× Cookies are disabled! This site requires cookies to be enabled to work properly
VirusTotal
SHA256: fb855ae7e5634f382189d60c4a5def957e21e2ae9f92025ebc067622e5e89046
File name: 76ad186af463b414356844da249c2a5f
Detection ratio: 30 / 55
Analysis date: 2015-11-14 12:01:47 UTC ( 3 years, 3 months ago )
Antivirus Result Update
Yandex Backdoor.Androm!o+bj4AFIyFs 20151113
AhnLab-V3 Trojan/Win32.Fareit 20151113
ALYac Gen:Variant.Zusy.168957 20151114
Antiy-AVL Trojan[Downloader]/Win32.Upatre 20151114
Arcabit Trojan.Zusy.D293FD 20151114
Avast Win32:Malware-gen 20151114
AVG FileCryptor.EXA 20151114
Avira (no cloud) TR/Crypt.Xpack.314705 20151114
AVware Trojan.Win32.Generic!BT 20151114
BitDefender Gen:Variant.Zusy.168957 20151114
Bkav HW32.Packed.C8CB 20151114
DrWeb Trojan.Inject2.8428 20151114
Emsisoft Gen:Variant.Zusy.168957 (B) 20151114
ESET-NOD32 a variant of Win32/Injector.CMHA 20151114
F-Secure Gen:Variant.Zusy.168957 20151114
Fortinet W32/Injector.CLZN!tr 20151114
GData Gen:Variant.Zusy.168957 20151114
K7AntiVirus Trojan ( 004d646b1 ) 20151114
K7GW Trojan ( 004d646b1 ) 20151114
Kaspersky Backdoor.Win32.Androm.iqce 20151114
Malwarebytes Ransom.CryptoWall 20151114
McAfee Artemis!76AD186AF463 20151114
McAfee-GW-Edition BehavesLike.Win32.PWSZbot.cc 20151114
eScan Gen:Variant.Zusy.168957 20151114
NANO-Antivirus Trojan.Win32.Cryptodef.dyofel 20151114
Panda Trj/Genetic.gen 20151114
Qihoo-360 HEUR/QVM07.1.Malware.Gen 20151114
Sophos AV Mal/Generic-S 20151114
VIPRE Trojan.Win32.Generic!BT 20151114
Zillya Adware.CrossRider.Win32.30295 20151114
AegisLab 20151114
Alibaba 20151114
Baidu-International 20151114
ByteHero 20151114
CAT-QuickHeal 20151114
ClamAV 20151113
CMC 20151113
Comodo 20151114
Cyren 20151114
F-Prot 20151114
Ikarus 20151114
Jiangmin 20151113
Microsoft 20151114
nProtect 20151113
Rising 20151113
SUPERAntiSpyware 20151114
Symantec 20151113
Tencent 20151114
TheHacker 20151113
TotalDefense 20151113
TrendMicro 20151114
TrendMicro-HouseCall 20151114
VBA32 20151113
ViRobot 20151114
Zoner 20151114
The file being studied is a Portable Executable file! More specifically, it is a Win32 EXE file for the Windows GUI subsystem.
PE header basic information
Target machine Intel 386 or later processors and compatible processors
Compilation timestamp 2015-11-02 19:14:33
Entry Point 0x0000229C
Number of sections 3
PE sections
Overlays
MD5 d429a837a1a5f0b623bec7de059de214
File type data
Offset 28672
Size 156162
Entropy 8.00
PE imports
[+] ADVAPI32.dll
RegQueryValueExA
[+] GDI32.dll
SelectObject
CreatePen
ExtTextOutA
PatBlt
GetCharWidthA
GetBkColor
[+] KERNEL32.dll
IsDBCSLeadByteEx
OpenProcess
GetModuleHandleA
GetModuleFileNameW
CreateFileW
GetCommState
QueryPerformanceCounter
GetDateFormatW
GetStartupInfoA
CompareStringA
DeleteFileW
FindNextFileA
GetVersionExA
GetEnvironmentVariableW
[+] MFC42.DLL
Ord(1775)
Ord(4080)
Ord(537)
Ord(4710)
Ord(2414)
Ord(3597)
Ord(354)
Ord(1641)
Ord(3136)
Ord(3507)
Ord(665)
Ord(3626)
Ord(755)
Ord(3798)
Ord(2621)
Ord(3259)
Ord(2446)
Ord(4297)
Ord(1979)
Ord(815)
Ord(922)
Ord(641)
Ord(5788)
Ord(5277)
Ord(2514)
Ord(4425)
Ord(4353)
Ord(4441)
Ord(1134)
Ord(4465)
Ord(2863)
Ord(5300)
Ord(5199)
Ord(6144)
Ord(4627)
Ord(1168)
Ord(3738)
Ord(4853)
Ord(2982)
Ord(4234)
Ord(825)
Ord(3081)
Ord(3092)
Ord(5307)
Ord(5442)
Ord(2753)
Ord(4424)
Ord(540)
Ord(4078)
Ord(2554)
Ord(6376)
Ord(1727)
Ord(823)
Ord(5186)
Ord(2379)
Ord(2725)
Ord(4998)
Ord(800)
Ord(3749)
Ord(2512)
Ord(470)
Ord(4274)
Ord(768)
Ord(5261)
Ord(4079)
Ord(1146)
Ord(3147)
Ord(2124)
Ord(6052)
Ord(283)
Ord(3262)
Ord(1576)
Ord(5065)
Ord(4407)
Ord(5773)
Ord(6877)
Ord(858)
Ord(3693)
Ord(2396)
Ord(3831)
Ord(6374)
Ord(5280)
Ord(3825)
Ord(2976)
Ord(1089)
Ord(2985)
Ord(3663)
Ord(3922)
Ord(3346)
Ord(4160)
Ord(4376)
Ord(324)
Ord(5265)
Ord(3830)
Ord(2385)
Ord(4278)
Ord(3079)
Ord(2055)
Ord(5632)
Ord(5241)
Ord(2648)
Ord(5714)
Ord(5289)
Ord(4622)
Ord(561)
Ord(4133)
Ord(4486)
Ord(4698)
Ord(5163)
Ord(4837)
Ord(4673)
Ord(5302)
Ord(5731)
Ord(3318)
[+] MSVCRT.dll
__p__fmode
malloc
__CxxFrameHandler
realloc
__dllonexit
_controlfp
strncpy
_except_handler3
_onexit
abs
exit
_XcptFilter
_ftol
__setusermatherr
__p__commode
sprintf
_adjust_fdiv
strtol
_acmdln
__getmainargs
atof
_initterm
_setmbcp
_exit
__set_app_type
[+] USER32.dll
InsertMenuA
ReleaseDC
GetSystemMetrics
IsIconic
CheckMenuItem
LoadIconA
EnableWindow
SetRect
GetClientRect
GetDlgItemTextA
SendMessageA
SetWindowTextW
GetSystemMenu
DrawIcon
AppendMenuA
InvalidateRect
SetActiveWindow
PtInRect
ExifTool file metadata
MIMEType
application/octet-stream

