× Cookies are disabled! This site requires cookies to be enabled to work properly
VirusTotal
SHA256: fde6c0110933e14c783f167284265a9de5b999d590ecbdb4f5dee1e1d50d4bf6
File name: 2ce00e78e218e47b135309bf5ee7181e.virus
Detection ratio: 26 / 56
Analysis date: 2016-10-20 20:30:50 UTC ( 2 years, 3 months ago ) View latest
Antivirus Result Update
Ad-Aware Trojan.Generic.19382450 20161020
AegisLab W32.W.Ngrbot.mDuH 20161020
AhnLab-V3 Backdoor/Win32.Androm.N2134940279 20161020
Arcabit Trojan.Generic.D127C0B2 20161020
Avast Win32:Trojan-gen 20161020
AVG Generic_r.OKF 20161020
Avira (no cloud) TR/Crypt.Xpack.dcndv 20161020
AVware Trojan.Win32.Generic!BT 20161020
BitDefender Trojan.Generic.19382450 20161020
Bkav HW32.Packed.AF51 20161020
CrowdStrike Falcon (ML) malicious_confidence_100% (D) 20160725
Emsisoft Trojan.Generic.19382450 (B) 20161020
ESET-NOD32 Win32/PSW.Papras.EJ 20161020
F-Secure Trojan.Generic.19382450 20161020
Fortinet W32/Bublik.EJ!tr 20161020
GData Trojan.Generic.19382450 20161020
Sophos ML trojan.win32.lethic.b 20161018
Kaspersky Trojan.Win32.Bublik.esmw 20161020
McAfee Artemis!2CE00E78E218 20161020
McAfee-GW-Edition BehavesLike.Win32.Klez.dh 20161020
Microsoft Backdoor:Win32/Vawtrak.E 20161020
eScan Trojan.Generic.19382450 20161020
Qihoo-360 HEUR/QVM10.1.0000.Malware.Gen 20161020
Sophos AV Mal/Generic-S 20161020
Symantec Heur.AdvML.B 20161020
TrendMicro-HouseCall TROJ_GEN.R00JC0DJK16 20161020
Alibaba 20161020
ALYac 20161020
Antiy-AVL 20161020
Baidu 20161020
CAT-QuickHeal 20161020
ClamAV 20161020
CMC 20161020
Comodo 20161020
Cyren 20161020
DrWeb 20161020
F-Prot 20161020
Ikarus 20161020
Jiangmin 20161020
K7AntiVirus 20161020
K7GW 20161020
Kingsoft 20161020
Malwarebytes 20161020
NANO-Antivirus 20161020
nProtect 20161020
Panda 20161020
Rising 20161020
SUPERAntiSpyware 20161020
Tencent 20161020
TheHacker 20161020
TotalDefense 20161020
VBA32 20161020
VIPRE 20161020
ViRobot 20161020
Yandex 20161020
Zillya 20161020
Zoner 20161020
The file being studied is a Portable Executable file! More specifically, it is a Win32 EXE file for the Windows GUI subsystem.
PE header basic information
Target machine Intel 386 or later processors and compatible processors
Compilation timestamp 2016-10-11 14:24:06
Entry Point 0x00003008
Number of sections 4
PE sections
PE imports
[+] ADVAPI32.dll
RegDeleteKeyA
RegEnumKeyW
RegDeleteValueW
RegCloseKey
RegDeleteKeyW
RegSetValueExW
FreeSid
RegCreateKeyExW
RegQueryValueExA
RegEnumKeyExW
RegOpenKeyExW
CheckTokenMembership
RegQueryInfoKeyW
RegSetValueExA
RegEnumKeyA
RegDeleteValueA
AllocateAndInitializeSid
RegCreateKeyExA
RegOpenKeyExA
RegEnumValueA
RegQueryValueExW
[+] COMCTL32.dll
ImageList_Create
ImageList_Destroy
ImageList_AddMasked
[+] GDI32.dll
GetDeviceCaps
SetBkMode
CreateBrushIndirect
CreateFontIndirectA
SelectObject
SetBkColor
DeleteObject
SetTextColor
[+] KERNEL32.dll
GetStdHandle
WaitForSingleObject
FreeEnvironmentStringsA
DeleteCriticalSection
HeapReAlloc
GetLocaleInfoA
lstrcatA
FreeEnvironmentStringsW
GetTempPathA
WideCharToMultiByte
GetStringTypeA
WriteFile
GetSystemTimeAsFileTime
GetDiskFreeSpaceA
GetStringTypeW
GetExitCodeProcess
FindClose
InterlockedDecrement
SetLastError
IsDebuggerPresent
ExitProcess
GetModuleFileNameA
LoadLibraryExA
GetPrivateProfileStringA
UnhandledExceptionFilter
TlsGetValue
MultiByteToWideChar
SetFilePointer
CreateThread
SetUnhandledExceptionFilter
GetCurrentProcess
MulDiv
GetSystemDirectoryA
TerminateProcess
GlobalAlloc
GetVersion
GetProcAddress
InitializeCriticalSectionAndSpinCount
HeapFree
EnterCriticalSection
SetHandleCount
GetOEMCP
QueryPerformanceCounter
GetTickCount
TlsAlloc
LoadLibraryA
RtlUnwind
FreeLibrary
GetStartupInfoA
DeleteFileA
GlobalLock
lstrcmpA
FindFirstFileA
GetCurrentThreadId
lstrcpyA
InterlockedIncrement
GetTempFileNameA
FindNextFileA
ExpandEnvironmentStringsA
GetFileType
TlsSetValue
CreateFileA
HeapAlloc
LeaveCriticalSection
GetLastError
LCMapStringW
lstrlenA
GlobalFree
LCMapStringA
GetEnvironmentStringsW
GlobalUnlock
RemoveDirectoryA
GetEnvironmentStrings
WritePrivateProfileStringA
GetCurrentProcessId
SetFileTime
GetCPInfo
HeapSize
GetCommandLineA
GetSystemDEPPolicy
TlsFree
GetModuleHandleA
ReadFile
CloseHandle
lstrcpynA
GetACP
GetModuleHandleW
CreateProcessA
IsValidCodePage
HeapCreate
VirtualFree
Sleep
VirtualAlloc
[+] SHLWAPI.dll
PathRemoveFileSpecW
SHDeleteKeyW
[+] USER32.dll
EmptyClipboard
BeginPaint
CharNextA
GetMessageW
DefWindowProcA
ShowWindow
GetSystemMetrics
MessageBoxW
PostQuitMessage
EndPaint
UnhookWindowsHookEx
SetWindowLongA
TranslateMessage
DialogBoxParamA
PostMessageW
CallNextHookEx
SetDlgItemTextW
DispatchMessageW
CreateDialogParamW
DrawTextA
GetClassInfoA
SendMessageW
SetClipboardData
SendMessageTimeoutA
SendMessageA
GetClientRect
GetDlgItem
CreateDialogParamA
IsWindow
InvalidateRect
wsprintfA
FindWindowExA
SetTimer
SetWindowTextA
IsDialogMessageW
FillRect
SetWindowTextW
SetWindowsHookExW
LoadImageA
LoadIconW
SetForegroundWindow
DestroyWindow
ExitWindowsEx
OpenClipboard
[+] VERSION.dll
GetFileVersionInfoSizeA
GetFileVersionInfoA
VerQueryValueA
[+] ole32.dll
CoInitializeEx
OleUninitialize
CoUninitialize
CoInitialize
OleInitialize
CreateStreamOnHGlobal
CoCreateGuid
CoCreateInstance
CoTaskMemFree
StringFromGUID2
CoSetProxyBlanket
Number of PE resources by type
RT_MANIFEST 1
Number of PE resources by language
NEUTRAL 1
PE resources
ExifTool file metadata
MIMEType
application/octet-stream

