× Cookies are disabled! This site requires cookies to be enabled to work properly
SHA256: ff0fed5429d13a11be8277fe8eba65a67017f89bd024b0bde75eea0ed51e70d5
File name: 990f9d19964b400c3d78b2d4dfa5ba93
Detection ratio: 49 / 57
Analysis date: 2016-03-14 11:30:06 UTC ( 3 years, 2 months ago )
Antivirus Result Update
Ad-Aware Gen:Trojan.Heur.RP.fuW@aCHU9Xcj 20160314
AegisLab Troj.W32.Scar!c 20160314
AhnLab-V3 Trojan/Win32.Scar 20160313
Antiy-AVL Trojan/Win32.Scar 20160314
Arcabit Trojan.Heur.RP.E37AAC 20160314
Avast Win32:Malware-gen 20160314
AVG Generic32.CQJL 20160314
Avira (no cloud) TR/Dropper.Gen7 20160314
AVware Trojan.Win32.Generic!BT 20160314
Baidu Win32.Trojan.Shyape.a 20160310
BitDefender Gen:Trojan.Heur.RP.fuW@aCHU9Xcj 20160314
CAT-QuickHeal Trojan.Diofopi.MUE.E5 20160314
ClamAV Win.Trojan.Agent-965389 20160311
Comodo TrojWare.Win32.Scar.hmoa 20160314
Cyren W32/A-1ec329e0!Eldorado 20160314
DrWeb Trojan.DownLoad3.22515 20160314
Emsisoft Gen:Trojan.Heur.RP.fuW@aCHU9Xcj (B) 20160314
ESET-NOD32 a variant of Win32/Shyape.G 20160314
F-Prot W32/A-1ec329e0!Eldorado 20160314
F-Secure Gen:Trojan.Heur.RP.fuW@aCHU9Xcj 20160314
Fortinet W32/Shyape.G!tr 20160314
GData Gen:Trojan.Heur.RP.fuW@aCHU9Xcj 20160314
Ikarus Trojan.Win32.Scar 20160314
Jiangmin Trojan/Scar.bayz 20160314
K7AntiVirus Trojan ( 0043a4491 ) 20160314
K7GW Trojan ( 0043a4491 ) 20160314
Kaspersky Trojan.Win32.Scar.hmoa 20160314
Malwarebytes Trojan.Agent 20160314
McAfee GenericR-ESD!990F9D19964B 20160314
McAfee-GW-Edition BehavesLike.Win32.Trojan.mm 20160314
Microsoft Trojan:Win32/Diofopi.F 20160314
eScan Gen:Trojan.Heur.RP.fuW@aCHU9Xcj 20160314
NANO-Antivirus Trojan.Win32.Scar.cqotzf 20160314
nProtect Trojan/W32.Agent.91136.XT 20160311
Panda Trj/Genetic.gen 20160313
Qihoo-360 Win32/Trojan.e86 20160314
Rising PE:Malware.Generic/QRS!1.9E2D [F] 20160314
Sophos AV Troj/Sakurel-C 20160314
SUPERAntiSpyware Trojan.Agent/Gen-Scar 20160314
Symantec Trojan.Sakurel 20160310
Tencent Win32.Trojan.Scar.Hryt 20160314
TheHacker Trojan/Shyape.g 20160313
TrendMicro BKDR_DIOFOPI.SM 20160314
TrendMicro-HouseCall BKDR_DIOFOPI.SM 20160314
VBA32 Trojan.Scar 20160313
VIPRE Trojan.Win32.Generic!BT 20160314
ViRobot Trojan.Win32.Sakula.91136[h] 20160314
Zillya Trojan.Scar.Win32.79088 20160313
Zoner Trojan.Scar 20160314
Yandex 20160313
Alibaba 20160314
ALYac 20160314
Baidu-International 20160314
Bkav 20160312
ByteHero 20160314
CMC 20160314
TotalDefense 20160314
The file being studied is a Portable Executable file! More specifically, it is a Win32 EXE file for the Windows GUI subsystem.
PE header basic information
Target machine Intel 386 or later processors and compatible processors
Compilation timestamp 2013-02-05 04:03:07
Entry Point 0x0000473A
Number of sections 5
PE sections
PE imports
RegDeleteKeyA
GetTokenInformation
RegOpenKeyA
RegCloseKey
OpenProcessToken
RegSetValueExA
FreeSid
AllocateAndInitializeSid
GetUserNameA
EqualSid
GetStdHandle
GetConsoleOutputCP
FreeEnvironmentStringsA
CreatePipe
GetCurrentProcess
GetConsoleMode
GetLocaleInfoA
FreeEnvironmentStringsW
SetStdHandle
GetTempPathA
GetCPInfo
GetStringTypeA
WriteFile
GetSystemTimeAsFileTime
HeapReAlloc
GetStringTypeW
LoadResource
FindClose
InterlockedDecrement
SetLastError
PeekNamedPipe
IsDebuggerPresent
HeapAlloc
FlushFileBuffers
GetModuleFileNameA
GetVolumeInformationA
SetThreadPriority
UnhandledExceptionFilter
TlsGetValue
MultiByteToWideChar
DeleteCriticalSection
SetUnhandledExceptionFilter
GetSystemDirectoryA
SetPriorityClass
TerminateProcess
WriteConsoleA
SetEndOfFile
GetCurrentThreadId
LeaveCriticalSection
WriteConsoleW
InitializeCriticalSectionAndSpinCount
HeapFree
EnterCriticalSection
SetHandleCount
GetOEMCP
QueryPerformanceCounter
GetTickCount
TlsAlloc
GetVersionExA
LoadLibraryA
RtlUnwind
GetStartupInfoA
GetFileSize
OpenProcess
CreateDirectoryA
GetProcAddress
GetProcessHeap
FindFirstFileA
GetComputerNameA
ExpandEnvironmentStringsA
GetFileType
TlsSetValue
CreateFileA
ExitProcess
InterlockedIncrement
GetLastError
LCMapStringW
GetConsoleCP
LCMapStringA
GetEnvironmentStringsW
WinExec
SizeofResource
GetCurrentProcessId
LockResource
WideCharToMultiByte
HeapSize
GetCommandLineA
GetCurrentThread
TlsFree
SetFilePointer
ReadFile
CloseHandle
GetACP
GetModuleHandleW
GetEnvironmentStrings
CreateProcessA
IsValidCodePage
HeapCreate
VirtualFree
Sleep
FindResourceA
VirtualAlloc
SHChangeNotify
Ord(680)
ShellExecuteA
HttpSendRequestA
InternetOpenUrlA
HttpOpenRequestA
InternetReadFile
InternetCloseHandle
InternetOpenA
InternetConnectA
Number of PE resources by type
DAT 2
RT_MANIFEST 1
Number of PE resources by language
CHINESE SIMPLIFIED 2
ENGLISH US 1
PE resources
Debug information
ExifTool file metadata
MIMEType
application/octet-stream

