× Cookies are disabled! This site requires cookies to be enabled to work properly
SHA256: f6a4d840ec1b54a999a62c4debe7c5933ef8ab55d9d2f2d50c9b4a2605daec61
File name: F6A4D840EC1B54A999A62C4DEBE7C5933EF8AB55D9D2F2D50C9B4A2605DAEC61
Detection ratio: 47 / 57
Analysis date: 2016-08-28 05:02:18 UTC ( 2 years, 2 months ago ) View latest
Antivirus Result Update
Ad-Aware Gen:Variant.Razy.48334 20160828
AegisLab Uds.Dangerousobject.Multi!c 20160828
AhnLab-V3 Trojan/Win32.Upbot.N1990984511 20160827
ALYac Gen:Variant.Razy.48334 20160828
Antiy-AVL Trojan[Proxy]/Win32.Lethic 20160828
Arcabit Trojan.Razy.DBCCE 20160828
AVG Crypt_r.BYP 20160827
Avira (no cloud) TR/Crypt.Xpack.hjlu 20160827
AVware Trojan.Win32.Generic!BT 20160827
Baidu Win32.Trojan.Kryptik.aee 20160827
BitDefender Gen:Variant.Razy.48334 20160828
Bkav W32.TenxabekAC.Trojan 20160827
CAT-QuickHeal Trojan.Lethic.r4 20160827
CrowdStrike Falcon (ML) malicious_confidence_100% (W) 20160826
Cyren W32/S-fa10e215!Eldorado 20160828
DrWeb Trojan.Proxy2.159 20160828
Emsisoft Gen:Variant.Razy.48334 (B) 20160828
ESET-NOD32 a variant of Win32/Kryptik.EWIQ 20160827
F-Prot W32/S-fa10e215!Eldorado 20160828
F-Secure Gen:Variant.Razy.48334 20160828
Fortinet W32/Kryptik.EYFL!tr 20160828
GData Gen:Variant.Razy.48334 20160828
Ikarus Trojan.Win32.Injector 20160827
Sophos ML trojan.win32.kovter.c 20160826
Jiangmin Trojan.Selfdel.cab 20160828
K7AntiVirus Trojan ( 004ed8981 ) 20160828
K7GW Trojan ( 004ed8981 ) 20160828
Kaspersky HEUR:Trojan.Win32.Generic 20160827
McAfee RDN/Generic.grp 20160828
McAfee-GW-Edition RDN/Generic.grp 20160828
Microsoft Trojan:Win32/Lethic.B 20160827
eScan Gen:Variant.Razy.48334 20160828
NANO-Antivirus Trojan.Win32.Xpack.ecciqa 20160828
Panda Trj/GdSda.A 20160827
Qihoo-360 HEUR/QVM09.0.Malware.Gen 20160828
Rising Malware.Generic!8NwBvm7vEQB@5 (Thunder) 20160828
Sophos AV Mal/Generic-S 20160828
SUPERAntiSpyware Trojan.Agent/Gen-Kryptik 20160827
Symantec Heur.AdvML.C 20160828
Tencent Win32.Trojan-proxy.Lethic.Ednn 20160828
TrendMicro TROJ_GEN.R00XC0DE716 20160828
TrendMicro-HouseCall TROJ_GEN.R00XC0DE716 20160828
VBA32 TrojanProxy.Lethic 20160826
VIPRE Trojan.Win32.Generic!BT 20160828
ViRobot Trojan.Win32.Z.Lethic.102400.A[h] 20160827
Yandex Trojan.PR.Lethic!OOWiKqSqBLk 20160827
Zillya Trojan.Lethic.Win32.2301 20160826
Alibaba 20160826
Avast 20160828
ClamAV 20160827
CMC 20160824
Comodo 20160828
Kingsoft 20160828
Malwarebytes 20160828
nProtect 20160828
TheHacker 20160828
TotalDefense 20160828
Zoner 20160828
The file being studied is a Portable Executable file! More specifically, it is a Win32 EXE file for the Windows GUI subsystem.
FileVersionInfo properties
Copyright
Atanas Neshkov

