× I cookies sono disabilitati! Questo sito richiede i cookies abilitati per funzionare correttamente
SHA256: c79fa7823382364605280e45cc40b5267345a9688dbb3b8b6f1ad06f05778d2e
Nome del file: c79fa7823382364605280e45cc40b5267345a9688dbb3b8b6f1ad06f05778d2e
Rapporto rilevamento: 23 / 56
Data analisi: 2016-06-18 22:19:26 UTC ( 2 anni, 11 mesi fa )
Antivirus Risultato Aggiornamento
Ad-Aware Gen:Variant.Graftor.291102 20160618
AhnLab-V3 Win-Trojan/Cerber.Gen 20160618
Arcabit Trojan.Graftor.D4711E 20160618
Avast Win32:Trojan-gen 20160618
AVG Generic_r.JZO 20160618
Avira (no cloud) TR/Crypt.ZPACK.rwhn 20160618
AVware Trojan.Win32.Generic!BT 20160618
Baidu Win32.Trojan.Filecoder.q 20160618
BitDefender Gen:Variant.Graftor.291102 20160618
Bkav HW32.Packed.1485 20160618
Emsisoft Gen:Variant.Graftor.291102 (B) 20160618
ESET-NOD32 Win32/TrojanDownloader.Agent.CFH 20160618
F-Secure Gen:Variant.Graftor.291102 20160618
Fortinet W32/Agent.CFH!tr.dldr 20160618
GData Gen:Variant.Graftor.291102 20160618
K7AntiVirus Trojan-Downloader ( 004e141d1 ) 20160618
K7GW Trojan-Downloader ( 004e141d1 ) 20160618
McAfee Artemis!D3C99349028F 20160618
McAfee-GW-Edition BehavesLike.Win32.BadFile.ch 20160618
eScan Gen:Variant.Graftor.291102 20160618
Qihoo-360 QVM20.1.Malware.Gen 20160618
Sophos AV Mal/Generic-S 20160618
VIPRE Trojan.Win32.Generic!BT 20160618
AegisLab 20160618
Alibaba 20160617
ALYac 20160618
Antiy-AVL 20160618
Baidu-International 20160614
CAT-QuickHeal 20160618
ClamAV 20160618
CMC 20160616
Comodo 20160618
Cyren 20160618
DrWeb 20160618
F-Prot 20160618
Ikarus 20160618
Jiangmin 20160618
Kaspersky 20160618
Kingsoft 20160618
Malwarebytes 20160618
Microsoft 20160618
NANO-Antivirus 20160618
nProtect 20160617
Panda 20160618
SUPERAntiSpyware 20160618
Symantec 20160618
Tencent 20160618
TheHacker 20160617
TotalDefense 20160618
TrendMicro 20160618
TrendMicro-HouseCall 20160618
VBA32 20160617
ViRobot 20160618
Yandex 20160616
Zillya 20160618
Zoner 20160618
The file being studied is a Portable Executable file! More specifically, it is a Win32 EXE file for the Windows GUI subsystem.
PE header basic information
Target machine Intel 386 or later processors and compatible processors
Compilation timestamp 2016-06-16 23:07:22
Entry Point 0x00017490
Number of sections 4
PE sections
PE imports
CryptDeriveKey
RegEnumKeyW
RegDeleteValueW
CryptReleaseContext
RegCloseKey
RegSetValueExW
RegCreateKeyExW
RegQueryValueExA
CryptDestroyKey
RegOpenKeyExW
CryptAcquireContextW
RegOpenKeyW
RegOpenKeyExA
CryptHashData
CryptDecrypt
RegQueryValueExW
CryptDestroyHash
CryptCreateHash
ImageList_ReplaceIcon
PropertySheetW
ImageList_Destroy
CreateFontIndirectW
PatBlt
PathToRegion
UpdateColors
CreateMetaFileW
GetDeviceCaps
ExcludeClipRect
DeleteDC
SetBkMode
GetObjectW
BitBlt
RealizePalette
SetTextColor
GetTextExtentPointW
ExtTextOutW
GetTextExtentPoint32W
CreatePalette
GetStockObject
SelectPalette
GetDIBits
CreateRoundRectRgn
SelectClipRgn
CreateCompatibleDC
StretchDIBits
SwapBuffers
CreateRectRgn
SelectObject
CreateSolidBrush
SetBkColor
DeleteObject
CreateCompatibleBitmap
GetUserDefaultUILanguage
GetLastError
Toolhelp32ReadProcessMemory
GetDriveTypeW
ReleaseMutex
LoadLibraryA
LoadLibraryW
GlobalFree
WaitForSingleObject
GetVersionExW
GetExitCodeThread
GetTickCount
GlobalUnlock
lstrcpyW
lstrcmpiW
GlobalAlloc
lstrlenW
DeleteCriticalSection
GetStartupInfoA
EnterCriticalSection
LocalAlloc
GetUserDefaultLCID
MapViewOfFileEx
ProcessIdToSessionId
GetModuleHandleW
GlobalReAlloc
GetShortPathNameW
SetErrorMode
MultiByteToWideChar
