× Cookies are disabled! This site requires cookies to be enabled to work properly
SHA256: f47d3eaa60a38b5f9cba237790e9ccc12cb998db5ad388324fc387331f460d24
File name: updater.exe
Detection ratio: 21 / 56
Analysis date: 2016-10-13 05:38:25 UTC ( 2 years, 4 months ago )
Antivirus Result Update
Ad-Aware Gen:Variant.Mikey.54459 20161013
AhnLab-V3 Trojan/Win32.MDA.N2129503368 20161012
Arcabit Trojan.Mikey.DD4BB 20161013
AVG Generic_r.OFP 20161013
AVware LooksLike.Win32.Crowti.b (v) 20161013
Baidu Win32.Trojan.WisdomEyes.151026.9950.9999 20161012
BitDefender Gen:Variant.Mikey.54459 20161013
Bkav W32.FamVT.RazyNHmA.Trojan 20161012
CrowdStrike Falcon (ML) malicious_confidence_100% (D) 20160725
Cyren W32/S-e2e07e9d!Eldorado 20161013
Emsisoft Gen:Variant.Mikey.54459 (B) 20161013
ESET-NOD32 a variant of Win32/Kryptik.FHVX 20161013
F-Prot W32/S-e2e07e9d!Eldorado 20161013
F-Secure Gen:Variant.Mikey.54459 20161013
GData Gen:Variant.Mikey.54459 20161013
Sophos ML ransom.win32.tescrypt.d 20160928
Kaspersky UDS:DangerousObject.Multi.Generic 20161013
McAfee-GW-Edition BehavesLike.Win32.PWSZbot.dh 20161013
eScan Gen:Variant.Mikey.54459 20161013
Qihoo-360 HEUR/QVM09.0.7338.Malware.Gen 20161013
VIPRE LooksLike.Win32.Crowti.b (v) 20161013
AegisLab 20161013
Alibaba 20161013
ALYac 20161013
Antiy-AVL 20161013
Avast 20161013
Avira (no cloud) 20161012
CAT-QuickHeal 20161012
ClamAV 20161013
CMC 20161013
Comodo 20161013
DrWeb 20161013
Fortinet 20161013
Ikarus 20161012
Jiangmin 20161012
K7AntiVirus 20161012
K7GW 20161013
Kingsoft 20161013
Malwarebytes 20161013
McAfee 20161013
Microsoft 20161013
NANO-Antivirus 20161013
nProtect 20161013
Panda 20161012
Rising 20161013
Sophos AV 20161013
SUPERAntiSpyware 20161013
Symantec 20161013
Tencent 20161013
TheHacker 20161011
TrendMicro 20161013
TrendMicro-HouseCall 20161013
VBA32 20161012
ViRobot 20161013
Yandex 20161011
Zillya 20161012
Zoner 20161013
The file being studied is a Portable Executable file! More specifically, it is a Win32 EXE file for the Windows GUI subsystem.
PE header basic information
Target machine Intel 386 or later processors and compatible processors
Compilation timestamp 2016-10-13 04:01:23
Entry Point 0x000045E8
Number of sections 4
PE sections
PE imports
InitCommonControlsEx
GetFileTitleW
GetLastError
HeapFree
GetStdHandle
EnterCriticalSection
LCMapStringW
SetHandleCount
CompareStringA
GetModuleFileNameW
GetConsoleCP
GetOEMCP
QueryPerformanceCounter
IsDebuggerPresent
ExitProcess
TlsAlloc
FlushFileBuffers
GetEnvironmentStringsW
GetVersionExA
GetModuleFileNameA
RtlUnwind
LoadLibraryA
FreeEnvironmentStringsA
DeleteCriticalSection
GetCurrentProcess
GetDateFormatA
GetEnvironmentStrings
GetConsoleMode
GetLocaleInfoA
GetCurrentProcessId
GetConsoleOutputCP
LockResource
LCMapStringA
GetCPInfo
UnhandledExceptionFilter
TlsGetValue
MultiByteToWideChar
HeapSize
FreeEnvironmentStringsW
GetCommandLineA
GetProcAddress
SetEnvironmentVariableA
GetStringTypeA
GetProcessHeap
SetStdHandle
SetFilePointer
RaiseException
WriteConsoleW
WideCharToMultiByte
TlsFree
GetModuleHandleA
SetUnhandledExceptionFilter
WriteFile
GetStartupInfoA
GetTimeFormatA
GetSystemTimeAsFileTime
GetACP
HeapReAlloc
GetStringTypeW
GetSystemDEPPolicy
HeapDestroy
CreateFileA
CompareStringW
TerminateProcess
SizeofResource
GetTimeZoneInformation
WriteConsoleA
InitializeCriticalSection
LoadResource
FindResourceW
VirtualFree
InterlockedDecrement
Sleep
GetFileType
GetTickCount
TlsSetValue
CloseHandle
HeapAlloc
GetCurrentThreadId
InterlockedIncrement
VirtualAlloc
HeapCreate
SetLastError
LeaveCriticalSection
SHGetFolderPathW
ShellExecuteW
SHGetPathFromIDListW
DragFinish
PathIsUNCW
PathStripToRootW
PathAddBackslashW
PathFindExtensionW
PathFindFileNameW
SetFocus
GetParent
EndDialog
LoadBitmapW
wvsprintfW
DestroyIcon
DialogBoxParamW
wvsprintfA
SendDlgItemMessageW
GetDlgItemTextW
PostMessageW
GetSysColor
SetDlgItemTextW
GetDC
ReleaseDC
SendMessageW
IsWindowVisible
GetClassNameW
OemToCharA
WaitForInputIdle
LoadIconW
SetForegroundWindow
CharToOemA
DocumentPropertiesW
ClosePrinter
OpenPrinterW
Number of PE resources by type
RT_MANIFEST 1
Number of PE resources by language
ARABIC UAE 1
PE resources
ExifTool file metadata
MIMEType
application/octet-stream

