× Cookies are disabled! This site requires cookies to be enabled to work properly
SHA256: e5988a619e6960b4c3174953f25d8004931087dc6cb7ea8e9d7dbfceb089565a
File name: 56d6e7bb5b80e55b2bdffcf192e7c8fb0b69b58b
Detection ratio: 29 / 55
Analysis date: 2014-08-25 20:20:16 UTC ( 4 years, 6 months ago ) View latest
Antivirus Result Update
Ad-Aware Trojan.GenericKD.1820113 20140825
AhnLab-V3 Dropper/Win32.Necurs 20140825
AntiVir TR/Crypt.ZPACK.88586 20140825
Antiy-AVL Trojan[:HEUR]/Win32.AGeneric 20140825
Avast Win32:Dropper-gen [Drp] 20140825
AVG Inject2.ASSL 20140825
AVware Trojan.Win32.Generic!BT 20140825
Baidu-International Trojan.Win32.Injector.bBKNS 20140825
BitDefender Trojan.GenericKD.1820113 20140825
DrWeb Trojan.Siggen6.22730 20140825
Emsisoft Trojan.GenericKD.1820113 (B) 20140825
ESET-NOD32 a variant of Win32/Injector.BKOH 20140825
F-Secure Trojan.GenericKD.1820113 20140825
Fortinet W32/Yakes.FQQK!tr 20140825
GData Trojan.GenericKD.1820113 20140825
Ikarus Trojan-Spy.Agent 20140825
Kaspersky Trojan.Win32.Yakes.fqqk 20140825
Malwarebytes Trojan.AGent.VXGen 20140825
McAfee Dropper-FLN!F82BB31A3A84 20140825
Microsoft PWS:Win32/Zbot 20140825
eScan Trojan.GenericKD.1820113 20140825
NANO-Antivirus Trojan.Win32.Andromeda.dedtbx 20140825
nProtect Trojan.GenericKD.1820113 20140825
Panda Trj/Chgt.D 20140825
Qihoo-360 Win32/Trojan.7e8 20140825
Sophos AV Mal/Wonton-K 20140825
Symantec WS.Reputation.1 20140825
TrendMicro-HouseCall TROJ_GEN.R0C1H07HP14 20140825
VIPRE Trojan.Win32.Generic!BT 20140825
AegisLab 20140825
Yandex 20140825
Bkav 20140821
ByteHero 20140825
CAT-QuickHeal 20140825
ClamAV 20140825
CMC 20140825
Commtouch 20140825
Comodo 20140825
F-Prot 20140825
Jiangmin 20140825
K7AntiVirus 20140825
K7GW 20140825
Kingsoft 20140825
McAfee-GW-Edition 20140825
Norman 20140825
Rising 20140825
SUPERAntiSpyware 20140825
Tencent 20140825
TheHacker 20140822
TotalDefense 20140825
TrendMicro 20140825
VBA32 20140825
ViRobot 20140825
Zillya 20140825
Zoner 20140822
The file being studied is a Portable Executable file! More specifically, it is a Win32 EXE file for the Windows GUI subsystem.
PE header basic information
Target machine Intel 386 or later processors and compatible processors
Compilation timestamp 2014-08-24 10:15:16
Entry Point 0x0001330C
Number of sections 4
PE sections
Overlays
MD5 5f7d68731958cc6bc4c6fa527692cd9e
File type data
Offset 303104
Size 1386
Entropy 7.73
PE imports
GetStdHandle
GetConsoleOutputCP
WaitForSingleObject
HeapDestroy
FreeEnvironmentStringsA
DeleteCriticalSection
GetCurrentProcess
GetConsoleMode
GetLocaleInfoA
FreeEnvironmentStringsW
SetStdHandle
WideCharToMultiByte
GetStringTypeA
WriteFile
GetSystemTimeAsFileTime
HeapReAlloc
GetStringTypeW
ConnectNamedPipe
InitializeCriticalSection
LoadResource
InterlockedDecrement
OutputDebugStringA
SetLastError
HeapAlloc
GetVersionExA
GetModuleFileNameA
LoadLibraryExA
CreateDirectoryExW
UnhandledExceptionFilter
TlsGetValue
MultiByteToWideChar
FlushInstructionCache
GetModuleHandleA
CreateSemaphoreA
CreateThread
CreateSemaphoreW
SetEnvironmentVariableA
TerminateProcess
SetUnhandledExceptionFilter
WriteConsoleA
VirtualQuery
GetCurrentThreadId
LeaveCriticalSection
WriteConsoleW
HeapFree
EnterCriticalSection
SetHandleCount
GetOEMCP
QueryPerformanceCounter
GetTickCount
TlsAlloc
VirtualProtect
FlushFileBuffers
RtlUnwind
GetStartupInfoA
WaitForMultipleObjects
CompareStringW
CompareStringA
GetProcAddress
GetTimeZoneInformation
GetFileType
TlsSetValue
CreateFileA
ExitProcess
InterlockedIncrement
GetLastError
LCMapStringW
GetSystemInfo
GetConsoleCP
LCMapStringA
GetEnvironmentStringsW
GetEnvironmentStrings
GetCurrentProcessId
GetProcessHeaps
GetCPInfo
GetCommandLineA
ReleaseSemaphore
TlsFree
SetFilePointer
CloseHandle
GetACP
GetModuleHandleW
HeapCreate
VirtualFree
Sleep
VirtualAlloc
GetTimeFormatA
Number of PE resources by type
RT_STRING 6
RT_DIALOG 2
RT_BITMAP 1
RT_FONT 1
Number of PE resources by language
NEUTRAL 8
ENGLISH PHILIPPINES 1
ENGLISH US 1
PE resources
ExifTool file metadata
LegalTrademarks
Stretch spider spite gasoline distant

