× Cookies are disabled! This site requires cookies to be enabled to work properly
SHA256: dd0cae8415597f4a14a32abea6344e5de5d541f764d24fc213aac04dfd494dc2
File name: tKlBtHnPD3
Detection ratio: 39 / 57
Analysis date: 2016-10-22 01:21:19 UTC ( 2 years, 3 months ago )
Antivirus Result Update
Ad-Aware Trojan.GenericKD.3580492 20161022
AegisLab Troj.Crypt.Zpack!c 20161021
AhnLab-V3 Trojan/Win32.Tuhkit.N2123577284 20161021
ALYac Trojan.GenericKD.3580492 20161022
Arcabit Trojan.Generic.D36A24C 20161021
Avast Win32:Malware-gen 20161022
AVG Crypt6.DWE 20161022
Avira (no cloud) TR/Crypt.ZPACK.glihx 20161022
AVware Trojan.Win32.Generic!BT 20161022
BitDefender Trojan.GenericKD.3580492 20161022
CrowdStrike Falcon (ML) malicious_confidence_96% (W) 20160725
Cyren W32/Trojan.VYSI-1508 20161022
DrWeb Trojan.DownLoader22.58592 20161022
Emsisoft Trojan.GenericKD.3580492 (B) 20161022
ESET-NOD32 a variant of Win32/Kryptik.FHME 20161021
F-Secure Trojan.GenericKD.3580492 20161021
Fortinet W32/Tuhkit.IM!tr 20161022
GData Trojan.GenericKD.3580492 20161022
Ikarus Trojan.Win32.Crypt 20161021
Sophos ML virus.win32.morto.a 20161018
Jiangmin Trojan.Banker.Tuhkit.ck 20161022
K7AntiVirus Trojan ( 004fa0381 ) 20161021
K7GW Trojan ( 004fa0381 ) 20161022
Kaspersky Trojan-Banker.Win32.Tuhkit.im 20161022
McAfee RDN/Generic.sts 20161022
McAfee-GW-Edition RDN/Generic.sts 20161022
Microsoft Trojan:Win32/Dynamer!ac 20161022
eScan Trojan.GenericKD.3580492 20161022
NANO-Antivirus Trojan.Win32.Tuhkit.ehbeof 20161021
Panda Trj/GdSda.A 20161021
Qihoo-360 Win32/Trojan.7e6 20161022
Rising Malware.XPACK-HIE/Heur!1.9C48 (classic) 20161022
Sophos AV Mal/Generic-S 20161021
Symantec Trojan.Gen.2 20161022
Tencent Win32.Trojan-banker.Tuhkit.Lneh 20161022
TrendMicro TROJ_GEN.R00XC0DJ816 20161022
TrendMicro-HouseCall TROJ_GEN.R00XC0DJ816 20161022
VIPRE Trojan.Win32.Generic!BT 20161021
Yandex Trojan.Kryptik!6RXEsQxRs20 20161021
Alibaba 20161021
Antiy-AVL 20161022
Baidu 20161021
Bkav 20161021
CAT-QuickHeal 20161021
ClamAV 20161022
CMC 20161021
Comodo 20161022
F-Prot 20161022
Kingsoft 20161022
Malwarebytes 20161022
nProtect 20161022
SUPERAntiSpyware 20161022
TheHacker 20161020
TotalDefense 20161021
VBA32 20161021
ViRobot 20161021
Zillya 20161021
Zoner 20161021
The file being studied is a Portable Executable file! More specifically, it is a Win32 EXE file for the Windows GUI subsystem.
FileVersionInfo properties
Copyright
Copy right(c) 2014. All rights reserved.

