× Cookies are disabled! This site requires cookies to be enabled to work properly
SHA256: f9b1d0b55fdcd0d50e653efbf8c3ede547aac2614fbfe9eb6121270ce1c76976
File name: ISCSIWM.EXE
Detection ratio: 36 / 66
Analysis date: 2018-01-25 17:33:02 UTC ( 1 year, 2 months ago ) View latest
Antivirus Result Update
Ad-Aware Trojan.GenericKD.3425633 20180125
AhnLab-V3 Malware/Win32.Generic.C1507040 20180125
ALYac Trojan.GenericKD.3425633 20180125
Antiy-AVL Trojan/Win32.SGeneric 20180125
Arcabit Trojan.Generic.D344561 20180125
Avast Win32:Dropper-gen [Drp] 20180125
AVG Win32:Dropper-gen [Drp] 20180125
Avira (no cloud) TR/Dldr.Agent.cnuz 20180125
AVware Trojan.Win32.Generic!BT 20180124
BitDefender Trojan.GenericKD.3425633 20180125
CrowdStrike Falcon (ML) malicious_confidence_60% (D) 20171016
Cybereason malicious.1b8fb7 20171103
Cylance Unsafe 20180125
DrWeb BackDoor.Bifrost.20608 20180125
Emsisoft Trojan.GenericKD.3425633 (B) 20180125
ESET-NOD32 Win32/TrojanDownloader.VB.QZA 20180125
GData Trojan.GenericKD.3425633 20180125
Sophos ML heuristic 20180121
K7AntiVirus Riskware ( 0040eff71 ) 20180125
K7GW Riskware ( 0040eff71 ) 20180125
Kaspersky UDS:DangerousObject.Multi.Generic 20180125
MAX malware (ai score=81) 20180125
McAfee Artemis!F4D7ECFF220B 20180125
McAfee-GW-Edition BehavesLike.Win32.BadFile.dh 20180125
eScan Trojan.GenericKD.3425633 20180125
NANO-Antivirus Trojan.Win32.Bifrost.eeqjcd 20180125
Palo Alto Networks (Known Signatures) generic.ml 20180125
Panda Trj/CI.A 20180125
Rising Malware.Undefined!8.C (TFE:5:U6LsfctmjtR) 20180125
Sophos AV Mal/Generic-S 20180125
Symantec SecurityRisk.gen1 20180125
VIPRE Trojan.Win32.Generic!BT 20180125
Webroot W32.Trojan.Gen 20180125
Yandex Trojan.DL.VB!o1Ejz31JRkQ 20180112
Zillya Trojan.Injector.Win32.402626 20180125
ZoneAlarm by Check Point UDS:DangerousObject.Multi.Generic 20180125
AegisLab 20180125
Alibaba 20180125
Avast-Mobile 20180125
Baidu 20180124
Bkav 20180125
CAT-QuickHeal 20180125
ClamAV 20180125
CMC 20180125
Comodo 20180125
Cyren 20180125
eGambit 20180125
Endgame 20171130
F-Prot 20180125
Fortinet 20180125
Ikarus 20180125
Jiangmin 20180125
Kingsoft 20180125
Malwarebytes 20180125
Microsoft 20180125
nProtect 20180125
Qihoo-360 20180125
SentinelOne (Static ML) 20180115
SUPERAntiSpyware 20180125
Symantec Mobile Insight 20180125
Tencent 20180125
TheHacker 20180125
TotalDefense 20180125
TrendMicro 20180125
TrendMicro-HouseCall 20180125
Trustlook 20180125
VBA32 20180125
ViRobot 20180125
Zoner 20180125
The file being studied is a Portable Executable file! More specifically, it is a Win32 EXE file for the Windows GUI subsystem.
FileVersionInfo properties
PE header basic information
Target machine Intel 386 or later processors and compatible processors
Compilation timestamp 2016-07-21 04:32:58
Entry Point 0x0001577A
Number of sections 4
PE sections
PE imports
RegDeleteKeyA
RegOpenKeyA
RegCloseKey
RegQueryValueA
RegQueryValueExA
RegSetValueExA
RegCreateKeyExA
RegOpenKeyExA
RegEnumKeyA
SetMapMode
SaveDC
TextOutA
CreateFontIndirectA
GetClipBox
GetPixel
GetDeviceCaps
OffsetViewportOrgEx
DeleteDC
RestoreDC
SetBkMode
DeleteObject
BitBlt
SetTextColor
CreatePatternBrush
GetObjectA
CreateBitmap
RectVisible
GetStockObject
SetViewportOrgEx
ScaleWindowExtEx
ExtTextOutA
PtVisible
CreateCompatibleDC
ScaleViewportExtEx
SelectObject
GetTextExtentPoint32A
SetWindowExtEx
CreateSolidBrush
Escape
SetBkColor
SetViewportExtEx
CreateCompatibleBitmap
GetStdHandle
GetConsoleOutputCP
HeapDestroy
FreeEnvironmentStringsA
DeleteCriticalSection
