× Cookies are disabled! This site requires cookies to be enabled to work properly
SHA256: f93a5593ccb4bc1d35a18054d8a4152b464b1c3e02f91930f4514ca2ee86810e
File name: f93a5593ccb4bc1d35a18054d8a4152b464b1c3e02f91930f4514ca2ee86810e
Detection ratio: 42 / 68
Analysis date: 2017-11-13 17:41:48 UTC ( 1 year, 5 months ago ) View latest
Antivirus Result Update
Ad-Aware Trojan.Agent.CPVH 20171113
ALYac Trojan.Agent.CPVH 20171113
Antiy-AVL Trojan/Win32.TSGeneric 20171113
Arcabit Trojan.Agent.CPVH 20171113
Avast Win32:Malware-gen 20171113
AVG Win32:Malware-gen 20171113
AVware Trojan.Win32.Generic!BT 20171113
Baidu Win32.Trojan.WisdomEyes.16070401.9500.9999 20171113
BitDefender Trojan.Agent.CPVH 20171113
Comodo TrojWare.Win32.Skeeyah.FYKD 20171113
CrowdStrike Falcon (ML) malicious_confidence_100% (D) 20171016
Cybereason malicious.478775 20171103
Cylance Unsafe 20171113
Cyren W32/Trojan.LAMO-3779 20171113
DrWeb Trojan.PWS.Siggen2.1744 20171113
eGambit Unsafe.AI_Score_99% 20171113
Emsisoft Trojan.Agent.CPVH (B) 20171113
Endgame malicious (high confidence) 20171024
ESET-NOD32 a variant of Win32/Kryptik.FYRS 20171113
F-Secure Trojan.Agent.CPVH 20171113
Fortinet W32/GenKryptik.BCFY!tr 20171113
GData Trojan.Agent.CPVH 20171113
Ikarus Trojan.Win32.Crypt 20171113
Sophos ML heuristic 20170914
Jiangmin Trojan.Refinka.aee 20171113
Kaspersky Trojan.Win32.Refinka.jak 20171113
Malwarebytes Trojan.SpamBot 20171113
MAX malware (ai score=87) 20171113
McAfee Ransomware-GIO!FEBBDBEEDB62 20171113
McAfee-GW-Edition BehavesLike.Win32.Backdoor.cc 20171113
Microsoft Trojan:Win32/Skeeyah.A!rfn 20171113
eScan Trojan.Agent.CPVH 20171113
Qihoo-360 HEUR/QVM19.1.2983.Malware.Gen 20171113
SentinelOne (Static ML) static engine - malicious 20171113
Sophos AV Mal/Generic-S 20171113
Symantec Packed.Generic.493 20171113
Tencent Suspicious.Heuristic.Gen.b.0 20171113
TrendMicro TROJ_GEN.R004C0CKD17 20171113
TrendMicro-HouseCall TROJ_GEN.R004C0CKD17 20171113
VIPRE Trojan.Win32.Generic!BT 20171113
WhiteArmor Malware.HighConfidence 20171104
ZoneAlarm by Check Point Trojan.Win32.Refinka.jak 20171113
AegisLab 20171113
AhnLab-V3 20171113
Alibaba 20170911
Avast-Mobile 20171113
Avira (no cloud) 20171113
Bkav 20171113
CAT-QuickHeal 20171113
ClamAV 20171113
CMC 20171109
F-Prot 20171113
K7AntiVirus 20171113
K7GW 20171113
Kingsoft 20171113
NANO-Antivirus 20171113
nProtect 20171113
Palo Alto Networks (Known Signatures) 20171113
Panda 20171113
Rising 20171113
SUPERAntiSpyware 20171113
Symantec Mobile Insight 20171110
TheHacker 20171112
TotalDefense 20171113
Trustlook 20171113
VBA32 20171113
ViRobot 20171113
Webroot 20171113
Yandex 20171113
Zillya 20171110
Zoner 20171113
The file being studied is a Portable Executable file! More specifically, it is a Win32 EXE file for the Windows GUI subsystem.
PE header basic information
Target machine Intel 386 or later processors and compatible processors
Compilation timestamp 2015-10-19 03:22:40
Entry Point 0x00004923
Number of sections 4
PE sections
PE imports
CryptUnprotectData
CertDeleteCRLFromStore
CertGetNameStringA
CertOpenStore
CryptMsgUpdate
CryptDecodeMessage
CertFindExtension
CryptProtectData
CertFindAttribute
CertGetCertificateChain
CertOIDToAlgId
CertDuplicateCRLContext
CertEnumSystemStore
ConnectionRead
ConnectionWrite
ConnectionVer
ConnectionError
GetNumberFormatA
UpdateResourceW
GetEnvironmentStringsA
CreateJobObjectW
GetTickCount
LoadLibraryA
GetShortPathNameA
GetConsoleTitleW
GetDateFormatW
ReadProcessMemory
CreateDirectoryW
GetCommandLineA
CopyFileExW
GetPrivateProfileStringW
CreateMutexA
CreateSemaphoreA
SetEnvironmentVariableW
lstrcmpA
GetExitCodeThread
CompareStringA
GetVolumePathNameW
SetLocalTime
GetProcAddress
GetBinaryTypeA
GetPrivateProfileSectionW
GetProfileIntW
WriteConsoleA
SetCurrentDirectoryW
OpenEventW
CreateProcessW
CreateFileA
GetCurrentThreadId
SleepEx
OpenJobObjectA
Number of PE resources by type
Struct(28) 7
Number of PE resources by language
NEUTRAL 7
PE resources
ExifTool file metadata
MIMEType
application/octet-stream

