× Cookies are disabled! This site requires cookies to be enabled to work properly
SHA256: ffcd5f5248ac130374a8cd9ae1cf10a7690e76343211c2ccdbe1079b00af2c16
File name: 60ec92060b5cc03c4547dc71f7a27c5e
Detection ratio: 27 / 55
Analysis date: 2016-06-16 07:36:52 UTC ( 2 years, 9 months ago )
Antivirus Result Update
Ad-Aware Gen:Variant.Graftor.290357 20160616
ALYac Gen:Variant.Graftor.290357 20160616
Arcabit Trojan.Graftor.D46E35 20160616
Avast Win32:Crypt-SMF [Trj] 20160616
AVG Downloader.Generic14.AZBQ 20160616
Avira (no cloud) TR/Crypt.ZPACK.rmnv 20160616
AVware Trojan.Win32.Generic!BT 20160616
Baidu Win32.Trojan.WisdomEyes.151026.9950.9987 20160616
BitDefender Gen:Variant.Graftor.290357 20160616
Cyren W32/Trojan.TPMM-2348 20160615
Emsisoft Gen:Variant.Graftor.290357 (B) 20160616
ESET-NOD32 Win32/TrojanDownloader.Agent.CFH 20160616
F-Secure Gen:Variant.Graftor.290357 20160616
Fortinet W32/Agent.CFH!tr.dldr 20160616
GData Gen:Variant.Graftor.290357 20160616
Ikarus Trojan-Downloader.Win32.Agent 20160616
Malwarebytes Trojan.MalPack 20160616
McAfee RDN/Generic Downloader.x 20160616
McAfee-GW-Edition BehavesLike.Win32.Downloader.dh 20160616
Microsoft TrojanDownloader:Win32/Talalpek.A 20160616
eScan Gen:Variant.Graftor.290357 20160616
Panda Trj/GdSda.A 20160615
Qihoo-360 HEUR/QVM08.0.0000.Malware.Gen 20160616
Sophos AV Mal/Generic-S 20160616
Tencent Win32.Trojan-downloader.Agent.Wpaa 20160616
TrendMicro TROJ_GEN.R072C0DFA16 20160616
VIPRE Trojan.Win32.Generic!BT 20160615
AegisLab 20160616
AhnLab-V3 20160615
Alibaba 20160616
Antiy-AVL 20160616
Baidu-International 20160614
CAT-QuickHeal 20160616
ClamAV 20160616
CMC 20160614
Comodo 20160616
DrWeb 20160616
F-Prot 20160616
Jiangmin 20160616
K7AntiVirus 20160616
K7GW 20160616
Kaspersky 20160616
Kingsoft 20160616
NANO-Antivirus 20160616
nProtect 20160615
SUPERAntiSpyware 20160616
Symantec 20160616
TheHacker 20160616
TotalDefense 20160616
TrendMicro-HouseCall 20160616
VBA32 20160615
ViRobot 20160616
Yandex 20160615
Zillya 20160615
Zoner 20160616
The file being studied is a Portable Executable file! More specifically, it is a Win32 EXE file for the Windows GUI subsystem.
PE header basic information
Target machine Intel 386 or later processors and compatible processors
Compilation timestamp 2016-06-07 08:06:10
Entry Point 0x000045C6
Number of sections 4
PE sections
PE imports
FreeEnvironmentStringsW
GetLastError
HeapFree
GetStdHandle
EnterCriticalSection
WriteProcessMemory
VirtualAllocEx
GetSystemInfo
GetOEMCP
QueryPerformanceCounter
HeapAlloc
GetTickCount
IsBadCodePtr
TlsAlloc
FlushFileBuffers
VirtualProtect
GetVersionExA
GetModuleFileNameA
RtlUnwind
LoadLibraryA
GetLocalTime
FreeEnvironmentStringsA
DeleteCriticalSection
GetCurrentProcess
GetEnvironmentStrings
GetLocaleInfoA
GetCurrentProcessId
LCMapStringW
SetFilePointer
LCMapStringA
CreateFileA
UnhandledExceptionFilter
TlsGetValue
MultiByteToWideChar
HeapSize
SetHandleCount
GetCPInfo
GetCommandLineA
GetProcAddress
VirtualProtectEx
SetStdHandle
CompareStringW
RaiseException
WideCharToMultiByte
GetStringTypeA
GetModuleHandleA
ReadFile
InterlockedExchange
SetUnhandledExceptionFilter
lstrcpyA
GetStartupInfoA
CompareStringA
GetSystemTimeAsFileTime
GetACP
HeapReAlloc
GetStringTypeW
SetEnvironmentVariableA
TlsFree
SetThreadContext
TerminateProcess
GetTimeZoneInformation
InitializeCriticalSection
HeapCreate
WriteFile
VirtualQuery
VirtualFree
GetEnvironmentStringsW
HeapDestroy
GetFileType
SetEndOfFile
TlsSetValue
CloseHandle
ExitProcess
GetCurrentThreadId
VirtualAlloc
SetLastError
LeaveCriticalSection
OleMetafilePictFromIconAndLabel
CoCreateGuid
Number of PE resources by type
RT_BITMAP 1
Number of PE resources by language
RUSSIAN 1
PE resources
ExifTool file metadata
MIMEType
application/octet-stream

Subsystem
Windows GUI

MachineType
Intel 386 or later, and compatibles

TimeStamp
2016:06:07 09:06:10+01:00

FileType
Win32 EXE

PEType
PE32

CodeSize
45056

LinkerVersion
7.1

FileTypeExtension
exe

InitializedDataSize
225280

SubsystemVersion
4.0

EntryPoint
0x45c6

OSVersion
4.0

ImageVersion
0.0

UninitializedDataSize
0

File identification
MD5 60ec92060b5cc03c4547dc71f7a27c5e
SHA1 ce41366cadac6bdf691afec91005ab2eab9f9e47
SHA256 ffcd5f5248ac130374a8cd9ae1cf10a7690e76343211c2ccdbe1079b00af2c16
ssdeep
3072:2uLtEbAD+6lnQ5/btAF43/8O0c7u++yqR8+8phU2qzmKBlewEv:2yabADaptW4P0c7ub9XYhlqdlH

authentihash fb34047616f7f9878fb703159abc06c8b94404f992352d90a693ef5950a4ec43
imphash 271db9eff9a1013e0c4d534acd4652ae
File size 220.0 KB ( 225280 bytes )
File type Win32 EXE
Magic literal
PE32 executable for MS Windows (GUI) Intel 80386 32-bit

TrID Win32 Executable MS Visual C++ (generic) (67.4%)
Win32 Dynamic Link Library (generic) (14.2%)
Win32 Executable (generic) (9.7%)
Generic Win/DOS Executable (4.3%)
DOS Executable Generic (4.3%)
Tags
peexe

VirusTotal metadata
First submission 2016-06-16 07:36:52 UTC ( 2 years, 9 months ago )
Last submission 2016-06-16 07:36:52 UTC ( 2 years, 9 months ago )
No comments. No VirusTotal Community member has commented on this item yet, be the first one to do so!

Leave your comment...

?
Post comment

You have not signed in. Only registered users can leave comments, sign in and have a voice!

No votes. No one has voted on this item yet, be the first one to do so!
Condensed report! The following is a condensed report of the behaviour of the file when executed in a controlled environment. The actions and events described were either performed by the file itself or by any other process launched by the executed file or subjected to code injection by the executed file.
Opened files
Read files
Created processes
Code injections in the following processes
Opened mutexes
Runtime DLLs
UDP communications