× Cookies are disabled! This site requires cookies to be enabled to work properly
SHA256: f3b203c58c5aece0192abf481ecdbef4b334fecd07e68c6c6c9105a7b04b0f13
File name: avz00002.dta
Detection ratio: 48 / 54
Analysis date: 2017-01-08 10:14:53 UTC ( 2 years, 1 month ago )
Antivirus Result Update
Ad-Aware Trojan.GenericKD.2321724 20170108
AegisLab DangerousObject.Multi.Generic!c 20170108
AhnLab-V3 Trojan/Win32.MDA.R143652 20170107
ALYac Trojan.GenericKD.2321724 20170108
Antiy-AVL Trojan[Ransom]/Win32.Foreign 20170108
Arcabit Trojan.Generic.D236D3C 20170108
Avast Win32:Dorder-K [Trj] 20170108
AVG BackDoor.SmallX.BSQ 20170108
Avira (no cloud) TR/Crypt.Xpack.174276 20170107
AVware Worm.Win32.Dorkbot 20170108
Baidu Win32.Trojan.WisdomEyes.16070401.9500.9973 20170107
BitDefender Trojan.GenericKD.2321724 20170108
Bkav W32.TaskmanSiselapK.Trojan 20170107
CAT-QuickHeal Trojan.VBInject.C4 20170107
ClamAV Win.Trojan.Agent-1288888 20170108
Comodo UnclassifiedMalware 20170108
Cyren W32/FakeAlert.ACZ.gen!Eldorado 20170108
DrWeb Trojan.Inject1.43628 20170107
Emsisoft Trojan.GenericKD.2321724 (B) 20170108
ESET-NOD32 Win32/Dorkbot.B 20170108
F-Prot W32/FakeAlert.ACZ.gen!Eldorado 20170108
F-Secure Trojan.GenericKD.2321724 20170108
Fortinet W32/Kryptik.DNJA!tr 20170108
GData Trojan.GenericKD.2321724 20170108
Ikarus Trojan.Win32.Crypt 20170108
Sophos ML virus.win32.sality.at 20161216
Jiangmin Trojan/Foreign.aacv 20170108
K7AntiVirus Trojan ( 004c21261 ) 20170108
K7GW Trojan ( 004c21261 ) 20170108
Kaspersky HEUR:Trojan.Win32.Generic 20170108
Malwarebytes Trojan.Agent.DED 20170108
McAfee Downloader-FATI!3382C2DE226A 20170108
McAfee-GW-Edition BehavesLike.Win32.PWSZbot.dh 20170108
eScan Trojan.GenericKD.2321724 20170108
NANO-Antivirus Trojan.Win32.Inject1.dqzxbn 20170108
Panda Trj/Genetic.gen 20170107
Qihoo-360 HEUR/QVM10.1.Malware.Gen 20170108
Rising Worm.Dorkbot!8.1B4-dC8r38pkzx (cloud) 20170108
Sophos AV Mal/Wonton-BB 20170108
SUPERAntiSpyware Trojan.Agent/Gen-Dropper 20170108
Tencent Win32.Worm.Dorkbot.Ljag 20170108
TrendMicro Ransom_CRYPTESLA.SMA6 20170108
TrendMicro-HouseCall Ransom_CRYPTESLA.SMA6 20170108
VBA32 SScope.Trojan.Agent.2315 20170106
VIPRE Worm.Win32.Dorkbot 20170108
ViRobot Trojan.Win32.Kryptik.Gen.A[h] 20170107
Yandex Trojan.Foreign!/jXTnhhZ/NY 20170106
Zillya Trojan.Foreign.Win32.51538 20170104
Alibaba 20170108
CMC 20170108
CrowdStrike Falcon (ML) 20161024
Kingsoft 20170108
Microsoft 20170108
nProtect 20170108
TheHacker 20170104
Trustlook 20170108
WhiteArmor 20161221
Zoner 20170108
The file being studied is a Portable Executable file! More specifically, it is a Win32 EXE file for the Windows GUI subsystem.
FileVersionInfo properties
Copyright
Copyright (C) Pig 2003-2013

