× Cookies are disabled! This site requires cookies to be enabled to work properly
SHA256: fdf333d56f27f0f42273b1b76f32805a3ce8b16b3c1c2ee3aa56d06c45d351c8
File name: ad02d7b6101b3688a1081e6f3c59c333.exe
Detection ratio: 41 / 54
Analysis date: 2016-07-28 08:11:31 UTC ( 2 years, 7 months ago )
Antivirus Result Update
Ad-Aware Gen:Variant.Zusy.188021 20160728
AegisLab Uds.Dangerousobject.Multi!c 20160728
AhnLab-V3 Trojan/Win32.Upbot.N1970696265 20160728
ALYac Gen:Variant.Zusy.188021 20160728
Antiy-AVL Worm/Win32.Ngrbot 20160728
Arcabit Trojan.Zusy.D2DE75 20160728
Avast Win32:Dorder-AB [Trj] 20160728
AVG Crypt5.AXEU 20160728
Avira (no cloud) TR/Crypt.ZPACK.fdeq 20160727
AVware Trojan.Win32.Generic!BT 20160728
Baidu Win32.Trojan.Kryptik.abr 20160728
BitDefender Gen:Variant.Zusy.188021 20160728
CAT-QuickHeal Ransom.Tescrypt.A4 20160727
Comodo TrojWare.Win32.Agent.aazgk 20160728
Cyren W32/S-e2e07e9d!Eldorado 20160728
DrWeb BackDoor.IRC.NgrBot.42 20160728
Emsisoft Gen:Variant.Zusy.188021 (B) 20160728
ESET-NOD32 a variant of Win32/Kryptik.EUBQ 20160728
F-Prot W32/S-e2e07e9d!Eldorado 20160728
F-Secure Gen:Variant.Zusy.188021 20160728
Fortinet W32/Kryptik.EUZQ!tr 20160728
GData Gen:Variant.Zusy.188021 20160728
Ikarus Trojan.Win32.Crypt 20160727
Jiangmin Trojan.Generic.voie 20160728
K7AntiVirus Trojan ( 004e2af31 ) 20160728
K7GW Trojan ( 004e2af31 ) 20160728
Kaspersky HEUR:Trojan.Win32.Generic 20160728
Malwarebytes Trojan.MalPack 20160728
McAfee RDN/Sdbot.worm 20160728
McAfee-GW-Edition BehavesLike.Win32.PWSZbot.dh 20160727
Microsoft Trojan:Win32/Skeeyah.A!rfn 20160728
eScan Gen:Variant.Zusy.188021 20160728
Panda Trj/GdSda.A 20160727
Sophos AV Mal/Generic-S 20160728
SUPERAntiSpyware Trojan.Agent/Gen-Kryptik 20160728
Symantec Trojan.Gen 20160728
Tencent Win32.Trojan.Inject.Auto 20160728
TrendMicro TROJ_FORUCON.BMC 20160728
TrendMicro-HouseCall TROJ_FORUCON.BMC 20160728
VIPRE Trojan.Win32.Generic!BT 20160728
Yandex Worm.Ngrbot!iksClxFYW9Y 20160724
Alibaba 20160728
Bkav 20160727
ClamAV 20160728
CMC 20160725
Kingsoft 20160728
NANO-Antivirus 20160728
nProtect 20160727
Qihoo-360 20160728
TheHacker 20160726
VBA32 20160727
ViRobot 20160728
Zillya 20160728
Zoner 20160728
The file being studied is a Portable Executable file! More specifically, it is a Win32 EXE file for the Windows GUI subsystem.
PE header basic information
Target machine Intel 386 or later processors and compatible processors
Compilation timestamp 2016-04-12 01:55:11
Entry Point 0x000054C1
Number of sections 4
PE sections
PE imports
FreeSid
AllocateAndInitializeSid
CheckTokenMembership
ImageList_BeginDrag
ImageList_SetBkColor
ImageList_Replace
ImageList_Read
ImageList_GetDragImage
ImageList_Create
ImageList_DragMove
Ord(17)
ImageList_SetIconSize
ImageList_Write
ImageList_GetImageCount
ImageList_GetImageInfo
ImageList_SetOverlayImage
ImageList_Destroy
ImageList_Draw
ImageList_GetIconSize
ImageList_DragLeave
ImageList_GetBkColor
ImageList_GetIcon
ImageList_ReplaceIcon
ImageList_DragEnter
ImageList_Add
ImageList_SetImageCount
ImageList_DragShowNolock
ImageList_DrawEx
ImageList_Remove
ImageList_Copy
ImageList_LoadImageW
ImageList_EndDrag
GetDeviceCaps
GetCurrentObject
DeleteDC
CreateFontIndirectW
SelectObject
CreateCompatibleBitmap
GetObjectW
SetStretchBltMode
CreateCompatibleDC
DeleteObject
StretchBlt
SetThreadLocale
GetStdHandle
GetDriveTypeW
GetConsoleOutputCP
WaitForSingleObject
CreateIoCompletionPort
CreateJobObjectW
HeapDestroy
GetFileAttributesW
SetInformationJobObject
GetLocalTime
FreeEnvironmentStringsA
DeleteCriticalSection