Subsystem
Windows GUI

MachineType
Intel 386 or later, and compatibles

TimeStamp
2015:11:02 20:14:33+01:00

FileType
Win32 EXE

PEType
PE32

CodeSize
8192

LinkerVersion
3.0

FileTypeExtension
exe

InitializedDataSize
16384

SubsystemVersion
4.0

EntryPoint
0x229c

OSVersion
4.0

ImageVersion
0.0

UninitializedDataSize
0

File identification
MD5 76ad186af463b414356844da249c2a5f
SHA1 34d96d97097250b68049459f28f6672e001803b5
SHA256 fb855ae7e5634f382189d60c4a5def957e21e2ae9f92025ebc067622e5e89046
ssdeep
3072:xp/v5sKT0gZFx3mYYmK4FuGV7D5VPV2hs8g8+x8q52rF4QTypKTCEFA1M2bPIw8t:xp3t1vx3mYYmDVPMhs8d28q52WpMC9b+

authentihash 0f3f2fc2c24352b01e1b9e5f7f5c0be61a885a681a1bc5c7ed90aa0951ddef58
imphash fd1380427ffefca21362250790f9ec10
File size 180.5 KB ( 184834 bytes )
File type Win32 EXE
Magic literal
PE32 executable for MS Windows (GUI) Intel 80386 32-bit

TrID Win32 Executable MS Visual C++ (generic) (67.3%)
Win32 Dynamic Link Library (generic) (14.2%)
Win32 Executable (generic) (9.7%)
Generic Win/DOS Executable (4.3%)
DOS Executable Generic (4.3%)
Tags
peexe overlay

VirusTotal metadata
First submission 2015-11-14 12:01:47 UTC ( 3 years, 3 months ago )
Last submission 2015-11-14 12:01:47 UTC ( 3 years, 3 months ago )
File names iexpress.exe
No comments. No VirusTotal Community member has commented on this item yet, be the first one to do so!
More comments

Leave your comment...

?
Post comment

You have not signed in. Only registered users can leave comments, sign in and have a voice!

Sign in Join the community
No votes. No one has voted on this item yet, be the first one to do so!
More votes
Condensed report! The following is a condensed report of the behaviour of the file when executed in a controlled environment. The actions and events described were either performed by the file itself or by any other process launched by the executed file or subjected to code injection by the executed file.
Opened files
Read files
Written files
Created processes
Code injections in the following processes
Opened mutexes
Runtime DLLs
Blog | Twitter | Contact us | ToS | Privacy policy