× Cookies are disabled! This site requires cookies to be enabled to work properly
SHA256: e549f8a5ed0cb6175284dcb934f26184f69c294d72c79575c170f3e5530a967e
File name: fbfa74122be67cae0972224b4f32283c.virus
Detection ratio: 30 / 59
Analysis date: 2017-03-28 04:50:33 UTC ( 2 years ago )
Antivirus Result Update
Ad-Aware Gen:Variant.Zusy.228881 20170328
AhnLab-V3 PUP/Win32.Helper.C1884923 20170328
ALYac Gen:Variant.Zusy.228881 20170328
Antiy-AVL Trojan[Backdoor]/Win32.Androm 20170328
Arcabit Trojan.Zusy.D37E11 20170328
Avast Win32:Rootkit-gen [Rtk] 20170328
AVG GenericX.1483 20170328
Baidu Win32.Trojan.WisdomEyes.16070401.9500.9999 20170327
BitDefender Gen:Variant.Zusy.228881 20170328
CrowdStrike Falcon (ML) malicious_confidence_89% (D) 20170130
Emsisoft Gen:Variant.Zusy.228881 (B) 20170328
Endgame malicious (high confidence) 20170317
ESET-NOD32 a variant of Win32/Kryptik.FPZP 20170328
F-Secure Gen:Variant.Zusy.228881 20170328
GData Gen:Variant.Zusy.228881 20170328
Sophos ML trojan.win32.swrort.a 20170203
K7AntiVirus Trojan ( 00509b521 ) 20170327
K7GW Trojan ( 00509b521 ) 20170328
Kaspersky Backdoor.Win32.Androm.mvbf 20170327
McAfee GenericRXBD-MX!FBFA74122BE6 20170328
McAfee-GW-Edition Artemis 20170328
eScan Gen:Variant.Zusy.228881 20170328
Palo Alto Networks (Known Signatures) generic.ml 20170328
Panda Trj/Genetic.gen 20170327
Qihoo-360 HEUR/QVM10.1.0AE3.Malware.Gen 20170328
SentinelOne (Static ML) static engine - malicious 20170315
Sophos AV Mal/Generic-S 20170328
Symantec SecurityRisk.gen1 20170327
Tencent Win32.Trojan.Kryptik.Eibq 20170328
ZoneAlarm by Check Point Backdoor.Win32.Androm.mvbf 20170328
AegisLab 20170328
Alibaba 20170328
Avira (no cloud) 20170327
Bkav 20170328
CAT-QuickHeal 20170327
ClamAV 20170327
CMC 20170327
Comodo 20170328
Cyren 20170328
DrWeb 20170327
F-Prot 20170328
Fortinet 20170328
Ikarus 20170327
Jiangmin 20170328
Kingsoft 20170328
Malwarebytes 20170328
Microsoft 20170327
NANO-Antivirus 20170328
nProtect 20170328
Rising 20170328
SUPERAntiSpyware 20170328
Symantec Mobile Insight 20170326
TheHacker 20170327
TotalDefense 20170328
TrendMicro-HouseCall 20170328
Trustlook 20170328
VBA32 20170327
VIPRE 20170328
ViRobot 20170328
WhiteArmor 20170327
Yandex 20170327
Zillya 20170327
Zoner 20170328
The file being studied is a Portable Executable file! More specifically, it is a Win32 EXE file for the Windows GUI subsystem.
PE header basic information
Target machine Intel 386 or later processors and compatible processors
Compilation timestamp 2017-03-26 07:53:22
Entry Point 0x00002082
Number of sections 5
PE sections
PE imports
HeapSize
GetLastError
InitializeCriticalSectionAndSpinCount
HeapFree
IsProcessorFeaturePresent
EnterCriticalSection
LCMapStringW
lstrlenA
lstrcmpiA
GetConsoleCP
FreeLibrary
QueryPerformanceCounter
IsDebuggerPresent
ExitProcess
TlsAlloc
GetEnvironmentStringsW
FlushFileBuffers
GetModuleFileNameA
RtlUnwind
GetStdHandle
DeleteCriticalSection
GetCurrentProcess
GetFileType
GetConsoleMode
GetStringTypeW
GetCurrentProcessId
GetCommandLineW
GetCPInfo
UnhandledExceptionFilter
LoadLibraryExW
MultiByteToWideChar
GetStartupInfoW
SetFilePointerEx
FreeEnvironmentStringsW
GetCommandLineA
GetProcAddress
InitializeSListHead
GetProcessHeap
SetStdHandle
lstrcpyW
RaiseException
WideCharToMultiByte
TlsFree
GetModuleHandleA
lstrcmpA
FindFirstFileExA
SetUnhandledExceptionFilter
lstrcpyA
CloseHandle
GetSystemTimeAsFileTime
lstrcpynA
FindNextFileA
GetACP
HeapReAlloc
DecodePointer
GetModuleHandleW
GetOEMCP
TerminateProcess
GetModuleHandleExW
IsValidCodePage
WriteFile
CreateFileW
CreateEventA
FindClose
TlsGetValue
Sleep
SetLastError
TlsSetValue
HeapAlloc
GetCurrentThreadId
VirtualAlloc
WriteConsoleW
LeaveCriticalSection
StrStrA
StrStrIA
BeginPaint
GetMessageW
DispatchMessageW
TranslateMessage
Debug information
ExifTool file metadata
MIMEType
application/octet-stream

