× Cookies are disabled! This site requires cookies to be enabled to work properly
SHA256: f14f6483ba404c50601c13f6390782562994c96a95b27ca006b69cb074a02935
File name: inst1.exe
Detection ratio: 14 / 56
Analysis date: 2016-08-17 11:11:25 UTC ( 2 years, 7 months ago ) View latest
Antivirus Result Update
Avast Win32:Malware-gen 20160817
AVG PSW.Generic13.MFL 20160817
Avira (no cloud) TR/Crypt.Xpack.zbks 20160817
Baidu Win32.Trojan.WisdomEyes.151026.9950.9958 20160817
DrWeb Trojan.PWS.Papras.2166 20160817
ESET-NOD32 Win32/PSW.Papras.EJ 20160817
Fortinet W32/Bourben.EB!tr 20160817
GData Win32.Trojan.Agent.MINLOW 20160817
Ikarus Trojan.Win32.PSW 20160817
Kaspersky UDS:DangerousObject.Multi.Generic 20160817
McAfee Artemis!257BE373D6A2 20160817
McAfee-GW-Edition BehavesLike.Win32.Expiro.fc 20160816
Microsoft TrojanSpy:Win32/Skeeyah.A!rfn 20160817
Rising Malware.RDM.16!5.16 20160817
Ad-Aware 20160817
AegisLab 20160817
AhnLab-V3 20160817
Alibaba 20160817
ALYac 20160817
Antiy-AVL 20160817
Arcabit 20160817
AVware 20160817
BitDefender 20160817
Bkav 20160816
CAT-QuickHeal 20160817
ClamAV 20160817
CMC 20160816
Comodo 20160817
Cyren 20160817
Emsisoft 20160817
F-Prot 20160817
F-Secure 20160817
Jiangmin 20160817
K7AntiVirus 20160817
K7GW 20160817
Kingsoft 20160817
Malwarebytes 20160817
eScan 20160817
NANO-Antivirus 20160817
nProtect 20160817
Panda 20160816
Qihoo-360 20160817
Sophos AV 20160816
SUPERAntiSpyware 20160817
Symantec 20160817
Tencent 20160817
TheHacker 20160816
TotalDefense 20160817
TrendMicro 20160817
TrendMicro-HouseCall 20160817
VBA32 20160817
VIPRE 20160817
ViRobot 20160817
Yandex 20160816
Zillya 20160816
Zoner 20160817
The file being studied is a Portable Executable file! More specifically, it is a Win32 EXE file for the Windows GUI subsystem.
PE header basic information
Target machine Intel 386 or later processors and compatible processors
Compilation timestamp 2016-08-15 12:34:34
Entry Point 0x000077E7
Number of sections 6
PE sections
PE imports
RegCloseKey
RegSetValueExW
RegQueryValueExA
RegOpenKeyExW
RegSetValueExA
RegQueryValueExW
ImageList_ReplaceIcon
FindTextA
ChooseFontA
GetDeviceCaps
ExcludeClipRect
CombineRgn
FillRgn
SetMapMode
CreateRectRgn
DeleteObject
OffsetRgn
CreatePolygonRgn
GetRgnBox
GetStockObject
TextOutA
CreateSolidBrush
CreateRectRgnIndirect
CombineTransform
ExtCreateRegion
SelectClipRgn
SetViewportExtEx
GetRegionData
ImmSetCompositionStringW
ImmSetConversionStatus
ImmDestroyContext
ImmGetContext
ImmCreateContext
ImmReleaseContext
ImmGetCompositionStringW
ImmAssociateContext
IcmpCreateFile
EnumUILanguagesA
GetStdHandle
GetConsoleOutputCP
FreeEnvironmentStringsA
DeleteCriticalSection
GetCurrentProcess
GetConsoleMode
GetLocaleInfoA
LocalAlloc
FreeEnvironmentStringsW
GetLocaleInfoW
SetStdHandle
GetCPInfo
GetStringTypeA
InterlockedExchange
WriteFile
GetSystemTimeAsFileTime
HeapReAlloc
GetStringTypeW
LocalFree
InitializeCriticalSection
FindClose
InterlockedDecrement
FormatMessageA
SetLastError
IsDebuggerPresent
ExitProcess
GetModuleFileNameA
lstrcmpiW
EnumSystemLocalesA
UnhandledExceptionFilter
TlsGetValue
MultiByteToWideChar
TerminateJobObject
GetModuleHandleA
EnumSystemLanguageGroupsA
SetUnhandledExceptionFilter
TerminateProcess
WriteConsoleA
GlobalAlloc
SetEndOfFile
GetCurrentThreadId
LeaveCriticalSection
WriteConsoleW
InitializeCriticalSectionAndSpinCount
HeapFree
EnterCriticalSection
SetHandleCount
GetOEMCP
QueryPerformanceCounter
GetTickCount
TlsAlloc
FlushFileBuffers
LoadLibraryA
RtlUnwind
GetStartupInfoA
GetUserDefaultLCID
GetProcessHeap
FindFirstFileA
IsValidLocale
GetProcAddress
GetFileType
TlsSetValue
CreateFileA
HeapAlloc
ReadFileScatter
InterlockedIncrement
GetLastError
LCMapStringW
GlobalFree
GetConsoleCP
LCMapStringA
GetEnvironmentStringsW
GetEnvironmentStrings
GetCurrentProcessId
WideCharToMultiByte
HeapSize
GetCommandLineA
RaiseException
TlsFree
SetFilePointer
ReadFile
CloseHandle
GetACP
GetModuleHandleW
IsValidCodePage
HeapCreate
VirtualFree
Sleep
VirtualAlloc
glVertex2f
glBegin
glEnd
ReadGlobalPwrPolicy
RpcBindingFree
RpcStringFreeA
RpcStringBindingComposeA
RpcBindingFromStringBindingA
SetupDiEnumDeviceInterfaces
SetupDiGetDeviceRegistryPropertyA
SetupDiGetClassDevsA
SetupDiGetDeviceInterfaceDetailA
SetupDiEnumDeviceInfo
SetupDiDestroyDeviceInfoList
PathRemoveFileSpecA
PathAppendA
SetFocus
MapWindowPoints
SetWindowRgn
GetUpdateRgn
EndDialog
BeginPaint
OffsetRect
RegisterWindowMessageA
DefWindowProcA
SetWindowPos
GetSystemMetrics
DestroyIcon
GetWindowRect
InflateRect
EnableWindow
SetMenu
GetDlgItemTextA
MessageBoxA
DialogBoxParamA
GetWindow
GetDC
InsertMenuItemA
GetCursorPos
ReleaseDC
CreatePopupMenu
SendMessageW
PtInRect
SendMessageA
GetClientRect
GetDlgItem
SetRect
GetClassNameW
GetWindowTextLengthA
CreateWindowExA
LoadCursorA
LoadIconA
TrackPopupMenu
GetKeyboardLayout
FillRect
IsDlgButtonChecked
GetSysColorBrush
LoadImageA
CreateWindowExW
EndPaint
RegisterClassExA
SetCursor
EndPagePrinter
DeletePrinterDriverA
StartPagePrinter
StartDocPrinterA
OpenPrinterA
DeletePrinter
GetPrinterDataA
AddPrinterDriverA
WritePrinter
EndDocPrinter
AddPrinterA
ClosePrinter
inet_addr
htons
connect
gethostbyaddr
Number of PE resources by type
RT_DIALOG 8
RT_GROUP_CURSOR 2
RT_CURSOR 2
RT_MANIFEST 1
RT_MENU 1
RT_BITMAP 1
Number of PE resources by language
ENGLISH US 15
PE resources
ExifTool file metadata
MIMEType
application/octet-stream

