× Cookies are disabled! This site requires cookies to be enabled to work properly
SHA256: ded40777eac5bfbb4c7a18108fee9023479ad94ebbe301dfaf31805d7612e8ae
File name: fd05fd03bc0a26e9c2209d43d151c6e9.exe
Detection ratio: 28 / 52
Analysis date: 2016-08-19 11:12:56 UTC ( 2 years, 7 months ago ) View latest
Antivirus Result Update
Ad-Aware Trojan.GenericKD.3476268 20160819
AhnLab-V3 Trojan/Win32.Scar.N2082612901 20160819
Arcabit Trojan.Generic.D350B2C 20160819
AVG Generic_r.MMD 20160819
Avira (no cloud) TR/Crypt.ZPACK.uefz 20160819
AVware Trojan.Win32.Generic!BT 20160819
BitDefender Trojan.GenericKD.3476268 20160819
ClamAV Win.Malware.Agent2021556819/CRDF-1 20160819
Cyren W32/PWS.KCOV-8483 20160819
Emsisoft Trojan.GenericKD.3476268 (B) 20160819
ESET-NOD32 Win32/PSW.Papras.EJ 20160819
F-Secure Trojan.GenericKD.3476268 20160819
Fortinet W32/Malicious_Behavior.VEX 20160819
GData Trojan.GenericKD.3476268 20160819
Ikarus Trojan.Win32.PSW 20160819
K7AntiVirus Password-Stealer ( 004cfc431 ) 20160819
K7GW Password-Stealer ( 004cfc431 ) 20160819
Kaspersky Trojan.Win32.Scar.ovkb 20160819
Malwarebytes Backdoor.Bot 20160819
McAfee RDN/Generic PWS.y 20160819
McAfee-GW-Edition BehavesLike.Win32.PWSZbot.fc 20160819
Microsoft PWS:Win32/Zbot 20160819
Panda Trj/GdSda.A 20160819
Sophos AV Troj/Zbot-LHC 20160819
Symantec Trojan.Snifula.F 20160819
TrendMicro TSPY_URSNIF.YYSVX 20160819
TrendMicro-HouseCall TSPY_URSNIF.YYSVX 20160819
VIPRE Trojan.Win32.Generic!BT 20160819
AegisLab 20160819
Alibaba 20160819
Antiy-AVL 20160819
Avast 20160819
Baidu 20160819
Bkav 20160818
CAT-QuickHeal 20160818
CMC 20160818
Comodo 20160818
DrWeb 20160819
F-Prot 20160819
Jiangmin 20160819
Kingsoft 20160819
NANO-Antivirus 20160819
nProtect 20160817
Qihoo-360 20160819
Rising 20160819
SUPERAntiSpyware 20160819
Tencent 20160819
TheHacker 20160817
TotalDefense 20160819
VBA32 20160819
ViRobot 20160819
Yandex 20160818
Zillya 20160818
Zoner 20160819
The file being studied is a Portable Executable file! More specifically, it is a Win32 EXE file for the Windows GUI subsystem.
FileVersionInfo properties
Copyright
Emsisoft Ltd. Copyright 1995-Present

