× Cookies are disabled! This site requires cookies to be enabled to work properly
SHA256: f0a688a4a18a700697fb1682415a29451e82ce3fdc9073f6b413067ef03aaa55
File name: 110458278211d7f6f29180a78fa125c7.virus
Detection ratio: 33 / 57
Analysis date: 2016-09-17 08:35:35 UTC ( 2 years, 5 months ago ) View latest
Antivirus Result Update
Ad-Aware Trojan.Generic.17961431 20160917
AhnLab-V3 Malware/Win32.Generic.N2104014393 20160916
ALYac Trojan.Generic.17961431 20160917
Arcabit Trojan.Generic.D11211D7 20160917
Avast Win32:Malware-gen 20160917
AVG Atros4.NJK 20160917
Avira (no cloud) TR/Crypt.Xpack.wpwlm 20160917
AVware Trojan.Win32.Generic!BT 20160917
BitDefender Trojan.Generic.17961431 20160917
Bkav W32.eHeur.Malware08 20160917
CrowdStrike Falcon (ML) malicious_confidence_100% (D) 20160725
Cyren W32/Trojan.OCJC-7701 20160917
DrWeb Trojan.PWS.Papras.2166 20160917
Emsisoft Trojan.Generic.17961431 (B) 20160917
ESET-NOD32 a variant of Win32/GenKryptik.DEQ 20160916
F-Secure Trojan.Generic.17961431 20160917
Fortinet W32/GenKryptik.DEQ!tr 20160917
GData Trojan.Generic.17961431 20160917
Ikarus Trojan.Win32.Krypt 20160917
Sophos ML trojan.win32.lethic.b 20160917
K7AntiVirus Trojan ( 004f847e1 ) 20160917
K7GW Trojan ( 004f847e1 ) 20160917
Kaspersky Trojan-PSW.Win32.Tepfer.psxoqm 20160917
McAfee RDN/Generic BackDoor 20160917
McAfee-GW-Edition BehavesLike.Win32.Ramnit.dh 20160917
Microsoft Backdoor:Win32/Vawtrak.E 20160917
eScan Trojan.Generic.17961431 20160917
Qihoo-360 HEUR/QVM09.0.0000.Malware.Gen 20160917
Sophos AV Mal/Generic-S 20160917
Symantec Ransom.TeslaCrypt!g6 20160917
TrendMicro TROJ_GEN.R028C0DID16 20160917
TrendMicro-HouseCall TROJ_GEN.R028C0DID16 20160917
VIPRE Trojan.Win32.Generic!BT 20160917
AegisLab 20160917
Alibaba 20160914
Antiy-AVL 20160916
Baidu 20160914
CAT-QuickHeal 20160917
ClamAV 20160916
CMC 20160916
Comodo 20160916
F-Prot 20160917
Jiangmin 20160917
Kingsoft 20160917
Malwarebytes 20160917
NANO-Antivirus 20160917
nProtect 20160917
Panda 20160917
Rising 20160917
SUPERAntiSpyware 20160917
Tencent 20160917
TheHacker 20160916
VBA32 20160916
ViRobot 20160917
Yandex 20160916
Zillya 20160915
Zoner 20160917
The file being studied is a Portable Executable file! More specifically, it is a Win32 EXE file for the Windows GUI subsystem.
PE header basic information
Target machine Intel 386 or later processors and compatible processors
Compilation timestamp 2016-08-20 11:42:53
Entry Point 0x00004028
Number of sections 4
PE sections
PE imports
RegCloseKey
GetUserNameW
GetSidIdentifierAuthority
RegQueryValueExA
GetUserNameA
GetSecurityDescriptorOwner
RegOpenKeyExA
InitCommonControlsEx
GetOpenFileNameW
GetSaveFileNameW
GetOpenFileNameA
ChooseColorA
CommDlgExtendedError
GetSaveFileNameA
SetPolyFillMode
Polygon
TextOutW
CreateFontIndirectW
SetBkMode
PatBlt
CreatePen
GetBkMode
Pie
ResizePalette
CreateFontIndirectA
GetPaletteEntries
CreateRectRgnIndirect
GetTextCharset
CombineRgn
CreateBitmap
UpdateColors
GetPixel
Rectangle
SetMapMode
GetDeviceCaps
CreateDCA
TranslateCharsetInfo
DeleteDC
GetMapMode
EnumFontFamiliesW
GetCharWidthW
RectInRegion
SelectObject
OffsetClipRgn
SetPaletteEntries
GetTextFaceW
GetCharWidthA
CreateDIBSection
StretchDIBits
EnumFontFamiliesA
RealizePalette
SetTextColor
CreatePatternBrush
GetObjectA
GetNearestColor
BitBlt
CreatePalette
GetStockObject
CreateDIBitmap
GetRgnBox
SelectPalette
SetBkColor
ExtTextOutA
GetDIBits
SetTextAlign
SetROP2
SelectClipRgn
CreateCompatibleDC
GetTextFaceA
Arc
TextOutA
Chord
SetBrushOrgEx
CreateRectRgn
GetTextExtentPoint32W
GetTextExtentPoint32A
GetNearestPaletteIndex
GetTextMetricsA
CreateCompatibleBitmap
CreateSolidBrush
Polyline
DPtoLP
ExtCreatePen
GetTextExtentPointA
GetFontData
DeleteObject
SetRectRgn
GetStdHandle
GetComputerNameA
GetOverlappedResult
WaitForSingleObject
PurgeComm
FindNextFileA
HeapDestroy
GetFileAttributesW
FreeEnvironmentStringsA
DeleteCriticalSection
GetCurrentProcess
GetConsoleMode
GetLocaleInfoA
GetVolumeInformationW