GetCurrentProcess
GetConsoleMode
GetLocaleInfoA
LocalAlloc
SetErrorMode
FreeEnvironmentStringsW
SetStdHandle
GetCPInfo
GetStringTypeA
InterlockedExchange
WriteFile
GetSystemTimeAsFileTime
EnumResourceLanguagesA
HeapReAlloc
GetStringTypeW
FreeLibrary
LocalFree
InitializeCriticalSection
LoadResource
GlobalHandle
TlsGetValue
FormatMessageA
SetLastError
GetModuleFileNameW
GlobalFindAtomA
HeapAlloc
FlushFileBuffers
GetModuleFileNameA
UnhandledExceptionFilter
InterlockedDecrement
MultiByteToWideChar
GetModuleHandleA
GlobalAddAtomA
SetUnhandledExceptionFilter
ConvertDefaultLocale
TerminateProcess
WriteConsoleA
GlobalAlloc
GetCurrentThreadId
InterlockedIncrement
WriteConsoleW
HeapFree
EnterCriticalSection
SetHandleCount
GetOEMCP
QueryPerformanceCounter
GetTickCount
TlsAlloc
GetVersionExA
LoadLibraryA
RtlUnwind
GetStartupInfoA
GlobalDeleteAtom
GlobalLock
GetProcessHeap
GlobalReAlloc
lstrcmpA
CompareStringA
lstrcmpW
GetProcAddress
IsDebuggerPresent
GetFileType
TlsSetValue
CreateFileA
ExitProcess
LeaveCriticalSection
GetLastError
LocalReAlloc
LCMapStringW
lstrlenA
GlobalFree
GetConsoleCP
LCMapStringA
GlobalGetAtomNameA
GetThreadLocale
GetEnvironmentStringsW
GlobalUnlock
GetEnvironmentStrings
WritePrivateProfileStringA
GetCurrentProcessId
LockResource
WideCharToMultiByte
HeapSize
GetCommandLineA
GetCurrentThread
RaiseException
TlsFree
SetFilePointer
ReadFile
GlobalFlags
CloseHandle
GetACP
GetVersion
SizeofResource
HeapCreate
VirtualFree
Sleep
FindResourceA
VirtualAlloc
VariantChangeType
VariantInit
VariantClear
DragFinish
DragQueryFileA
PathFindFileNameA
PathFindExtensionA
MapWindowPoints
GetForegroundWindow
SetMenuItemBitmaps
DestroyMenu
PostQuitMessage
GetMessagePos
LoadBitmapA
SetWindowPos
IsWindow
DispatchMessageA
EndPaint
GrayStringA
GetMessageTime
SetActiveWindow
GetDC
GetCursorPos
ReleaseDC
GetDlgCtrlID
GetClassInfoA
GetMenu
UnregisterClassA
SendMessageA
GetClientRect
CallNextHookEx
LoadAcceleratorsA
ClientToScreen
GetTopWindow
GetActiveWindow
GetWindowTextA
PtInRect
GetMessageA
GetParent
UpdateWindow
SetPropA
EqualRect
GetMenuState
GetClassInfoExA
ShowWindow
GetPropA
GetDesktopWindow
EnableWindow
PeekMessageA
TranslateMessage
IsWindowEnabled
GetWindow
InsertMenuItemA
GetWindowPlacement
IsIconic
RegisterClassA
GetMenuItemCount
TabbedTextOutA
GetWindowLongA
CreateWindowExA
ShowOwnedPopups
FillRect
CopyRect
DeferWindowPos
DestroyWindow
IsChild
SetFocus
BeginPaint
OffsetRect
RegisterWindowMessageA
DefWindowProcA
GetSystemMetrics
EnableMenuItem
GetWindowRect
InflateRect
PostMessageA
ReleaseCapture
SetWindowLongA
RemovePropA
CreatePopupMenu
CheckMenuItem
GetSubMenu
GetLastActivePopup
GetDlgItem
GetMenuCheckMarkDimensions
BringWindowToTop
ScreenToClient
GetClassLongA
LoadCursorA
LoadIconA
TrackPopupMenu
SetWindowsHookExA
GetMenuItemInfoA
ValidateRect
ReuseDDElParam
GetMenuItemID
SetForegroundWindow
DrawTextA
IntersectRect
LoadMenuA
GetCapture
SetWindowTextA
DrawTextExA
GetWindowThreadProcessId
GetSysColorBrush
BeginDeferWindowPos
SetMenu
RegisterClipboardFormatA
SetRectEmpty
MessageBoxA
GetWindowDC
AdjustWindowRectEx
GetSysColor
GetKeyState
EndDeferWindowPos
SystemParametersInfoA
IsWindowVisible
UnpackDDElParam
WinHelpA
InvalidateRect
wsprintfA
TranslateAcceleratorA
CallWindowProcA
GetClassNameA
GetFocus
ModifyMenuA
UnhookWindowsHookEx
SetCursor
OpenPrinterA
DocumentPropertiesA
ClosePrinter
Number of PE resources by type
EDG 2
Number of PE resources by language
NEUTRAL 2
PE resources
ExifTool file metadata
MIMEType
application/octet-stream

