× Cookies are disabled! This site requires cookies to be enabled to work properly
SHA256: ffd112950aa47272f760c9b41892b0f84fd803472aeb263253d06516a158046f
File name: malware5.exe
Detection ratio: 6 / 56
Analysis date: 2016-05-20 09:59:59 UTC ( 3 years ago ) View latest
Antivirus Result Update
Baidu Win32.Trojan.WisdomEyes.151026.9950.9977 20160520
Bkav HW32.Packed.4F3F 20160519
McAfee-GW-Edition BehavesLike.Win32.Expiro.ch 20160520
Qihoo-360 QVM20.1.Malware.Gen 20160520
Rising Malware.Generic!yfrJBhd4xrE@1 (Thunder) 20160520
Tencent Win32.Trojan.Raas.Auto 20160520
Ad-Aware 20160520
AegisLab 20160520
AhnLab-V3 20160520
Alibaba 20160520
ALYac 20160520
Antiy-AVL 20160520
Arcabit 20160520
Avast 20160520
AVG 20160520
Avira (no cloud) 20160520
AVware 20160520
Baidu-International 20160520
BitDefender 20160520
CAT-QuickHeal 20160518
ClamAV 20160520
CMC 20160520
Comodo 20160520
Cyren 20160520
DrWeb 20160520
Emsisoft 20160520
ESET-NOD32 20160520
F-Prot 20160520
F-Secure 20160520
Fortinet 20160520
GData 20160520
Ikarus 20160520
Jiangmin 20160520
K7AntiVirus 20160520
K7GW 20160520
Kaspersky 20160520
Kingsoft 20160520
Malwarebytes 20160520
McAfee 20160520
Microsoft 20160520
eScan 20160520
NANO-Antivirus 20160520
nProtect 20160519
Panda 20160519
Sophos AV 20160520
SUPERAntiSpyware 20160520
Symantec 20160520
TheHacker 20160519
TrendMicro 20160520
TrendMicro-HouseCall 20160520
VBA32 20160519
VIPRE 20160520
ViRobot 20160520
Yandex 20160519
Zillya 20160519
Zoner 20160520
The file being studied is a Portable Executable file! More specifically, it is a Win32 EXE file for the Windows GUI subsystem.
FileVersionInfo properties
Copyright
Copyright (C) 2007-2012 All rights Reserved.

