× Cookies are disabled! This site requires cookies to be enabled to work properly
SHA256: eb00dbc56a00e358001c10a59dbccfcfa140843ebae551ca81665027820ea613
File name: f5b323a06e35dc2c6fdd2b5d8c8d086e.virus
Detection ratio: 32 / 60
Analysis date: 2017-03-12 03:00:39 UTC ( 3 months, 2 weeks ago )
Antivirus Result Update
Ad-Aware Gen:Variant.Razy.146501 20170312
AhnLab-V3 Spyware/Win32.Zbot.R29513 20170311
ALYac Gen:Variant.Razy.146501 20170311
Arcabit Trojan.Razy.D23C45 20170312
Avast Win32:Malware-gen 20170312
AVG MSIL11.AEDA 20170312
Avira (no cloud) TR/AD.Fareit.emhqc 20170311
Baidu Win32.Trojan.WisdomEyes.16070401.9500.9999 20170311
BitDefender Gen:Variant.Razy.146501 20170312
CrowdStrike Falcon (ML) malicious_confidence_100% (D) 20170130
Cyren W32/GenBl.F5B323A0!Olympus 20170312
Emsisoft Gen:Variant.Razy.146501 (B) 20170312
Endgame malicious (high confidence) 20170222
ESET-NOD32 a variant of MSIL/Injector.RLQ 20170311
F-Secure Gen:Variant.Razy.146501 20170312
Fortinet MSIL/Injector.RLQ!tr 20170311
GData Gen:Variant.Razy.146501 20170312
Invincea trojan.win32.skeeyah.a!rfn 20170203
Kaspersky HEUR:Trojan.Win32.Generic 20170311
Malwarebytes Trojan.Agent.Gen 20170311
McAfee Artemis!F5B323A06E35 20170311
McAfee-GW-Edition BehavesLike.Win32.Backdoor.gc 20170312
eScan Gen:Variant.Razy.146501 20170312
Panda Trj/GdSda.A 20170311
Qihoo-360 HEUR/QVM03.0.0000.Malware.Gen 20170312
Sophos Mal/Generic-S 20170312
Symantec Trojan.Gen.2 20170311
Tencent Win32.Trojan.Inject.Auto 20170312
TrendMicro TROJ_GEN.R0E9C0VCB17 20170312
TrendMicro-HouseCall TROJ_GEN.R0E9C0VCB17 20170312
VIPRE Trojan.Win32.Generic!BT 20170312
ZoneAlarm by Check Point HEUR:Trojan.Win32.Generic 20170312
AegisLab 20170312
Alibaba 20170228
Antiy-AVL 20170312
Bkav 20170311
CAT-QuickHeal 20170311
ClamAV 20170311
CMC 20170311
Comodo 20170312
DrWeb 20170312
F-Prot 20170312
Ikarus 20170311
Jiangmin 20170312
K7AntiVirus 20170311
K7GW 20170311
Kingsoft 20170312
Microsoft 20170311
NANO-Antivirus 20170312
nProtect 20170312
Palo Alto Networks (Known Signatures) 20170312
Rising 20170312
SUPERAntiSpyware 20170311
TheHacker 20170311
TotalDefense 20170311
Trustlook 20170312
VBA32 20170310
ViRobot 20170311
Webroot 20170312
Yandex 20170311
Zillya 20170310
Zoner 20170312
The file being studied is a Portable Executable file! More specifically, it is a Win32 EXE file for the Windows GUI subsystem.
FileVersionInfo properties
Copyright

Original name cryp 22.exe
Internal name cryp 22.exe
File version 0.0.0.0
Description
PE header basic information
Target machine Intel 386 or later processors and compatible processors
Compilation timestamp 2017-03-09 02:23:56
Entry Point 0x0004CCFE
Number of sections 3
.NET details
Module Version ID d0cb6a7d-0da6-4ea0-a9c4-75dd28c37b2d
PE sections
PE imports
_CorExeMain
Number of PE resources by type
RT_ICON 1
RT_VERSION 1
RT_GROUP_ICON 1
Number of PE resources by language
NEUTRAL 3
PE resources
ExifTool file metadata
UninitializedDataSize
0

InitializedDataSize
104448

ImageVersion
0.0

FileVersionNumber
0.0.0.0

LanguageCode
Neutral

FileFlagsMask
0x003f

CharacterSet
Unicode

LinkerVersion
8.0

FileTypeExtension
exe

OriginalFileName
cryp 22.exe

MIMEType
application/octet-stream

FileVersion
0.0.0.0

TimeStamp
2017:03:09 03:23:56+01:00

FileType
Win32 EXE

PEType
PE32

InternalName
cryp 22.exe

ProductVersion
0.0.0.0

SubsystemVersion
4.0

OSVersion
4.0

FileOS
Win32

Subsystem
Windows GUI

MachineType
Intel 386 or later, and compatibles

CodeSize
306688

FileSubtype
0

ProductVersionNumber
0.0.0.0

EntryPoint
0x4ccfe

ObjectFileType
Executable application

AssemblyVersion
0.0.0.0

File identification
MD5 f5b323a06e35dc2c6fdd2b5d8c8d086e
SHA1 15bdd21253a32e4fd1fbfb77d635dd720ec1bcf6
SHA256 eb00dbc56a00e358001c10a59dbccfcfa140843ebae551ca81665027820ea613
ssdeep
6144:MlCrkydYtt4BYvRLtBCDsAWOGVM7h5Wfe0/ao6Mz/PgJd0PCLkFEl6e:FrYtt4ivZgrOM7y3Co6CPgH0PCLkeYe

authentihash 3bff905de9c78773a97e435bdec348433d9671cb346badc539678c7508c7b3ed
imphash f34d5f2d4577ed6d9ceec516c1f5a744
File size 402.0 KB ( 411648 bytes )
File type Win32 EXE
Magic literal
PE32 executable for MS Windows (GUI) Intel 80386 32-bit Mono/.Net assembly

TrID Win32 Dynamic Link Library (generic) (43.5%)
Win32 Executable (generic) (29.8%)
Generic Win/DOS Executable (13.2%)
DOS Executable Generic (13.2%)
Tags
peexe assembly

VirusTotal metadata
First submission 2017-03-12 03:00:39 UTC ( 3 months, 2 weeks ago )
Last submission 2017-03-12 03:00:39 UTC ( 3 months, 2 weeks ago )
File names cryp 22.exe
f5b323a06e35dc2c6fdd2b5d8c8d086e.virus
No comments. No VirusTotal Community member has commented on this item yet, be the first one to do so!

Leave your comment...

?
Post comment

You have not signed in. Only registered users can leave comments, sign in and have a voice!

No votes. No one has voted on this item yet, be the first one to do so!
Condensed report! The following is a condensed report of the behaviour of the file when executed in a controlled environment. The actions and events described were either performed by the file itself or by any other process launched by the executed file or subjected to code injection by the executed file.
HTTP requests
DNS requests
TCP connections
UDP communications