× Cookies are disabled! This site requires cookies to be enabled to work properly
SHA256: fc135eb0e4d616b345e9ff2e207f0ae9988b09766097a12b35b307e78d4968fa
File name: c46e42160ccfc611effc4851b95187c7.virus
Detection ratio: 37 / 54
Analysis date: 2016-02-06 21:55:08 UTC ( 3 years ago )
Antivirus Result Update
Ad-Aware Trojan.Cripack.Gen.1 20160206
Yandex Backdoor.Androm!EKTwRtXNhGo 20160206
AhnLab-V3 Win-Trojan/Teslacrypt.Gen 20160206
Antiy-AVL Trojan[Backdoor]/Win32.Androm 20160206
Arcabit Trojan.Cripack.Gen.1 20160206
Avast Win32:Trojan-gen 20160206
AVG Zbot.AJXI 20160206
Avira (no cloud) TR/Crypt.Xpack.325149 20160206
BitDefender Trojan.Cripack.Gen.1 20160206
CAT-QuickHeal Ransome.Crowti.OB4 20160206
Comodo UnclassifiedMalware 20160206
Cyren W32/Trojan.GP.gen!Eldorado 20160206
DrWeb Trojan.DownLoader17.56371 20160206
Emsisoft Trojan.Cripack.Gen.1 (B) 20160206
ESET-NOD32 Win32/TrojanDownloader.Agent.BXE 20160206
F-Prot W32/Trojan.GP.gen!Eldorado 20160129
F-Secure Trojan.Cripack.Gen.1 20160206
Fortinet W32/Kryptik.EFKT!tr 20160206
GData Trojan.Cripack.Gen.1 20160206
Jiangmin Backdoor.Androm.bph 20160206
K7AntiVirus Trojan-Downloader ( 004d74091 ) 20160206
K7GW Trojan-Downloader ( 004d74091 ) 20160206
Kaspersky HEUR:Trojan.Win32.Generic 20160206
Malwarebytes Trojan.Zbot.Spy 20160206
McAfee GenericR-FFG!C46E42160CCF 20160206
McAfee-GW-Edition GenericR-FFG!C46E42160CCF 20160206
Microsoft TrojanSpy:Win32/Ursnif!rfn 20160206
eScan Trojan.Cripack.Gen.1 20160206
NANO-Antivirus Trojan.Win32.DownLoader17.dyvwtr 20160206
Panda Trj/Genetic.gen 20160206
Qihoo-360 QVM07.1.Malware.Gen 20160206
Rising PE:Malware.Generic(Thunder)!1.A1C4 [F] 20160206
Sophos AV Mal/Ransom-DK 20160206
Symantec PUA.Yontoo.C 20160206
TrendMicro TROJ_GEN.R00JC0DKT15 20160206
VIPRE Trojan.Win32.Generic!BT 20160206
Zillya Backdoor.Androm.Win32.30085 20160206
AegisLab 20160206
Alibaba 20160204
Baidu-International 20160206
Bkav 20160204
ByteHero 20160206
ClamAV 20160206
CMC 20160205
Ikarus 20160206
nProtect 20160205
SUPERAntiSpyware 20160206
Tencent 20160206
TheHacker 20160206
TotalDefense 20160206
TrendMicro-HouseCall 20160206
VBA32 20160204
ViRobot 20160206
Zoner 20160206
The file being studied is a Portable Executable file! More specifically, it is a Win32 EXE file for the Windows GUI subsystem.
PE header basic information
Target machine Intel 386 or later processors and compatible processors
Compilation timestamp 2007-03-06 12:23:50
Entry Point 0x000101BC
Number of sections 4
PE sections
Overlays
MD5 f70e2b7720019d27fbc00d23c28130a5
File type data
Offset 122880
Size 1110
Entropy 6.14
PE imports
RegFlushKey
LsaFreeMemory
RegSetValueExA
RegDeleteValueA
RegCreateKeyA
RegQueryInfoKeyA
AreFileApisANSI
GetSystemTimeAdjustment
FatalAppExitW
GetEnvironmentStrings
GetStartupInfoA
GetModuleHandleA
Beep
GetCPInfoExA
GetFileType
EnumResourceTypesW
GetBinaryTypeA
__p__fmode
sscanf
log
_acmdln
fputc
_adjust_fdiv
__setusermatherr
__getmainargs
_initterm
_controlfp
__p__commode
__badioinfo
__set_app_type
SHGetSettings
GetWindowThreadProcessId
LoadAcceleratorsA
CharLowerA
OpenInputDesktop
DdeUninitialize
DdeUnaccessData
CharPrevA
SetCursor
TranslateAcceleratorA
AdjustWindowRect
PostMessageA
GetCapture
GetThreadDesktop
DdePostAdvise
GetClipboardOwner
GetMenuItemInfoA
GetCursorPos
FlashWindow
GetKeyboardType
GetKeyState
Number of PE resources by type
RT_ICON 5
RT_GROUP_ICON 5
RT_DIALOG 3
RT_VERSION 1
Struct(111) 1
Number of PE resources by language
SPANISH MEXICAN 7
MACEDONIAN DEFAULT 5
ENGLISH UK 3
PE resources
ExifTool file metadata
UninitializedDataSize
0