GetLogicalDrives
_llseek
lstrcatW
_lread
GetPrivateProfileStringW
GetLocaleInfoW
GetTempFileNameW
ExitThread
GetModuleFileNameW
ExpandEnvironmentStringsW
_lclose
WideCharToMultiByte
GetProcAddress
GetModuleHandleA
GetSystemDirectoryW
ReadFile
GetTempPathW
CreateMutexW
GetVolumeNameForVolumeMountPointW
DeleteFileW
lstrcmpW
CreateThread
GlobalLock
SetThreadExecutionState
SetVolumeLabelW
FreeLibrary
LocalFree
GetPrivateProfileIntW
GlobalMemoryStatus
SearchPathW
InitializeCriticalSection
WriteFile
CreateFileW
GlobalHandle
GetLogicalDriveStringsW
GetFileAttributesW
InterlockedDecrement
Sleep
GetCommandLineW
CloseHandle
ExitProcess
GetCurrentThreadId
InterlockedIncrement
VirtualAlloc
GetCurrentProcessId
LeaveCriticalSection
DragQueryFileW
SHCreateDirectoryExW
DragFinish
SHGetFolderPathW
DragAcceptFiles
Shell_NotifyIconW
ShellExecuteW
SHGetFileInfoW
ShellAboutW
PathAppendW
RedrawWindow
GetMessagePos
SetWindowRgn
LoadBitmapW
DestroyMenu
PostQuitMessage
GetForegroundWindow
SetWindowPos
EndPaint
WindowFromPoint
CharUpperBuffW
SetMenuItemInfoW
GetDC
GetAsyncKeyState
ReleaseDC
GetDlgCtrlID
SendMessageW
UnregisterClassW
GetClientRect
DefWindowProcW
SetMenuDefaultItem
GetNextDlgTabItem
GetThreadDesktop
CallNextHookEx
LoadImageW
CountClipboardFormats
ClientToScreen
GetTopWindow
GetWindowTextW
LockWindowUpdate
DrawTextW
PtInRect
DrawEdge
GetParent
UpdateWindow
GetPropW
GetMessageW
ShowWindow
SetPropW
EnumDisplayMonitors
PeekMessageW
EnableWindow
SetWindowPlacement
CharUpperW
LoadIconW
ChildWindowFromPoint
TranslateMessage
IsWindowEnabled
CharUpperA
RegisterClassW
GetWindowPlacement
LoadStringW
IsIconic
TrackPopupMenuEx
GetSubMenu
CreateMenu
IsDialogMessageW
FillRect
GetSysColorBrush
CreateWindowExW
GetWindowLongW
DestroyWindow
IsChild
MapWindowPoints
RegisterWindowMessageW
BeginPaint
SetFocus
DrawIcon
KillTimer
GetClipboardData
GetSystemMetrics
SetWindowLongW
GetWindowRect
SetCapture
ReleaseCapture
EnumChildWindows
RegisterDeviceNotificationW
SendDlgItemMessageW
PostMessageW
MonitorFromRect
CheckDlgButton
CreateDialogParamW
WaitMessage
CreatePopupMenu
DrawFocusRect
GetLastActivePopup
DrawIconEx
SetWindowTextW
SetTimer
GetDlgItem
RemovePropW
BringWindowToTop
ScreenToClient
TrackPopupMenu
GetMenuItemCount
GetDesktopWindow
SetWindowsHookExW
LoadCursorW
GetSystemMenu
DispatchMessageW
SetForegroundWindow
GetMenuItemInfoW
GetCursorPos
IntersectRect
EndDialog
GetKeyboardLayout
FindWindowW
GetCapture
GetShellWindow
MessageBeep
LoadMenuW
RemoveMenu
wvsprintfW
DeferWindowPos
BeginDeferWindowPos
MessageBoxW
GetKBCodePage
RegisterClassExW
UnhookWindowsHookEx
MoveWindow
DialogBoxParamW
AppendMenuW
GetSysColor
SetDlgItemTextW
EndDeferWindowPos
GetDoubleClickTime
EnableMenuItem
IsWindowVisible
WinHelpW
SystemParametersInfoW
SetRect
InvalidateRect
CallWindowProcW
DestroyIcon
ModifyMenuW
UnregisterDeviceNotification
GetFocus
wsprintfW
CloseClipboard
DefDlgProcW
SetCursor
__p__fmode
_wcsupr
rand
_ftol
srand
wcschr
_wcslwr
isdigit
towupper
_except_handler3
__p__commode
wcslen
wcscmp
exit
_XcptFilter
__setusermatherr
wcsncpy
towlower
_acmdln
iswctype
_adjust_fdiv
wcscat
wcscspn
__getmainargs
_controlfp
wcsspn
swscanf
wcscpy
wcsstr
_initterm
_exit
__set_app_type
CreateStreamOnHGlobal
OleUninitialize
OleInitialize
Number of PE resources by type
RT_CURSOR 16
RT_GROUP_CURSOR 15
RT_ICON 12
RT_DIALOG 4
RT_STRING 3
RT_GROUP_ICON 2
RT_MESSAGETABLE 1
Number of PE resources by language
ENGLISH US 39
NEUTRAL 14
PE resources
ExifTool file metadata
MIMEType
application/octet-stream

