× Cookies are disabled! This site requires cookies to be enabled to work properly
SHA256: eea6bd49063971ea633fffcd338f0393c15a6b28f59f57a901521d4b9ebe4ff1
File name: wstart.exe
Detection ratio: 13 / 56
Analysis date: 2016-10-13 03:54:49 UTC ( 2 years, 5 months ago )
Antivirus Result Update
AegisLab Heur.Advml.Gen!c 20161013
Baidu Win32.Trojan.Elenoocka.a 20161012
Bkav HW32.Packed.3B8D 20161012
CrowdStrike Falcon (ML) malicious_confidence_100% (W) 20160725
ESET-NOD32 a variant of Win32/Kryptik.FHVQ 20161013
Sophos ML virtool.win32.obfuscator.aoh 20160928
Kaspersky UDS:DangerousObject.Multi.Generic 20161013
Malwarebytes Trojan.Crypt 20161013
McAfee-GW-Edition BehavesLike.Win32.Backdoor.dc 20161013
Rising Malware.XPACK-HIE/Heur!1.9C48 (classic) 20161013
Symantec Heur.AdvML.B 20161013
TrendMicro TSPY_ZBOT.YUYASY 20161013
TrendMicro-HouseCall TSPY_ZBOT.YUYASY 20161013
Ad-Aware 20161013
AhnLab-V3 20161012
Alibaba 20161013
ALYac 20161013
Antiy-AVL 20161013
Arcabit 20161013
Avast 20161013
AVG 20161013
Avira (no cloud) 20161012
AVware 20161013
BitDefender 20161013
CAT-QuickHeal 20161012
ClamAV 20161013
CMC 20161012
Comodo 20161013
Cyren 20161013
DrWeb 20161013
Emsisoft 20161013
F-Prot 20161013
F-Secure 20161013
Fortinet 20161013
GData 20161013
Ikarus 20161012
Jiangmin 20161012
K7AntiVirus 20161012
K7GW 20161013
Kingsoft 20161013
McAfee 20161013
Microsoft 20161013
eScan 20161013
NANO-Antivirus 20161013
nProtect 20161013
Panda 20161012
Qihoo-360 20161013
Sophos AV 20161013
SUPERAntiSpyware 20161013
Tencent 20161013
TheHacker 20161011
VBA32 20161012
VIPRE 20161013
ViRobot 20161013
Yandex 20161011
Zillya 20161012
Zoner 20161013
The file being studied is a Portable Executable file! More specifically, it is a Win32 EXE file for the Windows GUI subsystem.
PE header basic information
Target machine Intel 386 or later processors and compatible processors
Compilation timestamp 2015-05-12 00:56:45
Entry Point 0x00008916
Number of sections 3
PE sections
PE imports
SetPriorityClass
WaitForSingleObject
GetOEMCP
lstrlen
CompareStringW
EncodePointer
ReplaceFileW
LoadLibraryA
GetCPInfoExW
GetCurrentProcessId
GetWindowsDirectoryA
GetProcAddress
OpenMutexA
CreateWaitableTimerW
CreateMutexA
GetVolumeNameForVolumeMountPointA
FindNextFileW
InterlockedExchange
ResetEvent
IsBadStringPtrW
GetThreadPriority
GetStringTypeExW
InterlockedDecrement
GetCurrentThreadId
ShellAboutW
SHQueryRecycleBinW
StrChrW
ExtractIconW
SHPathPrepareForWriteA
StrChrIW
ExtractAssociatedIconW
SHGetSettings
SHBrowseForFolderA
DllCanUnloadNow
ShellMessageBoxA
SHParseDisplayName
Chkdsk
FormatEx
Recover
Extend
Format
Number of PE resources by type
RT_RCDATA 3
Number of PE resources by language
NEUTRAL 3
PE resources
Debug information
ExifTool file metadata
MIMEType
application/octet-stream

Subsystem
Windows GUI

MachineType
Intel 386 or later, and compatibles

FileTypeExtension
exe

TimeStamp
2015:05:12 01:56:45+01:00

FileType
Win32 EXE

PEType
PE32

CodeSize
217088

LinkerVersion
7.1

EntryPoint
0x8916

InitializedDataSize
9728

SubsystemVersion
4.0

ImageVersion
5.1

OSVersion
5.1

UninitializedDataSize
0

File identification
MD5 22b8a3ad7fcd53fa74745a203d7aad44
SHA1 a2b5f77d291d6ec58324a12172c4c589065f19dd
SHA256 eea6bd49063971ea633fffcd338f0393c15a6b28f59f57a901521d4b9ebe4ff1
ssdeep
3072:en/x3OjN8I0Z7E6C8NaGyQSKmxQG8/Hupqh7wx/Hf3c+8zaNxujaYroZiZGMIJ33:eFgN8pZ7oh6/HZhy/Hf0zaOD8WLs33

authentihash a1e166d5f72e296555e65b21d017948ddb66cc0e6b6b18e58127da3d0174dbee
imphash 6f630ded1899e57f1c568f3eb43906af
File size 222.5 KB ( 227840 bytes )
File type Win32 EXE
Magic literal
PE32 executable for MS Windows (GUI) Intel 80386 32-bit

TrID Win32 Executable (generic) (52.9%)
Generic Win/DOS Executable (23.5%)
DOS Executable Generic (23.5%)
Tags
peexe

VirusTotal metadata
First submission 2016-10-12 17:34:15 UTC ( 2 years, 5 months ago )
Last submission 2016-10-12 17:34:15 UTC ( 2 years, 5 months ago )
File names wstart.exe
No comments. No VirusTotal Community member has commented on this item yet, be the first one to do so!

Leave your comment...

?
Post comment

You have not signed in. Only registered users can leave comments, sign in and have a voice!

No votes. No one has voted on this item yet, be the first one to do so!
Condensed report! The following is a condensed report of the behaviour of the file when executed in a controlled environment. The actions and events described were either performed by the file itself or by any other process launched by the executed file or subjected to code injection by the executed file.
Opened files
Read files
Written files
Copied files
Deleted files
Created processes
Shell commands
Code injections in the following processes
Created mutexes
Opened mutexes
Runtime DLLs
DNS requests
UDP communications