× Cookies are disabled! This site requires cookies to be enabled to work properly
SHA256: ed32e98f00d576c73de3430f92c8eb33d5d42926981e2065c10a8585e70b9c7c
File name: ed32e98f00d576c73de3430f92c8eb33d5d42926981e2065c10a8585e70b9c7c
Detection ratio: 24 / 57
Analysis date: 2016-05-25 22:54:31 UTC ( 2 years, 11 months ago ) View latest
Antivirus Result Update
Ad-Aware Gen:Variant.Razy.59642 20160525
Arcabit Trojan.Razy.DE8FA 20160525
Avast Win32:Malware-gen 20160525
AVG Crypt5.BMVJ 20160525
Avira (no cloud) TR/Crypt.ZPACK.vkio 20160525
Baidu Win32.Trojan.WisdomEyes.151026.9950.9999 20160525
BitDefender Gen:Variant.Razy.59642 20160525
Emsisoft Gen:Variant.Razy.59642 (B) 20160525
ESET-NOD32 Win32/TrojanDownloader.Agent.CFH 20160525
F-Secure Gen:Variant.Razy.59642 20160525
Fortinet W32/Agent.CFH!tr.dldr 20160525
GData Gen:Variant.Razy.59642 20160525
Jiangmin Trojan.Agent.aatx 20160525
K7GW Hacktool ( 655367771 ) 20160525
Kaspersky Trojan.Win32.Agent.nevlks 20160525
Malwarebytes Backdoor.Agent.WK 20160525
McAfee Artemis!410A636A0792 20160525
McAfee-GW-Edition BehavesLike.Win32.Backdoor.cc 20160525
eScan Gen:Variant.Razy.59642 20160525
Qihoo-360 HEUR/QVM20.1.Malware.Gen 20160525
Rising Malware.Generic!KF67X3sUFRR@4 (Thunder) 20160525
Sophos AV Mal/Generic-S 20160525
Symantec Suspicious.Cloud.7.L 20160525
Tencent Win32.Trojan-downloader.Agent.Oyes 20160525
AegisLab 20160525
AhnLab-V3 20160525
Alibaba 20160525
ALYac 20160525
Antiy-AVL 20160525
AVware 20160525
Baidu-International 20160525
Bkav 20160525
CAT-QuickHeal 20160525
ClamAV 20160525
CMC 20160523
Comodo 20160525
Cyren 20160525
DrWeb 20160525
F-Prot 20160525
Ikarus 20160525
K7AntiVirus 20160525
Kingsoft 20160525
Microsoft 20160525
NANO-Antivirus 20160525
nProtect 20160525
Panda 20160525
SUPERAntiSpyware 20160525
TheHacker 20160525
TotalDefense 20160525
TrendMicro 20160525
TrendMicro-HouseCall 20160525
VBA32 20160525
VIPRE 20160525
ViRobot 20160525
Yandex 20160525
Zillya 20160525
Zoner 20160525
The file being studied is a Portable Executable file! More specifically, it is a Win32 EXE file for the Windows GUI subsystem.
PE header basic information
Target machine Intel 386 or later processors and compatible processors
Compilation timestamp 2012-07-14 09:45:49
Entry Point 0x00017990
Number of sections 4
PE sections
PE imports
AuthzInitializeContextFromSid
AuthzFreeResourceManager
AuthzAddSidsToContext
AuthzFreeAuditEvent
AuthzFreeContext
ReplaceFileA
CopyFileA
GetTickCount
LoadLibraryA
WaitForSingleObjectEx
GetSystemDirectoryA
GetStartupInfoA
CompareStringW
lstrcatA
CreateDirectoryA
lstrlenW
GetDateFormatW
TlsGetValue
DeleteFileW
GetProcAddress
GetFileTime
CreateHardLinkA
GetDiskFreeSpaceW
ReadFile
CreateSemaphoreW
WriteFile
CloseHandle
FindNextFileA
GetACP
HeapReAlloc
MoveFileExA
GetLongPathNameW
WriteConsoleA
OpenJobObjectW
OpenEventW
GetLogicalDriveStringsW
InterlockedDecrement
MoveFileW
GetExpandedNameW
DefineDosDeviceA
GetVersion
OpenSemaphoreW
SHGetFileInfoA
ShellMessageBoxW
SHPathPrepareForWriteA
DragFinish
ExtractIconExA
PickIconDlg
SHGetDesktopFolder
ShellAboutW
SHGetSettings
SHChangeNotify
StrChrA
DragQueryFileA
SHGetMalloc
DllRegisterServer
Number of PE resources by type
RT_DIALOG 4
SUP 1
Number of PE resources by language
NEUTRAL 5
PE resources
ExifTool file metadata
MIMEType
application/octet-stream

Subsystem
Windows GUI

MachineType
Intel 386 or later, and compatibles

FileTypeExtension
exe

TimeStamp
2012:07:14 10:45:49+01:00

FileType
Win32 EXE

PEType
PE32

CodeSize
113152

LinkerVersion
6.0

EntryPoint
0x17990

InitializedDataSize
9728

SubsystemVersion
4.0

ImageVersion
0.0

OSVersion
4.0

UninitializedDataSize
0

File identification
MD5 410a636a079255357d101ef2b2159a63
SHA1 f921b65e45cafa1d5b169d22a2b79fd6d2543cec
SHA256 ed32e98f00d576c73de3430f92c8eb33d5d42926981e2065c10a8585e70b9c7c
ssdeep
3072:IrvLOU+oi6bTqIGJK6vfX2GAkgxfoSfFakcluRrd2za0y:eNfBbeIGJdA3WSfclKrd2z

authentihash 1dfadf052c476f3297f7caa3d99010f190cc35c2ebaaefd663ec45aa6f3aa45d
imphash b33b31a87d752e50905494033484243d
File size 121.0 KB ( 123904 bytes )
File type Win32 EXE
Magic literal
PE32 executable for MS Windows (GUI) Intel 80386 32-bit

TrID Win32 Dynamic Link Library (generic) (43.5%)
Win32 Executable (generic) (29.8%)
Generic Win/DOS Executable (13.2%)
DOS Executable Generic (13.2%)
Tags
peexe

VirusTotal metadata
First submission 2016-05-25 22:54:31 UTC ( 2 years, 11 months ago )
Last submission 2016-09-12 08:28:49 UTC ( 2 years, 7 months ago )
No comments. No VirusTotal Community member has commented on this item yet, be the first one to do so!

Leave your comment...

?
Post comment

You have not signed in. Only registered users can leave comments, sign in and have a voice!

No votes. No one has voted on this item yet, be the first one to do so!
Condensed report! The following is a condensed report of the behaviour of the file when executed in a controlled environment. The actions and events described were either performed by the file itself or by any other process launched by the executed file or subjected to code injection by the executed file.
Opened files
Read files
Written files
Deleted files
Created processes
Code injections in the following processes
Created mutexes
Opened mutexes
Opened service managers
Opened services
Runtime DLLs
HTTP requests
DNS requests
TCP connections
UDP communications