× Cookies are disabled! This site requires cookies to be enabled to work properly
SHA256: e05b676b70171987fec0c21c7b48022b847bb9d8cdfc7bea5f4982e431c7e5fa
File name: e05b676b70171987fec0c21c7b48022b847bb9d8cdfc7bea5f4982e431c7e5fa
Detection ratio: 7 / 57
Analysis date: 2016-05-08 01:07:27 UTC ( 2 years, 10 months ago ) View latest
Antivirus Result Update
Avira (no cloud) TR/Crypt.ZPACK.tizw 20160507
Baidu Win32.Trojan.WisdomEyes.151026.9950.9971 20160506
ESET-NOD32 Win32/TrojanDownloader.Agent.CCA 20160507
Fortinet W32/Agent.CCA!tr.dldr 20160508
Malwarebytes Backdoor.Agent 20160507
Qihoo-360 HEUR/QVM41.1.0000.Malware.Gen 20160508
Sophos AV Mal/Generic-S 20160507
Ad-Aware 20160508
AegisLab 20160507
AhnLab-V3 20160507
Alibaba 20160506
ALYac 20160507
Antiy-AVL 20160508
Arcabit 20160508
Avast 20160508
AVG 20160507
AVware 20160508
Baidu-International 20160507
BitDefender 20160508
Bkav 20160506
CAT-QuickHeal 20160507
ClamAV 20160507
CMC 20160506
Comodo 20160508
Cyren 20160508
DrWeb 20160508
Emsisoft 20160503
F-Prot 20160508
F-Secure 20160508
GData 20160508
Ikarus 20160507
Jiangmin 20160507
K7AntiVirus 20160507
K7GW 20160507
Kaspersky 20160507
Kingsoft 20160508
McAfee 20160507
McAfee-GW-Edition 20160507
Microsoft 20160507
eScan 20160507
NANO-Antivirus 20160507
nProtect 20160504
Panda 20160507
Rising 20160507
SUPERAntiSpyware 20160507
Symantec 20160507
Tencent 20160508
TheHacker 20160507
TotalDefense 20160507
TrendMicro 20160507
TrendMicro-HouseCall 20160507
VBA32 20160505
VIPRE 20160508
ViRobot 20160508
Yandex 20160508
Zillya 20160507
Zoner 20160507
The file being studied is a Portable Executable file! More specifically, it is a Win32 EXE file for the Windows GUI subsystem.
PE header basic information
Target machine Intel 386 or later processors and compatible processors
Compilation timestamp 2016-05-05 21:55:45
Entry Point 0x00007605
Number of sections 5
PE sections
PE imports
CryptDestroyKey
CryptGetUserKey
CryptReleaseContext
RegCloseKey
CryptSignHashA
CryptAcquireContextA
CryptGetHashParam
RegQueryValueExA
CryptExportKey
CryptImportKey
CryptDeriveKey
CryptEncrypt
CryptVerifySignatureA
RegOpenKeyExA
CryptHashData
CryptSetHashParam
CryptDestroyHash
CryptCreateHash
ImageList_ReplaceIcon
CryptFindOIDInfo
GetObjectA
CreateSolidBrush
CreateRectRgn
DeleteDC
SetTextJustification
SetBkMode
GetStockObject
TextOutA
CreateFontIndirectA
GetTextMetricsA
SelectObject
DeleteObject
CombineRgn
BitBlt
CreateCompatibleDC
GetBitmapBits
StretchBlt
SetTextColor
StretchDIBits
GetStdHandle
GetConsoleOutputCP
WaitForSingleObject
GetDriveTypeA
FreeEnvironmentStringsA
DeleteCriticalSection
GetCurrentProcess
GetConsoleMode
GetLocaleInfoA
LocalAlloc
FreeEnvironmentStringsW
SetStdHandle
WideCharToMultiByte
GetStringTypeA
WriteFile
GetSystemTimeAsFileTime
HeapReAlloc
GetStringTypeW
LoadResource
TlsGetValue
FormatMessageA
SetLastError
GetSystemTime
IsDebuggerPresent
ExitProcess
GetModuleFileNameA
UnhandledExceptionFilter
InterlockedDecrement
MultiByteToWideChar
SetFilePointer
SetUnhandledExceptionFilter
TerminateProcess
WriteConsoleA
GetVersion
GetCommState
SetEndOfFile
GetCurrentThreadId
InterlockedIncrement
WriteConsoleW
InitializeCriticalSectionAndSpinCount
HeapFree
EnterCriticalSection
SetHandleCount
lstrcmpiA
GetOEMCP
QueryPerformanceCounter
GetTickCount
TlsAlloc
FlushFileBuffers
LoadLibraryA
RtlUnwind
GetStartupInfoA
GetProcAddress
GetProcessHeap
lstrcpyA
SetCommTimeouts
SetCommState
CreateEventA
GetFileType
TlsSetValue
CreateFileA
HeapAlloc
LeaveCriticalSection
GetLastError
LCMapStringW
lstrlenA
GetConsoleCP
LCMapStringA
GetEnvironmentStringsW
SetupComm
GetEnvironmentStrings
GetCurrentProcessId
LockResource
GetProcessHeaps
GetCPInfo
HeapSize
GetCommandLineA
RaiseException
TlsFree
GetModuleHandleA
ReadFile
CloseHandle
GetACP
GetModuleHandleW
IsValidCodePage
HeapCreate
VirtualFree
Sleep
FindResourceA
VirtualAlloc
WNetAddConnectionA
WNetOpenEnumA
WNetGetConnectionA
Ord(36)
RpcStringBindingComposeA
UuidToStringA
RpcStringFreeA
UuidFromStringA
RpcBindingFromStringBindingA
SHGetFileInfoA
SHGetSpecialFolderLocation
SHGetMalloc
SHGetFolderPathA
StrToIntExA
PathFileExistsA
GetMessageA
GetForegroundWindow
SetWindowRgn
UpdateWindow
EndDialog
PostQuitMessage
RegisterWindowMessageA
DefWindowProcA
CheckMenuRadioItem
LockSetForegroundWindow
SetWindowPos
GetParent
SendDlgItemMessageA
MessageBoxW
DispatchMessageA
EndPaint
MessageBoxA
AppendMenuW
TranslateMessage
GetWindow
GetSysColor
GetDC
RegisterClassExA
GetCursorPos
ReleaseDC
SystemParametersInfoA
BeginPaint
CreatePopupMenu
DestroyIcon
ShowWindow
SendMessageA
GetClientRect
CreateWindowExA
GetDlgItem
SetRect
DeleteMenu
SetTimer
LoadCursorA
LoadIconA
TrackPopupMenu
GetMenuStringA
EnumThreadWindows
LoadImageA
GetSystemMenu
FillRect
SetForegroundWindow
htons
connect
WSAGetLastError
Ord(144)
Number of PE resources by type
RT_DIALOG 6
RT_BITMAP 2
BINRES 1
RT_MANIFEST 1
Number of PE resources by language
ENGLISH US 10
PE resources
Debug information
ExifTool file metadata
MIMEType
application/octet-stream

