× Cookies are disabled! This site requires cookies to be enabled to work properly
SHA256: fe1e82b728aa47978a9bbb412b947f2a35e0d3f0d85f7d8226c464dab26f186d
File name: 5ffabcb6812b941be41afc3f7332cb93
Detection ratio: 58 / 67
Analysis date: 2017-12-06 19:18:46 UTC ( 1 year, 2 months ago )
Antivirus Result Update
Ad-Aware Trojan.Generic.5239246 20171206
AegisLab Troj.W32.Pincav.ajxh!c 20171206
AhnLab-V3 Worm/Win32.Palevo.R45763 20171206
ALYac Trojan.Generic.5239246 20171206
Antiy-AVL Trojan/Win32.Pincav 20171206
Arcabit Trojan.Generic.D4FF1CE 20171206
Avast Win32:MalPack-F [Trj] 20171206
AVG Win32:MalPack-F [Trj] 20171206
Avira (no cloud) TR/Dropper.Gen 20171206
AVware Trojan.Win32.Pincav.autp (v) 20171206
Baidu Win32.Trojan.WisdomEyes.16070401.9500.9999 20171206
BitDefender Trojan.Generic.5239246 20171206
Bkav W32.LRAppDtajuzjf.Trojan 20171206
CAT-QuickHeal Trojan.Generic 20171206
ClamAV Win.Trojan.Agent-248462 20171206
Comodo TrojWare.Win32.PkdKrap.IG 20171206
CrowdStrike Falcon (ML) malicious_confidence_90% (W) 20171016
Cybereason malicious.1b8fb7 20171103
Cylance Unsafe 20171206
Cyren W32/Risk.AXIJ-4223 20171206
DrWeb Trojan.MulDrop1.52282 20171206
Emsisoft Trojan.Generic.5239246 (B) 20171206
Endgame malicious (high confidence) 20171130
ESET-NOD32 Win32/Bflient.K 20171206
F-Prot W32/MalwareF.RYXB 20171206
F-Secure Trojan.Generic.5239246 20171206
Fortinet W32/Palevo.BJD!worm 20171206
GData Trojan.Generic.5239246 20171206
Ikarus Virus.Win32.Injector 20171206
Sophos ML heuristic 20170914
Jiangmin Trojan/Pincav.htj 20171206
K7AntiVirus Backdoor ( 04c4defe1 ) 20171205
K7GW Backdoor ( 04c4defe1 ) 20171206
Kaspersky HEUR:Trojan.Win32.Generic 20171206
MAX malware (ai score=83) 20171206
McAfee W32/Rimecud.gen.l 20171206
McAfee-GW-Edition BehavesLike.Win32.Rimecud.lc 20171206
Microsoft Trojan:Win32/Bagsu!rfn 20171206
eScan Trojan.Generic.5239246 20171206
NANO-Antivirus Trojan.Win32.Pincav.bmdba 20171206
nProtect Trojan/W32.Agent.77824.AIK 20171206
Palo Alto Networks (Known Signatures) generic.ml 20171206
Panda Generic Malware 20171206
Qihoo-360 Win32/Trojan.81e 20171206
SentinelOne (Static ML) static engine - malicious 20171113
Sophos AV Mal/Wonton-S 20171206
Symantec Trojan.Gen 20171206
Tencent Win32.Worm.Bflient.Tccw 20171206
TheHacker Trojan/Injector.dne 20171205
TrendMicro WORM_RIMECUD.SMC 20171206
TrendMicro-HouseCall WORM_RIMECUD.SMC 20171206
VBA32 OScope.Trojan.MTA.01183 20171206
VIPRE Trojan.Win32.Pincav.autp (v) 20171206
Webroot Vir.Tool.Gen 20171206
WhiteArmor Malware.HighConfidence 20171204
Yandex Trojan.Pincav!Sfpbyo41CSk 20171205
Zillya Trojan.Pincav.Win32.11901 20171206
ZoneAlarm by Check Point HEUR:Trojan.Win32.Generic 20171206
Alibaba 20171206
Avast-Mobile 20171206
CMC 20171206
eGambit 20171206
Kingsoft 20171206
Malwarebytes 20171206
Rising 20171206
SUPERAntiSpyware 20171206
Symantec Mobile Insight 20171206
Trustlook 20171206
ViRobot 20171206
Zoner 20171206
The file being studied is a Portable Executable file! More specifically, it is a Win32 EXE file for the Windows GUI subsystem.
Packers identified
PEiD Armadillo v1.71
PE header basic information
Target machine Intel 386 or later processors and compatible processors
Compilation timestamp 2010-11-06 02:01:22
Entry Point 0x00001C77
Number of sections 4
PE sections
PE imports
GetSystemTime
GetLastError
HeapFree
GetStdHandle
EnterCriticalSection
LCMapStringW
SetHandleCount
GetOEMCP
LCMapStringA
HeapDestroy
ExitProcess
TlsAlloc
GetEnvironmentStringsW
GetModuleFileNameA
RtlUnwind
LoadLibraryA
FreeEnvironmentStringsA
HeapAlloc
GetStartupInfoA
GetEnvironmentStrings
lstrcatA
GetCPInfo
UnhandledExceptionFilter
MultiByteToWideChar
FreeEnvironmentStringsW
GetCommandLineA
GetProcAddress
WideCharToMultiByte
GetStringTypeA
GetModuleHandleA
lstrcpyA
GetCurrentProcess
CloseHandle
lstrcpynA
GetACP
HeapReAlloc
GetStringTypeW
ExpandEnvironmentStringsA
TerminateProcess
InitializeCriticalSection
HeapCreate
WriteFile
VirtualFree
TlsGetValue
GetFileType
TlsSetValue
GetCurrentThreadId
GetVersion
VirtualAlloc
SetLastError
LeaveCriticalSection
KillTimer
GetGuiResources
CoInitialize
Number of PE resources by type
RT_DIALOG 7
Number of PE resources by language
CHINESE NEUTRAL 7
PE resources
ExifTool file metadata
MIMEType
application/octet-stream