Product Pig
File version 3.0.0.5
Description Seldom hell military
PE header basic information
Target machine Intel 386 or later processors and compatible processors
Compilation timestamp 2015-04-24 07:13:31
Entry Point 0x000040C2
Number of sections 4
PE sections
PE imports
GetOpenFileNameA
CommDlgExtendedError
DeleteObject
GetLastError
InitializeCriticalSectionAndSpinCount
HeapFree
GetStdHandle
EnterCriticalSection
LCMapStringW
GetShortPathNameW
SetHandleCount
LoadLibraryA
GlobalFree
GetConsoleCP
CreateMailslotW
GetOEMCP
QueryPerformanceCounter
IsDebuggerPresent
GlobalGetAtomNameA
TlsAlloc
FlushFileBuffers
GetEnvironmentStringsW
GlobalUnlock
GetModuleFileNameA
RtlUnwind
lstrlenW
GetLocalTime
FreeEnvironmentStringsA
DeleteCriticalSection
GetStartupInfoA
GetEnvironmentStrings
GetConsoleMode
GetLocaleInfoA
GetCurrentProcessId
GetConsoleOutputCP
WriteConsoleW
SetFilePointer
GetCPInfo
UnhandledExceptionFilter
InterlockedDecrement
MultiByteToWideChar
HeapSize
SetStdHandle
FreeEnvironmentStringsW
GetCommandLineA
GlobalLock
GetStringTypeA
SetSystemTimeAdjustment
ReadFileScatter
LeaveCriticalSection
CompareStringW
QueryPerformanceFrequency
WideCharToMultiByte
TlsFree
GetModuleHandleA
lstrcmpA
ReadFile
SetUnhandledExceptionFilter
WriteFile
GetCurrentProcess
CloseHandle
GetSystemTimeAsFileTime
GetACP
HeapReAlloc
GetStringTypeW
GetModuleHandleW
ExitProcess
HeapAlloc
TerminateProcess
LCMapStringA
WriteConsoleA
IsValidCodePage
HeapCreate
CreateFileW
GlobalAlloc
VirtualFree
WriteConsoleOutputCharacterA
TlsGetValue
Sleep
GetFileType
TlsSetValue
CreateFileA
GetTickCount
GetCurrentThreadId
GetProcAddress
VirtualAlloc
SetLastError
InterlockedIncrement
Number of PE resources by type
RT_STRING 36
RT_ACCELERATOR 4
RT_GROUP_CURSOR 2
RT_CURSOR 2
RT_MESSAGETABLE 1
RT_VERSION 1
Number of PE resources by language
ENGLISH US 44
NEUTRAL 1
LITHUANIAN 1
PE resources
ExifTool file metadata
LegalTrademarks
Pig

SubsystemVersion
5.0

LinkerVersion
9.0

ImageVersion
0.0

FileSubtype
0

FileVersionNumber
4.3.0.0

LanguageCode
English (U.S.)

FileFlagsMask
0x003f

FileDescription
Seldom hell military

CharacterSet
Windows, Latin1

InitializedDataSize
148992

FileOS
Windows 16-bit

EntryPoint
0x40c2

MIMEType
application/octet-stream

LegalCopyright
Copyright (C) Pig 2003-2013

FileVersion
3.0.0.5

TimeStamp
2015:04:24 08:13:31+01:00

FileType
Win32 EXE

PEType
PE32

InternalName
Tea.exe

ProductVersion
6.0

UninitializedDataSize
0

OSVersion
5.0

OriginalFilename
Tea.exe

Subsystem
Windows GUI

MachineType
Intel 386 or later, and compatibles

CompanyName
Pile luck - www.Pig.com

CodeSize
67584

ProductName
Pig

ProductVersionNumber
3.6.0.0

FileTypeExtension
exe

ObjectFileType
Executable application

Compressed bundles
File identification
MD5 3382c2de226a5de936562ef0631106f7
SHA1 78166099b057188ea741d121b76e2f731f2c5ae9
SHA256 f3b203c58c5aece0192abf481ecdbef4b334fecd07e68c6c6c9105a7b04b0f13
ssdeep
3072:XoSRMIrFasqR/g+LvJ8se/CLtR/sR52X6r5Q50WCiDqWQLhlQRYdA:d6Rx9LLsRSq5Q5FBo0Rf

authentihash 23b3e83faf8306795f470a41fff96918e6382112326c2b91a9e4e892416ad71c
imphash 42ccc4f619a28b1c3835413983010b9e
File size 212.5 KB ( 217600 bytes )
File type Win32 EXE
Magic literal
PE32 executable for MS Windows (GUI) Intel 80386 32-bit

TrID Win32 Executable MS Visual C++ (generic) (67.4%)
Win32 Dynamic Link Library (generic) (14.2%)
Win32 Executable (generic) (9.7%)
Generic Win/DOS Executable (4.3%)
DOS Executable Generic (4.3%)
Tags
peexe usb-autorun

VirusTotal metadata
First submission 2015-04-24 08:37:16 UTC ( 3 years, 10 months ago )
Last submission 2017-01-08 10:14:53 UTC ( 2 years, 1 month ago )
File names slytz.exe
avz00002.dta
updater.exe
apachenigix.gif
abdlNWR.exe
VWhNjEJ.exe
Ankrycv.exe
Updater.exe
mhAySdj.exe
wUYdvyk.exe
t4clv.exe
rofkfb.exe
EkEKlRX.exe
1002-78166099b057188ea741d121b76e2f731f2c5ae9
F3B203C58C5AECE0192ABF481ECDBEF4B334FECD07E68C6C6C9105A7B04B0F13.EXE
Advanced heuristic and reputation engines
Symantec reputation Suspicious.Insight
No comments. No VirusTotal Community member has commented on this item yet, be the first one to do so!

Leave your comment...

?
Post comment

You have not signed in. Only registered users can leave comments, sign in and have a voice!

No votes. No one has voted on this item yet, be the first one to do so!
Condensed report! The following is a condensed report of the behaviour of the file when executed in a controlled environment. The actions and events described were either performed by the file itself or by any other process launched by the executed file or subjected to code injection by the executed file.
Opened files
Created processes
Code injections in the following processes
Created mutexes
Opened mutexes
Runtime DLLs
UDP communications