× Cookies are disabled! This site requires cookies to be enabled to work properly
SHA256: e4d5e6e709321217a8e7d69827f97f12a77df3b3d6dcfb3baa20d75895e03922
File name: 8efdeba44b411aa0afe773760af13d42.virus
Detection ratio: 40 / 56
Analysis date: 2016-11-15 10:20:22 UTC ( 2 years, 3 months ago )
Antivirus Result Update
Ad-Aware Gen:Variant.Razy.98843 20161115
AhnLab-V3 Trojan/Win32.Tuhkit.N2119166177 20161114
ALYac Gen:Variant.Razy.98843 20161115
Antiy-AVL Trojan/Win32.SGeneric 20161115
Arcabit Trojan.Razy.D1821B 20161115
Avast Win32:Malware-gen 20161115
AVG Downloader.Generic14.BFMI 20161115
Avira (no cloud) TR/Crypt.ZPACK.uganr 20161115
AVware Trojan.Win32.Generic!BT 20161115
Baidu Win32.Trojan.WisdomEyes.16070401.9500.9999 20161115
BitDefender Gen:Variant.Razy.98843 20161115
Bkav HW32.Packed.6546 20161112
CrowdStrike Falcon (ML) malicious_confidence_100% (D) 20161024
DrWeb Trojan.Siggen6.58358 20161115
Emsisoft Gen:Variant.Razy.98843 (B) 20161115
ESET-NOD32 Win32/TrojanDownloader.Agent.CFH 20161115
F-Secure Gen:Variant.Razy.98843 20161115
Fortinet W32/Papras.DX!tr.pws 20161115
GData Gen:Variant.Razy.98843 20161115
Ikarus Trojan-Downloader.Win32.Agent 20161115
Sophos ML virus.win32.sality.at 20161018
Jiangmin Trojan.Banker.Tuhkit.de 20161115
K7AntiVirus Trojan-Downloader ( 004e141d1 ) 20161115
K7GW Trojan-Downloader ( 004e141d1 ) 20161115
Kaspersky HEUR:Trojan.Win32.Generic 20161115
Malwarebytes Backdoor.Qadars 20161115
McAfee GenericRXAK-WT!8EFDEBA44B41 20161115
McAfee-GW-Edition BehavesLike.Win32.Backdoor.cc 20161115
Microsoft Trojan:Win32/Dorv.D!rfn 20161115
eScan Gen:Variant.Razy.98843 20161115
NANO-Antivirus Trojan.Win32.Tuhkit.egvydn 20161115
Panda Trj/GdSda.A 20161114
Qihoo-360 HEUR/QVM20.1.0000.Malware.Gen 20161115
Rising Malware.Generic!AU57TSTeRa@2 (thunder) 20161115
Sophos AV Mal/Generic-S 20161115
Symantec Ransom.CryptXXX!g13 20161115
Tencent Win32.Trojan-banker.Tuhkit.Egoz 20161115
TrendMicro-HouseCall Ransom_HPCRYPMIC.SM1 20161115
VIPRE Trojan.Win32.Generic!BT 20161115
Yandex Trojan.PWS.Tuhkit! 20161114
AegisLab 20161115
Alibaba 20161115
CAT-QuickHeal 20161115
ClamAV 20161115
CMC 20161115
Comodo 20161115
Cyren 20161115
F-Prot 20161115
Kingsoft 20161115
nProtect 20161115
SUPERAntiSpyware 20161115
TheHacker 20161115
TotalDefense 20161115
VBA32 20161114
ViRobot 20161115
Zillya 20161114
Zoner 20161115
The file being studied is a Portable Executable file! More specifically, it is a Win32 EXE file for the Windows GUI subsystem.
PE header basic information
Target machine Intel 386 or later processors and compatible processors
Compilation timestamp 2016-04-03 17:15:57
Entry Point 0x000032DE
Number of sections 3
PE sections
PE imports
AzCloseHandle
AzGroupDelete
AzFreeMemory
AzGroupCreate
CAEnumNextCA
CACloseCA
GetMailslotInfo
SetStdHandle
GetFileTime
GetAtomNameA
IsBadStringPtrA
LoadLibraryA
UnmapViewOfFile
FindResourceW
WaitForSingleObject
InterlockedDecrement
GlobalFindAtomA
CreateFileW
GetFullPathNameW
GetTickCount
GetACP
GetProcAddress
GetStringTypeW
GetEnvironmentVariableW
ResetEvent
PathFindExtensionA
PathIsPrefixA
PathIsFileSpecW
StrToIntA
PathGetArgsA
PathFindFileNameA
StrChrA
StrStrW
UrlIsOpaqueA
PathFileExistsA
Number of PE resources by type
KOS 2
RT_MENU 1
Number of PE resources by language
NEUTRAL 3
PE resources
Debug information
ExifTool file metadata
MIMEType
application/octet-stream

Subsystem
Windows GUI

MachineType
Intel 386 or later, and compatibles

TimeStamp
2016:04:03 18:15:57+01:00

FileType
Win32 EXE

PEType
PE32

CodeSize
127488

LinkerVersion
7.1

FileTypeExtension
exe

InitializedDataSize
11264

SubsystemVersion
4.0

EntryPoint
0x32de

OSVersion
5.1

ImageVersion
5.1

UninitializedDataSize
0

File identification
MD5 8efdeba44b411aa0afe773760af13d42
SHA1 16ddd57f677d708dea4e8213c8a161bff81fed79
SHA256 e4d5e6e709321217a8e7d69827f97f12a77df3b3d6dcfb3baa20d75895e03922
ssdeep
3072:yL92kgg0Itn43SClkrsOobsObrsD6rDZQ0OAKYZUoEoooQ:+92kgg0TSod6noPooQ

authentihash abd6d7c04685dbc943d8f1237a7986bbc465985e76f4513388a82c82edbf0491
imphash fd6daba70207955eda8b1ef7ad9a5679
File size 136.5 KB ( 139776 bytes )
File type Win32 EXE
Magic literal
PE32 executable for MS Windows (GUI) Intel 80386 32-bit

TrID Win32 Executable (generic) (52.9%)
Generic Win/DOS Executable (23.5%)
DOS Executable Generic (23.5%)
Tags
peexe

VirusTotal metadata
First submission 2016-11-15 10:20:22 UTC ( 2 years, 3 months ago )
Last submission 2016-11-15 10:20:22 UTC ( 2 years, 3 months ago )
File names 8efdeba44b411aa0afe773760af13d42.virus
No comments. No VirusTotal Community member has commented on this item yet, be the first one to do so!

Leave your comment...

?
Post comment

You have not signed in. Only registered users can leave comments, sign in and have a voice!

No votes. No one has voted on this item yet, be the first one to do so!
Condensed report! The following is a condensed report of the behaviour of the file when executed in a controlled environment. The actions and events described were either performed by the file itself or by any other process launched by the executed file or subjected to code injection by the executed file.
Opened files
Read files
Written files
Deleted files
Created processes
Code injections in the following processes
Created mutexes
Opened mutexes
Opened service managers
Opened services
Runtime DLLs
HTTP requests
DNS requests
TCP connections
UDP communications