× Cookies are disabled! This site requires cookies to be enabled to work properly
SHA256: f026f1d15d5121ac5e9162d11896a7094d669f044e78556b74deb11008b44fad
File name: fd3a8992cbe93a3200ecfa40340bbef3b03afd98
Detection ratio: 38 / 58
Analysis date: 2016-09-01 14:12:20 UTC ( 2 years, 6 months ago )
Antivirus Result Update
Ad-Aware Trojan.GenericKD.3500204 20160901
AhnLab-V3 Trojan/Win32.Inject.N2092192081 20160901
ALYac Trojan.GenericKD.3500204 20160901
Antiy-AVL Worm/Win32.Ngrbot 20160901
Arcabit Trojan.Generic.D3568AC 20160901
Avast Win32:Trojan-gen 20160901
AVG Generic_r.MWA 20160901
Avira (no cloud) TR/Crypt.Xpack.wanz 20160901
AVware Trojan.Win32.Generic!BT 20160901
BitDefender Trojan.GenericKD.3500204 20160901
Bkav W32.RusticosLTC.Trojan 20160901
CAT-QuickHeal Worm.Ngrbot 20160831
CrowdStrike Falcon (ML) malicious_confidence_100% (D) 20160725
Cyren W32/Trojan.RMKV-4549 20160901
DrWeb BackDoor.Siggen2.921 20160901
Emsisoft Trojan.GenericKD.3500204 (B) 20160901
ESET-NOD32 a variant of Win32/Kryptik.FFHX 20160901
F-Secure Trojan.GenericKD.3500204 20160901
Fortinet W32/Kryptik.FFHX!tr 20160901
GData Trojan.GenericKD.3500204 20160901
Ikarus Trojan.Win32.Spyeye 20160901
Sophos ML trojan.win32.c2lop.n 20160830
Jiangmin TrojanDropper.Dapato.uwb 20160901
K7GW Hacktool ( 655367771 ) 20160901
Kaspersky Worm.Win32.Ngrbot.bgif 20160901
Malwarebytes Backdoor.BetaBot 20160901
McAfee GenericRXAG-UE!BA7B9CE526CB 20160901
McAfee-GW-Edition BehavesLike.Win32.Virus.dh 20160901
Microsoft Worm:Win32/Dorkbot 20160901
eScan Trojan.GenericKD.3500204 20160901
Panda Trj/GdSda.A 20160901
Rising Malware.Generic!lSygsulu83M@5 (thunder) 20160901
Sophos AV Mal/Generic-S 20160901
Symantec Heur.AdvML.B 20160901
Tencent Win32.Trojan.Inject.Auto 20160901
TrendMicro TROJ_GEN.R00YC0DHV16 20160901
TrendMicro-HouseCall TROJ_GEN.R00YC0DHV16 20160901
VIPRE Trojan.Win32.Generic!BT 20160831
AegisLab 20160901
Alibaba 20160901
Baidu 20160901
ClamAV 20160901
CMC 20160901
Comodo 20160901
F-Prot 20160901
K7AntiVirus 20160901
Kingsoft 20160901
NANO-Antivirus 20160901
nProtect 20160901
Qihoo-360 20160901
SUPERAntiSpyware 20160831
TheHacker 20160829
TotalDefense 20160901
VBA32 20160831
ViRobot 20160901
Yandex 20160831
Zillya 20160901
Zoner 20160901
The file being studied is a Portable Executable file! More specifically, it is a Win32 EXE file for the Windows GUI subsystem.
PE header basic information
Target machine Intel 386 or later processors and compatible processors
Compilation timestamp 2016-08-29 11:59:34
Entry Point 0x00002C7D
Number of sections 4
PE sections
PE imports
RegDeleteKeyA
RegCloseKey
RegQueryValueExA
RegSetValueExA
RegEnumValueA
RegCreateKeyExA
RegOpenKeyExA
RegEnumKeyA
RegDeleteValueA
GetLastError
InterlockedDecrement
HeapFree
GetStdHandle
EnterCriticalSection
LCMapStringW
SetHandleCount
GetOEMCP
QueryPerformanceCounter
TlsSetValue
HeapDestroy
GetTickCount
TlsAlloc
GetEnvironmentStringsW
GetVersionExA
LoadLibraryA
RtlUnwind
GetModuleFileNameA
VirtualAllocEx
FreeEnvironmentStringsA
DeleteCriticalSection
GetCurrentProcess
LoadLibraryExA
GetEnvironmentStrings
GetPrivateProfileStringA
GetLocaleInfoA
GetCurrentProcessId
OpenProcess
WideCharToMultiByte
UnhandledExceptionFilter
TlsGetValue
MultiByteToWideChar
HeapSize
FreeEnvironmentStringsW
GetCommandLineA
GlobalLock
TlsFree
GetProcessHeap
GetModuleHandleA
HeapAlloc
GetCPInfo
GetStringTypeA
SetFilePointer
ReadFile
SetUnhandledExceptionFilter
WriteFile
GetStartupInfoA
MulDiv
GetSystemTimeAsFileTime
GetACP
HeapReAlloc
GetStringTypeW
GetProcAddress
FreeLibrary
TerminateProcess
LCMapStringA
InitializeCriticalSection
HeapCreate
VirtualFree
IsDebuggerPresent
Sleep
GetFileType
WritePrivateProfileStringA
ExitProcess
GetCurrentThreadId
InterlockedIncrement
VirtualAlloc
SetLastError
LeaveCriticalSection
EmptyClipboard
GetMessagePos
CharPrevA
EndDialog
PostQuitMessage
SetWindowTextA
SetClassLongA
LoadBitmapA
SetWindowPos
GetSystemMetrics
IsWindow
AppendMenuA
GetWindowRect
DispatchMessageA
ScreenToClient
SetDlgItemTextA
MessageBoxIndirectA
LoadImageA
GetDlgItemTextA
PeekMessageA
SetWindowLongA
IsWindowEnabled
GetSysColor
CheckDlgButton
GetDC
FindWindowExA
SystemParametersInfoA
CreatePopupMenu
wsprintfA
DialogBoxParamA
SetClipboardData
IsWindowVisible
GetClassInfoA
SetForegroundWindow
CreateWindowExA
GetDlgItem
CreateDialogParamA
EnableMenuItem
RegisterClassA
GetWindowLongA
SendMessageTimeoutA
SetTimer
LoadCursorA
TrackPopupMenu
OpenClipboard
CharNextA
CallWindowProcA
GetSystemMenu
EnableWindow
CloseClipboard
DestroyWindow
ExitWindowsEx
SetCursor
Number of PE resources by type
RT_ICON 1
RT_GROUP_ICON 1
Number of PE resources by language
NEUTRAL 2
PE resources
ExifTool file metadata
MIMEType
application/octet-stream

