× Cookies are disabled! This site requires cookies to be enabled to work properly
SHA256: e4ad3ab675f1e59c3bda98b1a1966018360214b75b82f9a76c752d52afefdf16
File name: 6b4c2656ece4f064f1b67cf3ce657ebeffbbd4e6
Detection ratio: 36 / 56
Analysis date: 2016-10-15 13:23:20 UTC ( 2 years, 4 months ago ) View latest
Antivirus Result Update
Ad-Aware Gen:Variant.Razy.100273 20161015
AhnLab-V3 Backdoor/Win32.Vawtrak.N2129091670 20161015
Antiy-AVL Trojan[Backdoor]/Win32.Vawtrak 20161015
Arcabit Trojan.Razy.D187B1 20161015
Avast Win32:Trojan-gen 20161015
Avira (no cloud) TR/Crypt.ZPACK.lbman 20161015
Baidu Win32.Trojan.WisdomEyes.16070401.9500.9999 20161015
BitDefender Gen:Variant.Razy.100273 20161015
Bkav HW32.Packed.F920 20161015
CrowdStrike Falcon (ML) malicious_confidence_100% (D) 20160725
Cyren W32/Trojan.OVUY-8247 20161015
DrWeb Trojan.PWS.Papras.2354 20161015
Emsisoft Gen:Variant.Razy.100273 (B) 20161015
ESET-NOD32 a variant of Win32/GenKryptik.GWU 20161015
F-Secure Gen:Variant.Razy.100273 20161015
Fortinet W32/Vawtrak.DA!tr.bdr 20161015
GData Gen:Variant.Razy.100273 20161015
Sophos ML ransom.win32.nymaim.f 20160928
K7AntiVirus Riskware ( 0040eff71 ) 20161015
K7GW Riskware ( 0040eff71 ) 20161015
Kaspersky Backdoor.Win32.Vawtrak.da 20161015
Malwarebytes Trojan.Crypt 20161015
McAfee Artemis!8927105AAF53 20161015
McAfee-GW-Edition Artemis 20161015
Microsoft Backdoor:Win32/Vawtrak.E 20161015
eScan Gen:Variant.Razy.100273 20161015
NANO-Antivirus Trojan.Win32.Vawtrak.ehfhbf 20161015
Panda Trj/GdSda.A 20161015
Qihoo-360 HEUR/QVM20.1.0000.Malware.Gen 20161015
Rising Malware.Generic!4MP8ANsi66E@1 (thunder) 20161015
Sophos AV Mal/Generic-S 20161015
Symantec Heur.AdvML.C 20161015
Tencent Win32.Backdoor.Vawtrak.Dztn 20161015
TrendMicro TROJ_GEN.R00JC0DJD16 20161015
TrendMicro-HouseCall TROJ_GEN.R00JC0DJD16 20161015
Yandex Backdoor.Vawtrak! 20161014
AegisLab 20161015
Alibaba 20161014
ALYac 20161015
AVG 20161015
AVware 20161015
CAT-QuickHeal 20161014
ClamAV 20161015
CMC 20161015
Comodo 20161015
F-Prot 20161015
Ikarus 20161015
Jiangmin 20161015
Kingsoft 20161015
nProtect 20161015
SUPERAntiSpyware 20161015
TheHacker 20161014
VBA32 20161014
VIPRE 20161015
ViRobot 20161015
Zillya 20161013
Zoner 20161015
The file being studied is a Portable Executable file! More specifically, it is a Win32 EXE file for the Windows GUI subsystem.
FileVersionInfo properties
Copyright
Copyright (C) 2015 Visicom Media Inc.