File version 5, 5, 3, 3
PE header basic information
Target machine Intel 386 or later processors and compatible processors
Compilation timestamp 2016-05-20 07:02:03
Entry Point 0x00007CB8
Number of sections 6
PE sections
PE imports
RegCreateKeyExW
RegCloseKey
RegCreateKeyW
OpenServiceW
ControlService
RegEnumKeyW
DeleteService
RegQueryValueExW
GetNamedSecurityInfoW
RegOpenKeyA
RegisterEventSourceW
OpenProcessToken
DeregisterEventSource
RegOpenKeyExW
SetTokenInformation
RegisterServiceCtrlHandlerExW
CreateServiceW
GetTokenInformation
DuplicateTokenEx
SetServiceStatus
BuildExplicitAccessWithNameW
CreateProcessAsUserW
SetEntriesInAclW
RevertToSelf
StartServiceW
RegSetValueExW
EnumDependentServicesW
OpenSCManagerW
ReportEventW
QueryServiceStatusEx
StartServiceCtrlDispatcherW
CloseServiceHandle
ChangeServiceConfigW
SetNamedSecurityInfoW
BeginPath
AddFontMemResourceEx
CloseFigure
GetStdHandle
FileTimeToDosDateTime
FileTimeToSystemTime
GetFileAttributesA
WaitForSingleObject
GetDriveTypeA
lstrcmpW
GetLocalTime
DeleteCriticalSection
GetCurrentProcess
GetDriveTypeW
GetConsoleMode
GetLocaleInfoA
LocalAlloc
lstrcatA
SetErrorMode
GetFileInformationByHandle
HeapSize
GetFullPathNameA
GetFileTime
FindResourceExA
GetCPInfo
lstrcmpiA
InterlockedExchange
WriteFile
GetSystemTimeAsFileTime
EnumResourceLanguagesA
GetDiskFreeSpaceA
GetStringTypeW
SetFileAttributesA
FreeLibrary
LocalFree
MoveFileA
ResumeThread
GetProcAddress
LoadResource
GlobalHandle
InterlockedDecrement
GetProfileIntA
GetStringTypeExA
SetLastError
GetUserDefaultUILanguage
InitializeCriticalSection
LocalLock
GetUserDefaultLangID
GetModuleFileNameW
GlobalFindAtomA
HeapAlloc
FlushFileBuffers
RemoveDirectoryA
RaiseException
HeapSetInformation
GetVolumeInformationA
LoadLibraryExA
GetPrivateProfileStringA
SetThreadPriority
UnhandledExceptionFilter
TlsGetValue
MultiByteToWideChar
FormatMessageA
GetModuleHandleA
CreateThread
GetSystemDirectoryW
GetSystemDefaultUILanguage
GlobalAddAtomA
SetUnhandledExceptionFilter
ConvertDefaultLocale
MulDiv
IsProcessorFeaturePresent
SetEnvironmentVariableA
SetPriorityClass
TerminateProcess
FindCloseChangeNotification
GetNumberFormatA
FindNextChangeNotification
SearchPathA
FindAtomA
SetEndOfFile
GetCurrentThreadId
LeaveCriticalSection
SetCurrentDirectoryA
WriteConsoleW
InitializeCriticalSectionAndSpinCount
HeapFree
EnterCriticalSection
SetHandleCount
LoadLibraryW
SetEvent
QueryPerformanceCounter
GetTickCount
TlsAlloc
VirtualProtect
GetVersionExA
LoadLibraryA
RtlUnwind
GlobalFindAtomW
GlobalSize
UnlockFile
DosDateTimeToFileTime
lstrlenA
GetFileSize
GlobalDeleteAtom
GetPrivateProfileIntA
CreateDirectoryA
DeleteFileA
GetWindowsDirectoryA
GetStartupInfoW
GlobalLock
GetProcessHeap
CompareStringW
GetFileSizeEx
GlobalReAlloc
FreeEnvironmentStringsW
lstrcmpA
lstrcpyA
CompareStringA
GetTempFileNameA
CreateFileMappingA
DuplicateHandle
WaitForMultipleObjects
ExpandEnvironmentStringsA
GetTimeZoneInformation
CreateFileW
CreateEventA
IsDebuggerPresent
GetFileType
TlsSetValue
CreateFileA
LocalUnlock
InterlockedIncrement
GetLastError
IsValidCodePage
LocalReAlloc
SystemTimeToFileTime
LCMapStringW
FindFirstChangeNotificationA
GetSystemInfo
LocalFileTimeToFileTime
GlobalFree
GetConsoleCP
FindResourceW
GlobalGetAtomNameA
GetThreadLocale
GetEnvironmentStringsW
GlobalUnlock
LockFile
GetModuleFileNameA
GetShortPathNameA
OpenFile
FileTimeToLocalFileTime
SizeofResource
GetCurrentDirectoryW
WritePrivateProfileStringA
GetCurrentProcessId
LockResource
SetFileTime
lstrlenW
HeapQueryInformation
GetCurrentDirectoryA
WinExec
GetCommandLineA
GetCurrentThread
GetTempPathA
SuspendThread
QueryPerformanceFrequency
MapViewOfFile
TlsFree
SetFilePointer
GlobalFlags
CloseHandle
lstrcpynA
GetACP
CopyFileA
GetModuleHandleW
FreeResource
SetStdHandle
CreateProcessA
WideCharToMultiByte
CompareFileTime
HeapCreate
FindResourceExW
Sleep
GetFileAttributesExA
FindResourceA
GetOEMCP
ResetEvent
GetModuleInformation
GetModuleFileNameExW
SHEmptyRecycleBinW
SHGetSpecialFolderPathW
PathFindFileNameW
PathFileExistsW
PathRemoveFileSpecW
PathQuoteSpacesW
StrStrIW
PathAppendW
PathCombineW
SetFocus
MapWindowPoints
GetMonitorInfoW
GetForegroundWindow
GetParent
LoadIconA
GetWindow
GetMessageW
EnumWindows
DefWindowProcW
KillTimer
DestroyMenu
TrackMouseEvent
PostQuitMessage
ShowWindow
MessageBeep
LoadMenuW
SetWindowPos
RemoveMenu
GetWindowThreadProcessId
SetWindowLongW
IsWindow
PeekMessageW
GetWindowRect
EnableWindow
LoadStringA
EnumChildWindows
AppendMenuW
CharLowerW
DestroyCursor
TranslateMessage
IsWindowEnabled
GetWindowDC
PostMessageW
TrackPopupMenuEx
DispatchMessageW
GetCursorPos
ReleaseDC
UpdateLayeredWindow
CreatePopupMenu
SendMessageW
UnregisterClassA
TranslateAcceleratorW
PtInRect
IsWindowVisible
DestroyWindow
SetWindowTextW
GetMenuItemInfoW
DrawTextW
LoadImageW
MonitorFromWindow
ScreenToClient
InvalidateRect
SetTimer
CallWindowProcW
GetClassNameW
LoadStringW
GetKeyboardLayout
GetMenuItemCount
MonitorFromPoint
GetClientRect
GetWindowTextW
LoadCursorW
GetFocus
GetWindowLongW
CharNextW
SetCursor
VerQueryValueW
WTSEnumerateSessionsW
WTSFreeMemory
_except_handler3
malloc
_CIsin
free
exit
_CIcos
__set_app_type
CoInitialize
Ord(8)
OleUIBusyW
Number of PE resources by type
RT_ICON 10
RT_DIALOG 1
RT_VERSION 1
RT_GROUP_ICON 1
Number of PE resources by language
ENGLISH US 12
ENGLISH NEUTRAL 1
PE resources
Debug information
ExifTool file metadata
SpecialBuild
2015.05.13

