× Cookies are disabled! This site requires cookies to be enabled to work properly
SHA256: ff83aaa74ec364f4c2403409a28df93ef97e8a61ba79fdb1c94d7081f48e794e
File name: dropper.vir
Detection ratio: 45 / 61
Analysis date: 2017-03-31 05:38:40 UTC ( 3 weeks, 6 days ago )
Antivirus Result Update
Ad-Aware Trojan.Generic.19982226 20170330
AegisLab Troj.Crypt.Xpack!c 20170330
AhnLab-V3 Trojan/Win32.Vimditator.C1714954 20170330
ALYac Trojan.Generic.19982226 20170330
Arcabit Trojan.Generic.D130E792 20170330
Avast Win32:Malware-gen 20170330
AVG Win32/DH{bg?} 20170330
Avira (no cloud) TR/Crypt.XPACK.Gen3 20170330
AVware Trojan.Win32.Generic!BT 20170330
Baidu Win32.Trojan.WisdomEyes.16070401.9500.9999 20170330
BitDefender Trojan.Generic.19982226 20170330
Bkav W32.Clod66f.Trojan.2bb5 20170330
CAT-QuickHeal Trojan.Dynamer 20170330
CrowdStrike Falcon (ML) malicious_confidence_100% (W) 20170130
Cyren W32/Trojan.HTPQ-2593 20170330
DrWeb Trojan.Packed.1164 20170330
Emsisoft Trojan.Generic.19982226 (B) 20170330
Endgame malicious (moderate confidence) pe1 20170330
ESET-NOD32 a variant of Win32/TrojanDropper.Agent.RNS 20170331
F-Secure Trojan.Generic.19982226 20170330
Fortinet W32/Llac.SHV!tr 20170330
GData Trojan.Generic.19982226 20170330
Ikarus Trojan.Crypt 20170330
Invincea generic.a 20170203
K7AntiVirus Riskware ( 0040eff71 ) 20170330
K7GW Riskware ( 0040eff71 ) 20170330
Kaspersky Trojan.Win32.Vimditator.vuy 20170330
McAfee RDN/Generic.hra 20170330
McAfee-GW-Edition BehavesLike.Win32.Tool.dc 20170331
Microsoft Trojan:Win32/Dynamer!ac 20170330
eScan Trojan.Generic.19982226 20170331
NANO-Antivirus Trojan.Win32.Vimditator.ejofmp 20170331
Panda Trj/GdSda.A 20170330
Qihoo-360 Win32/Trojan.160 20170331
Rising Trojan.Dynamer!8.3A0 (cloud:QuBYRiRG3fP) 20170330
Sophos Mal/Generic-S 20170331
Symantec Trojan.Gen 20170330
Tencent Win32.Trojan.Vimditator.Edxp 20170331
TrendMicro BKDR_NUCBOT.AGV 20170331
TrendMicro-HouseCall BKDR_NUCBOT.AGV 20170331
VIPRE Trojan.Win32.Generic!BT 20170331
ViRobot Trojan.Win32.Z.Vimditator.289280[h] 20170331
Yandex Trojan.Vimditator! 20170327
Zillya Trojan.Vimditator.Win32.162 20170329
ZoneAlarm by Check Point Trojan.Win32.Vimditator.vuy 20170331
Alibaba 20170331
Antiy-AVL 20170330
ClamAV 20170330
CMC 20170330
Comodo 20170330
F-Prot 20170330
Jiangmin 20170330
Kingsoft 20170331
Malwarebytes 20170330
nProtect 20170331
Palo Alto Networks (Known Signatures) 20170331
SentinelOne (Static ML) 20170330
SUPERAntiSpyware 20170330
Symantec Mobile Insight 20170329
TheHacker 20170330
Trustlook 20170331
VBA32 20170330
Webroot 20170331
WhiteArmor 20170327
Zoner 20170331
The file being studied is a Portable Executable file! More specifically, it is a Win32 EXE file for the Windows GUI subsystem.
PE header basic information
Target machine Intel 386 or later processors and compatible processors
Compilation timestamp 2016-11-27 16:12:27
Entry Point 0x00002F3E
Number of sections 5
PE sections
PE imports
LocalAlloc
lstrlenA
GetUserNameExW
Number of PE resources by type
RT_MANIFEST 1
Number of PE resources by language
ENGLISH US 1
PE resources
Debug information
ExifTool file metadata
MIMEType
application/octet-stream

Subsystem
Windows GUI

MachineType
Intel 386 or later, and compatibles

FileTypeExtension
exe

TimeStamp
2016:11:27 17:12:27+01:00

FileType
Win32 EXE

PEType
PE32

CodeSize
11776

LinkerVersion
11.0

EntryPoint
0x2f3e

InitializedDataSize
6144

SubsystemVersion
6.0

ImageVersion
0.0

OSVersion
6.0

UninitializedDataSize
0

File identification
MD5 8ca1a2d26b6a339741c039a5ac7200a1
SHA1 2ded64e0e9ecd35fe4a3fe918ac60854c225e7e4
SHA256 ff83aaa74ec364f4c2403409a28df93ef97e8a61ba79fdb1c94d7081f48e794e
ssdeep
6144:hMHqhK7giHaD2RqFKRRkNboXLrHKn/kN30cFy2w83XHU5OhKedgU:AqhK7gAaD2RqQfa6rHKncN30l2XxhnG

authentihash df371b10c81d563788d80b060006f18b5c4b6803c2b04d139f10a33d5b839a61
imphash bc1a636361321697a551efcb61f50cf2
File size 282.5 KB ( 289280 bytes )
File type Win32 EXE
Magic literal
PE32 executable for MS Windows (GUI) Intel 80386 32-bit

TrID Windows screen saver (46.4%)
Win32 Dynamic Link Library (generic) (23.3%)
Win32 Executable (generic) (15.9%)
Generic Win/DOS Executable (7.1%)
DOS Executable Generic (7.0%)
Tags
peexe

VirusTotal metadata
First submission 2016-12-06 17:38:49 UTC ( 4 months, 3 weeks ago )
Last submission 2017-01-09 21:02:00 UTC ( 3 months, 2 weeks ago )
File names dropper.vir
14461.exe
No comments. No VirusTotal Community member has commented on this item yet, be the first one to do so!

Leave your comment...

?
Post comment

You have not signed in. Only registered users can leave comments, sign in and have a voice!

No votes. No one has voted on this item yet, be the first one to do so!