× Cookies are disabled! This site requires cookies to be enabled to work properly
SHA256: f4f937ea027c2b9bba4a09e52bcd900162ec86162d24479c12a64f8bfe2dba58
File name: fb890a2b17cc70e0fde9ec9adc01b6b9.virus
Detection ratio: 30 / 55
Analysis date: 2016-08-09 08:20:39 UTC ( 2 years, 6 months ago )
Antivirus Result Update
Ad-Aware Gen:Variant.Razy.85704 20160809
AhnLab-V3 Downloader/Win32.Gootkit.N2071202370 20160808
ALYac Gen:Variant.Razy.85704 20160809
Arcabit Trojan.Razy.D14EC8 20160809
AVG Crypt5.CEXR 20160809
Avira (no cloud) TR/Crypt.ZPACK.gsfk 20160809
Baidu Win32.Trojan.WisdomEyes.151026.9950.9998 20160809
BitDefender Gen:Variant.Razy.85704 20160809
Bkav HW32.Packed.1C87 20160808
Cyren W32/Trojan.KYYT-0305 20160809
DrWeb Trojan.Siggen6.58358 20160809
Emsisoft Gen:Variant.Razy.85704 (B) 20160809
ESET-NOD32 Win32/TrojanDownloader.Agent.CFH 20160809
F-Secure Gen:Variant.Razy.85704 20160809
Fortinet W32/Kryptik.FDLX!tr 20160809
GData Gen:Variant.Razy.85704 20160809
K7GW Hacktool ( 655367771 ) 20160809
Kaspersky Trojan-Downloader.Win32.Gootkit.rb 20160809
Malwarebytes Trojan.ServStart 20160809
McAfee Artemis!FB890A2B17CC 20160809
McAfee-GW-Edition BehavesLike.Win32.Backdoor.cc 20160809
Microsoft TrojanDownloader:Win32/Talalpek.A 20160809
eScan Gen:Variant.Razy.85704 20160809
Panda Trj/GdSda.A 20160808
Qihoo-360 QVM20.1.Malware.Gen 20160809
Sophos AV Mal/Generic-S 20160809
Tencent Win32.Trojan-downloader.Gootkit.Efkr 20160809
TrendMicro TROJ_GEN.R021C0DH716 20160809
TrendMicro-HouseCall TROJ_GEN.R021C0DH716 20160809
Yandex Trojan.DL.Agent!+OWAl9AIi5U 20160808
AegisLab 20160809
Alibaba 20160809
Antiy-AVL 20160809
Avast 20160808
AVware 20160809
CAT-QuickHeal 20160809
ClamAV 20160809
CMC 20160804
Comodo 20160806
F-Prot 20160809
Ikarus 20160808
Jiangmin 20160809
K7AntiVirus 20160809
Kingsoft 20160809
NANO-Antivirus 20160809
nProtect 20160808
SUPERAntiSpyware 20160809
Symantec 20160809
TheHacker 20160806
TotalDefense 20160808
VBA32 20160808
VIPRE 20160809
ViRobot 20160809
Zillya 20160809
Zoner 20160809
The file being studied is a Portable Executable file! More specifically, it is a Win32 EXE file for the Windows GUI subsystem.
PE header basic information
Target machine Intel 386 or later processors and compatible processors
Compilation timestamp 2012-07-14 10:54:05
Entry Point 0x00019E0C
Number of sections 4
PE sections
PE imports
CheckADsError
CrackName
ReadFile
GetOEMCP
RemoveDirectoryA
WaitForSingleObjectEx
GetStartupInfoA
GetDateFormatA
FileTimeToLocalFileTime
GetFileSize
CreateDirectoryW
DeleteFileW
GetProcAddress
GetStringTypeA
GetProcessHeap
GetComputerNameExA
CreateHardLinkA
MoveFileExW
GetModuleHandleA
lstrcpy
WriteFile
CreateMutexW
CloseHandle
GetSystemDirectoryA
GetBinaryTypeA
GetExpandedNameW
GetNumberFormatA
OpenEventW
WriteConsoleW
InterlockedIncrement
ExtractIconA
StrChrW
DragQueryFileW
SHFree
ShellAboutA
SHUpdateImageA
DuplicateIcon
SHGetDesktopFolder
DragQueryPoint
FindExecutableW
SHFileOperationA
ShellMessageBoxA
ExtractAssociatedIconA
SHGetNewLinkInfoW
SHGetMalloc
DragFinish
SE_IsShimDll
SE_ProcessDying
SE_DllLoaded
SE_InstallBeforeInit
Number of PE resources by type
RT_RCDATA 1
RT_VERSION 1
Number of PE resources by language
NEUTRAL 2
PE resources
Debug information
ExifTool file metadata
MIMEType
application/octet-stream

Subsystem
Windows GUI

MachineType
Intel 386 or later, and compatibles

TimeStamp
2012:07:14 11:54:05+01:00

FileType
Win32 EXE

PEType
PE32

CodeSize
108544

LinkerVersion
6.0

Warning
Possibly corrupt Version resource

FileTypeExtension
exe

InitializedDataSize
7168

SubsystemVersion
4.0

EntryPoint
0x19e0c

OSVersion
4.0

ImageVersion
0.0

UninitializedDataSize
0

File identification
MD5 fb890a2b17cc70e0fde9ec9adc01b6b9
SHA1 5caa9f6e915a0c68869cd8c90a02a3a7b3faf190
SHA256 f4f937ea027c2b9bba4a09e52bcd900162ec86162d24479c12a64f8bfe2dba58
ssdeep
3072:vY0vXfjIJoWFtNhZb7u2N3mqMGkrI2V9fX:v5VwNTbLQqYIo1

authentihash 453ba33eb888b13ada143b90c352084fb5712129b3d0b4e8b86d56d86aae45f4
imphash 6ad75de1831691e0e61207c339190fe8
File size 114.0 KB ( 116736 bytes )
File type Win32 EXE
Magic literal
PE32 executable for MS Windows (GUI) Intel 80386 32-bit

TrID Win32 Dynamic Link Library (generic) (43.5%)
Win32 Executable (generic) (29.8%)
Generic Win/DOS Executable (13.2%)
DOS Executable Generic (13.2%)
Tags
peexe

VirusTotal metadata
First submission 2016-08-09 08:20:39 UTC ( 2 years, 6 months ago )
Last submission 2016-08-09 08:20:39 UTC ( 2 years, 6 months ago )
File names fb890a2b17cc70e0fde9ec9adc01b6b9.virus
No comments. No VirusTotal Community member has commented on this item yet, be the first one to do so!

Leave your comment...

?
Post comment

You have not signed in. Only registered users can leave comments, sign in and have a voice!

No votes. No one has voted on this item yet, be the first one to do so!
Condensed report! The following is a condensed report of the behaviour of the file when executed in a controlled environment. The actions and events described were either performed by the file itself or by any other process launched by the executed file or subjected to code injection by the executed file.
Opened files
Read files
Written files
Deleted files
Created processes
Code injections in the following processes
Created mutexes
Opened mutexes
Opened service managers
Opened services
Runtime DLLs
HTTP requests
DNS requests
TCP connections
UDP communications