× Cookies are disabled! This site requires cookies to be enabled to work properly
SHA256: fcf53dcfe7a90f66ab597072c0e7c96119ec49d7362eec20c8907e7ed348f14f
File name: fcf53dcfe7a90f66ab597072c0e7c96119ec49d7362eec20c8907e7ed348f14f....
Detection ratio: 37 / 56
Analysis date: 2016-04-15 05:54:11 UTC ( 2 years, 10 months ago ) View latest
Antivirus Result Update
Ad-Aware Trojan.GenericKD.3152808 20160415
AegisLab Troj.W32.Waldek!c 20160415
ALYac Trojan.GenericKD.3152808 20160415
Arcabit Trojan.Generic.D301BA8 20160415
Avast Win32:Malware-gen 20160415
AVG Inject3.AJZN 20160415
Avira (no cloud) TR/Crypt.ZPACK.hliy 20160414
AVware Win32.Malware!Drop 20160415
Baidu Win32.Trojan.WisdomEyes.151026.9950.9999 20160414
BitDefender Trojan.GenericKD.3152808 20160415
Bkav HW32.Packed.14BD 20160414
CAT-QuickHeal TrojanRansom.Tescrypt.r4 20160415
Comodo TrojWare.Win32.UMal.~A 20160415
Cyren W32/Trojan.RKCL-5541 20160415
Emsisoft Trojan.GenericKD.3152808 (B) 20160415
ESET-NOD32 Win32/Dridex.AA 20160415
F-Secure Trojan.GenericKD.3152808 20160415
Fortinet W32/GenPeck.LG!tr 20160413
GData Trojan.GenericKD.3152808 20160415
Ikarus Trojan.Crypt 20160414
Jiangmin KVBASE 20160415
K7AntiVirus Riskware ( 0040eff71 ) 20160414
K7GW Riskware ( 0040eff71 ) 20160415
Kaspersky Trojan.Win32.Waldek.jvl 20160415
Malwarebytes Ransom.TeslaCrypt 20160415
McAfee Generic.xy 20160415
McAfee-GW-Edition BehavesLike.Win32.PWSZbot.dh 20160415
Microsoft Ransom:Win32/Tescrypt 20160415
eScan Trojan.GenericKD.3152808 20160415
Panda Trj/GdSda.A 20160414
Qihoo-360 HEUR/QVM07.1.Malware.Gen 20160415
Rising PE:Malware.XPACK-HIE/Heur!1.9C48 [F] 20160415
Sophos AV Troj/Agent-ARES 20160414
Symantec Trojan.Cridex 20160415
TrendMicro Ransom_CRYPTESLA.YUYAKQ 20160415
TrendMicro-HouseCall Ransom_CRYPTESLA.YUYAKQ 20160415
VIPRE Win32.Malware!Drop 20160415
AhnLab-V3 20160414
Alibaba 20160415
Antiy-AVL 20160415
Baidu-International 20160414
ClamAV 20160414
CMC 20160412
DrWeb 20160415
F-Prot 20160415
Kingsoft 20160415
NANO-Antivirus 20160415
SUPERAntiSpyware 20160415
Tencent 20160415
TheHacker 20160414
TotalDefense 20160415
VBA32 20160414
ViRobot 20160415
Yandex 20160414
Zillya 20160415
Zoner 20160415
The file being studied is a Portable Executable file! More specifically, it is a Win32 EXE file for the Windows command line subsystem.
PE header basic information
Target machine Intel 386 or later processors and compatible processors
Compilation timestamp 2015-06-06 20:51:31
Entry Point 0x000260AE
Number of sections 4
PE sections
PE imports
RegRestoreKeyA
RegNotifyChangeKeyValue
OpenServiceA
QueryServiceConfigA
RegSetValueA
OpenServiceW
QueryServiceConfigW
GetServiceKeyNameA
DeleteService
RegSetValueW
UnlockServiceDatabase
LsaOpenPolicy
CloseServiceHandle
RegisterEventSourceW
RegSetValueExA
LsaClose
QueryServiceStatus
SetServiceStatus
OpenEventLogA
GetOldestEventLogRecord
ChangeServiceConfig2A
ClearEventLogA
RegDeleteValueA
NotifyChangeEventLog
NotifyBootConfigStatus
InitiateSystemShutdownA
CreateProcessAsUserA
CloseEventLog
RegisterServiceCtrlHandlerW
RegDeleteValueW
LockServiceDatabase
DeregisterEventSource
LsaAddAccountRights
OpenEventLogW
ReadEventLogW
GetNumberOfEventLogRecords
IsTextUnicode
RegisterServiceCtrlHandlerA
LsaRetrievePrivateData
LsaQueryInformationPolicy
ReadEventLogA
StartServiceW
RegSetValueExW
PrivilegeCheck
OpenSCManagerW
LsaNtStatusToWinError
BackupEventLogA
CreateServiceA
QueryServiceLockStatusW
EnumServicesStatusW
EqualSid
OpenSCManagerA
ChangeServiceConfigW
ReportEventA
GetSystemTimeAdjustment
GetStartupInfoA
GetProcessAffinityMask
FileTimeToDosDateTime
GetModuleHandleA
CreateIoCompletionPort
BeginUpdateResourceA
FreeResource
CoGetMalloc
Number of PE resources by type
RT_DIALOG 6
RT_MENU 4
RT_ACCELERATOR 3
RT_VERSION 1
Number of PE resources by language
ENGLISH AUS 14
PE resources
ExifTool file metadata
UninitializedDataSize
0

