× Cookies are disabled! This site requires cookies to be enabled to work properly
SHA256: e81173dd782598a3525c316e17cebe599dd4f60f2d4c8c28b73ddea43245bfb6
File name: 97.exe
Detection ratio: 6 / 54
Analysis date: 2015-12-16 15:04:59 UTC ( 3 years, 5 months ago ) View latest
Antivirus Result Update
Antiy-AVL Trojan/Win32.TSGeneric 20151216
Avast Win32:Evo-gen [Susp] 20151216
Kaspersky UDS:DangerousObject.Multi.Generic 20151216
McAfee-GW-Edition BehavesLike.Win32.PWSZbot.fh 20151216
Qihoo-360 HEUR/QVM10.1.Malware.Gen 20151216
Rising PE:Trojan.Kryptik!1.A31F [F] 20151216
Ad-Aware 20151216
AegisLab 20151216
Yandex 20151214
AhnLab-V3 20151216
Alibaba 20151208
ALYac 20151216
Arcabit 20151216
AVG 20151216
Avira (no cloud) 20151216
AVware 20151216
Baidu-International 20151216
BitDefender 20151216
Bkav 20151215
ByteHero 20151216
CAT-QuickHeal 20151216
ClamAV 20151216
CMC 20151216
Cyren 20151216
DrWeb 20151216
Emsisoft 20151216
ESET-NOD32 20151216
F-Prot 20151216
F-Secure 20151216
Fortinet 20151216
GData 20151216
Ikarus 20151216
Jiangmin 20151216
K7AntiVirus 20151216
K7GW 20151216
Malwarebytes 20151216
McAfee 20151216
Microsoft 20151216
eScan 20151216
NANO-Antivirus 20151216
nProtect 20151216
Panda 20151215
Sophos AV 20151216
SUPERAntiSpyware 20151216
Symantec 20151215
Tencent 20151216
TheHacker 20151215
TrendMicro 20151216
TrendMicro-HouseCall 20151216
VBA32 20151216
VIPRE 20151216
ViRobot 20151216
Zillya 20151216
Zoner 20151216
The file being studied is a Portable Executable file! More specifically, it is a Win32 EXE file for the Windows GUI subsystem.
PE header basic information
Target machine Intel 386 or later processors and compatible processors
Compilation timestamp 2015-12-16 12:21:36
Entry Point 0x0001BA80
Number of sections 4
PE sections
PE imports
RegOpenKeyExA
RegQueryValueExA
RegCloseKey
ImageList_BeginDrag
ImageList_SetBkColor
ImageList_SetDragCursorImage
ImageList_Read
ImageList_GetDragImage
ImageList_Remove
ImageList_DragMove
Ord(17)
ImageList_SetIconSize
ImageList_Write
ImageList_GetImageCount
ImageList_Destroy
ImageList_Draw
ImageList_GetIconSize
ImageList_DragLeave
ImageList_GetBkColor
ImageList_ReplaceIcon
ImageList_DragEnter
ImageList_Add
ImageList_DragShowNolock
ImageList_DrawEx
ImageList_Create
ImageList_EndDrag
GetOpenFileNameA
SetThreadLocale
GetStdHandle
GetConsoleOutputCP
WaitForSingleObject
GetLocalTime
FreeEnvironmentStringsA
DeleteCriticalSection
GetCurrentProcess
GetConsoleMode
GetLocaleInfoA
LocalAlloc
SetErrorMode
FreeEnvironmentStringsW
SetStdHandle
GetCPInfo
GetStringTypeA
WriteFile
GetSystemTimeAsFileTime
GetDiskFreeSpaceA
GetStringTypeW
GetFullPathNameA
SetEvent
LocalFree
ResumeThread
InitializeCriticalSection
LoadResource
GlobalHandle
FindClose
InterlockedDecrement
FormatMessageA
GetStringTypeExA
SetLastError
ReadConsoleInputA
IsDebuggerPresent
HeapAlloc
FlushFileBuffers
GetModuleFileNameA
EnumCalendarInfoA
LoadLibraryExA
UnhandledExceptionFilter
TlsGetValue
MultiByteToWideChar
GetModuleHandleA
CreateThread
GlobalAddAtomA
SetUnhandledExceptionFilter
MulDiv
ExitThread
SetEnvironmentVariableA
TerminateProcess
WriteConsoleA
GlobalAlloc
SetEndOfFile
GetCurrentThreadId
LeaveCriticalSection
WriteConsoleW
InitializeCriticalSectionAndSpinCount
HeapFree
EnterCriticalSection
SetHandleCount
SetConsoleMode
GetOEMCP
QueryPerformanceCounter
GetTickCount
TlsAlloc
GetVersionExA
LoadLibraryA
RtlUnwind
FreeLibrary
GetStartupInfoA
GetDateFormatA
GetFileSize
GlobalDeleteAtom
GetModuleHandleW
GlobalLock
GetConsoleScreenBufferInfo
CompareStringW
GlobalReAlloc
lstrcmpA
FindFirstFileA
lstrcpyA
CompareStringA
CreateFileMappingA
GetProcAddress
GetTimeZoneInformation
CreateEventA
GlobalFindAtomA
GetFileType
TlsSetValue
CreateFileA
ExitProcess
InterlockedIncrement
GetLastError
LCMapStringW
HeapCreate
GetSystemInfo
lstrlenA
GlobalFree
GetConsoleCP
LCMapStringA
HeapReAlloc
GetThreadLocale
GetEnvironmentStringsW
GlobalUnlock
VirtualQuery
GetEnvironmentStrings
GetCurrentProcessId
LockResource
WideCharToMultiByte
HeapSize
GetCommandLineA
RaiseException
MapViewOfFile
TlsFree
SetFilePointer
ReadFile
CloseHandle
GetTimeFormatA
lstrcpynA
GetACP
GetVersion
FreeResource
SizeofResource
IsValidCodePage
UnmapViewOfFile
VirtualFree
Sleep
FindResourceA
VirtualAlloc
ResetEvent
DrawEdge
GetParent
BeginPaint
CreateIcon
DefMDIChildProcA
DestroyMenu
DefWindowProcA
DrawFrameControl
CharLowerA
DispatchMessageA
DrawIcon
CharUpperBuffA
MessageBoxA
ChildWindowFromPoint
DestroyCursor
AdjustWindowRectEx
ActivateKeyboardLayout
CreatePopupMenu
CheckMenuItem
DestroyIcon
LoadStringA
DrawIconEx
DefFrameProcA
DrawMenuBar
CharLowerBuffA
IsIconic
ClientToScreen
DeleteMenu
CallNextHookEx
DrawFocusRect
CreateMenu
CharNextA
CallWindowProcA
CloseClipboard
CharToOemA
GetKeyboardType
DestroyWindow
GetFileVersionInfoSizeA
GetFileVersionInfoA
VerQueryValueA
CoUninitialize
CoCreateInstance
CoInitialize
CoTaskMemAlloc
ExifTool file metadata
MIMEType
application/octet-stream

