× Cookies are disabled! This site requires cookies to be enabled to work properly
SHA256: deea57b2a08c33d451c1dc07b272b0b1e7de9f6601027f82d17bc67f0741dc60
File name: 15.vir
Detection ratio: 30 / 56
Analysis date: 2016-11-16 07:04:18 UTC ( 2 years, 4 months ago )
Antivirus Result Update
Ad-Aware Trojan.GenericKD.3692815 20161116
AegisLab Uds.Dangerousobject.Multi!c 20161116
AhnLab-V3 Trojan/Win32.Locky.R190511 20161116
ALYac Trojan.GenericKD.3692815 20161116
Antiy-AVL Trojan[Backdoor]/Win32.Androm 20161116
Arcabit Trojan.Generic.D38590F 20161116
AVG Ransom_r.AUJ 20161116
AVware LooksLike.Win32.Crowti.b (v) 20161116
BitDefender Trojan.GenericKD.3692815 20161116
CrowdStrike Falcon (ML) malicious_confidence_100% (W) 20161024
DrWeb Trojan.Packed2.39302 20161116
Emsisoft Trojan.GenericKD.3692815 (B) 20161116
ESET-NOD32 a variant of Win32/Injector.DHKD 20161116
F-Secure Trojan.GenericKD.3692815 20161115
Fortinet W32/PWSZbot.FAVD!tr 20161116
GData Trojan.GenericKD.3692815 20161116
Sophos ML virus.win32.sality.at 20161018
Jiangmin Exploit.BypassUAC.bk 20161116
Kaspersky UDS:DangerousObject.Multi.Generic 20161116
Malwarebytes Ransom.Locky 20161116
McAfee PWSZbot-FAVD!40A4C1635D8E 20161116
McAfee-GW-Edition PWSZbot-FAVD!40A4C1635D8E 20161116
Microsoft PWS:Win32/Zbot 20161116
eScan Trojan.GenericKD.3692815 20161116
NANO-Antivirus Trojan.Win32.ZPACK.eihavc 20161115
Panda Trj/Agent.SM 20161115
Qihoo-360 HEUR/QVM07.1.0000.Malware.Gen 20161116
Rising Malware.Generic!TQ1lqjeflDB@5 (thunder) 20161116
Tencent Win32.Trojan.Inject.Auto 20161116
VIPRE LooksLike.Win32.Crowti.b (v) 20161116
Alibaba 20161116
Avast 20161116
Avira (no cloud) 20161116
Baidu 20161116
Bkav 20161112
CAT-QuickHeal 20161116
ClamAV 20161116
CMC 20161116
Comodo 20161116
Cyren 20161116
F-Prot 20161116
Ikarus 20161115
K7AntiVirus 20161116
K7GW 20161116
Kingsoft 20161116
nProtect 20161116
Sophos AV 20161116
SUPERAntiSpyware 20161116
Symantec 20161116
TheHacker 20161115
TrendMicro 20161116
TrendMicro-HouseCall 20161116
VBA32 20161115
ViRobot 20161116
Yandex 20161115
Zillya 20161115
Zoner 20161116
The file being studied is a Portable Executable file! More specifically, it is a Win32 EXE file for the Windows GUI subsystem.
FileVersionInfo properties
Copyright
Copyright (C) 2006

