× Cookies are disabled! This site requires cookies to be enabled to work properly
SHA256: e6a90e020eb3938699f83a10bd88fdd67440267f30add4f84a0f5d23a75fa1cf
File name: 263365b4b498d1a1be4479225fd81322e05c4557
Detection ratio: 39 / 57
Analysis date: 2016-11-12 12:54:01 UTC ( 2 years, 3 months ago ) View latest
Antivirus Result Update
Ad-Aware Gen:Variant.Razy.103238 20161112
AhnLab-V3 Trojan/Win32.Crypt.N2138640287 20161112
ALYac Gen:Variant.Razy.103238 20161112
Arcabit Trojan.Razy.D19346 20161112
Avast Win32:Malware-gen 20161112
AVG Crypt6.GSJ 20161112
Avira (no cloud) TR/Crypt.ZPACK.wlzag 20161112
AVware Trojan.Win32.Generic!BT 20161112
Baidu Win32.Trojan.Elenoocka.a 20161111
BitDefender Gen:Variant.Razy.103238 20161112
Bkav HW32.Packed.B001 20161112
CrowdStrike Falcon (ML) malicious_confidence_100% (D) 20161024
Cyren W32/Trojan.TTVB-3021 20161112
DrWeb Trojan.DownLoader23.3134 20161112
Emsisoft Gen:Variant.Razy.103238 (B) 20161112
ESET-NOD32 a variant of Win32/Kryptik.FIJT 20161112
F-Secure Gen:Variant.Razy.103238 20161112
Fortinet W32/Kryptik.FILK!tr 20161112
GData Gen:Variant.Razy.103238 20161112
Ikarus Trojan.Win32.Crypt 20161112
Sophos ML virus.win32.sality.at 20161018
K7AntiVirus Trojan ( 004fb7561 ) 20161112
K7GW Trojan ( 004fb7561 ) 20161112
Kaspersky UDS:DangerousObject.Multi.Generic 20161112
Malwarebytes Spyware.PasswordStealer 20161112
McAfee Trojan-FJSV!E288EE71AF62 20161112
McAfee-GW-Edition BehavesLike.Win32.Expiro.dc 20161111
eScan Gen:Variant.Razy.103238 20161112
NANO-Antivirus Trojan.Win32.ZPACK.eiahom 20161112
Panda Trj/GdSda.A 20161112
Qihoo-360 HEUR/QVM20.1.0000.Malware.Gen 20161112
Rising Malware.Generic!2g1g3Cb0KUG@2 (thunder) 20161112
Sophos AV Mal/Generic-S 20161112
Symantec Trojan.Gen 20161112
Tencent Win32.Trojan.Kryptik.Ajbk 20161112
TrendMicro Ransom_HPCRYPMIC.SM1 20161112
TrendMicro-HouseCall TROJ_GEN.R00JH09JP16 20161112
VIPRE Trojan.Win32.Generic!BT 20161112
Yandex Trojan.Kryptik!AOW8yJ/bL8Q 20161111
AegisLab 20161112
Alibaba 20161110
Antiy-AVL 20161112
CAT-QuickHeal 20161111
ClamAV 20161112
CMC 20161112
Comodo 20161112
F-Prot 20161112
Jiangmin 20161112
Kingsoft 20161112
Microsoft 20161112
nProtect 20161112
SUPERAntiSpyware 20161112
TheHacker 20161111
TotalDefense 20161112
VBA32 20161111
ViRobot 20161112
Zillya 20161111
Zoner 20161112
The file being studied is a Portable Executable file! More specifically, it is a Win32 EXE file for the Windows GUI subsystem.
PE header basic information
Target machine Intel 386 or later processors and compatible processors
Compilation timestamp 2015-11-22 05:17:01
Entry Point 0x00003745
Number of sections 3
PE sections
PE imports
ReadConsoleA
GetSystemTime
GetTimeFormatW
GetThreadPriority
GetWindowsDirectoryW
GetStringTypeExW
GetModuleFileNameW
WaitForSingleObject
FindResourceA
InterlockedExchange
GetCurrentDirectoryA
GetCurrentProcess
GetTickCount
GetCurrentThreadId
GetProcAddress
CreateNamedPipeA
LoadLibraryA
ResUtilGetBinaryValue
ClusWorkerTerminate
ResUtilDupString
ClusWorkerCreate
StrStrA
ShellMessageBoxW
StrCmpNW
SHBrowseForFolderA
SHFree
SHUpdateImageA
ExtractIconW
DllUnregisterServer
SHInvokePrinterCommandW
ExtractAssociatedIconW
FindExecutableW
SHQueryRecycleBinA
ShellAboutW
SHGetMalloc
Number of PE resources by type
RT_RCDATA 3
Number of PE resources by language
NEUTRAL 3
PE resources
Debug information
ExifTool file metadata
MIMEType
application/octet-stream

Subsystem
Windows GUI

MachineType
Intel 386 or later, and compatibles

FileTypeExtension
exe

TimeStamp
2015:11:22 06:17:01+01:00

FileType
Win32 EXE

PEType
PE32

CodeSize
220160

LinkerVersion
7.0

EntryPoint
0x3745

InitializedDataSize
7680

SubsystemVersion
4.0

ImageVersion
5.1

OSVersion
5.1

UninitializedDataSize
0

File identification
MD5 e288ee71af6248556d2c1f5fdc060d6d
SHA1 263365b4b498d1a1be4479225fd81322e05c4557
SHA256 e6a90e020eb3938699f83a10bd88fdd67440267f30add4f84a0f5d23a75fa1cf
ssdeep
3072:pHjfLVpMOHgSfOtA72hKF8kmRcYnVFr6MUUzODn8QAiLJ/LJN5UfvHJz4ZNyyTzV:npRbO22hj5fFr6MPKD8zQX5w2l

authentihash b06f467c9697a99954cb16d6d4cfb6b5c7629b3551e6c295bdced530920d75a1
imphash cf808f0261ffc27a038b711c4bedbc8b
File size 223.5 KB ( 228864 bytes )
File type Win32 EXE
Magic literal
PE32 executable for MS Windows (GUI) Intel 80386 32-bit

TrID Win32 Dynamic Link Library (generic) (43.5%)
Win32 Executable (generic) (29.8%)
Generic Win/DOS Executable (13.2%)
DOS Executable Generic (13.2%)
Tags
peexe

VirusTotal metadata
First submission 2016-11-12 12:54:01 UTC ( 2 years, 3 months ago )
Last submission 2016-11-12 12:54:01 UTC ( 2 years, 3 months ago )
No comments. No VirusTotal Community member has commented on this item yet, be the first one to do so!

Leave your comment...

?
Post comment

You have not signed in. Only registered users can leave comments, sign in and have a voice!

No votes. No one has voted on this item yet, be the first one to do so!
Condensed report! The following is a condensed report of the behaviour of the file when executed in a controlled environment. The actions and events described were either performed by the file itself or by any other process launched by the executed file or subjected to code injection by the executed file.
Opened files
Read files
Written files
Copied files
Deleted files
Created processes
Shell commands
Code injections in the following processes
Created mutexes
Opened mutexes
Runtime DLLs
DNS requests
UDP communications