InitializedDataSize
958464

ImageVersion
0.0

FileVersionNumber
0.249.35.153

LanguageCode
Neutral

FileFlagsMask
0x003f

FileDescription
Family

CharacterSet
Unicode

LinkerVersion
6.0

FileTypeExtension
exe

OriginalFileName
Drama.exe

MIMEType
application/octet-stream

Subsystem
Windows GUI

FileVersion
0,28,86,169

TimeStamp
2007:03:06 13:23:50+01:00

FileType
Win32 EXE

PEType
PE32

ProductVersion
0,117,109,92

SubsystemVersion
4.0

OSVersion
4.0

FileOS
Windows NT 32-bit

LegalCopyright
Diagonalised (C) 2010

MachineType
Intel 386 or later, and compatibles

CompanyName
Winstep Software Technologies

CodeSize
65536

FileSubtype
0

ProductVersionNumber
0.149.207.194

EntryPoint
0x101bc

ObjectFileType
Executable application

File identification
MD5 c46e42160ccfc611effc4851b95187c7
SHA1 69a5b371a860987835047bbd86e8428887cb8ad0
SHA256 fc135eb0e4d616b345e9ff2e207f0ae9988b09766097a12b35b307e78d4968fa
ssdeep
3072:DSDhdHcK1BLVQNMnwuUPqmbd+jkMo4INb234xiX5gitdLsDc1Qovg0LOAgkfaI:DSDhdHcK1BLVCuUPqmbd+jkr4INb234G

authentihash 3e2572b6f45406885d37a2012274d1fdefbfe3d83545fbbb0a1f10dfcea42175
imphash 94c729a34a951a2d3b1fda4e7ccfea12
File size 121.1 KB ( 123990 bytes )
File type Win32 EXE
Magic literal
PE32 executable for MS Windows (GUI) Intel 80386 32-bit

TrID Win32 Executable MS Visual C++ (generic) (42.2%)
Win64 Executable (generic) (37.3%)
Win32 Dynamic Link Library (generic) (8.8%)
Win32 Executable (generic) (6.0%)
Generic Win/DOS Executable (2.7%)
Tags
peexe overlay

VirusTotal metadata
First submission 2016-02-06 21:55:08 UTC ( 3 years ago )
Last submission 2016-02-06 21:55:08 UTC ( 3 years ago )
File names c46e42160ccfc611effc4851b95187c7.virus
No comments. No VirusTotal Community member has commented on this item yet, be the first one to do so!

Leave your comment...

?
Post comment

You have not signed in. Only registered users can leave comments, sign in and have a voice!

No votes. No one has voted on this item yet, be the first one to do so!
Condensed report! The following is a condensed report of the behaviour of the file when executed in a controlled environment. The actions and events described were either performed by the file itself or by any other process launched by the executed file or subjected to code injection by the executed file.
Opened files
Read files
Written files
Moved files
Deleted files
Created processes
Shell commands
Code injections in the following processes
Created mutexes
Opened mutexes
Opened service managers
Opened services
Runtime DLLs
DNS requests
UDP communications