Subsystem
Windows GUI

MachineType
Intel 386 or later, and compatibles

FileTypeExtension
exe

TimeStamp
2016:05:05 22:55:45+01:00

FileType
Win32 EXE

PEType
PE32

CodeSize
71168

LinkerVersion
9.0

EntryPoint
0x7605

InitializedDataSize
138240

SubsystemVersion
5.0

ImageVersion
0.0

OSVersion
5.0

UninitializedDataSize
0

File identification
MD5 5ea231dd419624298791d0699f226380
SHA1 8e9dd37b799746ae86bd28fe87a7476bf1d5d606
SHA256 e05b676b70171987fec0c21c7b48022b847bb9d8cdfc7bea5f4982e431c7e5fa
ssdeep
3072:1c3Wt7j1sHZ6kvTZHtroQ2MRgR05fGAKQa9ABB22Ru1jIOP:eo7j1sHZ6kJ9UagYnKQgAbNM

authentihash 9818c6f83ee324154adc5f1439a4d0dc7da3e73c8de96ac38106e8691ee8f527
imphash 3bd297c159c0d61a53a0f2c6b25096e1
File size 205.5 KB ( 210432 bytes )
File type Win32 EXE
Magic literal
PE32 executable for MS Windows (GUI) Intel 80386 32-bit

TrID Win32 Executable MS Visual C++ (generic) (67.4%)
Win32 Dynamic Link Library (generic) (14.2%)
Win32 Executable (generic) (9.7%)
Generic Win/DOS Executable (4.3%)
DOS Executable Generic (4.3%)
Tags
peexe

VirusTotal metadata
First submission 2016-05-08 01:07:27 UTC ( 2 years, 10 months ago )
Last submission 2016-05-08 01:07:27 UTC ( 2 years, 10 months ago )
No comments. No VirusTotal Community member has commented on this item yet, be the first one to do so!

Leave your comment...

?
Post comment

You have not signed in. Only registered users can leave comments, sign in and have a voice!

No votes. No one has voted on this item yet, be the first one to do so!
Condensed report! The following is a condensed report of the behaviour of the file when executed in a controlled environment. The actions and events described were either performed by the file itself or by any other process launched by the executed file or subjected to code injection by the executed file.
Opened files
Read files
Created processes
Opened mutexes
Runtime DLLs