Subsystem
Windows GUI

SubsystemVersion
5.0

MachineType
Intel 386 or later, and compatibles

TimeStamp
2015:12:16 13:21:36+01:00

FileType
Win32 EXE

PEType
PE32

CodeSize
0

LinkerVersion
9.0

FileTypeExtension
exe

InitializedDataSize
357888

ImageFileCharacteristics
No relocs, Executable, 32-bit

EntryPoint
0x1ba80

OSVersion
5.0

ImageVersion
0.0

UninitializedDataSize
0

File identification
MD5 3999736909019a7e305bc435eb4168fd
SHA1 353a6f158953b41b4e39187d9aca0d60d499056d
SHA256 e81173dd782598a3525c316e17cebe599dd4f60f2d4c8c28b73ddea43245bfb6
ssdeep
6144:ni8zAOSx+mgvGOaLw86ma676uBa9IwBja40qJE1u9DS8odfyS:nFAUmge90qsiwBax1udMz

authentihash 11669eab72aea3490973ea431f6f31974b0c0cc49d514f981f046c437ccc311b
imphash 65aa341e30195446ccb8c54e64aa249b
File size 350.5 KB ( 358912 bytes )
File type Win32 EXE
Magic literal
PE32 executable for MS Windows (GUI) Intel 80386 32-bit

TrID Win32 Executable (generic) (42.7%)
OS/2 Executable (generic) (19.2%)
Generic Win/DOS Executable (18.9%)
DOS Executable Generic (18.9%)
Tags
peexe

VirusTotal metadata
First submission 2015-12-16 14:38:22 UTC ( 3 years, 5 months ago )
Last submission 2018-10-08 03:21:44 UTC ( 7 months, 2 weeks ago )
File names e81173dd782598a3525c316e17cebe599dd4f60f2d4c8c28b73ddea43245bfb6
RMActivate_ssp.exe
97.exe
ysdcsacroic.exe
e81173dd782598a3525c316e17cebe599dd4f60f2d4c8c28b73ddea43245bfb6
localfile~
UDS.DangerousObject.Multi.Generic.bin
97.exe
3999736909019a7e305bc435eb4168fd.exe
97_exe
Advanced heuristic and reputation engines
No comments. No VirusTotal Community member has commented on this item yet, be the first one to do so!

Leave your comment...

?
Post comment

You have not signed in. Only registered users can leave comments, sign in and have a voice!

No votes. No one has voted on this item yet, be the first one to do so!
Condensed report! The following is a condensed report of the behaviour of the file when executed in a controlled environment. The actions and events described were either performed by the file itself or by any other process launched by the executed file or subjected to code injection by the executed file.
Opened files
Read files
Written files
Moved files
Deleted files
Created processes
Shell commands
Created mutexes
Opened mutexes
Opened service managers
Opened services
Runtime DLLs
HTTP requests
DNS requests
TCP connections