× Cookies are disabled! This site requires cookies to be enabled to work properly
SHA256: fcca1e2c27e8a916db837ce6d6692fc9caf214add5564c0269ae391affbd9289
File name: c48f.tmp
Detection ratio: 22 / 56
Analysis date: 2016-10-04 09:24:46 UTC ( 2 years, 5 months ago ) View latest
Antivirus Result Update
Ad-Aware Gen:Variant.Razy.93543 20161004
AhnLab-V3 Trojan/Win32.Inject.C1555333 20161003
ALYac Gen:Variant.Razy.93543 20160930
Antiy-AVL Trojan[Backdoor]/Win32.Androm 20161004
Arcabit Trojan.Razy.D16D67 20161004
AVG Generic_r.NFI 20161004
BitDefender Gen:Variant.Razy.93543 20161004
CrowdStrike Falcon (ML) malicious_confidence_100% (D) 20160725
DrWeb Trojan.DownLoader22.49707 20161004
Emsisoft Gen:Variant.Razy.93543 (B) 20161004
ESET-NOD32 a variant of Win32/Injector.DFJT 20161004
F-Secure Gen:Variant.Razy.93543 20161004
Fortinet W32/Generic.AP.10C174!tr 20161004
GData Gen:Variant.Razy.93543 20161004
Sophos ML virus.win32.sality.at 20160928
Jiangmin Backdoor.Androm.kgb 20161004
McAfee-GW-Edition BehavesLike.Win32.Downloader.dc 20161004
eScan Gen:Variant.Razy.93543 20161004
Qihoo-360 HEUR/QVM07.1.0000.Malware.Gen 20161004
Rising Malware.Generic!XSC0j2yhLmP@1 (thunder) 20161004
Sophos AV Mal/Zbot-UM 20161004
VBA32 Heur.Malware-Cryptor.Hlux 20161003
AegisLab 20161004
Alibaba 20161003
Avast 20161004
Avira (no cloud) 20161004
AVware 20161004
Baidu 20161001
Bkav 20161003
CAT-QuickHeal 20161003
ClamAV 20161004
CMC 20161003
Comodo 20161004
Cyren 20161004
F-Prot 20161004
Ikarus 20161004
K7AntiVirus 20161004
K7GW 20161004
Kaspersky 20161004
Kingsoft 20161004
Malwarebytes 20161004
McAfee 20161004
Microsoft 20161004
NANO-Antivirus 20161004
nProtect 20161004
Panda 20161002
SUPERAntiSpyware 20161004
Symantec 20161004
Tencent 20161004
TheHacker 20161001
TrendMicro 20161004
TrendMicro-HouseCall 20161004
VIPRE 20161004
ViRobot 20161004
Yandex 20161003
Zillya 20161003
Zoner 20161004
The file being studied is a Portable Executable file! More specifically, it is a Win32 EXE file for the Windows GUI subsystem.
PE header basic information
Target machine Intel 386 or later processors and compatible processors
Compilation timestamp 2016-09-05 16:23:13
Entry Point 0x00006A38
Number of sections 4
PE sections
PE imports
LocalFree
LocalLock
LoadLibraryA
GetSystemDirectoryA
LocalAlloc
LocalUnlock
GetModuleHandleW
FreeLibrary
GetStartupInfoW
CreateFileA
GetModuleFileNameA
GetFileSize
MoveFileExA
GetProcAddress
CloseHandle
Ord(3820)
Ord(5285)
Ord(1197)
Ord(5296)
Ord(537)
Ord(5298)
Ord(2977)
Ord(4418)
Ord(3826)
Ord(5193)
Ord(2971)
Ord(4667)
Ord(4075)
Ord(535)
Ord(825)
Ord(5710)
Ord(755)
Ord(5727)
Ord(2546)
Ord(3733)
Ord(2388)
Ord(5303)
Ord(2717)
Ord(858)
Ord(4616)
Ord(268)
Ord(561)
Ord(4269)
Ord(2371)
Ord(4459)
Ord(4480)
Ord(4229)
Ord(5175)
Ord(3825)
Ord(3131)
Ord(912)
Ord(1970)
Ord(4074)
Ord(815)
Ord(5186)
Ord(1089)
Ord(3257)
Ord(922)
Ord(317)
Ord(2504)
Ord(2980)
Ord(1680)
Ord(3254)
Ord(1165)
Ord(3341)
Ord(860)
Ord(800)
Ord(656)
Ord(6371)
Ord(1569)
Ord(470)
Ord(3076)
Ord(4692)
Ord(503)
Ord(3074)
Ord(3142)
Ord(635)
Ord(3917)
_except_handler3
__p__fmode
strstr
_adjust_fdiv
__CxxFrameHandler
??1type_info@@UAE@XZ
__p__commode
strchr
__dllonexit
_onexit
__wgetmainargs
__setusermatherr
exit
_XcptFilter
_initterm
_controlfp
_wcmdln
_exit
__set_app_type
wsprintfA
GetSystemMetrics
SendMessageW
DrawIcon
FindWindowW
GetClientRect
IsIconic
MessageBoxA
Number of PE resources by type
RT_ICON 4
NMKEFG 1
RT_DIALOG 1
RT_GROUP_ICON 1
Number of PE resources by language
NEUTRAL 6
FRENCH SWISS 1
PE resources
ExifTool file metadata
MIMEType
application/octet-stream