UninitializedDataSize
0

LinkerVersion
8.0

ImageVersion
8.0

FileVersionNumber
5.5.3.3

LanguageCode
English (U.S.)

FileFlagsMask
0x0000

CharacterSet
Windows, Latin1

InitializedDataSize
128512

PrivateBuild
2015.05.13

EntryPoint
0x7cb8

MIMEType
application/octet-stream

LegalCopyright
Copyright (C) 2007-2012 All rights Reserved.

FileVersion
5, 5, 3, 3

TimeStamp
2016:05:20 08:02:03+01:00

FileType
Win32 EXE

PEType
PE32

ProductVersion
5, 5, 3, 3

SubsystemVersion
5.1

OSVersion
5.1

FileOS
Win32

Subsystem
Windows GUI

MachineType
Intel 386 or later, and compatibles

CompanyName
Accmeware Corporation

CodeSize
71168

FileSubtype
0

ProductVersionNumber
5.5.3.3

FileTypeExtension
exe

ObjectFileType
Executable application

File identification
MD5 9a035683eada4a95b71affbd7a01376b
SHA1 3dd3210215558e07c3483be28063f023ca6b3f03
SHA256 ffd112950aa47272f760c9b41892b0f84fd803472aeb263253d06516a158046f
ssdeep
3072:85G11qGIkbDrJdOjmYqkEsjG+vCi2vadfxWB929uFfE:8ovMkbDrJYaBPsjRbdfxCsQ

authentihash 660fdbacfd90e211ef265e28bb92a49058bd30b7d2e5f23c0233964293a79b7e
imphash 0256bc65d520daeb6545dbc24a8998c4
File size 152.0 KB ( 155648 bytes )
File type Win32 EXE
Magic literal
PE32 executable for MS Windows (GUI) Intel 80386 32-bit

TrID Win32 Executable MS Visual C++ (generic) (67.4%)
Win32 Dynamic Link Library (generic) (14.2%)
Win32 Executable (generic) (9.7%)
Generic Win/DOS Executable (4.3%)
DOS Executable Generic (4.3%)
Tags
peexe

VirusTotal metadata
First submission 2016-05-20 09:59:59 UTC ( 3 years ago )
Last submission 2016-05-21 09:28:24 UTC ( 2 years, 12 months ago )
File names malware5.exe
No comments. No VirusTotal Community member has commented on this item yet, be the first one to do so!

Leave your comment...

?
Post comment

You have not signed in. Only registered users can leave comments, sign in and have a voice!

No votes. No one has voted on this item yet, be the first one to do so!
Condensed report! The following is a condensed report of the behaviour of the file when executed in a controlled environment. The actions and events described were either performed by the file itself or by any other process launched by the executed file or subjected to code injection by the executed file.
Opened files
Read files
Created mutexes
Opened mutexes
Opened service managers
Opened services
Runtime DLLs
HTTP requests
DNS requests
TCP connections
UDP communications