× Cookies are disabled! This site requires cookies to be enabled to work properly
SHA256: f9593b2e0ffdf57e5ced9659cff221ab24d54a59152c2f4f388c82c86836c0d3
File name: e113bf1d39d3faf58983bd225f0a9410.mal
Detection ratio: 15 / 58
Analysis date: 2017-02-11 19:28:11 UTC ( 2 years, 2 months ago )
Antivirus Result Update
Avast Win32:Malware-gen 20170211
Avira (no cloud) TR/Crypt.Xpack.jxnyc 20170211
Baidu Win32.Trojan.WisdomEyes.16070401.9500.9999 20170210
CrowdStrike Falcon (ML) malicious_confidence_100% (D) 20170130
DrWeb Trojan.DownLoader23.53417 20170211
Endgame malicious (high confidence) 20170208
ESET-NOD32 a variant of Win32/Kryptik.FOBQ 20170211
Fortinet W32/Kryptik.FOBQ!tr 20170211
Sophos ML backdoor.win32.zegost.ad 20170203
Kaspersky Trojan-Banker.Win32.CoreBot.db 20170211
Qihoo-360 HEUR/QVM20.1.0000.Malware.Gen 20170211
Rising Malware.Generic!6e4XAAEia9J@2 (thunder) 20170211
Symantec Trojan.Cridex 20170211
TrendMicro TROJ_GEN.R00JC0OBB17 20170211
TrendMicro-HouseCall TROJ_GEN.R00JC0OBB17 20170211
Ad-Aware 20170211
AegisLab 20170211
AhnLab-V3 20170211
Alibaba 20170122
ALYac 20170211
Antiy-AVL 20170211
Arcabit 20170211
AVG 20170211
AVware 20170211
BitDefender 20170211
Bkav 20170211
CAT-QuickHeal 20170211
ClamAV 20170211
CMC 20170211
Comodo 20170211
Cyren 20170211
Emsisoft 20170211
F-Prot 20170211
F-Secure 20170211
GData 20170211
Ikarus 20170211
Jiangmin 20170211
K7AntiVirus 20170210
K7GW 20170211
Kingsoft 20170211
Malwarebytes 20170211
McAfee 20170211
McAfee-GW-Edition 20170211
Microsoft 20170211
eScan 20170211
NANO-Antivirus 20170210
nProtect 20170211
Panda 20170211
Sophos AV 20170211
SUPERAntiSpyware 20170211
Tencent 20170211
TheHacker 20170211
TotalDefense 20170211
Trustlook 20170211
VBA32 20170210
VIPRE 20170211
ViRobot 20170211
WhiteArmor 20170202
Yandex 20170210
Zillya 20170210
Zoner 20170211
The file being studied is a Portable Executable file! More specifically, it is a Win32 EXE file for the Windows command line subsystem.
FileVersionInfo properties
Copyright
© Microsoft Corporation. All rights reserved.

Product Microsoft® Windows® Operating System
Original name REGEDIT.EXE
Internal name REGEDIT
File version 6.1.7600.16385 (win7_rtm.090713-1255)
Description Registry Editor
PE header basic information
Target machine Intel 386 or later processors and compatible processors
Compilation timestamp 2001-01-13 14:08:50
Entry Point 0x0000D010
Number of sections 8
PE sections
PE imports
GetCurrentDirectoryA
GetProcAddress
GetModuleHandleA
LoadLibraryA
sprintf
strncpy
Number of PE resources by type
RT_ICON 11
RT_GROUP_ICON 5
RT_GROUP_CURSOR 1
REGINST 1
RT_CURSOR 1
MUI 1
RT_VERSION 1
Number of PE resources by language
ENGLISH US 21
PE resources
ExifTool file metadata
SubsystemVersion
5.0

LinkerVersion
197.0

ImageVersion
1.0

FileSubtype
0

FileVersionNumber
6.1.7600.16385

UninitializedDataSize
6144

LanguageCode
English (U.S.)

FileFlagsMask
0x003f

CharacterSet
Unicode

InitializedDataSize
0

EntryPoint
0xd010

OriginalFileName
REGEDIT.EXE

MIMEType
application/octet-stream

LegalCopyright
Microsoft Corporation. All rights reserved.

FileVersion
6.1.7600.16385 (win7_rtm.090713-1255)

TimeStamp
2001:01:13 15:08:50+01:00

FileType
Win32 EXE

PEType
PE32

InternalName
REGEDIT

ProductVersion
6.1.7600.16385

FileDescription
Registry Editor

OSVersion
5.0

FileOS
Windows NT 32-bit

Subsystem
Windows command line

MachineType
Intel 386 or later, and compatibles

CompanyName
Microsoft Corporation

CodeSize
22016

ProductName
Microsoft Windows Operating System

ProductVersionNumber
6.1.7600.16385

FileTypeExtension
exe

ObjectFileType
Executable application

File identification
MD5 e113bf1d39d3faf58983bd225f0a9410
SHA1 af6caf8c37b2d447b1ed7c51f4cd71e05bb3aa85
SHA256 f9593b2e0ffdf57e5ced9659cff221ab24d54a59152c2f4f388c82c86836c0d3
ssdeep
1536:y9x0yCJ1RqfLrksZHSPJFDzHTDp1JPN/NvXZ+qIa1G85vNpMkmos/UKJZzU2BI67:SxI1iwEyJFDzHTDprhNvPNTmomUozTue

authentihash 4c8bd9b4e42ca0e059c0f7eb1db3784c107ca1bf02cc5c83f385b7ada4d06d95
imphash f3408981e2449246894aa6e2c6d0a21a
File size 115.7 KB ( 118476 bytes )
File type Win32 EXE
Magic literal
PE32 executable for MS Windows (console) Intel 80386 32-bit

TrID Win32 Executable (generic) (52.9%)
Generic Win/DOS Executable (23.5%)
DOS Executable Generic (23.5%)
Tags
peexe

VirusTotal metadata
First submission 2017-02-11 19:28:11 UTC ( 2 years, 2 months ago )
Last submission 2017-02-11 19:28:11 UTC ( 2 years, 2 months ago )
File names e113bf1d39d3faf58983bd225f0a9410.mal
REGEDIT.EXE
REGEDIT
No comments. No VirusTotal Community member has commented on this item yet, be the first one to do so!

Leave your comment...

?
Post comment

You have not signed in. Only registered users can leave comments, sign in and have a voice!

No votes. No one has voted on this item yet, be the first one to do so!
Condensed report! The following is a condensed report of the behaviour of the file when executed in a controlled environment. The actions and events described were either performed by the file itself or by any other process launched by the executed file or subjected to code injection by the executed file.
Runtime DLLs
UDP communications