× Cookies are disabled! This site requires cookies to be enabled to work properly
SHA256: e30a4b91564cb9a715f7c51ec2190759dde82017455f855e45f538ccb1ebedc4
File name: smoke927235.exe
Detection ratio: 12 / 58
Analysis date: 2017-01-15 15:11:34 UTC ( 2 years, 3 months ago ) View latest
Antivirus Result Update
Avast Win32:Malware-gen 20170115
Bkav W32.FamVT.RazyNHmA.Trojan 20170114
CrowdStrike Falcon (ML) malicious_confidence_100% (W) 20161024
Cyren W32/S-e2e07e9d!Eldorado 20170115
DrWeb Trojan.DownLoader23.32524 20170115
ESET-NOD32 a variant of Win32/GenKryptik.RGG 20170115
F-Prot W32/S-e2e07e9d!Eldorado 20170115
Sophos ML worm.win32.dorkbot.i 20170111
Kaspersky UDS:DangerousObject.Multi.Generic 20170115
McAfee Artemis!BA616CE4EAC4 20170108
McAfee-GW-Edition Trojan-FKQX!BA616CE4EAC4 20170115
Symantec Heur.AdvML.B 20170114
Ad-Aware 20170115
AegisLab 20170114
AhnLab-V3 20170115
Alibaba 20170113
ALYac 20170115
Antiy-AVL 20170115
Arcabit 20170115
AVG 20170115
Avira (no cloud) 20170115
AVware 20170115
Baidu 20170113
BitDefender 20170115
CAT-QuickHeal 20170114
ClamAV 20170115
CMC 20170115
Comodo 20170115
Emsisoft 20170115
F-Secure 20170115
Fortinet 20170115
GData 20170115
Ikarus 20170115
Jiangmin 20170115
K7AntiVirus 20170115
K7GW 20170115
Kingsoft 20170115
Malwarebytes 20170115
Microsoft 20170115
eScan 20170115
NANO-Antivirus 20170115
nProtect 20170115
Panda 20170115
Qihoo-360 20170115
Rising 20170115
Sophos AV 20170115
SUPERAntiSpyware 20170115
Tencent 20170115
TheHacker 20170114
TotalDefense 20170115
TrendMicro 20170115
TrendMicro-HouseCall 20170115
Trustlook 20170115
VBA32 20170113
VIPRE 20170115
ViRobot 20170115
WhiteArmor 20170113
Yandex 20170115
Zillya 20170113
Zoner 20170115
The file being studied is a Portable Executable file! More specifically, it is a Win32 EXE file for the Windows GUI subsystem.
PE header basic information
Target machine Intel 386 or later processors and compatible processors
Compilation timestamp 2017-01-15 13:59:43
Entry Point 0x000035B5
Number of sections 4
PE sections
PE imports
RegOpenKeyExA
RegQueryValueExA
RegCloseKey
GetStdHandle
GetConsoleOutputCP
GetDriveTypeA
HeapDestroy
FreeEnvironmentStringsA
DeleteCriticalSection
GetCurrentProcess
GetConsoleMode
GetLocaleInfoA
FreeEnvironmentStringsW
SetStdHandle
WideCharToMultiByte
GetStringTypeA
WriteFile
GetSystemTimeAsFileTime
HeapReAlloc
GetStringTypeW
GetOEMCP
InitializeCriticalSection
FindClose
TlsGetValue
SetLastError
VerLanguageNameA
InterlockedDecrement
IsDebuggerPresent
ExitProcess
FlushFileBuffers
GetModuleFileNameA
UnhandledExceptionFilter
LoadLibraryExW
MultiByteToWideChar
GetPrivateProfileStringW
GetModuleHandleA
SetUnhandledExceptionFilter
MulDiv
SetEnvironmentVariableA
TerminateProcess
WriteConsoleA
GlobalAlloc
GetVersion
InterlockedIncrement
WriteConsoleW
HeapFree
EnterCriticalSection
SetHandleCount
FreeLibrary
QueryPerformanceCounter
GetTickCount
TlsAlloc
GetVersionExA
LoadLibraryA
RtlUnwind
GetStartupInfoA
CreateDirectoryA
_hread
DeleteFileW
GlobalLock
GetProcessHeap
CompareStringW
FindNextFileW
GetCurrentThreadId
lstrcpyA
CompareStringA
FindFirstFileW
GetProcAddress
GetTimeZoneInformation
GetFileType
TlsSetValue
CreateFileA
HeapAlloc
LeaveCriticalSection
GetLastError
LCMapStringW
lstrlenA
GlobalFree
GetConsoleCP
LCMapStringA
GetEnvironmentStringsW
GlobalUnlock
WinExec
GetEnvironmentStrings
GetCurrentProcessId
GetCPInfo
HeapSize
GetCommandLineA
WritePrivateProfileStringW
RaiseException
TlsFree
SetFilePointer
ReadFile
CloseHandle
lstrcpynA
GetACP
GetModuleHandleW
HeapCreate
VirtualFree
Sleep
VirtualAlloc
GetMessageA
GetParent
DrawTextA
IntersectRect
EndDialog
BeginPaint
DrawIcon
CharNextA
FindWindowA
DefWindowProcA
GetClassInfoA
SetWindowPos
GetSystemMetrics
IsWindow
PostQuitMessage
GetWindowRect
InflateRect
EndPaint
UpdateWindow
PostMessageA
SetRectEmpty
ScreenToClient
MessageBoxA
PeekMessageA
SetWindowLongA
TranslateMessage
DialogBoxParamA
GetWindow
CharUpperA
GetSysColor
GetDC
ReleaseDC
EqualRect
SetWindowTextA
DestroyIcon
GetWindowLongA
ShowWindow
GetWindowPlacement
SendMessageA
SubtractRect
CreateWindowExA
GetDlgItem
CreateDialogParamA
MoveWindow
RegisterClassA
SetRect
InvalidateRect
wsprintfA
GetWindowTextLengthA
SetTimer
LoadCursorA
LoadIconA
RegisterWindowMessageA
FillRect
LoadStringA
GetClientRect
DispatchMessageA
GetClassNameA
GetWindowTextA
GetKeyboardType
IsDialogMessageA
DestroyWindow
Number of PE resources by type
RT_DIALOG 9
RT_RCDATA 1
RT_MANIFEST 1
Number of PE resources by language
ENGLISH US 9
SPANISH GUATEMALA 1
ENGLISH ARABIC QATAR 1
PE resources
ExifTool file metadata
MIMEType
application/octet-stream

