× Cookies are disabled! This site requires cookies to be enabled to work properly
SHA256: fcc4d468843907574f6d0031dc794a785398676e68a448dedb8f01851a7e0953
File name: 1
Detection ratio: 30 / 59
Analysis date: 2017-02-17 04:41:28 UTC ( 2 years ago ) View latest
Antivirus Result Update
Ad-Aware Trojan.NSIS.Androm.6 20170217
AegisLab Ml.Attribute.Gen!c 20170217
AhnLab-V3 Trojan/Win32.Cerber.R195263 20170216
Arcabit Trojan.NSIS.Androm.6 20170217
Avast Win32:Malware-gen 20170217
AVG Inject3.BWFY 20170216
Avira (no cloud) TR/AD.Cerber.cdrzn 20170216
AVware Trojan.Win32.Generic!BT 20170217
BitDefender Trojan.NSIS.Androm.6 20170217
CrowdStrike Falcon (ML) malicious_confidence_100% (W) 20170130
DrWeb Trojan.Inject2.45119 20170217
Emsisoft Trojan.NSIS.Androm.6 (B) 20170217
Endgame malicious (high confidence) 20170216
ESET-NOD32 Win32/Injector.DLGO 20170217
F-Secure Trojan.NSIS.Androm.6 20170217
Fortinet W32/Zerber.CEAR!tr 20170217
GData Trojan.NSIS.Androm.6 20170217
Ikarus Trojan.Win32.Injector 20170216
Sophos ML generic.a 20170203
Kaspersky Trojan-Ransom.Win32.Zerber.cear 20170217
Malwarebytes Ransom.Cerber 20170217
McAfee Artemis!31C1B455B7A9 20170217
McAfee-GW-Edition NSIS/ObfusRansom.r 20170216
Microsoft Trojan:Win32/Dynamer!ac 20170217
eScan Trojan.NSIS.Androm.6 20170217
Rising Trojan.Injector!8.C4 (cloud:sCrmqtzindD) 20170217
Sophos AV Mal/Cerber-Z 20170217
Symantec Ransom.Cerber 20170216
TrendMicro Possibl.546B47D6 20170217
VIPRE Trojan.Win32.Generic!BT 20170217
Alibaba 20170216
ALYac 20170217
Antiy-AVL 20170217
Baidu 20170216
Bkav 20170216
CAT-QuickHeal 20170217
ClamAV 20170217
CMC 20170216
Comodo 20170217
Cyren 20170217
F-Prot 20170217
Jiangmin 20170217
K7AntiVirus 20170216
K7GW 20170217
Kingsoft 20170217
NANO-Antivirus 20170217
nProtect 20170217
Panda 20170216
Qihoo-360 20170217
SUPERAntiSpyware 20170217
Tencent 20170217
TheHacker 20170215
TotalDefense 20170216
TrendMicro-HouseCall 20170217
Trustlook 20170217
VBA32 20170216
ViRobot 20170217
Webroot 20170217
WhiteArmor 20170215
Yandex 20170215
Zillya 20170216
Zoner 20170217
The file being studied is a Portable Executable file! More specifically, it is a Win32 EXE file for the Windows GUI subsystem.
Packers identified
F-PROT NSIS
PE header basic information
Target machine Intel 386 or later processors and compatible processors
Compilation timestamp 2014-05-11 20:05:42
Entry Point 0x00003693
Number of sections 5
PE sections
Overlays
MD5 2ecfb74a5873d69e6ba05ad1445c860d
File type data
Offset 39936
Size 204025
Entropy 8.00
PE imports
RegDeleteKeyA
RegCloseKey
RegQueryValueExA
RegSetValueExA
RegEnumKeyA
RegDeleteValueA
RegCreateKeyExA
RegOpenKeyExA
RegEnumValueA
ImageList_Create
Ord(17)
ImageList_Destroy
ImageList_AddMasked
GetDeviceCaps
SelectObject
CreateBrushIndirect
CreateFontIndirectA
SetBkMode
SetBkColor
DeleteObject
SetTextColor
GetLastError
lstrlenA
GetFileAttributesA
GlobalFree
WaitForSingleObject
GetExitCodeProcess
CopyFileA
GetTickCount
SetFileTime
GlobalUnlock
GetModuleFileNameA
DeleteFileA
LoadLibraryA
GetShortPathNameA
GetCurrentProcess
LoadLibraryExA
CompareFileTime
GetPrivateProfileStringA
WritePrivateProfileStringA
GetFileSize
lstrcatA
CreateDirectoryA
ExpandEnvironmentStringsA
GetWindowsDirectoryA
SetErrorMode
MultiByteToWideChar
GetCommandLineA
GlobalLock
SetFileAttributesA
SetFilePointer
GetTempPathA
CreateThread
lstrcmpiA
GetModuleHandleA
lstrcmpA
ReadFile
lstrcpyA
FindFirstFileA
CloseHandle
GetTempFileNameA
lstrcpynA
FindNextFileA
RemoveDirectoryA
GetSystemDirectoryA
GetDiskFreeSpaceA
GetProcAddress
SetEnvironmentVariableA
GetFullPathNameA
FreeLibrary
MoveFileA
CreateProcessA
WriteFile
GlobalAlloc
SearchPathA
FindClose
Sleep
CreateFileA
ExitProcess
GetVersion
SetCurrentDirectoryA
MulDiv
SHGetFileInfoA
SHBrowseForFolderA
SHGetSpecialFolderLocation
SHGetPathFromIDListA
ShellExecuteA
SHFileOperationA
CharPrevA
GetMessagePos
EndPaint
ReleaseDC
EndDialog
BeginPaint
FindWindowExA
PostQuitMessage
DefWindowProcA
GetClassInfoA
SetClassLongA
LoadBitmapA
SetWindowPos
GetSystemMetrics
IsWindow
AppendMenuA
GetWindowRect
DispatchMessageA
RegisterClassA
SetDlgItemTextA
MessageBoxIndirectA
LoadImageA
GetDlgItemTextA
PeekMessageA
SetWindowLongA
wvsprintfA
IsWindowEnabled
GetSysColor
CheckDlgButton
GetDC
GetAsyncKeyState
SystemParametersInfoA
CreatePopupMenu
wsprintfA
ShowWindow
SetClipboardData
OpenClipboard
IsWindowVisible
SendMessageA
DialogBoxParamA
GetClientRect
SetTimer
GetDlgItem
SetForegroundWindow
CreateDialogParamA
DrawTextA
EnableMenuItem
ScreenToClient
InvalidateRect
GetWindowLongA
SendMessageTimeoutA
CreateWindowExA
LoadCursorA
TrackPopupMenu
SetWindowTextA
FillRect
IsDlgButtonChecked
CharNextA
CallWindowProcA
GetSystemMenu
EmptyClipboard
EnableWindow
CloseClipboard
DestroyWindow
ExitWindowsEx
SetCursor
GetFileVersionInfoSizeA
GetFileVersionInfoA
VerQueryValueA
CoTaskMemFree
OleUninitialize
CoCreateInstance
OleInitialize
Number of PE resources by type
RT_DIALOG 5
RT_BITMAP 1
RT_ICON 1
RT_MANIFEST 1
RT_GROUP_ICON 1
Number of PE resources by language
ENGLISH US 9
PE resources
ExifTool file metadata
MIMEType
application/octet-stream