SetErrorMode
FreeEnvironmentStringsW
SetCommTimeouts
GetFullPathNameA
GetCommModemStatus
GetTempPathA
GetCPInfo
GetProcAddress
GetStringTypeA
WriteFile
GetSystemTimeAsFileTime
HeapReAlloc
GetStringTypeW
SetFileAttributesA
FreeLibrary
LocalFree
MoveFileA
GetLogicalDriveStringsA
GetEnvironmentVariableA
LoadResource
FindClose
InterlockedDecrement
FormatMessageA
SetFileAttributesW
OutputDebugStringA
GetEnvironmentVariableW
SetLastError
PeekNamedPipe
DeviceIoControl
InitializeCriticalSection
CopyFileW
RemoveDirectoryW
CopyFileA
ExitProcess
GetVersionExA
RemoveDirectoryA
GetExitCodeThread
QueryPerformanceFrequency
GetVolumeInformationA
LoadLibraryExA
GetPrivateProfileStringA
SetThreadPriority
UnhandledExceptionFilter
TlsGetValue
MultiByteToWideChar
MoveFileW
GetModuleHandleA
GetFullPathNameW
CreateSemaphoreA
CreateThread
CreatePipe
GetFileAttributesA
SetUnhandledExceptionFilter
MulDiv
ClearCommError
SetHandleInformation
SetEnvironmentVariableA
ReadConsoleA
TerminateProcess
SearchPathW
WriteConsoleA
SetCurrentDirectoryW
GetCommState
SearchPathA
SetEndOfFile
GetCurrentThreadId
LeaveCriticalSection
SetCurrentDirectoryA
WriteConsoleW
CloseHandle
HeapFree
EnterCriticalSection
SetHandleCount
TerminateThread
lstrcmpiA
SetConsoleMode
GetExitCodeProcess
QueryPerformanceCounter
GetTickCount
TlsAlloc
VirtualProtect
FlushFileBuffers
LoadLibraryA
RtlUnwind
GetStartupInfoA
GetWindowsDirectoryW
CreateDirectoryA
DeleteFileA
GetWindowsDirectoryA
CreateDirectoryW
DeleteFileW
WaitForMultipleObjects
GetProcessHeap
GetTempFileNameW
GetComputerNameW
CompareStringW
lstrcpyW
GetModuleFileNameW
GetFileInformationByHandle
FindNextFileW
lstrcpyA
CompareStringA
GetTempFileNameA
CreateFileMappingA
FindFirstFileW
DuplicateHandle
GlobalLock
EscapeCommFunction
SetEvent
GetModuleFileNameA
GetTimeZoneInformation
SetCommState
CreateFileW
CreateEventA
IsDebuggerPresent
GetFileType
TlsSetValue
CreateFileA
HeapAlloc
InterlockedIncrement
BuildCommDCBA
GetLastError
LoadLibraryExW
LCMapStringW
GetShortPathNameW
UnmapViewOfFile
GetSystemInfo
lstrlenA
GetConsoleCP
LCMapStringA
GlobalAlloc
BuildCommDCBW
GetEnvironmentStringsW
GlobalUnlock
IsDBCSLeadByte
WaitForSingleObjectEx
lstrlenW
GetShortPathNameA
CreateProcessW
SetupComm
GetEnvironmentStrings
GetCurrentDirectoryW
GetCurrentProcessId
LockResource
SetFileTime
GetCurrentDirectoryA
HeapSize
GetCommandLineA
GetCurrentThread
ReadConsoleW
ReleaseSemaphore
MapViewOfFile
TlsFree
SetFilePointer
ReadFile
GlobalFlags
FindFirstFileA
lstrcpynA
PeekConsoleInputA
GetACP
GetVersion
CreateProcessA
WideCharToMultiByte
HeapCreate
GetTempPathW
VirtualQuery
VirtualFree
Sleep
FindResourceA
VirtualAlloc
GetOEMCP
ResetEvent
SHBrowseForFolderW
SHGetPathFromIDListW
SHBrowseForFolderA
SHGetDesktopFolder
SHGetPathFromIDListA
SHGetMalloc
SetFocus
GetMessageA
MapVirtualKeyA
GetMessagePos
GetParent
SystemParametersInfoA
SetCapture
SetCaretPos
ReleaseCapture
VkKeyScanA
KillTimer
WaitForInputIdle
PostQuitMessage
SetWindowTextA
MessageBeep
LoadBitmapA
SetWindowPos
RemoveMenu
GetSystemMetrics
SetWindowLongW
IsWindow
GetWindowRect
ScreenToClient
ScrollWindowEx
UpdateWindow
PostMessageA
MoveWindow
LoadCursorFromFileA
WindowFromPoint
MessageBoxA
PeekMessageA
wsprintfA
SetWindowLongA
SetClassLongA
TranslateMessage
GetWindow
GetSysColor
SetActiveWindow
SetScrollInfo
RegisterClassExA
ReleaseDC
SendInput
SendMessageW
UnregisterClassA
SetClipboardData
SetParent
RegisterClassW
IsWindowVisible
IsZoomed
GetWindowPlacement
SendMessageA
SetForegroundWindow
SetWindowTextW
SetTimer
SetCursorPos
GetMenuCheckMarkDimensions
MessageBoxW
IsIconic
RegisterClassA
InvalidateRect
InsertMenuA
GetWindowLongA
IsClipboardFormatAvailable
MsgWaitForMultipleObjectsEx
LoadCursorA
LoadIconA
TrackPopupMenu
SetWindowsHookExA
GetMenuItemCount
ShowWindow
GetWindowTextW
GetSysColorBrush
GetSystemMenu
ToAscii
UnhookWindowsHookEx
InsertMenuW
GetWindowTextA
SetCursor
SetMenu
OpenClipboard
ExifTool file metadata
MIMEType
application/octet-stream