Subsystem
Windows GUI

MachineType
Intel 386 or later, and compatibles

TimeStamp
2017:03:26 08:53:22+01:00

FileType
Win32 EXE

PEType
PE32

CodeSize
47104

LinkerVersion
14.0

FileTypeExtension
exe

InitializedDataSize
262656

SubsystemVersion
5.1

EntryPoint
0x2082

OSVersion
5.1

ImageVersion
0.0

UninitializedDataSize
0

File identification
MD5 fbfa74122be67cae0972224b4f32283c
SHA1 7c02ec87624173a3964e4de95de0ec34d6392d03
SHA256 e549f8a5ed0cb6175284dcb934f26184f69c294d72c79575c170f3e5530a967e
ssdeep
3072:X6kp2pGjWiqasuyK0FVrX5eJwJ0nrQXe/JusfKbAcj8ltXpowwZ7s442Hwtvlbi9:X0aWiqFGsJiiZJen5ljG

authentihash 8590a08d2b78276e8a4132806d45799c0696248844dc1771beb509d1560593d8
imphash 57f7ef5ace9ec0640e7ecbf6fc107e23
File size 303.5 KB ( 310784 bytes )
File type Win32 EXE
Magic literal
PE32 executable for MS Windows (GUI) Intel 80386 32-bit

TrID Win32 Executable MS Visual C++ (generic) (42.2%)
Win64 Executable (generic) (37.3%)
Win32 Dynamic Link Library (generic) (8.8%)
Win32 Executable (generic) (6.0%)
Generic Win/DOS Executable (2.7%)
Tags
peexe

VirusTotal metadata
First submission 2017-03-28 04:50:33 UTC ( 2 years ago )
Last submission 2017-03-28 04:50:33 UTC ( 2 years ago )
File names fbfa74122be67cae0972224b4f32283c.virus
No comments. No VirusTotal Community member has commented on this item yet, be the first one to do so!

Leave your comment...

?
Post comment

You have not signed in. Only registered users can leave comments, sign in and have a voice!

No votes. No one has voted on this item yet, be the first one to do so!
Condensed report! The following is a condensed report of the behaviour of the file when executed in a controlled environment. The actions and events described were either performed by the file itself or by any other process launched by the executed file or subjected to code injection by the executed file.
Created processes
Opened mutexes
Runtime DLLs
DNS requests
UDP communications