Subsystem
Windows GUI

MachineType
Intel 386 or later, and compatibles

TimeStamp
2014:05:11 21:05:42+01:00

FileType
Win32 EXE

PEType
PE32

CodeSize
25600

LinkerVersion
6.0

FileTypeExtension
exe

InitializedDataSize
123904

SubsystemVersion
4.0

EntryPoint
0x3693

OSVersion
4.0

ImageVersion
6.0

UninitializedDataSize
1024

File identification
MD5 31c1b455b7a9acf30dcdfe714ba9361b
SHA1 575f7a2744dc8db0cdf195fdc2346822751f8783
SHA256 fcc4d468843907574f6d0031dc794a785398676e68a448dedb8f01851a7e0953
ssdeep
6144:I0B2T/LsX1cBM0gYCfPw96DEaj5FIW8EueM9eBSLxpCdv1TWHnjeYo:0/QX90AX4ajvF8EuexB9dvxWHj0

authentihash 2b6286f20feb92925fac71bd7145868831a2ea0b2d02ad4d64b1855078bb2529
imphash 6e8d61382590dd40c74949a456292c44
File size 238.2 KB ( 243961 bytes )
File type Win32 EXE
Magic literal
PE32 executable for MS Windows (GUI) Intel 80386 32-bit

TrID NSIS - Nullsoft Scriptable Install System (94.8%)
Win32 Executable MS Visual C++ (generic) (3.4%)
Win32 Dynamic Link Library (generic) (0.7%)
Win32 Executable (generic) (0.5%)
Generic Win/DOS Executable (0.2%)
Tags
nsis peexe overlay

VirusTotal metadata
First submission 2017-02-14 20:00:42 UTC ( 2 years ago )
Last submission 2017-02-14 20:00:42 UTC ( 2 years ago )
File names 1
fcc4d468843907574f6d0031dc794a785398676e68a448dedb8f01851a7e0953
Advanced heuristic and reputation engines
No comments. No VirusTotal Community member has commented on this item yet, be the first one to do so!

Leave your comment...

?
Post comment

You have not signed in. Only registered users can leave comments, sign in and have a voice!

No votes. No one has voted on this item yet, be the first one to do so!
Condensed report! The following is a condensed report of the behaviour of the file when executed in a controlled environment. The actions and events described were either performed by the file itself or by any other process launched by the executed file or subjected to code injection by the executed file.
Opened files
Read files
Written files
Deleted files
Created processes
Code injections in the following processes
Opened mutexes
Runtime DLLs