× Cookies are disabled! This site requires cookies to be enabled to work properly
VirusTotal
SHA256: e167021237fe8d175a39805271e3cc25e772b4384c4e4325f4785dbe8d783546
File name: 36c845f56dfcd2650dcb14be35ba1f46.virus
Detection ratio: 32 / 57
Analysis date: 2016-05-11 01:06:27 UTC ( 2 years, 9 months ago )
Antivirus Result Update
Ad-Aware Gen:Variant.TeslaCrypt.23 20160511
ALYac Gen:Variant.TeslaCrypt.23 20160511
Antiy-AVL Trojan/Win32.Waldek 20160511
Arcabit Trojan.TeslaCrypt.23 20160511
Avast Win32:Malware-gen 20160511
AVG Crypt5.BFQW 20160511
Avira (no cloud) TR/Crypt.ZPACK.mmwx 20160511
AVware Trojan.Win32.Generic!BT 20160511
BitDefender Gen:Variant.TeslaCrypt.23 20160511
Bkav HW32.Packed.90A9 20160510
Cyren W32/Trojan.QVRO-7344 20160511
Emsisoft Gen:Variant.TeslaCrypt.23 (B) 20160511
ESET-NOD32 a variant of Win32/Kryptik.EWNY 20160510
F-Secure Gen:Variant.TeslaCrypt.23 20160511
Fortinet W32/Waldek.EWNY!tr 20160510
GData Gen:Variant.TeslaCrypt.23 20160510
Ikarus Trojan.Win32.Crypt 20160510
K7AntiVirus Trojan ( 004ee0cc1 ) 20160510
K7GW Trojan ( 004ee0cc1 ) 20160510
Kaspersky Trojan.Win32.Waldek.lqq 20160510
McAfee Artemis!36C845F56DFC 20160510
McAfee-GW-Edition BehavesLike.Win32.PWSZbot.dh 20160510
Microsoft Trojan:Win32/Dynamer!ac 20160510
eScan Gen:Variant.TeslaCrypt.23 20160510
Panda Trj/GdSda.A 20160510
Qihoo-360 QVM07.1.Malware.Gen 20160511
Rising Malware.XPACK-HIE/Heur!1.9C48 20160510
Sophos AV Mal/Generic-S 20160510
SUPERAntiSpyware Trojan.Agent/Gen-Kryptik 20160510
Tencent Win32.Trojan.Waldek.Llrk 20160511
TrendMicro TROJ_GEN.R021C0DEA16 20160510
VIPRE Trojan.Win32.Generic!BT 20160510
AegisLab 20160510
AhnLab-V3 20160510
Alibaba 20160510
Baidu 20160510
Baidu-International 20160510
CAT-QuickHeal 20160510
ClamAV 20160509
CMC 20160510
Comodo 20160511
DrWeb 20160511
F-Prot 20160511
Jiangmin 20160511
Kingsoft 20160511
Malwarebytes 20160510
NANO-Antivirus 20160510
nProtect 20160510
Symantec 20160510
TheHacker 20160510
TotalDefense 20160510
TrendMicro-HouseCall 20160510
VBA32 20160510
ViRobot 20160510
Yandex 20160510
Zillya 20160510
Zoner 20160510
The file being studied is a Portable Executable file! More specifically, it is a Win32 EXE file for the Windows command line subsystem.
PE header basic information
Target machine Intel 386 or later processors and compatible processors
Compilation timestamp 2013-05-26 16:16:57
Entry Point 0x000265C0
Number of sections 4
PE sections
PE imports
[+] COMCTL32.dll
ImageList_GetImageCount
InitializeFlatSB
ImageList_Destroy
ImageList_AddMasked
Ord(8)
ImageList_LoadImageA
ImageList_GetImageInfo
CreatePropertySheetPageW
ImageList_Create
ImageList_Remove
ImageList_SetOverlayImage
Ord(6)
Ord(17)
Ord(16)
FlatSB_SetScrollInfo
ImageList_SetIconSize
ImageList_GetIcon
FlatSB_SetScrollPos
CreatePropertySheetPageA
ImageList_ReplaceIcon
ImageList_Add
[+] MSVCRT.dll
__p__fmode
_longjmpex
_acmdln
fgetc
_adjust_fdiv
__setusermatherr
exit
_XcptFilter
__getmainargs
_initterm
_controlfp
__p__commode
__set_app_type
[+] OLEAUT32.dll
LoadRegTypeLib
VariantChangeType
SafeArrayAccessData
VarUdateFromDate
SysStringLen
SystemTimeToVariantTime
RegisterTypeLib
SysStringByteLen
SafeArrayUnaccessData
VariantClear
SysAllocString
SafeArrayCreate
SysReAllocString
OaBuildVersion
LoadTypeLib
SysFreeString
VariantChangeTypeEx
Number of PE resources by type
RT_DIALOG 9
RT_MENU 7
RT_ACCELERATOR 3
RT_VERSION 1
Number of PE resources by language
ENGLISH AUS 20
PE resources
ExifTool file metadata
UninitializedDataSize
0