GetCurrentProcess
GetConsoleMode
GetLocaleInfoA
LocalAlloc
GetSystemDefaultLCID
GetSystemDirectoryW
FreeEnvironmentStringsW
lstrcatW
GetLocaleInfoW
SetStdHandle
FindResourceExA
GetCPInfo
GetStringTypeA
GetTempPathW
GetSystemTimeAsFileTime
GlobalMemoryStatusEx
HeapReAlloc
GetStringTypeW
GetOEMCP
LocalFree
FormatMessageW
ResumeThread
GetExitCodeProcess
InitializeCriticalSection
LoadResource
FindClose
InterlockedDecrement
SetFileAttributesW
GetEnvironmentVariableW
SetLastError
GetUserDefaultUILanguage
TlsGetValue
GetModuleFileNameW
IsDebuggerPresent
HeapAlloc
GetVersionExA
GetModuleFileNameA
LoadLibraryA
SetProcessWorkingSetSize
UnhandledExceptionFilter
LoadLibraryExW
MultiByteToWideChar
GetModuleHandleA
CreateThread
SetEnvironmentVariableW
GetSystemDefaultUILanguage
GetExitCodeThread
SetUnhandledExceptionFilter
MulDiv
ExitThread
TerminateProcess
WriteConsoleA
GetVersion
SetCurrentDirectoryW
VirtualQuery
GetDiskFreeSpaceExW
SetEndOfFile
GetCurrentThreadId
LeaveCriticalSection
WriteConsoleW
HeapFree
EnterCriticalSection
SetHandleCount
TerminateThread
lstrcmpiA
GetVersionExW
FreeLibrary
QueryPerformanceCounter
GetTickCount
TlsAlloc
FlushFileBuffers
lstrcmpiW
RtlUnwind
GetStartupInfoA
GetFileSize
GetStartupInfoW
CreateDirectoryW
DeleteFileW
GetProcAddress
GetProcessHeap
CompareStringW
lstrcpyW
RemoveDirectoryW
ExpandEnvironmentStringsW
FindNextFileW
ResetEvent
FindFirstFileW
IsValidLocale
lstrcmpW
WaitForMultipleObjects
SetEvent
CreateEventW
CreateFileW
GetFileType
TlsSetValue
CreateFileA
ExitProcess
InterlockedIncrement
GetLastError
SystemTimeToFileTime
LCMapStringW
GetSystemInfo
lstrlenA
GlobalFree
GetConsoleCP
LCMapStringA
AssignProcessToJobObject
GetEnvironmentStringsW
GlobalAlloc
lstrlenW
CreateProcessW
GetQueuedCompletionStatus
SwitchToThread
GetEnvironmentStrings
CompareFileTime
GetCurrentProcessId
LockResource
SetFileTime
GetCommandLineW
WideCharToMultiByte
HeapSize
GetCommandLineA
SuspendThread
RaiseException
TlsFree
SetFilePointer
ReadFile
CloseHandle
GetACP
GetModuleHandleW
SizeofResource
HeapCreate
WriteFile
VirtualFree
Sleep
IsBadReadPtr
VirtualAlloc
NetSetPrimaryComputerName
SHBrowseForFolderW
ShellExecuteW
SHGetPathFromIDListW
ShellExecuteExW
SHGetFileInfoW
SHGetSpecialFolderPathW
SHGetMalloc
SetFocus
GetMonitorInfoW
GetParent
EndDialog
DestroyWindow
DefWindowProcW
KillTimer
GetMessageW
ShowWindow
MessageBeep
SetWindowPos
GetClassNameA
wvsprintfW
EnumDisplayMonitors
GetSystemMetrics
MonitorFromWindow
IsWindow
SendMessageW
GetWindowRect
EnableWindow
UnhookWindowsHookEx
GetDC
CharUpperW
DialogBoxIndirectParamW
MessageBoxA
LoadIconW
GetWindowDC
GetWindow
CallNextHookEx
GetSysColor
DispatchMessageW
CopyImage
ReleaseDC
GetMenu
wsprintfW
DrawIconEx
SetWindowTextW
SetWindowLongW
GetDlgItem
SystemParametersInfoW
CallWindowProcW
EnableMenuItem
ScreenToClient
MonitorFromRect
AnimateWindow
wsprintfA
SetTimer
LoadImageW
ClientToScreen
MonitorFromPoint
GetClientRect
GetWindowTextW
SetWindowsHookExW
GetSystemMenu
GetWindowTextLengthW
CreateWindowExW
GetWindowLongW
DrawTextW
GetKeyState
PtInRect
ClosePrinter
OpenPrinterW
DocumentPropertiesW
EnumPrintersW
Ord(203)
CreateStreamOnHGlobal
OleUninitialize
CoUninitialize
CoInitialize
CoTaskMemAlloc
CoCreateInstance
StringFromCLSID
CoTaskMemFree
OleInitialize
Number of PE resources by type
RT_STRING 3
RT_DIALOG 2
XML 1
RT_MANIFEST 1
RT_BITMAP 1
RT_ANICURSOR 1
Number of PE resources by language
SLOVAK DEFAULT 3
ENGLISH US 3
NEUTRAL 1
ENGLISH NZ 1
SPANISH COLOMBIA 1
PE resources
ExifTool file metadata
MIMEType
application/octet-stream