Subsystem
Windows GUI

MachineType
Intel 386 or later, and compatibles

TimeStamp
2016:08:29 12:59:34+01:00

FileType
Win32 EXE

PEType
PE32

CodeSize
31744

LinkerVersion
9.0

FileTypeExtension
exe

InitializedDataSize
257536

SubsystemVersion
5.0

EntryPoint
0x2c7d

OSVersion
5.0

ImageVersion
0.0

UninitializedDataSize
0

File identification
MD5 ba7b9ce526cb8d723b146bf7d109b263
SHA1 fd3a8992cbe93a3200ecfa40340bbef3b03afd98
SHA256 f026f1d15d5121ac5e9162d11896a7094d669f044e78556b74deb11008b44fad
ssdeep
6144:JRRudLrZPuuZINMABshjVn4oO3+5oxXDLJq2Yep:JRRNN3BsOoOu5oBQ27

authentihash b123de1b7924ddae36adacdaeca968636b7107d38eb7e9b1a42f184cd9ac0952
imphash 4b0da82fbefc7afbf1feca3f817f5301
File size 283.5 KB ( 290304 bytes )
File type Win32 EXE
Magic literal
PE32 executable for MS Windows (GUI) Intel 80386 32-bit

TrID Win32 Executable MS Visual C++ (generic) (42.2%)
Win64 Executable (generic) (37.3%)
Win32 Dynamic Link Library (generic) (8.8%)
Win32 Executable (generic) (6.0%)
Generic Win/DOS Executable (2.7%)
Tags
peexe

VirusTotal metadata
First submission 2016-09-01 14:12:20 UTC ( 2 years, 6 months ago )
Last submission 2016-09-01 14:12:20 UTC ( 2 years, 6 months ago )
No comments. No VirusTotal Community member has commented on this item yet, be the first one to do so!

Leave your comment...

?
Post comment

You have not signed in. Only registered users can leave comments, sign in and have a voice!

No votes. No one has voted on this item yet, be the first one to do so!
Condensed report! The following is a condensed report of the behaviour of the file when executed in a controlled environment. The actions and events described were either performed by the file itself or by any other process launched by the executed file or subjected to code injection by the executed file.
Opened files
Created processes
Code injections in the following processes
Created mutexes
Opened mutexes
Runtime DLLs
UDP communications