Subsystem
Windows GUI

MachineType
Intel 386 or later, and compatibles

FileTypeExtension
exe

TimeStamp
2016:10:11 15:24:06+01:00

FileType
Win32 EXE

PEType
PE32

CodeSize
34816

LinkerVersion
9.0

EntryPoint
0x3008

InitializedDataSize
282624

SubsystemVersion
5.0

ImageVersion
0.0

OSVersion
5.0

UninitializedDataSize
0

File identification
MD5 2ce00e78e218e47b135309bf5ee7181e
SHA1 6ea867155f9cca1e95371fd71b8ab9b3c53e2a0c
SHA256 fde6c0110933e14c783f167284265a9de5b999d590ecbdb4f5dee1e1d50d4bf6
ssdeep
3072:9zbQ0hGXHb+hXxhvEHwfqfPcKMX8dtAfA1cU7/lMmynILRFRt/w966Nw:9zjGUzvEHwCf0KMsbf77njRt/ew

authentihash 0f7c8f1994e1aad4907825df77f6570480dce3297739964c9b14dc661e7def50
imphash 6998f1684bc605f6a5de7bf18daa09c6
File size 236.0 KB ( 241664 bytes )
File type Win32 EXE
Magic literal
PE32 executable for MS Windows (GUI) Intel 80386 32-bit

TrID Win32 Executable MS Visual C++ (generic) (42.2%)
Win64 Executable (generic) (37.3%)
Win32 Dynamic Link Library (generic) (8.8%)
Win32 Executable (generic) (6.0%)
Generic Win/DOS Executable (2.7%)
Tags
peexe

VirusTotal metadata
First submission 2016-10-20 20:30:50 UTC ( 2 years, 3 months ago )
Last submission 2016-10-20 20:30:50 UTC ( 2 years, 3 months ago )
File names 2ce00e78e218e47b135309bf5ee7181e.virus
No comments. No VirusTotal Community member has commented on this item yet, be the first one to do so!
More comments

Leave your comment...

?
Post comment

You have not signed in. Only registered users can leave comments, sign in and have a voice!

Sign in Join the community
No votes. No one has voted on this item yet, be the first one to do so!
More votes
Blog | Twitter | Contact us | ToS | Privacy policy