Product AndroChef Java Decompiler
File version 1.0.0.7
Description AndroChef Java Decompiler
PE header basic information
Target machine Intel 386 or later processors and compatible processors
Compilation timestamp 2016-05-03 19:36:55
Entry Point 0x00007952
Number of sections 4
PE sections
PE imports
GetLastError
InterlockedDecrement
HeapFree
GetStdHandle
EnterCriticalSection
LCMapStringW
SetHandleCount
GetOEMCP
LCMapStringA
HeapDestroy
HeapAlloc
TlsAlloc
GetEnvironmentStringsW
GetVersionExA
GetModuleFileNameA
RtlUnwind
LoadLibraryA
FreeEnvironmentStringsA
DeleteCriticalSection
GetStartupInfoA
GetEnvironmentStrings
GetLocaleInfoA
GetCurrentProcessId
GetCPInfo
UnhandledExceptionFilter
TlsGetValue
MultiByteToWideChar
HeapSize
FreeEnvironmentStringsW
GetCommandLineA
GetProcAddress
TlsFree
GetProcessHeap
WideCharToMultiByte
GetStringTypeA
GetModuleHandleA
SetUnhandledExceptionFilter
WriteFile
GetCurrentProcess
GetSystemTimeAsFileTime
GetACP
HeapReAlloc
GetStringTypeW
EscapeCommFunction
TerminateProcess
QueryPerformanceCounter
InitializeCriticalSection
HeapCreate
VirtualFree
IsDebuggerPresent
Sleep
GetFileType
GetTickCount
TlsSetValue
ExitProcess
GetCurrentThreadId
InterlockedIncrement
VirtualAlloc
SetLastError
LeaveCriticalSection
ChildWindowFromPointEx
GetUserObjectInformationW
GetClipboardFormatNameA
GetWindowRgnBox
MonitorFromPoint
ExcludeUpdateRgn
GetDialogBaseUnits
IsCharUpperW
GetComboBoxInfo
IsCharAlphaNumericW
IsWindowEnabled
GetGUIThreadInfo
EnableMenuItem
GetWindowWord
GetClipboardData
Number of PE resources by type
RT_ACCELERATOR 3
RT_MANIFEST 1
RT_VERSION 1
Number of PE resources by language
ENGLISH US 3
NEUTRAL 2
PE resources
ExifTool file metadata
LegalTrademarks
Atanas Neshkov

UninitializedDataSize
0

LinkerVersion
9.0

ImageVersion
0.0

FileSubtype
0

FileVersionNumber
1.0.0.7

LanguageCode
English (U.S.)

FileFlagsMask
0x003f

CharacterSet
Windows, Latin1

InitializedDataSize
50176

EntryPoint
0x7952

MIMEType
application/octet-stream

LegalCopyright
Atanas Neshkov

FileVersion
1.0.0.7

TimeStamp
2016:05:03 20:36:55+01:00

FileType
Win32 EXE

PEType
PE32

SubsystemVersion
5.0

ProductVersion
1.0.0.7

FileDescription
AndroChef Java Decompiler

OSVersion
5.0

FileOS
Win32

Subsystem
Windows GUI

MachineType
Intel 386 or later, and compatibles

CompanyName
Atanas Neshkov

CodeSize
51200

ProductName
AndroChef Java Decompiler

ProductVersionNumber
1.0.0.7

FileTypeExtension
exe

ObjectFileType
Executable application

File identification
MD5 f2cb40d61735554e3bd5113ecb695d06
SHA1 83f83fa5ed2d84d29ca8e8be92e3e5449357738a
SHA256 f6a4d840ec1b54a999a62c4debe7c5933ef8ab55d9d2f2d50c9b4a2605daec61
ssdeep
3072:KbSOQiE6VoB44P2URnoY4MwTVan+7zo5X:KbSOQiE4oB/PbRnoY45TVzzYX

authentihash d317da8cceb8e1e3830277a021a7e2cdda5aef252c7bbbe8a56c023c9ec53860
imphash f2e006aaaa3aa3c75359ebf7fbdf0e81
File size 100.0 KB ( 102400 bytes )
File type Win32 EXE
Magic literal
PE32 executable for MS Windows (GUI) Intel 80386 32-bit

TrID Win32 EXE PECompact compressed (generic) (35.9%)
Win32 Executable MS Visual C++ (generic) (27.0%)
Win64 Executable (generic) (23.9%)
Win32 Dynamic Link Library (generic) (5.6%)
Win32 Executable (generic) (3.9%)
Tags
peexe

VirusTotal metadata
First submission 2016-05-03 23:12:38 UTC ( 2 years, 6 months ago )
Last submission 2016-05-03 23:12:38 UTC ( 2 years, 6 months ago )
File names 123lala.exe
F2CB40D61735554E3BD5113ECB695D06
seiar32.exe
F2CB40D61735554E3BD5113ECB695D06
No comments. No VirusTotal Community member has commented on this item yet, be the first one to do so!

Leave your comment...

?
Post comment

You have not signed in. Only registered users can leave comments, sign in and have a voice!

No votes. No one has voted on this item yet, be the first one to do so!
Condensed report! The following is a condensed report of the behaviour of the file when executed in a controlled environment. The actions and events described were either performed by the file itself or by any other process launched by the executed file or subjected to code injection by the executed file.
Runtime DLLs
Additional details
The file uses the IsDebuggerPresent Windows API function in order to see whether it is being debugged.