Subsystem
Windows GUI

MachineType
Intel 386 or later, and compatibles

FileTypeExtension
exe

TimeStamp
2016:09:05 17:23:13+01:00

FileType
Win32 EXE

PEType
PE32

CodeSize
28672

LinkerVersion
6.0

EntryPoint
0x6a38

InitializedDataSize
180224

SubsystemVersion
4.0

ImageVersion
0.0

OSVersion
4.0

UninitializedDataSize
0

Execution parents
Compressed bundles
File identification
MD5 933d6c55f2b65e8c85389eb20b4d4c30
SHA1 7459062e66822d3d139625b01b4c59faae09cd73
SHA256 fcca1e2c27e8a916db837ce6d6692fc9caf214add5564c0269ae391affbd9289
ssdeep
3072:5nqpMY2LyKJ55cY011Nz0y6ZUx6qydzDZAfU7u3HkV8JdyvXxzaErxuGvJjB5J9C:xW72LVvFhUMzDZN7soXxe8xBjz2T1Qtm

authentihash 1f9af93b36ebdd0600ddab5cfc6168d0a4b4cefa30baf8297d0cd5f10e6e10e1
imphash 4f81a4d8c95f29cb03c88ff91ad8e7e8
File size 208.0 KB ( 212992 bytes )
File type Win32 EXE
Magic literal
PE32 executable for MS Windows (GUI) Intel 80386 32-bit

TrID Win32 Executable MS Visual C++ (generic) (46.3%)
Win64 Executable (generic) (41.0%)
Win32 Executable (generic) (6.6%)
Generic Win/DOS Executable (2.9%)
DOS Executable Generic (2.9%)
Tags
peexe

VirusTotal metadata
First submission 2016-10-04 09:24:46 UTC ( 2 years, 5 months ago )
Last submission 2017-10-29 02:15:42 UTC ( 1 year, 4 months ago )
File names 933d6c55f2b65e8c85389eb20b4d4c30.virobj
virussign.com_933d6c55f2b65e8c85389eb20b4d4c30.vir
c48f.tmp
virussign.com_933d6c55f2b65e8c85389eb20b4d4c30.exe
virus (47).exe
No comments. No VirusTotal Community member has commented on this item yet, be the first one to do so!

Leave your comment...

?
Post comment

You have not signed in. Only registered users can leave comments, sign in and have a voice!

No votes. No one has voted on this item yet, be the first one to do so!
Condensed report! The following is a condensed report of the behaviour of the file when executed in a controlled environment. The actions and events described were either performed by the file itself or by any other process launched by the executed file or subjected to code injection by the executed file.
DNS requests
UDP communications