Subsystem
Windows GUI

MachineType
Intel 386 or later, and compatibles

FileTypeExtension
exe

TimeStamp
2016:08:15 13:34:34+01:00

FileType
Win32 EXE

PEType
PE32

CodeSize
111104

LinkerVersion
9.0

EntryPoint
0x77e7

InitializedDataSize
200704

SubsystemVersion
5.0

ImageVersion
0.0

OSVersion
5.0

UninitializedDataSize
0

File identification
MD5 257be373d6a211705a26b00c3c5b9a49
SHA1 8789c24ff82f504b9bee64bdbb546ed4a776d3c1
SHA256 f14f6483ba404c50601c13f6390782562994c96a95b27ca006b69cb074a02935
ssdeep
6144:08XH84YnNGdtrqjjhccuWpf/mPTeyyl542:08XH96NGzrqjuPNyU

authentihash 6e956d6e75e52de764422af460a56829410a8d97ca31d622c4e1bb415b6a8085
imphash d252434ceb13044d5b2d41fb61738347
File size 305.5 KB ( 312832 bytes )
File type Win32 EXE
Magic literal
PE32 executable for MS Windows (GUI) Intel 80386 32-bit

TrID Win32 Executable MS Visual C++ (generic) (41.0%)
Win64 Executable (generic) (36.3%)
Win32 Dynamic Link Library (generic) (8.6%)
Win32 Executable (generic) (5.9%)
OS/2 Executable (generic) (2.6%)
Tags
peexe

VirusTotal metadata
First submission 2016-08-15 15:21:54 UTC ( 2 years, 7 months ago )
Last submission 2016-08-15 15:21:54 UTC ( 2 years, 7 months ago )
File names inst1.exe
Advanced heuristic and reputation engines
TrendMicro-HouseCall
TrendMicro's heuristic engine has flagged this file as: Suspicious_GEN.F47V0815.

No comments. No VirusTotal Community member has commented on this item yet, be the first one to do so!

Leave your comment...

?
Post comment

You have not signed in. Only registered users can leave comments, sign in and have a voice!

No votes. No one has voted on this item yet, be the first one to do so!
Condensed report! The following is a condensed report of the behaviour of the file when executed in a controlled environment. The actions and events described were either performed by the file itself or by any other process launched by the executed file or subjected to code injection by the executed file.
Opened files
Runtime DLLs
UDP communications