Product Guatemala
Original name Guatemala.exe
Internal name Guatemala
Description Ebr Widest Spiders
Comments Ebr Widest Spiders
PE header basic information
Target machine Intel 386 or later processors and compatible processors
Compilation timestamp 2016-08-17 16:20:56
Entry Point 0x0000E454
Number of sections 4
PE sections
PE imports
LookupPrivilegeValueA
OpenServiceA
AdjustTokenPrivileges
InitializeAcl
GetSecurityDescriptorLength
SetSecurityDescriptorDacl
CloseServiceHandle
ConvertStringSecurityDescriptorToSecurityDescriptorW
OpenProcessToken
AddAccessAllowedAce
SetServiceObjectSecurity
LookupAccountNameW
SetFileSecurityA
GetTokenInformation
InitiateSystemShutdownA
BuildExplicitAccessWithNameA
IsValidSid
GetSecurityDescriptorDacl
OpenThreadToken
GetLengthSid
IsValidAcl
FreeSid
QueryServiceObjectSecurity
AllocateAndInitializeSid
InitializeSecurityDescriptor
LookupAccountSidA
SetEntriesInAclA
OpenSCManagerA
IsValidSecurityDescriptor
SetGraphicsMode
SetDCBrushColor
SetStretchBltMode
GetDeviceCaps
CreateDCA
DeleteDC
SetDCPenColor
BitBlt
SetTextColor
CreatePatternBrush
GetObjectA
ExtTextOutW
CreateFontA
SetArcDirection
SetTextAlign
CreateCompatibleDC
SetBrushOrgEx
SelectObject
Ellipse
CreateSolidBrush
SetBkColor
CreateCompatibleBitmap
gluBuild2DMipmaps
ImmReleaseContext
ImmGetCompositionStringA
ImmGetConversionStatus
ImmGetContext
ImmGetOpenStatus
GetIpNetTable
GetAdaptersInfo
GetStdHandle
GetConsoleOutputCP
WaitForSingleObject
FreeEnvironmentStringsA
DeleteCriticalSection
GetCurrentProcess
GetConsoleMode
GetLocaleInfoA
FreeEnvironmentStringsW
GetLocaleInfoW
SetStdHandle
GetCPInfo
GetStringTypeA
WriteFile
GetSystemTimeAsFileTime
HeapReAlloc
GetStringTypeW
LocalFree
InterlockedDecrement
OutputDebugStringA
SetLastError
IsDebuggerPresent
ExitProcess
GetModuleFileNameA
EnumSystemLocalesA
UnhandledExceptionFilter
TlsGetValue
MultiByteToWideChar
SetFilePointer
GlobalAddAtomA
SetUnhandledExceptionFilter
MulDiv
TerminateProcess
WriteConsoleA
GlobalAlloc
GetCurrentThreadId
InterlockedIncrement
WriteConsoleW
InitializeCriticalSectionAndSpinCount
HeapFree
EnterCriticalSection
SetHandleCount
lstrcmpiA
GetOEMCP
QueryPerformanceCounter
GetTickCount
TlsAlloc
FlushFileBuffers
LoadLibraryA
RtlUnwind
GetStartupInfoA
GlobalDeleteAtom
GetUserDefaultLCID
GetProcessHeap
IsValidLocale
GetProcAddress
CreateEventA
GetFileType
TlsSetValue
CreateFileA
HeapAlloc
LeaveCriticalSection
GetLastError
LCMapStringW
GlobalFree
GetConsoleCP
LCMapStringA
GetEnvironmentStringsW
GlobalUnlock
GetEnvironmentStrings
GetCurrentProcessId
WideCharToMultiByte
HeapSize
GetConsoleTitleA
GetCommandLineA
GetCurrentThread
lstrcpynW
RaiseException
TlsFree
GetModuleHandleA
ReadFile
SetConsoleTitleA
CloseHandle
GetACP
GlobalLock
GetModuleHandleW
IsValidCodePage
HeapCreate
VirtualFree
Sleep
VirtualAlloc
glTexEnvf
glShadeModel
glEnable
glTexParameterf
glVertex3f
glTexCoord2f
glEnd
glDepthFunc
glBegin
glBindTexture
RpcServerRegisterIfEx
RpcServerUseProtseqEpA
RpcServerListen
SHBindToParent
Ord(155)
SHParseDisplayName
SHGetSpecialFolderLocation
Ord(28)
SHGetDesktopFolder
SHGetMalloc
SHGetDataFromIDListA
StrRetToBufA
SHStrDupW
StrCmpIW
StrChrA
StrRetToBufW
GetUserNameExA
lineSetTollListA
CreateWindowExA
GetForegroundWindow
GetParent
SystemParametersInfoA
GetScrollInfo
BeginPaint
HideCaret
DefWindowProcW
KillTimer
PostQuitMessage
DefWindowProcA
MessageBoxW
LoadBitmapA
SetWindowPos
FindWindowA
SendDlgItemMessageA
GetSystemMetrics
GetClipboardFormatNameA
AppendMenuA
GetWindowRect
DispatchMessageA
EndPaint
UpdateWindow
PostMessageA
SetRectEmpty
MessageBoxA
PeekMessageA
IsWindowEnabled
GetWindow
InvalidateRect
GetSysColor
GetMenuItemID
GetCursorPos
ReleaseDC
UpdateLayeredWindow
CheckMenuItem
LoadStringA
EnumDisplayDevicesA
PtInRect
SendMessageA
LoadStringW
SubtractRect
UnpackDDElParam
GetDlgItem
PackDDElParam
IsWindow
SetRect
CallNextHookEx
EnumPropsA
SetTimer
LoadCursorA
CountClipboardFormats
FreeDDElParam
RegisterClassW
FillRect
OpenClipboard
GetClientRect
GetWindowTextW
CheckDlgButton
GetSysColorBrush
EnumClipboardFormats
CallWindowProcA
GetDC
EnableWindow
CloseClipboard
DestroyWindow
SetCursor
ConnectToPrinterDlg
inet_addr
PropVariantClear
CoTaskMemFree
Number of PE resources by type
RT_STRING 6
RT_DIALOG 3
RT_BITMAP 3
RT_GROUP_CURSOR 2
RT_CURSOR 2
RT_MANIFEST 1
RT_VERSION 1
Number of PE resources by language
ENGLISH US 18
PE resources
ExifTool file metadata
LegalTrademarks
Emsisoft Ltd. Copyright 1995-Present

