClose
TlsGetValue
SetEndOfFile
TlsSetValue
CreateFileA
GetVersion
VirtualAlloc
SetCurrentDirectoryA
LeaveCriticalSection
SysReAllocStringLen
SysFreeString
ExtractIconA
ShellExecuteA
ReleaseDC
GetIconInfo
DestroyIcon
FillRect
MessageBoxA
CharLowerBuffA
GetSysColor
GetKeyboardType
GetDC
CopyImage
Number of PE resources by type
RT_RCDATA 2
RT_ICON 1
RT_GROUP_ICON 1
Number of PE resources by language
RUSSIAN 2
NEUTRAL 2
PE resources
ExifTool file metadata
MIMEType
application/octet-stream

Subsystem
Windows GUI

MachineType
Intel 386 or later, and compatibles

TimeStamp
1992:06:19 23:22:17+01:00

FileType
Win32 EXE

PEType
PE32

CodeSize
29696

LinkerVersion
2.25

FileTypeExtension
exe

InitializedDataSize
10752

SubsystemVersion
4.0

EntryPoint
0x80e4

OSVersion
4.0

ImageVersion
0.0

UninitializedDataSize
0

File identification
MD5 9c4392d6af5095c495e319c2c11a4593
SHA1 aec09b58f76d49b3103a99521fec5e857f17bcbb
SHA256 d7f33b5251f73092599881436d59501534243d5e9620dedb7d5e96afeeb82fb7
ssdeep
196608:iDeeThYhQBg0S6r7/PK5dqlLU4fh6iz7vsSuQe2R9:iDecG+BgPSPIqdhXz4Sxem9

authentihash 29132e6a3e139d40ba1ec9c6c69086b84073051b8b4f5478fdc14989c35ae8eb
imphash 9f4693fc0c511135129493f2161d1e86
File size 9.5 MB ( 9999419 bytes )
File type Win32 EXE
Magic literal
PE32 executable for MS Windows (GUI) Intel 80386 32-bit

TrID Win32 Executable Borland Delphi 7 (69.3%)
Win32 Executable Borland Delphi 6 (27.3%)
Win32 Executable Delphi generic (1.4%)
Win32 Dynamic Link Library (generic) (0.6%)
Win32 Executable (generic) (0.4%)
Tags
peexe overlay

VirusTotal metadata
First submission 2017-03-01 18:53:33 UTC ( 1 year, 10 months ago )
Last submission 2017-03-01 18:53:33 UTC ( 1 year, 10 months ago )
File names 9c4392d6af5095c495e319c2c11a4593.virus
No comments. No VirusTotal Community member has commented on this item yet, be the first one to do so!

Leave your comment...

?
Post comment

You have not signed in. Only registered users can leave comments, sign in and have a voice!

No votes. No one has voted on this item yet, be the first one to do so!
Condensed report! The following is a condensed report of the behaviour of the file when executed in a controlled environment. The actions and events described were either performed by the file itself or by any other process launched by the executed file or subjected to code injection by the executed file.
Opened files
Read files
Written files
Shell commands
Runtime DLLs
UDP communications