Product Heat yesCl
Original name bes.exe
File version 9, 2, 0, 0
PE header basic information
Target machine Intel 386 or later processors and compatible processors
Compilation timestamp 2007-03-28 16:55:09
Entry Point 0x0002CA63
Number of sections 5
PE sections
PE imports
GetLastError
IsValidCodePage
HeapFree
GetStdHandle
EnterCriticalSection
GetConsoleOutputCP
SetHandleCount
GetLocaleInfoW
LoadLibraryW
GetConsoleCP
HeapDestroy
LCMapStringA
IsDebuggerPresent
HeapAlloc
TlsAlloc
FlushFileBuffers
GetEnvironmentStringsW
GetVersionExA
GetModuleFileNameA
RtlUnwind
LoadLibraryA
FreeEnvironmentStringsA
DeleteCriticalSection
GetCurrentProcess
EnumSystemLocalesA
GetEnvironmentStrings
GetWindowsDirectoryW
GetConsoleMode
HeapSize
GetCurrentProcessId
LCMapStringW
GetCommandLineW
GetCPInfo
UnhandledExceptionFilter
TlsGetValue
MultiByteToWideChar
GetStartupInfoW
FreeEnvironmentStringsW
GetCommandLineA
GetProcAddress
GetStringTypeA
GetProcessHeap
SetStdHandle
SetFilePointer
RaiseException
CloseHandle
WideCharToMultiByte
GetModuleFileNameW
TlsFree
GetModuleHandleA
ReadFile
GetLocaleInfoA
InterlockedExchange
SetUnhandledExceptionFilter
WriteFile
GetStartupInfoA
MulDiv
GetSystemTimeAsFileTime
IsValidLocale
GetACP
HeapReAlloc
GetStringTypeW
GetUserDefaultLCID
GetOEMCP
LocalFree
GetFileType
TerminateProcess
QueryPerformanceCounter
WriteConsoleA
InitializeCriticalSection
HeapCreate
SetLastError
VirtualFree
InterlockedDecrement
Sleep
FormatMessageA
GetTickCount
TlsSetValue
CreateFileA
ExitProcess
GetCurrentThreadId
InterlockedIncrement
VirtualAlloc
WriteConsoleW
LeaveCriticalSection
CoUninitialize
CoInitialize
CoTaskMemAlloc
CoSuspendClassObjects
StgCreateDocfile
CoTaskMemFree
OleCreate
Number of PE resources by type
RT_VERSION 1
Number of PE resources by language
ENGLISH US 1
PE resources
Debug information
ExifTool file metadata
UninitializedDataSize
0

InitializedDataSize
139264

ImageVersion
0.0

ProductName
Heat yesCl

FileVersionNumber
9.2.0.0

LanguageCode
English (U.S.)

FileFlagsMask
0x0000

CharacterSet
Windows, Latin1

LinkerVersion
8.0

FileTypeExtension
exe

OriginalFileName
bes.exe

MIMEType
application/octet-stream

Subsystem
Windows GUI

FileVersion
9, 2, 0, 0

TimeStamp
2007:03:28 17:55:09+01:00

FileType
Win32 EXE

PEType
PE32

ProductVersion
9, 2, 0, 0

SubsystemVersion
4.0

OSVersion
4.0

FileOS
Win32

LegalCopyright
Copy right(c) 2014. All rights reserved.

MachineType
Intel 386 or later, and compatibles

CodeSize
249856

FileSubtype
0

ProductVersionNumber
9.2.0.0

EntryPoint
0x2ca63

ObjectFileType
Executable application

File identification
MD5 a3cb7eabef94cff95b84631c43065da6
SHA1 c9bfb25bab725ea16c57c6d65d6f0088e5f0fec5
SHA256 dd0cae8415597f4a14a32abea6344e5de5d541f764d24fc213aac04dfd494dc2
ssdeep
6144:zDPYwJtAdAXbB3WBGbw9TCdEhQJbm4HlSW8L+:vPNDbB3tWqvZHlG+

authentihash 58ce3952daa6afe71615562155aed8d75e49be17e105dd724aff1a325d5615e5
imphash 6bf44f7c557781d6b35bd7ba7b64bb80
File size 320.0 KB ( 327680 bytes )
File type Win32 EXE
Magic literal
PE32 executable for MS Windows (GUI) Intel 80386 32-bit

TrID Win32 Executable MS Visual C++ (generic) (42.2%)
Win64 Executable (generic) (37.3%)
Win32 Dynamic Link Library (generic) (8.8%)
Win32 Executable (generic) (6.0%)
Generic Win/DOS Executable (2.7%)
Tags
peexe

VirusTotal metadata
First submission 2016-10-06 07:47:11 UTC ( 2 years, 4 months ago )
Last submission 2016-10-22 01:21:19 UTC ( 2 years, 3 months ago )
File names chrome_plugin.exe
tKlBtHnPD3
bes.exe
No comments. No VirusTotal Community member has commented on this item yet, be the first one to do so!

Leave your comment...

?
Post comment

You have not signed in. Only registered users can leave comments, sign in and have a voice!

No votes. No one has voted on this item yet, be the first one to do so!
Condensed report! The following is a condensed report of the behaviour of the file when executed in a controlled environment. The actions and events described were either performed by the file itself or by any other process launched by the executed file or subjected to code injection by the executed file.
Opened files
Read files
Written files
Deleted files
Created processes
Code injections in the following processes
Created mutexes
Opened mutexes
Opened service managers
Opened services
Runtime DLLs
HTTP requests
DNS requests
TCP connections
UDP communications