Subsystem
Windows GUI

MachineType
Intel 386 or later, and compatibles

TimeStamp
2016:06:17 00:07:22+01:00

FileType
Win32 EXE

PEType
PE32

CodeSize
95232

LinkerVersion
9.0

FileTypeExtension
exe

InitializedDataSize
77312

SubsystemVersion
5.0

EntryPoint
0x17490

OSVersion
5.0

ImageVersion
0.0

UninitializedDataSize
0

File identification
MD5 d3c99349028f67c059d452bd065f4a26
SHA1 77cf2a448f7bdec1796344294e467efa32c1f2aa
SHA256 c79fa7823382364605280e45cc40b5267345a9688dbb3b8b6f1ad06f05778d2e
ssdeep
3072:22gZZC+jQXbbmSH5VB3Ot7YEaIYF34ibhB5WhPwkqp/PbHKP9:22gZ5Qr/H5VmUEaLp9bb5Wekqp/Pb4

authentihash 558cd0f90ca9e36bacb72baeb8c50f2ccf4ee2c6b263a1b011e3680267988581
imphash 1d22bc986bb23e3012996c7864424da0
File size 169.5 KB ( 173568 bytes )
File type Win32 EXE
Magic literal
PE32 executable for MS Windows (GUI) Intel 80386 32-bit

TrID Win32 Executable MS Visual C++ (generic) (42.2%)
Win64 Executable (generic) (37.3%)
Win32 Dynamic Link Library (generic) (8.8%)
Win32 Executable (generic) (6.0%)
Generic Win/DOS Executable (2.7%)
Tags
peexe

VirusTotal metadata
First submission 2016-06-18 22:19:26 UTC ( 2 anni, 11 mesi fa )
Last submission 2016-06-18 22:19:26 UTC ( 2 anni, 11 mesi fa )
Nessun commento. Nessun membro della Comunità di VirusTotal ha commentato questo item, sii il primo a farlo!

Lascia il tuo commento...

?
Posta commento

Non ti sei ancora collegato. Solo gli utenti registrati possono commentare, collegati ed esprimi il tuo giudizio!

Nessun voto. Nessuno ha ancora votato questo item, sii il primo a farlo!
Condensed report! The following is a condensed report of the behaviour of the file when executed in a controlled environment. The actions and events described were either performed by the file itself or by any other process launched by the executed file or subjected to code injection by the executed file.
DNS requests
UDP communications