Subsystem
Windows GUI

MachineType
Intel 386 or later, and compatibles

TimeStamp
2010:11:06 03:01:22+01:00

FileType
Win32 EXE

PEType
PE32

CodeSize
16384

LinkerVersion
6.0

FileTypeExtension
exe

InitializedDataSize
57344

SubsystemVersion
4.0

EntryPoint
0x1c77

OSVersion
4.0

ImageVersion
0.0

UninitializedDataSize
0

File identification
MD5 5ffabcb6812b941be41afc3f7332cb93
SHA1 be2134cdf951cbe1d32527bff982361b52410ee6
SHA256 fe1e82b728aa47978a9bbb412b947f2a35e0d3f0d85f7d8226c464dab26f186d
ssdeep
1536:cRggREkFd2TctdYb4lndUTNAhym9fAW8o/ESKU8j:+ggRjFlYcld6yhyH45/8j

authentihash 7866ab1bc57fa49e38b6c47f916e07ed592cc83be3a7bee1cbc22df2f48e5ac1
imphash 2355bd29486d8aafdb68f879256c607d
File size 76.0 KB ( 77824 bytes )
File type Win32 EXE
Magic literal
PE32 executable for MS Windows (GUI) Intel 80386 32-bit

TrID Win32 Executable MS Visual C++ (generic) (42.2%)
Win64 Executable (generic) (37.3%)
Win32 Dynamic Link Library (generic) (8.8%)
Win32 Executable (generic) (6.0%)
Generic Win/DOS Executable (2.7%)
Tags
peexe armadillo

VirusTotal metadata
First submission 2010-11-05 19:03:34 UTC ( 8 years, 3 months ago )
Last submission 2017-12-06 19:18:46 UTC ( 1 year, 2 months ago )
File names aa
1289143708.77824.new.exe
5ffabcb6812b941be41afc3f7332cb93be2134cdf951cbe1d32527bff982361b52410ee677824.exe
5ffabcb6812b941be41afc3f7332cb93
5FFABCB6812B941BE41AFC3F7332CB93
6AF1AKL.bin
No comments. No VirusTotal Community member has commented on this item yet, be the first one to do so!

Leave your comment...

?
Post comment

You have not signed in. Only registered users can leave comments, sign in and have a voice!

No votes. No one has voted on this item yet, be the first one to do so!