Subsystem
Windows GUI

MachineType
Intel 386 or later, and compatibles

TimeStamp
2013:02:05 05:03:07+01:00

FileType
Win32 EXE

PEType
PE32

CodeSize
56320

LinkerVersion
9.0

FileTypeExtension
exe

InitializedDataSize
33792

SubsystemVersion
5.0

EntryPoint
0x473a

OSVersion
5.0

ImageVersion
0.0

UninitializedDataSize
0

Execution parents
File identification
MD5 990f9d19964b400c3d78b2d4dfa5ba93
SHA1 18c410d051dcbe0db11906c75cbd487f4c5556a6
SHA256 ff0fed5429d13a11be8277fe8eba65a67017f89bd024b0bde75eea0ed51e70d5
ssdeep
1536:PQFl29mEkE0L1rDEKrxZKF2zf9g2Pl7W/MwbxMX+ees52z30rtr8:w29DkEGRQixVSjLaes5G30BY

authentihash ae2f2398e277f072bb3950440452f849a02d25cc4b039e3f0b47515d41c69439
imphash 4511896d043677e4ab4578dc5bcab5a0
File size 89.0 KB ( 91136 bytes )
File type Win32 EXE
Magic literal
PE32 executable for MS Windows (GUI) Intel 80386 32-bit

TrID Win32 Executable MS Visual C++ (generic) (42.2%)
Win64 Executable (generic) (37.3%)
Win32 Dynamic Link Library (generic) (8.8%)
Win32 Executable (generic) (6.0%)
Generic Win/DOS Executable (2.7%)
Tags
peexe

VirusTotal metadata
First submission 2016-03-11 07:03:37 UTC ( 3 years, 2 months ago )
Last submission 2016-03-13 12:09:11 UTC ( 3 years, 2 months ago )
File names MediaCenter.exe
No comments. No VirusTotal Community member has commented on this item yet, be the first one to do so!

Leave your comment...

?
Post comment

You have not signed in. Only registered users can leave comments, sign in and have a voice!

No votes. No one has voted on this item yet, be the first one to do so!
Condensed report! The following is a condensed report of the behaviour of the file when executed in a controlled environment. The actions and events described were either performed by the file itself or by any other process launched by the executed file or subjected to code injection by the executed file.
Opened files
Read files
Written files
Deleted files
Created processes
Shell commands
Created mutexes
Opened mutexes
Opened service managers
Opened services
Runtime DLLs
HTTP requests
DNS requests
TCP connections
UDP communications