Product Application ChartDemo
Original name ChartDemo.EXE
Internal name ChartDemo
File version 1, 0, 0, 1
Description Application MFC ChartDemo
PE header basic information
Target machine Intel 386 or later processors and compatible processors
Compilation timestamp 2016-11-08 18:21:03
Entry Point 0x00016A42
Number of sections 4
PE sections
Overlays
MD5 e3783ac88e64f08e81257fd322d8dc1b
File type data
Offset 143360
Size 216932
Entropy 8.00
PE imports
Polygon
CreatePen
CreateFontIndirectA
GetTextMetricsA
GetPixel
Rectangle
GetDeviceCaps
DeleteDC
IntersectClipRect
BitBlt
RealizePalette
CreateHatchBrush
GetObjectA
CreatePalette
GetStockObject
ExtTextOutA
SetTextAlign
CreateCompatibleDC
GetTextExtentPoint32A
CreateCompatibleBitmap
CreateSolidBrush
DeleteObject
Ellipse
SetCommBreak
LoadLibraryW
Beep
QueryPerformanceCounter
ExitProcess
FlushFileBuffers
GlobalUnlock
GetModuleFileNameA
GetStartupInfoA
GetEnvironmentStrings
GetLocaleInfoA
DeleteFileW
SetCommTimeouts
GetLocaleInfoW
SetFilePointer
WideCharToMultiByte
GetModuleHandleA
SetEnvironmentVariableA
GlobalMemoryStatus
VirtualQuery
CreateFileA
GetProcessTimes
SetCurrentDirectoryA
Ord(2023)
Ord(1775)
Ord(2358)
Ord(4080)
Ord(2362)
Ord(537)
Ord(4710)
Ord(2414)
Ord(3597)
Ord(2753)
Ord(1641)
Ord(3136)
Ord(3874)
Ord(6375)
Ord(3626)
Ord(755)
Ord(3798)
Ord(6052)
Ord(3259)
Ord(3610)
Ord(4023)
Ord(5290)
Ord(2446)
Ord(2864)
Ord(2985)
Ord(5875)
Ord(4441)
Ord(6366)
Ord(5787)
Ord(809)
Ord(616)
Ord(815)
Ord(641)
Ord(5788)
Ord(2152)
Ord(5277)
Ord(2514)
Ord(4425)
Ord(2554)
Ord(3092)
Ord(567)
Ord(4133)
Ord(4465)
Ord(2578)
Ord(2863)
Ord(5300)
Ord(5199)
Ord(2243)
Ord(818)
Ord(4627)
Ord(1168)
Ord(3738)
Ord(4853)
Ord(5791)
Ord(2982)
Ord(4234)
Ord(825)
Ord(3081)
Ord(4218)
Ord(2581)
Ord(5307)
Ord(2513)
Ord(3574)
Ord(4401)
Ord(4424)
Ord(540)
Ord(3639)
Ord(1134)
Ord(4078)
Ord(3089)
Ord(556)
Ord(6376)
Ord(2294)
Ord(1727)
Ord(823)
Ord(5785)
Ord(2754)
Ord(283)
Ord(2379)
Ord(2725)
Ord(640)
Ord(1776)
Ord(4998)
Ord(4219)
Ord(800)
Ord(656)
Ord(3749)
Ord(2512)
Ord(470)
Ord(4274)
Ord(4224)
Ord(2859)
Ord(2413)
Ord(4079)
Ord(1146)
Ord(3825)
Ord(3147)
Ord(2124)
Ord(5302)
Ord(1233)
Ord(1771)
Ord(4284)
Ord(4398)
Ord(1088)
Ord(3262)
Ord(293)
Ord(1576)
Ord(3573)
Ord(3873)
Ord(4299)
Ord(4353)
Ord(4809)
Ord(2575)
Ord(5065)
Ord(4407)
Ord(4275)
Ord(3663)
Ord(3346)
Ord(3693)
Ord(2411)
Ord(3831)
Ord(289)
Ord(6374)
Ord(5280)
Ord(3742)
Ord(2976)
Ord(323)
Ord(1089)
Ord(4297)
Ord(3922)
Ord(1795)
Ord(2818)
Ord(4160)
Ord(4376)
Ord(472)
Ord(3402)
Ord(3582)
Ord(2621)
Ord(324)
Ord(3692)
Ord(2396)
Ord(3830)
Ord(2122)
Ord(2385)
Ord(4673)
Ord(3619)
Ord(3079)
Ord(4396)
Ord(6334)
Ord(6880)
Ord(2055)
Ord(4837)
Ord(5241)
Ord(2648)
Ord(5714)
Ord(5289)
Ord(4622)
Ord(561)
Ord(5781)
Ord(5261)
Ord(1640)
Ord(2302)
Ord(4486)
Ord(2024)
Ord(2298)
Ord(692)
Ord(5789)
Ord(4698)
Ord(613)
Ord(5163)
Ord(6055)
Ord(6199)
Ord(5265)
Ord(2405)
Ord(609)
Ord(3571)
Ord(5271)
Ord(860)
Ord(5731)
??8std@@YA_NABV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@0@PBD@Z
??0?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@ABV01@@Z
??0?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@ABV?$allocator@D@1@@Z
??4?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEAAV01@PBD@Z
??0?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@PBDABV?$allocator@D@1@@Z
??1?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@XZ
??4?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEAAV01@ABV01@@Z
?c_str@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QBEPBDXZ
_purecall
__p__fmode
__CxxFrameHandler
_ftol
srand
__dllonexit
_controlfp
strlen
_except_handler3
fabs
floor
__p__commode
_onexit
abs
exit
sprintf
pow
__setusermatherr
rand
sin
_XcptFilter
_acmdln
memset
_adjust_fdiv
atoi
__getmainargs
atof
_exit
_setmbcp
log10
strcpy
time
_initterm
strcmp
__set_app_type
RedrawWindow
GetMessagePos
GetParent
DrawEdge
SetClassLongW
OffsetRect
DrawIcon
GetCapture
KillTimer
GetClipboardOwner
DefWindowProcA
DrawFrameControl
GetSystemMetrics
IsWindow
AppendMenuA
GetWindowRect
InflateRect
EnableWindow
SetCapture
ReleaseCapture
PeekMessageA
SetKeyboardState
GetSysColor
SetDlgItemTextW
GetCursorPos
SystemParametersInfoA
GetClassInfoA
CheckMenuItem
SendMessageA
GetClientRect
IsIconic
RegisterClassA
SetRect
InvalidateRect
DrawFocusRect
CreateMenu
LoadIconA
FillRect
ShowCursor
CopyRect
GetWindowTextW
GetSystemMenu
FindWindowW
SetForegroundWindow
PtInRect
Number of PE resources by type
RT_DIALOG 6
RT_ICON 4
Struct(240) 4
RT_STRING 1
RT_VERSION 1
RT_GROUP_ICON 1
Number of PE resources by language
FRENCH 12
NEUTRAL 5
PE resources
ExifTool file metadata
SubsystemVersion
4.0

