× Cookies are disabled! This site requires cookies to be enabled to work properly
SHA256: eff37aaf8834dd13bdec2155f30af09eb6454e61de6fc3c1c1d6c2b839156b7f
File name: 6a4647a0083a6bb1fac56a24b25532e7fe90d602
Detection ratio: 24 / 57
Analysis date: 2016-10-29 13:24:38 UTC ( 2 years, 3 months ago ) View latest
Antivirus Result Update
Ad-Aware Trojan.Generic.19454230 20161029
Arcabit Trojan.Generic.D128D916 20161029
AVG Pakes3_c.CGO 20161029
Avira (no cloud) TR/Crypt.ZPACK.fygkv 20161028
AVware Trojan.Win32.Generic!BT 20161029
Baidu Win32.Trojan.WisdomEyes.16070401.9500.9999 20161029
BitDefender Trojan.Generic.19454230 20161029
CrowdStrike Falcon (ML) malicious_confidence_100% (D) 20161024
Emsisoft Trojan.Generic.19454230 (B) 20161029
ESET-NOD32 Win32/TrojanDownloader.Agent.CFH 20161029
F-Secure Trojan.Generic.19454230 20161029
GData Trojan.Generic.19454230 20161029
Ikarus Trojan-Downloader.Win32.Agent 20161029
Sophos ML virus.win32.sality.at 20161018
Kaspersky UDS:DangerousObject.Multi.Generic 20161029
McAfee Artemis!A1DE8D47872B 20161029
McAfee-GW-Edition BehavesLike.Win32.Pate.dh 20161029
eScan Trojan.Generic.19454230 20161029
Qihoo-360 HEUR/QVM20.1.0000.Malware.Gen 20161029
Rising Malware.Generic!1pxxqXzAZ7T@2 (thunder) 20161029
Sophos AV Mal/Generic-S 20161029
Symantec Heur.AdvML.B 20161029
Tencent Win32.Trojan-downloader.Agent.Lmuo 20161029
VIPRE Trojan.Win32.Generic!BT 20161029
AegisLab 20161029
AhnLab-V3 20161029
Alibaba 20161028
ALYac 20161029
Antiy-AVL 20161029
Avast 20161029
Bkav 20161029
CAT-QuickHeal 20161029
ClamAV 20161029
CMC 20161029
Comodo 20161029
Cyren 20161029
DrWeb 20161029
F-Prot 20161029
Fortinet 20161029
Jiangmin 20161029
K7AntiVirus 20161029
K7GW 20161029
Kingsoft 20161029
Malwarebytes 20161029
Microsoft 20161029
NANO-Antivirus 20161029
nProtect 20161028
Panda 20161029
SUPERAntiSpyware 20161029
TheHacker 20161028
TotalDefense 20161028
TrendMicro 20161029
TrendMicro-HouseCall 20161029
VBA32 20161029
ViRobot 20161029
Yandex 20161028
Zillya 20161028
Zoner 20161029
The file being studied is a Portable Executable file! More specifically, it is a Win32 EXE file for the Windows GUI subsystem.
PE header basic information
Target machine Intel 386 or later processors and compatible processors
Compilation timestamp 2014-10-29 20:36:29
Entry Point 0x0000370D
Number of sections 3
PE sections
PE imports
RegRestoreKeyA
RegDeleteKeyA
ReadEventLogA
RegOpenKeyA
RegCloseKey
RegDeleteValueA
RegQueryValueA
RegFlushKey
RegEnumValueA
RegUnLoadKeyA
RegEnumKeyA
RegCreateKeyA
RegSaveKeyA
RegReplaceKeyA
GetCurrentProcess
GetModuleFileNameA
GetLogicalDriveStringsA
InitializeCriticalSection
CreateNamedPipeW
GetGeoInfoA
FindResourceW
WaitForSingleObject
SetCurrentDirectoryA
GetDriveTypeA
GetCurrentDirectoryA
ReadConsoleW
GetSystemDirectoryA
GetTapePosition
GetProcAddress
LoadLibraryA
GetLocalTime
CPEncrypt
CPGenKey
CPCreateHash
CPDeriveKey
Number of PE resources by type
SATR 3
Number of PE resources by language
NEUTRAL 3
PE resources
Debug information
ExifTool file metadata
MIMEType
application/octet-stream

Subsystem
Windows GUI

MachineType
Intel 386 or later, and compatibles

FileTypeExtension
exe

TimeStamp
2014:10:29 21:36:29+01:00

FileType
Win32 EXE

PEType
PE32

CodeSize
218112

LinkerVersion
7.0

EntryPoint
0x370d

InitializedDataSize
7680

SubsystemVersion
4.0

ImageVersion
5.1

OSVersion
5.1

UninitializedDataSize
0

File identification
MD5 a1de8d47872b510707141136c35543a1
SHA1 6a4647a0083a6bb1fac56a24b25532e7fe90d602
SHA256 eff37aaf8834dd13bdec2155f30af09eb6454e61de6fc3c1c1d6c2b839156b7f
ssdeep
3072:cbJA8s8/qXpYomgDC/JxPHHGGWMJEcuHNoewJ0Uh:O142YoVHHFRJuHvy

authentihash 4cd9b683d4d777db0f15a486dca41be856ac2070393e64271ed8da27d0e11296
imphash 2b9f9e0950cffc92e248a6b8805d8af8
File size 221.5 KB ( 226816 bytes )
File type Win32 EXE
Magic literal
PE32 executable for MS Windows (GUI) Intel 80386 32-bit

TrID Win32 Dynamic Link Library (generic) (43.5%)
Win32 Executable (generic) (29.8%)
Generic Win/DOS Executable (13.2%)
DOS Executable Generic (13.2%)
Tags
peexe

VirusTotal metadata
First submission 2016-10-29 13:24:38 UTC ( 2 years, 3 months ago )
Last submission 2016-10-29 13:24:38 UTC ( 2 years, 3 months ago )
No comments. No VirusTotal Community member has commented on this item yet, be the first one to do so!

Leave your comment...

?
Post comment

You have not signed in. Only registered users can leave comments, sign in and have a voice!

No votes. No one has voted on this item yet, be the first one to do so!
Condensed report! The following is a condensed report of the behaviour of the file when executed in a controlled environment. The actions and events described were either performed by the file itself or by any other process launched by the executed file or subjected to code injection by the executed file.
Opened files
Read files
Written files
Deleted files
Created processes
Code injections in the following processes
Created mutexes
Opened mutexes
Opened service managers
Opened services
Runtime DLLs
HTTP requests
DNS requests
TCP connections
UDP communications