× Cookies are disabled! This site requires cookies to be enabled to work properly
SHA256: fc549de0802e85f8e2daa8dfe6a88d0b20d42d5c743ac229937e4d410bbfe3f9
File name: 69084189d49e91ede0614b95bbf6e203
Detection ratio: 27 / 56
Analysis date: 2016-08-18 17:56:32 UTC ( 2 years, 7 months ago )
Antivirus Result Update
Ad-Aware Gen:Variant.Razy.89583 20160818
AhnLab-V3 Trojan/Win32.MDA.N2080689269 20160818
ALYac Gen:Variant.Razy.89583 20160818
Arcabit Trojan.Razy.D15DEF 20160818
AVG Downloader.Generic14.BDDA 20160818
Avira (no cloud) TR/Crypt.ZPACK.egxa 20160818
Baidu Win32.Trojan.WisdomEyes.151026.9950.9998 20160818
BitDefender Gen:Variant.Razy.89583 20160818
Bkav HW32.Packed.FD13 20160818
Cyren W32/Trojan.MBSD-4831 20160818
DrWeb Trojan.Inject2.26945 20160818
Emsisoft Gen:Variant.Razy.89583 (B) 20160818
ESET-NOD32 Win32/TrojanDownloader.Agent.CFH 20160818
F-Secure Gen:Variant.Razy.89583 20160818
GData Gen:Variant.Razy.89583 20160818
K7GW Hacktool ( 655367771 ) 20160818
Malwarebytes Ransom.Locky.Generic 20160818
McAfee Artemis!69084189D49E 20160818
McAfee-GW-Edition BehavesLike.Win32.PWSZbot.cc 20160818
Microsoft Trojan:Win32/Dorv.D!rfn 20160818
eScan Gen:Variant.Razy.89583 20160818
Panda Trj/Inject.BO 20160818
Qihoo-360 HEUR/QVM20.1.0000.Malware.Gen 20160818
Rising Malware.XPACK-HIE/Heur!1.9C48 20160818
Sophos AV Mal/Generic-S 20160818
TrendMicro TROJ_GEN.R011C0DHI16 20160818
TrendMicro-HouseCall TROJ_GEN.R011C0DHI16 20160818
AegisLab 20160818
Alibaba 20160818
Antiy-AVL 20160818
Avast 20160818
AVware 20160818
CAT-QuickHeal 20160818
ClamAV 20160818
CMC 20160818
Comodo 20160818
F-Prot 20160818
Fortinet 20160818
Ikarus 20160818
Jiangmin 20160818
K7AntiVirus 20160818
Kaspersky 20160818
Kingsoft 20160818
NANO-Antivirus 20160818
nProtect None
SUPERAntiSpyware 20160818
Symantec 20160818
Tencent 20160818
TheHacker 20160817
TotalDefense 20160818
VBA32 20160818
VIPRE 20160818
ViRobot 20160818
Yandex 20160818
Zillya 20160817
Zoner 20160818
The file being studied is a Portable Executable file! More specifically, it is a Win32 EXE file for the Windows GUI subsystem.
Packers identified
PEiD Ste@lth PE 1.01 -> BGCorp
PE header basic information
Target machine Intel 386 or later processors and compatible processors
Compilation timestamp 2012-07-14 10:54:05
Entry Point 0x00006943
Number of sections 4
PE sections
PE imports
CoCreateActivity
CoLoadServices
CoEnterServiceDomain
CryptUnprotectData
CertControlStore
CertAddStoreToCollection
CertDuplicateStore
CertFreeCRLContext
CryptDecodeMessage
CertNameToStrW
CertStrToNameA
CertFindAttribute
CryptMsgClose
CertOpenSystemStoreA
CertSetStoreProperty
CryptSignMessage
CertGetStoreProperty
GetModuleHandleA
GetLocaleInfoA
GetStringTypeW
CompareStringW
WriteProfileStringA
WaitForSingleObject
lstrlenW
LocalFileTimeToFileTime
InterlockedDecrement
GetTickCount
lstrcpynA
FindNextFileA
GetProfileStringA
GetTapePosition
HeapReAlloc
DecodePointer
GetProcAddress
OpenJobObjectA
NDdeShareGetInfoA
NDdeShareEnumA
NDdeShareSetInfoA
NDdeShareAddA
SHGetFolderLocation
SHQueryRecycleBinW
SHGetDataFromIDListW
SHLoadInProc
SHAddToRecentDocs
DragQueryFileW
ExtractAssociatedIconW
SheChangeDirA
SHBrowseForFolderA
SHGetDriveMedia
SHFreeNameMappings
SHCreateDirectoryExW
SHGetFolderPathW
Shell_NotifyIconA
Number of PE resources by type
YRA 1
RT_VERSION 1
Number of PE resources by language
NEUTRAL 2
PE resources
Debug information
ExifTool file metadata
MIMEType
application/octet-stream

Subsystem
Windows GUI

MachineType
Intel 386 or later, and compatibles

FileTypeExtension
exe

TimeStamp
2012:07:14 11:54:05+01:00

FileType
Win32 EXE

PEType
PE32

CodeSize
110080

LinkerVersion
6.0

Warning
Possibly corrupt Version resource

EntryPoint
0x6943

InitializedDataSize
6656

SubsystemVersion
4.0

ImageVersion
0.0

OSVersion
4.0

UninitializedDataSize
0

File identification
MD5 69084189d49e91ede0614b95bbf6e203
SHA1 8d1dc886f30bf6db12b5600791bc17449571968f
SHA256 fc549de0802e85f8e2daa8dfe6a88d0b20d42d5c743ac229937e4d410bbfe3f9
ssdeep
3072:s9205zM1VK1hEAnUR8XdTY5EnytKRHP3AyEZH9:s920a1VK1hEAnUR8X7iKRH4

authentihash 8fddad081d1d4ff722f27b6b23ef4033474b294cbc1b24c41ec4bd34d681d978
imphash 3c343a04acad2ed3c86201dd7f01c56f
File size 115.0 KB ( 117760 bytes )
File type Win32 EXE
Magic literal
PE32 executable for MS Windows (GUI) Intel 80386 32-bit

TrID Win32 Dynamic Link Library (generic) (43.5%)
Win32 Executable (generic) (29.8%)
Generic Win/DOS Executable (13.2%)
DOS Executable Generic (13.2%)
Tags
peexe stealth

VirusTotal metadata
First submission 2016-08-18 17:56:32 UTC ( 2 years, 7 months ago )
Last submission 2016-08-18 17:56:32 UTC ( 2 years, 7 months ago )
No comments. No VirusTotal Community member has commented on this item yet, be the first one to do so!

Leave your comment...

?
Post comment

You have not signed in. Only registered users can leave comments, sign in and have a voice!

No votes. No one has voted on this item yet, be the first one to do so!