Subsystem
Windows GUI

MachineType
Intel 386 or later, and compatibles

FileTypeExtension
exe

TimeStamp
2015:10:19 04:22:40+01:00

FileType
Win32 EXE

PEType
PE32

CodeSize
20480

LinkerVersion
9.0

EntryPoint
0x4923

InitializedDataSize
126976

SubsystemVersion
4.0

ImageVersion
0.0

OSVersion
4.0

UninitializedDataSize
0

Compressed bundles
File identification
MD5 febbdbeedb62c88386e70a96ea45f6b3
SHA1 4f200ba478775ca0d6d0cd6e696b74ff62a8b145
SHA256 f93a5593ccb4bc1d35a18054d8a4152b464b1c3e02f91930f4514ca2ee86810e
ssdeep
1536:a+lk2fRXulIs+9zmrzC2PmHzoCL0zNVjxu3CP8wgkZuYZ4cfITYdV5DVObuvD09k:0UdtJm3CUace0xmCP+XA4cATYJJOA0

authentihash 2e590cf87ce81829927601892aae5c8b029c7bf17bab922d12725b9f14a57bb4
imphash 81ba1c085030b1a83a45e699795c5975
File size 148.0 KB ( 151552 bytes )
File type Win32 EXE
Magic literal
PE32 executable for MS Windows (GUI) Intel 80386 32-bit

TrID Win64 Executable (generic) (61.6%)
Win32 Dynamic Link Library (generic) (14.6%)
Win32 Executable (generic) (10.0%)
Win16/32 Executable Delphi generic (4.6%)
Generic Win/DOS Executable (4.4%)
Tags
peexe

VirusTotal metadata
First submission 2017-11-13 17:41:48 UTC ( 1 year, 5 months ago )
Last submission 2017-11-13 17:41:48 UTC ( 1 year, 5 months ago )
File names 1059-4f200ba478775ca0d6d0cd6e696b74ff62a8b145
f93a5593ccb4bc1d35a18054d8a4152b464b1c3e02f91930f4514ca2ee86810e
No comments. No VirusTotal Community member has commented on this item yet, be the first one to do so!

Leave your comment...

?
Post comment

You have not signed in. Only registered users can leave comments, sign in and have a voice!

No votes. No one has voted on this item yet, be the first one to do so!
Condensed report! The following is a condensed report of the behaviour of the file when executed in a controlled environment. The actions and events described were either performed by the file itself or by any other process launched by the executed file or subjected to code injection by the executed file.
Opened files
Read files
Written files
Created processes
Created mutexes
Opened mutexes
Runtime DLLs
UDP communications