LinkerVersion
6.0

ImageVersion
0.0

FileSubtype
0

FileVersionNumber
1.0.0.1

UninitializedDataSize
0

LanguageCode
French

FileFlagsMask
0x003f

CharacterSet
Unicode

InitializedDataSize
45056

EntryPoint
0x16a42

OriginalFileName
ChartDemo.EXE

MIMEType
application/octet-stream

LegalCopyright
Copyright (C) 2006

FileVersion
1, 0, 0, 1

TimeStamp
2016:11:08 19:21:03+01:00

FileType
Win32 EXE

PEType
PE32

InternalName
ChartDemo

ProductVersion
1, 0, 0, 1

FileDescription
Application MFC ChartDemo

OSVersion
4.0

FileOS
Win32

Subsystem
Windows GUI

MachineType
Intel 386 or later, and compatibles

CodeSize
94208

ProductName
Application ChartDemo

ProductVersionNumber
1.0.0.1

FileTypeExtension
exe

ObjectFileType
Executable application

File identification
MD5 40a4c1635d8e8d0b276f89f33c380048
SHA1 7d1718150079804669483c19e8215a8217ea7891
SHA256 deea57b2a08c33d451c1dc07b272b0b1e7de9f6601027f82d17bc67f0741dc60
ssdeep
6144:n2IEuykulzJV22A5lmJYNhhnoXfVfOvh0+fHrjoapxRf:VEYuldY2MlmxfEh0+vX/xRf

authentihash 1a4dd96fcc603db110d243fc3710f48001901d51b79eefad1efa2020948f4171
imphash 13699946ac41b20577ff57edd9487d27
File size 351.8 KB ( 360292 bytes )
File type Win32 EXE
Magic literal
PE32 executable for MS Windows (GUI) Intel 80386 32-bit

TrID Win32 Executable MS Visual C++ (generic) (42.2%)
Win64 Executable (generic) (37.3%)
Win32 Dynamic Link Library (generic) (8.8%)
Win32 Executable (generic) (6.0%)
Generic Win/DOS Executable (2.7%)
Tags
peexe overlay

VirusTotal metadata
First submission 2016-11-16 04:41:31 UTC ( 2 years, 4 months ago )
Last submission 2016-11-16 07:04:18 UTC ( 2 years, 4 months ago )
File names 15.vir
ChartDemo
ChartDemo.EXE
No comments. No VirusTotal Community member has commented on this item yet, be the first one to do so!

Leave your comment...

?
Post comment

You have not signed in. Only registered users can leave comments, sign in and have a voice!

No votes. No one has voted on this item yet, be the first one to do so!
Condensed report! The following is a condensed report of the behaviour of the file when executed in a controlled environment. The actions and events described were either performed by the file itself or by any other process launched by the executed file or subjected to code injection by the executed file.
Opened files
Read files
Written files
Created processes
Opened mutexes
Runtime DLLs
UDP communications