Product Anti-phishing Domain Advisor (Powered by Panda Security)
File version 2, 0, 0, 0
Description Anti-phishing Domain Advisor (Powered by Panda Security)
PE header basic information
Target machine Intel 386 or later processors and compatible processors
Compilation timestamp 2014-04-12 22:23:18
Entry Point 0x00002B39
Number of sections 6
PE sections
PE imports
FeClientInitialize
GetStockObject
DitherTo8
SniffStream
CreateMIMEMap
IdentifyMIMEType
GetMaxMIMEIDBytes
CreateToolhelp32Snapshot
GetSystemTime
GetLastError
CreateIoCompletionPort
FreeLibrary
VirtualProtect
IsDebuggerPresent
DebugBreak
CreateTimerQueue
GetFileAttributesW
LoadLibraryA
FoldStringA
ConvertFiberToThread
SetProcessWorkingSetSize
GetCalendarInfoW
CommConfigDialogW
GetLocaleInfoA
GetCurrentProcessId
DebugActiveProcessStop
GetCommProperties
GetDateFormatW
GetLongPathNameA
GetProcAddress
RaiseException
WideCharToMultiByte
MoveFileExW
DebugSetProcessKillOnExit
GetExitCodeThread
InterlockedExchange
GetCurrentProcess
MulDiv
GetCommConfig
MoveFileExA
AddConsoleAliasW
GetFullPathNameA
GetFileAttributesExW
GetProfileIntW
TerminateProcess
LCMapStringA
GetConsoleWindow
RemoveLocalAlternateComputerNameW
GetFileType
CloseHandle
GetDefaultCommConfigA
LocalAlloc
SetLastError
GetTimeFormatA
GetMenuInfo
LoadMenuA
GetShellWindow
GetSystemMetrics
LoadMenuW
CharLowerA
AppendMenuA
RegisterClassExW
GetClassNameA
IsCharAlphaA
AdjustWindowRectEx
GetMenuDefaultItem
GetMenu
GetSubMenu
RegisterClassW
GetClipboardViewer
GetWindowLongA
CreateMenu
GetMenuItemCount
LoadCursorW
IsCharUpperW
GetTopWindow
PostADsPropSheet
ADsPropCheckIfWritable
ADsPropSetHwndWithTitle
IsSheetAlreadyUp
ADsPropSendErrorMessage
ADsPropSetHwnd
CheckTrustEx
GetICifFileFromFile
GetICifRWFileFromFile
CheckForVersionConflict
DownloadFile
TraceDeregisterExA
MprSetupProtocolEnum
TracePutsExW
RouterLogEventValistExW
TraceDeregisterExW
TracePutsExA
TracePrintfA
RouterLogEventExA
LogEventW
RouterLogRegisterW
TraceRegisterExW
TracePrintfW
TraceGetConsoleA
RouterLogEventDataA
RouterLogEventStringW
TraceDumpExW
TracePrintfExW
RouterGetErrorStringA
MprSetupProtocolFree
RouterLogEventStringA
RouterGetErrorStringW
RouterAssert
TraceDeregisterA
Number of PE resources by type
RT_CURSOR 36
RT_GROUP_CURSOR 25
RT_STRING 14
RT_ICON 5
RT_DIALOG 2
RT_BITMAP 2
RT_VERSION 1
RT_GROUP_ICON 1
Number of PE resources by language
ENGLISH US 79
NEUTRAL 7
PE resources
Debug information
ExifTool file metadata
SubsystemVersion
5.0

LinkerVersion
11.0

ImageVersion
0.0

FileSubtype
0

FileVersionNumber
2.0.1.48

UninitializedDataSize
0

LanguageCode
English (U.S.)

FileFlagsMask
0x003f

CharacterSet
Unicode

InitializedDataSize
114688

EntryPoint
0x2b39

MIMEType
application/octet-stream

LegalCopyright
Copyright (C) 2015 Visicom Media Inc.

FileVersion
2, 0, 0, 0

TimeStamp
2014:04:12 23:23:18+01:00

FileType
Win32 EXE

PEType
PE32

ProductVersion
2.0

FileDescription
Anti-phishing Domain Advisor (Powered by Panda Security)

OSVersion
5.0

FileOS
Win32

Subsystem
Windows GUI

MachineType
Intel 386 or later, and compatibles

CompanyName
Visicom Media Inc.

CodeSize
90112

ProductName
Anti-phishing Domain Advisor (Powered by Panda Security)

ProductVersionNumber
2.0.0.0

FileTypeExtension
exe

ObjectFileType
Executable application

File identification
MD5 8927105aaf53fbb0495be81835474d74
SHA1 6b4c2656ece4f064f1b67cf3ce657ebeffbbd4e6
SHA256 e4ad3ab675f1e59c3bda98b1a1966018360214b75b82f9a76c752d52afefdf16
ssdeep
6144:eOo2zaAJmACdvLBJFASHScJcsfU7hhwk:esWA5CdVJHH7U7rw

authentihash 80b715120e8703b033394ea2862777c27466413cc43ed4808ec0174e6b82be1a
imphash db40a13557382696d9f82ef4f9173027
File size 212.0 KB ( 217088 bytes )
File type Win32 EXE
Magic literal
PE32 executable for MS Windows (GUI) Intel 80386 32-bit

TrID Win32 Executable MS Visual C++ (generic) (42.2%)
Win64 Executable (generic) (37.3%)
Win32 Dynamic Link Library (generic) (8.8%)
Win32 Executable (generic) (6.0%)
Generic Win/DOS Executable (2.7%)
Tags
peexe

VirusTotal metadata
First submission 2016-10-15 13:23:20 UTC ( 2 years, 4 months ago )
Last submission 2016-10-15 13:23:20 UTC ( 2 years, 4 months ago )
No comments. No VirusTotal Community member has commented on this item yet, be the first one to do so!

Leave your comment...

?
Post comment

You have not signed in. Only registered users can leave comments, sign in and have a voice!

No votes. No one has voted on this item yet, be the first one to do so!
Condensed report! The following is a condensed report of the behaviour of the file when executed in a controlled environment. The actions and events described were either performed by the file itself or by any other process launched by the executed file or subjected to code injection by the executed file.
Opened files
Read files
Written files
Moved files
Code injections in the following processes
Created mutexes
Runtime DLLs
Additional details
The file uses the IsDebuggerPresent Windows API function in order to see whether it is being debugged.