SubsystemVersion
5.0

Comments
Ebr Widest Spiders

InitializedDataSize
177152

ImageVersion
0.0

ProductName
Guatemala

FileVersionNumber
9.8.5.5

UninitializedDataSize
0

LanguageCode
English (U.S.)

FileFlagsMask
0x003f

ImageFileCharacteristics
No relocs, Executable, 32-bit

CharacterSet
Unicode

LinkerVersion
9.0

PrivateBuild
9.8.5.5

FileTypeExtension
exe

OriginalFileName
Guatemala.exe

MIMEType
application/octet-stream

Subsystem
Windows GUI

TimeStamp
2016:08:17 17:20:56+01:00

FileType
Win32 EXE

PEType
PE32

InternalName
Guatemala

ProductVersion
9.8.5.5

FileDescription
Ebr Widest Spiders

OSVersion
5.0

FileOS
Windows NT 32-bit

LegalCopyright
Emsisoft Ltd. Copyright 1995-Present

MachineType
Intel 386 or later, and compatibles

CompanyName
Emsisoft Ltd.

CodeSize
138240

FileSubtype
0

ProductVersionNumber
9.8.5.5

EntryPoint
0xe454

ObjectFileType
Executable application

Compressed bundles
File identification
MD5 fd05fd03bc0a26e9c2209d43d151c6e9
SHA1 69ab75cb14869fbc77bfe549c64247fbadd6579f
SHA256 ded40777eac5bfbb4c7a18108fee9023479ad94ebbe301dfaf31805d7612e8ae
ssdeep
6144:nejUp982Y3E3QHiAOaY73PmC1LfeY43xrmNwCKLBmnzstWwZl/7:nd982YxHioE+C534BgwCS44ZZ

authentihash e27b5472181e48b4c58c6af73cbc66af37e53927e748196975768f07e3d97674
imphash d0aea03066e94d2599fc0fed6fc0adfb
File size 309.0 KB ( 316416 bytes )
File type Win32 EXE
Magic literal
PE32 executable for MS Windows (GUI) Intel 80386 32-bit

TrID Win32 Executable MS Visual C++ (generic) (41.0%)
Win64 Executable (generic) (36.3%)
Win32 Dynamic Link Library (generic) (8.6%)
Win32 Executable (generic) (5.9%)
OS/2 Executable (generic) (2.6%)
Tags
peexe

VirusTotal metadata
First submission 2016-08-17 19:05:19 UTC ( 2 years, 7 months ago )
Last submission 2018-02-17 20:46:04 UTC ( 1 year, 1 month ago )
File names fd05fd03bc0a26e9c2209d43d151c6e9
BN207E.tmp
VohcIhke.exe
inst3.exe
inst3.exe
inst3.exe
fd05fd03bc0a26e9c2209d43d151c6e9
ded40777eac5bfbb4c7a18108fee9023479ad94ebbe301dfaf31805d7612e8ae_ded40777eac5bfbb_dikxi.vxe
fd05fd03bc0a26e9c2209d43d151c6e9.exe
Guatemala
20161205222542
BN379D.tmp
inst3.exe
Guatemala.exe
inst3.exe
fd05fd03bc0a26e9c2209d43d151c6e9
Advanced heuristic and reputation engines
TrendMicro-HouseCall
TrendMicro's heuristic engine has flagged this file as: Suspicious_GEN.F47V0818.

No comments. No VirusTotal Community member has commented on this item yet, be the first one to do so!

Leave your comment...

?
Post comment

You have not signed in. Only registered users can leave comments, sign in and have a voice!

No votes. No one has voted on this item yet, be the first one to do so!
Condensed report! The following is a condensed report of the behaviour of the file when executed in a controlled environment. The actions and events described were either performed by the file itself or by any other process launched by the executed file or subjected to code injection by the executed file.
Opened files
Read files
Searched windows
Runtime DLLs
UDP communications