Subsystem
Windows GUI

SubsystemVersion
5.0

MachineType
Intel 386 or later, and compatibles

TimeStamp
2017:01:15 14:59:43+01:00

FileType
Win32 EXE

PEType
PE32

CodeSize
70656

LinkerVersion
9.0

FileTypeExtension
exe

InitializedDataSize
220160

ImageFileCharacteristics
No relocs, Executable, 32-bit

EntryPoint
0x35b5

OSVersion
5.0

ImageVersion
0.0

UninitializedDataSize
0

File identification
MD5 ba616ce4eac460d9f4d90c0cc7eb7aa1
SHA1 b945bd49908f8e1a7a3b1d4fc715df371655c5f6
SHA256 e30a4b91564cb9a715f7c51ec2190759dde82017455f855e45f538ccb1ebedc4
ssdeep
6144:2mi9qsrTZOo2g6KvSFmIvg2moKGWqbLwK6H0c:2mzsrTcFZfFmIvgGKGWqbV1

authentihash 0f34df16a617efe44d84a7e1b17680faa7a54f8a75eefa65e0e60400897d447e
imphash 7ec1e3517ba38e2ce99fbe549c415cd1
File size 225.5 KB ( 230912 bytes )
File type Win32 EXE
Magic literal
PE32 executable for MS Windows (GUI) Intel 80386 32-bit

TrID Win32 Executable MS Visual C++ (generic) (41.0%)
Win64 Executable (generic) (36.3%)
Win32 Dynamic Link Library (generic) (8.6%)
Win32 Executable (generic) (5.9%)
OS/2 Executable (generic) (2.6%)
Tags
peexe

VirusTotal metadata
First submission 2017-01-15 14:12:23 UTC ( 2 years, 3 months ago )
Last submission 2017-01-15 14:12:23 UTC ( 2 years, 3 months ago )
File names v9BG4BI25I.xltx
smoke927235.exe
aa
VirusShare_ba616ce4eac460d9f4d90c0cc7eb7aa1
No comments. No VirusTotal Community member has commented on this item yet, be the first one to do so!

Leave your comment...

?
Post comment

You have not signed in. Only registered users can leave comments, sign in and have a voice!

No votes. No one has voted on this item yet, be the first one to do so!
Condensed report! The following is a condensed report of the behaviour of the file when executed in a controlled environment. The actions and events described were either performed by the file itself or by any other process launched by the executed file or subjected to code injection by the executed file.
Opened files
Deleted files
Created processes
Created mutexes
Opened mutexes
Runtime DLLs
Additional details
The file uses the IsDebuggerPresent Windows API function in order to see whether it is being debugged.
UDP communications