Subsystem
Windows GUI

SubsystemVersion
4.0

MachineType
Intel 386 or later, and compatibles

TimeStamp
2016:07:21 06:32:58+02:00

FileType
Win32 EXE

PEType
PE32

CodeSize
159744

LinkerVersion
8.0

FileTypeExtension
exe

InitializedDataSize
61440

ImageFileCharacteristics
No relocs, Executable, 32-bit

EntryPoint
0x1577a

OSVersion
4.0

ImageVersion
0.0

UninitializedDataSize
0

File identification
MD5 f4d7ecff220b271523ae7b2981c02dfc
SHA1 a9dcbbf29c824f8e709e8bd92b51320d2c88dcb6
SHA256 f9b1d0b55fdcd0d50e653efbf8c3ede547aac2614fbfe9eb6121270ce1c76976
ssdeep
3072:RjV/8yqF/K5KhLV+uBDXQvr47Cpj2SRmKd2nFb9GbyXFwaDNkCgqEocNrPg3tNcq:r0NF/K5KhVJXQdpjHmq2FbQmLRUfy

authentihash e37c93b613660e3b11741fda337f4d128e47dae194820e5ec5fe393484fecf6d
imphash 8133bfae4cc1c3e3f13c15c8c3e9efcd
File size 220.0 KB ( 225280 bytes )
File type Win32 EXE
Magic literal
PE32 executable for MS Windows (GUI) Intel 80386 32-bit

TrID Win32 Executable MS Visual C++ (generic) (41.0%)
Win64 Executable (generic) (36.3%)
Win32 Dynamic Link Library (generic) (8.6%)
Win32 Executable (generic) (5.9%)
OS/2 Executable (generic) (2.6%)
Tags
peexe

VirusTotal metadata
First submission 2018-01-25 17:33:02 UTC ( 1 year, 2 months ago )
Last submission 2018-01-25 17:33:02 UTC ( 1 year, 2 months ago )
File names ISCSIWM.EXE
No comments. No VirusTotal Community member has commented on this item yet, be the first one to do so!

Leave your comment...

?
Post comment

You have not signed in. Only registered users can leave comments, sign in and have a voice!

No votes. No one has voted on this item yet, be the first one to do so!
Condensed report! The following is a condensed report of the behaviour of the file when executed in a controlled environment. The actions and events described were either performed by the file itself or by any other process launched by the executed file or subjected to code injection by the executed file.
Created processes
Opened mutexes
Hooking activity
Runtime DLLs
Additional details
The file installs an application-defined hook procedure into a hook chain. You would install a hook procedure to monitor the system for certain types of events. These events are associated either with a specific thread or with all threads in the same desktop as the calling thread. This is done making use of the SetWindowsHook Windows API function.