SubsystemVersion
5.0

Comments
Stared steep select worry pen

LinkerVersion
9.0

ImageVersion
0.0

FileSubtype
0

FileVersionNumber
5.67.58.0

LanguageCode
English (U.S.)

FileFlagsMask
0x0000

FileDescription
Eventually atomic swam

CharacterSet
Unicode

InitializedDataSize
167424

FileOS
Win32

EntryPoint
0x1330c

MIMEType
application/octet-stream

LegalCopyright
Copyright (C) Definition driven

FileVersion
5.67.58.0

TimeStamp
2014:08:24 11:15:16+01:00

FileType
Win32 EXE

PEType
PE32

InternalName
Failed.exe

ProductVersion
5.67.58.0

UninitializedDataSize
0

OSVersion
5.0

OriginalFilename
Failed.exe

Subsystem
Windows GUI

MachineType
Intel 386 or later, and compatibles

CompanyName
Numeral naturally Florida

CodeSize
134656

ProductName
Naturally

ProductVersionNumber
5.67.58.0

FileTypeExtension
exe

ObjectFileType
Executable application

File identification
MD5 f82bb31a3a846e5cfa4dc03e3a3c5abd
SHA1 26517b04f4e3387dc13302b2ba29f501c447acd9
SHA256 e5988a619e6960b4c3174953f25d8004931087dc6cb7ea8e9d7dbfceb089565a
ssdeep
6144:oBf9SMLpHYi2B2Hwy2H6ozexKga4dYMypBRekZLly7ZT2Yo:WL4i2o7DMgLwj0kY1Fo

authentihash e0341d331b9623a4710b078b221ca7384ea895cb318a9f773248242a5b1278d4
imphash 913a5f7ac4a435c3e69cc894b443b5f7
File size 297.4 KB ( 304490 bytes )
File type Win32 EXE
Magic literal
PE32 executable for MS Windows (GUI) Intel 80386 32-bit

TrID Win32 Executable MS Visual C++ (generic) (67.3%)
Win32 Dynamic Link Library (generic) (14.2%)
Win32 Executable (generic) (9.7%)
Generic Win/DOS Executable (4.3%)
DOS Executable Generic (4.3%)
Tags
peexe overlay

VirusTotal metadata
First submission 2014-08-25 07:12:45 UTC ( 4 years, 7 months ago )
Last submission 2014-11-02 13:22:04 UTC ( 4 years, 4 months ago )
File names z.exe.malware
z.exe
56d6e7bb5b80e55b2bdffcf192e7c8fb0b69b58b
No comments. No VirusTotal Community member has commented on this item yet, be the first one to do so!

Leave your comment...

?
Post comment

You have not signed in. Only registered users can leave comments, sign in and have a voice!

No votes. No one has voted on this item yet, be the first one to do so!
Condensed report! The following is a condensed report of the behaviour of the file when executed in a controlled environment. The actions and events described were either performed by the file itself or by any other process launched by the executed file or subjected to code injection by the executed file.
Runtime DLLs