Subsystem
Windows GUI

MachineType
Intel 386 or later, and compatibles

TimeStamp
2016:04:12 02:55:11+01:00

FileType
Win32 EXE

PEType
PE32

CodeSize
73728

LinkerVersion
9.0

FileTypeExtension
exe

InitializedDataSize
193536

SubsystemVersion
5.0

EntryPoint
0x54c1

OSVersion
5.0

ImageVersion
0.0

UninitializedDataSize
0

File identification
MD5 ad02d7b6101b3688a1081e6f3c59c333
SHA1 43344552c37f8a48f9017b1388674f3600174661
SHA256 fdf333d56f27f0f42273b1b76f32805a3ce8b16b3c1c2ee3aa56d06c45d351c8
ssdeep
6144:zLxm6c/llgSUL/GOGZZOd5RwYY4f/Zit5izd:s6cISzOgGRwYGP2d

authentihash d421bf90f7d6e1f836bbad1b930b52bf34b0aee366ee22aac14af4a2c91c2282
imphash 9a5fa8f505090bf555a408493e013f4d
File size 262.0 KB ( 268288 bytes )
File type Win32 EXE
Magic literal
PE32 executable for MS Windows (GUI) Intel 80386 32-bit

TrID Win32 Executable MS Visual C++ (generic) (42.2%)
Win64 Executable (generic) (37.3%)
Win32 Dynamic Link Library (generic) (8.8%)
Win32 Executable (generic) (6.0%)
Generic Win/DOS Executable (2.7%)
Tags
peexe

VirusTotal metadata
First submission 2016-04-12 15:36:29 UTC ( 2 years, 11 months ago )
Last submission 2016-07-28 08:11:31 UTC ( 2 years, 7 months ago )
File names ad02d7b6101b3688a1081e6f3c59c333.exe
No comments. No VirusTotal Community member has commented on this item yet, be the first one to do so!

Leave your comment...

?
Post comment

You have not signed in. Only registered users can leave comments, sign in and have a voice!

No votes. No one has voted on this item yet, be the first one to do so!
Condensed report! The following is a condensed report of the behaviour of the file when executed in a controlled environment. The actions and events described were either performed by the file itself or by any other process launched by the executed file or subjected to code injection by the executed file.
Opened files
Created processes
Code injections in the following processes
Created mutexes
Opened mutexes
Runtime DLLs
UDP communications