× Cookies are disabled! This site requires cookies to be enabled to work properly
SHA256: e0a8e823b446764e2b536e81d3fefaa9a562dd8c0614b3bdb345233de27e216a
File name: c249b13e6c62ef901fecdcd2bab0c33e.virus
Detection ratio: 61 / 61
Analysis date: 2017-06-09 04:51:09 UTC ( 11 months, 2 weeks ago )
Antivirus Result Update
Ad-Aware Generic.PoisonIvy.E993D90A 20170609
AegisLab Packer.W32.Katusha.linF 20170608
AhnLab-V3 Trojan/Win32.Poison.R2018 20170608
ALYac Generic.PoisonIvy.E993D90A 20170609
Arcabit Generic.PoisonIvy.E993D90A 20170609
Avast Win32:Agent-AAGI [Trj] 20170609
AVG Win32:Agent-AAGI [Trj] 20170609
Avira (no cloud) TR/Dropper.Gen 20170608
AVware Backdoor.Win32.Poison.Pg (v) 20170609
Baidu Win32.Backdoor.Poison.a 20170608
BitDefender Generic.PoisonIvy.E993D90A 20170609
Bkav W32.OnlineGameXIUB.Trojan 20170608
CAT-QuickHeal TrojanAPT.Poisonivy.D3 20170608
ClamAV Win.Downloader.24568-1 20170609
CMC Backdoor.Win32.Poison!O 20170608
Comodo Backdoor.Win32.Poison.NAE 20170609
CrowdStrike Falcon (ML) malicious_confidence_100% (W) 20170420
Cyren W32/Agent.G.gen!Eldorado 20170609
DrWeb BackDoor.Poison.686 20170609
Emsisoft Generic.PoisonIvy.E993D90A (B) 20170609
Endgame malicious (high confidence) 20170515
ESET-NOD32 Win32/Poison.NAE 20170609
F-Prot W32/Agent.G.gen!Eldorado 20170609
F-Secure Backdoor:W32/PoisonIvy.GI 20170609
Fortinet W32/Pincav.DS!tr 20170609
GData Generic.PoisonIvy.E993D90A 20170609
Ikarus Virus.Win32.Agent.TZE 20170608
Sophos ML heuristic 20170607
Jiangmin Backdoor/PoisonIvy.jh 20170609
K7AntiVirus Backdoor ( 00199f611 ) 20170608
K7GW Backdoor ( 00199f611 ) 20170609
Kaspersky Backdoor.Win32.Poison.aec 20170609
Kingsoft Win32.Hack.Poison.pg.5844 20170609
Malwarebytes Backdoor.Poison 20170609
McAfee BackDoor-DSS.gen.a 20170609
McAfee-GW-Edition BehavesLike.Win32.Backdoor.lm 20170608
Microsoft Backdoor:Win32/Poison.E 20170609
eScan Generic.PoisonIvy.E993D90A 20170609
NANO-Antivirus Trojan.Win32.Poison.dmikon 20170609
nProtect Backdoor/W32.PoisonIvy.10240.F 20170609
Palo Alto Networks (Known Signatures) generic.ml 20170609
Panda Bck/Poison.E 20170608
Qihoo-360 Backdoor.Win32.PIvy.A 20170609
Rising Hack.Win32.Agent.fb (classic) 20170609
SentinelOne (Static ML) static engine - malicious 20170516
Sophos AV Troj/Keylog-JV 20170609
SUPERAntiSpyware Trojan.Agent/Gen-Poison 20170609
Symantec Trojan!gm 20170609
Tencent Backdoor.Win32.Poison.b 20170609
TheHacker W32/Ivy.gen 20170607
TotalDefense Win32/SillyDl.DQU 20170609
TrendMicro BKDR_POISON.SMP 20170609
TrendMicro-HouseCall BKDR_POISON.SMP 20170609
VBA32 Backdoor.Win32.Hupigon.dguz 20170608
VIPRE Backdoor.Win32.Poison.Pg (v) 20170609
ViRobot Backdoor.Win32.Poison.8704.M[h] 20170609
Webroot W32.Backdoor.Poisonivy 20170609
Yandex Trojan.DL.CKSPost.Gen 20170608
Zillya Backdoor.Poison.Win32.42544 20170608
ZoneAlarm by Check Point Backdoor.Win32.Poison.aec 20170609
Zoner Trojan.Poison.NAE 20170609
Alibaba 20170609
Symantec Mobile Insight 20170608
Trustlook 20170609
WhiteArmor 20170608
The file being studied is a Portable Executable file! More specifically, it is a Win32 EXE file for the Windows GUI subsystem.
Packers identified
F-PROT PENinja
PE header basic information
Target machine Intel 386 or later processors and compatible processors
Compilation timestamp 2008-01-06 14:51:31
Entry Point 0x00000208
Number of sections 2
PE sections
PE imports
ExitProcess
ExifTool file metadata
MIMEType
application/octet-stream

Subsystem
Windows GUI

MachineType
Intel 386 or later, and compatibles

TimeStamp
2008:01:06 15:51:31+01:00

FileType
Win32 EXE

PEType
PE32

CodeSize
512

LinkerVersion
5.12

FileTypeExtension
exe

InitializedDataSize
9216

SubsystemVersion
4.0

EntryPoint
0x0208

OSVersion
4.0

ImageVersion
4.0

UninitializedDataSize
0

File identification
MD5 c249b13e6c62ef901fecdcd2bab0c33e
SHA1 2ab05cdf360ce89984609c921b6b5e46d7212483
SHA256 e0a8e823b446764e2b536e81d3fefaa9a562dd8c0614b3bdb345233de27e216a
ssdeep
192:uJGc1Zl2+VAfNxl1THs6xgzgVGjPlRZkRL766nQAlKhFo22Xs6Z0:uJGcMJxDTHfRmDkJHc6

authentihash 4c5a2a5e4a87b5ae6eec5447458522ad8e56a193c9a30c9751dc03fb71bc2d5d
imphash f9ade0aa18f660a34a4fa23392e21838
File size 10.0 KB ( 10240 bytes )
File type Win32 EXE
Magic literal
PE32 executable for MS Windows (GUI) Intel 80386 32-bit

TrID Win32 Dynamic Link Library (generic) (43.5%)
Win32 Executable (generic) (29.8%)
Generic Win/DOS Executable (13.2%)
DOS Executable Generic (13.2%)
Tags
peexe

VirusTotal metadata
First submission 2017-06-08 19:08:31 UTC ( 11 months, 2 weeks ago )
Last submission 2017-06-08 19:08:31 UTC ( 11 months, 2 weeks ago )
File names c249b13e6c62ef901fecdcd2bab0c33e.virus
No comments. No VirusTotal Community member has commented on this item yet, be the first one to do so!

Leave your comment...

?
Post comment

You have not signed in. Only registered users can leave comments, sign in and have a voice!

No votes. No one has voted on this item yet, be the first one to do so!
Condensed report! The following is a condensed report of the behaviour of the file when executed in a controlled environment. The actions and events described were either performed by the file itself or by any other process launched by the executed file or subjected to code injection by the executed file.
Opened files
Read files
Written files
Deleted files
Created processes
Code injections in the following processes
Created mutexes
Hooking activity
Runtime DLLs
Additional details
The file installs an application-defined hook procedure into a hook chain. You would install a hook procedure to monitor the system for certain types of events. These events are associated either with a specific thread or with all threads in the same desktop as the calling thread. This is done making use of the SetWindowsHook Windows API function.