InitializedDataSize
196608

ImageVersion
0.0

FileVersionNumber
0.81.218.199

LanguageCode
Neutral

FileFlagsMask
0x003f

FileDescription
Escalation

CharacterSet
Unicode

LinkerVersion
8.0

FileTypeExtension
exe

OriginalFileName
Lavatories.exe

MIMEType
application/octet-stream

Subsystem
Windows command line

FileVersion
85, 236, 66, 15

TimeStamp
2013:05:26 17:16:57+01:00

FileType
Win32 EXE

PEType
PE32

InternalName
Enrolment

ProductVersion
86, 232, 25, 89

SubsystemVersion
4.0

OSVersion
4.0

FileOS
Windows NT 32-bit

LegalCopyright
Copyright 2010

MachineType
Intel 386 or later, and compatibles

CompanyName
Kontiki Inc.

CodeSize
155648

FileSubtype
0

ProductVersionNumber
0.193.10.204

EntryPoint
0x265c0

ObjectFileType
Executable application

File identification
MD5 36c845f56dfcd2650dcb14be35ba1f46
SHA1 08b43bef84060846ce935e7004ffe1154df406b0
SHA256 e167021237fe8d175a39805271e3cc25e772b4384c4e4325f4785dbe8d783546
ssdeep
3072:vOKK1B1KoBh3HxinMWY1VnnmiLEESr73YbDH8AXSQezWUAJWg3uIBeEqLkY3YDZ:v7KH1jFHAnMxgiDS/3Y0k/JWmEEIY

authentihash 3f9f543f5f0edd31f7a3dbbe799a852861cc5c63cfbed8e49beaf27b61778c3e
imphash 4365474cdbc3c837dcdd01f56d61361e
File size 228.0 KB ( 233472 bytes )
File type Win32 EXE
Magic literal
PE32 executable for MS Windows (console) Intel 80386 32-bit

TrID Win64 Executable (generic) (64.6%)
Win32 Dynamic Link Library (generic) (15.3%)
Win32 Executable (generic) (10.5%)
Generic Win/DOS Executable (4.6%)
DOS Executable Generic (4.6%)
Tags
peexe

VirusTotal metadata
First submission 2016-05-11 01:06:27 UTC ( 2 years, 9 months ago )
Last submission 2016-05-11 01:06:27 UTC ( 2 years, 9 months ago )
File names 36c845f56dfcd2650dcb14be35ba1f46.virus
No comments. No VirusTotal Community member has commented on this item yet, be the first one to do so!
More comments

Leave your comment...

?
Post comment

You have not signed in. Only registered users can leave comments, sign in and have a voice!

Sign in Join the community
No votes. No one has voted on this item yet, be the first one to do so!
More votes
Condensed report! The following is a condensed report of the behaviour of the file when executed in a controlled environment. The actions and events described were either performed by the file itself or by any other process launched by the executed file or subjected to code injection by the executed file.
Opened files
Read files
Created mutexes
Opened mutexes
Opened service managers
Runtime DLLs
UDP communications
Blog | Twitter | Contact us | ToS | Privacy policy