× Cookies are disabled! This site requires cookies to be enabled to work properly
SHA256: fc43b74389ffd23681ed0cbc85e7e6e4870b9f4cabdc37caac1ea8cdc72ac7c1
File name: b1649ab99f196c684201a01e77b04204b46f02eb
Detection ratio: 0 / 57
Analysis date: 2015-06-20 01:10:29 UTC ( 3 years, 9 months ago ) View latest
Antivirus Result Update
Ad-Aware 20150620
AegisLab 20150620
Yandex 20150619
AhnLab-V3 20150619
Alibaba 20150619
ALYac 20150620
Antiy-AVL 20150620
Arcabit 20150620
Avast 20150620
AVG 20150620
Avira (no cloud) 20150619
AVware 20150620
Baidu-International 20150619
BitDefender 20150620
Bkav 20150619
ByteHero 20150620
CAT-QuickHeal 20150619
ClamAV 20150620
CMC 20150618
Comodo 20150619
Cyren 20150620
DrWeb 20150620
Emsisoft 20150620
ESET-NOD32 20150619
F-Prot 20150619
F-Secure 20150619
Fortinet 20150619
GData 20150620
Ikarus 20150619
Jiangmin 20150618
K7AntiVirus 20150619
K7GW 20150619
Kaspersky 20150620
Kingsoft 20150620
Malwarebytes 20150620
McAfee 20150620
McAfee-GW-Edition 20150619
Microsoft 20150620
eScan 20150620
NANO-Antivirus 20150620
nProtect 20150619
Panda 20150619
Qihoo-360 20150620
Rising 20150618
Sophos AV 20150620
SUPERAntiSpyware 20150620
Symantec 20150620
Tencent 20150620
TheHacker 20150619
TotalDefense 20150619
TrendMicro 20150620
TrendMicro-HouseCall 20150619
VBA32 20150619
VIPRE 20150620
ViRobot 20150620
Zillya 20150619
Zoner 20150619
The file being studied is a Portable Executable file! More specifically, it is a Win32 EXE file for the Windows GUI subsystem.
PE header basic information
Target machine Intel 386 or later processors and compatible processors
Compilation timestamp 2015-06-19 18:22:34
Entry Point 0x000093C6
Number of sections 4
PE sections
PE imports
GetLastError
InterlockedDecrement
HeapFree
GetStdHandle
EnterCriticalSection
LCMapStringW
SetHandleCount
GetLocaleInfoW
GetModuleFileNameW
SetTapeParameters
GetConsoleCP
HeapDestroy
LCMapStringA
IsDebuggerPresent
HeapAlloc
TlsAlloc
FlushFileBuffers
GetEnvironmentStringsW
GetVersionExA
GetModuleFileNameA
RtlUnwind
LoadLibraryA
FreeEnvironmentStringsA
DeleteCriticalSection
GetCurrentProcess
EnumSystemLocalesA
GetEnvironmentStrings
GetLocaleInfoA
GetConsoleMode
HeapSize
GetCurrentProcessId
GetConsoleOutputCP
WriteConsoleW
GetCommandLineW
IsValidCodePage
GetCPInfo
UnhandledExceptionFilter
LoadLibraryExW
MultiByteToWideChar
GetStartupInfoW
FreeEnvironmentStringsW
GetCommandLineA
GetProcAddress
GetStringTypeA
GetProcessHeap
SetStdHandle
SetFilePointer
RaiseException
WideCharToMultiByte
TlsFree
GetModuleHandleA
ReadFile
SetEndOfFile
SetUnhandledExceptionFilter
WriteFile
GetStartupInfoA
CloseHandle
GetSystemTimeAsFileTime
IsValidLocale
GetACP
HeapReAlloc
GetStringTypeW
GetUserDefaultLCID
GetOEMCP
TerminateProcess
QueryPerformanceCounter
WriteConsoleA
InitializeCriticalSection
HeapCreate
CreateFileW
VirtualFree
TlsGetValue
Sleep
GetFileType
GetTickCount
TlsSetValue
CreateFileA
ExitProcess
GetCurrentThreadId
InterlockedIncrement
VirtualAlloc
SetLastError
LeaveCriticalSection
NetWkstaGetInfo
NetGetAnyDCName
NetApiBufferFree
Number of PE resources by type
RT_MANIFEST 1
Number of PE resources by language
ENGLISH US 1
PE resources
ExifTool file metadata
MIMEType
application/octet-stream

Subsystem
Windows GUI

MachineType
Intel 386 or later, and compatibles

FileTypeExtension
exe

TimeStamp
2015:06:19 19:22:34+01:00

FileType
Win32 EXE

PEType
PE32

CodeSize
249856

LinkerVersion
8.0

EntryPoint
0x93c6

InitializedDataSize
159744

SubsystemVersion
4.0

ImageVersion
0.0

OSVersion
4.0

UninitializedDataSize
0

File identification
MD5 a64b36f9ea407b53e37d7239eaae0281
SHA1 b1649ab99f196c684201a01e77b04204b46f02eb
SHA256 fc43b74389ffd23681ed0cbc85e7e6e4870b9f4cabdc37caac1ea8cdc72ac7c1
ssdeep
6144:rjJQ239vBbA5xbgODWYjKJ0qWNfz1wo/6M4jLnNKunAgcys:rjJQ239FAXTDWYjKJ0qebCM4jnFc

authentihash e2fe15578cc15434c578a928a3162cb7f142cbd234759270693f89845bd1543f
imphash 8f777e694b2cab4973a86a84817188ac
File size 324.0 KB ( 331776 bytes )
File type Win32 EXE
Magic literal
PE32 executable for MS Windows (GUI) Intel 80386 32-bit

TrID Win32 Executable MS Visual C++ (generic) (42.2%)
Win64 Executable (generic) (37.3%)
Win32 Dynamic Link Library (generic) (8.8%)
Win32 Executable (generic) (6.0%)
Generic Win/DOS Executable (2.7%)
Tags
peexe

VirusTotal metadata
First submission 2015-06-20 01:10:29 UTC ( 3 years, 9 months ago )
Last submission 2015-06-20 01:10:29 UTC ( 3 years, 9 months ago )
Advanced heuristic and reputation engines
Symantec reputation Suspicious.Insight
No comments. No VirusTotal Community member has commented on this item yet, be the first one to do so!

Leave your comment...

?
Post comment

You have not signed in. Only registered users can leave comments, sign in and have a voice!

No votes. No one has voted on this item yet, be the first one to do so!
Condensed report! The following is a condensed report of the behaviour of the file when executed in a controlled environment. The actions and events described were either performed by the file itself or by any other process launched by the executed file or subjected to code injection by the executed file.
Opened files
Read files
Written files
Created processes
Created mutexes
Opened mutexes
Runtime DLLs
Additional details
The file sends control codes directly to certain device drivers making use of the DeviceIoControl Windows API function.