Subsystem
Windows GUI

MachineType
Intel 386 or later, and compatibles

TimeStamp
2016:10:13 05:01:23+01:00

FileType
Win32 EXE

PEType
PE32

CodeSize
70656

LinkerVersion
9.0

FileTypeExtension
exe

InitializedDataSize
144896

SubsystemVersion
5.0

EntryPoint
0x45e8

OSVersion
5.0

ImageVersion
0.0

UninitializedDataSize
0

File identification
MD5 ab25b73f7a381e7a9a530edc99109462
SHA1 106a87c7346f75a3683b47fd68ae20697c75b764
SHA256 f47d3eaa60a38b5f9cba237790e9ccc12cb998db5ad388324fc387331f460d24
ssdeep
3072:ubpQ8CEtJTqmfgpmaFVdYk6e4qk4SkZtmf1vf91G2w+1/gzUaA+b:uNQqJTlymabKk6efkNkETG2B1q7

authentihash a2cf707b356afda18b5f151a20f5ae8c3e5fcc0c1c1d3272f0fad187b4906d87
imphash 877d5eb63e634b1fcc67505674d893ff
File size 211.5 KB ( 216576 bytes )
File type Win32 EXE
Magic literal
PE32 executable for MS Windows (GUI) Intel 80386 32-bit

TrID Win32 Executable MS Visual C++ (generic) (42.2%)
Win64 Executable (generic) (37.3%)
Win32 Dynamic Link Library (generic) (8.8%)
Win32 Executable (generic) (6.0%)
Generic Win/DOS Executable (2.7%)
Tags
peexe

VirusTotal metadata
First submission 2016-10-13 05:38:25 UTC ( 2 years, 4 months ago )
Last submission 2016-10-13 05:38:25 UTC ( 2 years, 4 months ago )
File names Updater.exe
AB25B73F7A381E7A9A530EDC99109462
updater.exe
No comments. No VirusTotal Community member has commented on this item yet, be the first one to do so!

Leave your comment...

?
Post comment

You have not signed in. Only registered users can leave comments, sign in and have a voice!

No votes. No one has voted on this item yet, be the first one to do so!
Condensed report! The following is a condensed report of the behaviour of the file when executed in a controlled environment. The actions and events described were either performed by the file itself or by any other process launched by the executed file or subjected to code injection by the executed file.
Opened files
Created processes
Code injections in the following processes
Created mutexes
Opened mutexes
Runtime DLLs
UDP communications