Subsystem
Windows GUI

MachineType
Intel 386 or later, and compatibles

FileTypeExtension
exe

TimeStamp
2016:08:20 12:42:53+01:00

FileType
Win32 EXE

PEType
PE32

CodeSize
56320

LinkerVersion
9.0

ImageFileCharacteristics
No relocs, Executable, 32-bit

EntryPoint
0x4028

InitializedDataSize
266752

SubsystemVersion
5.0

ImageVersion
0.0

OSVersion
5.0

UninitializedDataSize
0

File identification
MD5 110458278211d7f6f29180a78fa125c7
SHA1 6b7cb45de17ac6222fea793dad663c299e0db0ff
SHA256 f0a688a4a18a700697fb1682415a29451e82ce3fdc9073f6b413067ef03aaa55
ssdeep
3072:TJLHZLfzc8T5YIz2JIPIxtvEPIG4fLru7JLloQKYxjg0vkv9KdwY70rEBn2+:TdHZHc86O2rvUGUJLldKwj3o9KdX

authentihash 1c52724f8769ae6073ffa3795ef0aec62e7b0d27fded8ed7245e4663ebaaf7b5
imphash 09106ad7155e2f3c6ad6fe1cf3e7d4c9
File size 241.5 KB ( 247296 bytes )
File type Win32 EXE
Magic literal
PE32 executable for MS Windows (GUI) Intel 80386 32-bit

TrID Win32 EXE PECompact compressed (generic) (35.3%)
Win32 Executable MS Visual C++ (generic) (26.5%)
Win64 Executable (generic) (23.5%)
Win32 Dynamic Link Library (generic) (5.5%)
Win32 Executable (generic) (3.8%)
Tags
peexe

VirusTotal metadata
First submission 2016-09-17 08:35:35 UTC ( 2 years, 5 months ago )
Last submission 2018-05-25 21:17:12 UTC ( 8 months, 4 weeks ago )
File names 110458278211d7f6f29180a78fa125c7.virus
No comments. No VirusTotal Community member has commented on this item yet, be the first one to do so!

Leave your comment...

?
Post comment

You have not signed in. Only registered users can leave comments, sign in and have a voice!

No votes. No one has voted on this item yet, be the first one to do so!
Condensed report! The following is a condensed report of the behaviour of the file when executed in a controlled environment. The actions and events described were either performed by the file itself or by any other process launched by the executed file or subjected to code injection by the executed file.
Opened files
Read files
Written files
Created mutexes
Runtime DLLs
UDP communications