InitializedDataSize
188416

ImageVersion
0.0

FileVersionNumber
0.239.233.138

LanguageCode
Neutral

FileFlagsMask
0x003f

FileDescription
Student

CharacterSet
Unicode

LinkerVersion
8.0

FileTypeExtension
exe

OriginalFileName
Significations.exe

MIMEType
application/octet-stream

Subsystem
Windows command line

FileVersion
170, 242, 118, 254

TimeStamp
2015:06:06 21:51:31+01:00

FileType
Win32 EXE

PEType
PE32

InternalName
Tautologically

ProductVersion
11, 111, 108, 6

SubsystemVersion
4.0

OSVersion
4.0

FileOS
Windows NT 32-bit

LegalCopyright
Copyright 2012

MachineType
Intel 386 or later, and compatibles

CompanyName
Intersil Americas Inc.

CodeSize
155648

FileSubtype
0

ProductVersionNumber
0.120.109.30

EntryPoint
0x260ae

ObjectFileType
Executable application

File identification
MD5 ffe164f59ac00e75f123d1a003856698
SHA1 314b1dff78d06d75fad4672b05d211c3b38b10ce
SHA256 fcf53dcfe7a90f66ab597072c0e7c96119ec49d7362eec20c8907e7ed348f14f
ssdeep
6144:iMEk87eAOYkpdC6K4Hv5AVRnAoAO+Jq3zPa:cn7e/fddBxAVyoLT

authentihash 5610708455610762f67426cf58da7e6958996a38b9df12d84c6d3959230126da
imphash 4e8324f636e89eb0629225cba088feec
File size 220.0 KB ( 225280 bytes )
File type Win32 EXE
Magic literal
PE32 executable for MS Windows (console) Intel 80386 32-bit

TrID Win64 Executable (generic) (64.6%)
Win32 Dynamic Link Library (generic) (15.4%)
Win32 Executable (generic) (10.5%)
Generic Win/DOS Executable (4.6%)
DOS Executable Generic (4.6%)
Tags
peexe

VirusTotal metadata
First submission 2016-04-12 13:24:41 UTC ( 2 years, 10 months ago )
Last submission 2016-04-13 07:26:41 UTC ( 2 years, 10 months ago )
File names fcf53dcfe7a90f66ab597072c0e7c96119ec49d7362eec20c8907e7ed348f14f.exe.000
wp-login.php
crypted120med.exe
ffe164f59ac00e75f123d1a003856698
tfjhjdsfsd.com
No comments. No VirusTotal Community member has commented on this item yet, be the first one to do so!

Leave your comment...

?
Post comment

You have not signed in. Only registered users can leave comments, sign in and have a voice!

No votes. No one has voted on this item yet, be the first one to do so!
Condensed report! The following is a condensed report of the behaviour of the file when executed in a controlled environment. The actions and events described were either performed by the file itself or by any other process launched by the executed file or subjected to code injection by the executed file.
Opened files
Read files
Created mutexes
Opened mutexes
Opened service managers
Runtime DLLs
UDP communications