× Cookies are disabled! This site requires cookies to be enabled to work properly
SHA256: 690a2e86a141d890c8ef94587ceb6366c01a8d9c74309606885ed7a784a98c30
File name: trick3.exe
Detection ratio: 2 / 56
Analysis date: 2016-10-18 19:02:31 UTC ( 11 months ago ) View latest
Antivirus Result Update
CrowdStrike Falcon (ML) malicious_confidence_100% (D) 20160725
ESET-NOD32 a variant of Win64/Agent.BQ 20161018
Ad-Aware 20161018
AegisLab 20161018
AhnLab-V3 20161018
Alibaba 20161018
ALYac 20161018
Antiy-AVL 20161018
Arcabit 20161018
Avast 20161018
AVG 20161018
Avira (no cloud) 20161018
AVware 20161018
Baidu 20161018
BitDefender 20161018
Bkav 20161018
CAT-QuickHeal 20161018
ClamAV 20161018
CMC 20161018
Comodo 20161018
Cyren 20161018
DrWeb 20161018
Emsisoft 20161018
F-Prot 20161018
F-Secure 20161018
Fortinet 20161018
GData 20161018
Ikarus 20161018
Sophos ML 20161018
Jiangmin 20161018
K7AntiVirus 20161018
K7GW 20161018
Kaspersky 20161018
Kingsoft 20161018
Malwarebytes 20161018
McAfee 20161018
McAfee-GW-Edition 20161018
Microsoft 20161018
eScan 20161018
NANO-Antivirus 20161018
nProtect 20161018
Panda 20161018
Qihoo-360 20161018
Rising 20161018
Sophos AV 20161018
SUPERAntiSpyware 20161018
Symantec 20161018
Tencent 20161018
TheHacker 20161018
TrendMicro 20161018
TrendMicro-HouseCall 20161018
VBA32 20161018
VIPRE 20161018
ViRobot 20161018
Yandex 20161018
Zillya 20161018
Zoner 20161018
The file being studied is a Portable Executable file! More specifically, it is a Win32 EXE file for the Windows GUI subsystem that targets 64bit architectures.
PE header basic information
Target machine x64
Compilation timestamp 2016-10-11 19:05:00
Entry Point 0x00011734
Number of sections 6
PE sections
PE imports
CryptDestroyKey
GetTokenInformation
CryptReleaseContext
ConvertStringSecurityDescriptorToSecurityDescriptorW
OpenProcessToken
GetUserNameW
CryptSetKeyParam
FreeSid
CryptGetHashParam
AllocateAndInitializeSid
CryptAcquireContextW
EqualSid
CryptDestroyHash
LookupAccountNameW
CryptHashData
CryptDecrypt
CryptImportKey
CryptCreateHash
CryptBinaryToStringW
CryptStringToBinaryW
GetAdaptersInfo
CreateToolhelp32Snapshot
GetLastError
HeapFree
CopyFileW
lstrcpynW
lstrlenW
VirtualAllocEx
GetSystemInfo
lstrlenA
LoadLibraryW
WaitForSingleObject
GetVersionExW
FreeLibrary
QueryPerformanceCounter
GetTickCount
GetFileAttributesW
lstrcmpiW
CreateRemoteThread
RtlVirtualUnwind
GetCurrentProcess
FindNextFileW
VirtualFreeEx
GetCurrentProcessId
WriteProcessMemory
OpenProcess
LockResource
SetFileTime
GetCommandLineW
DuplicateHandle
UnhandledExceptionFilter
MultiByteToWideChar
GetStartupInfoW
ReadProcessMemory
CreateDirectoryW
DeleteFileW
GetProcAddress
VirtualProtectEx
Process32FirstW
GetProcessHeap
GetTempFileNameW
GetComputerNameW
GetFileTime
GetFullPathNameW
WideCharToMultiByte
GetModuleFileNameW
MoveFileExW
SetFilePointer
lstrcmpA
GetExitCodeThread
GetCurrentThreadId
SetUnhandledExceptionFilter
WriteFile
Process32NextW
RtlCaptureContext
ReadFile
GetSystemTimeAsFileTime
FindResourceW
FindFirstFileW
TerminateProcess
lstrcmpW
HeapReAlloc
GetModuleHandleW
SignalObjectAndWait
SetEvent
LocalFree
GetTempPathW
ResumeThread
CreateEventW
ResetEvent
SetCurrentDirectoryW
LoadResource
RtlLookupFunctionEntry
CreateFileW
CreateProcessW
FindClose
Sleep
MoveFileW
SetFileAttributesW
HeapAlloc
GetVersion
CreateMutexW
CloseHandle
SysAllocStringLen
SysFreeString
VariantInit
VariantClear
SysAllocString
SHGetFolderPathW
CommandLineToArgvW
PathRenameExtensionW
PathFindFileNameW
PathRemoveFileSpecW
PathAddBackslashW
StrStrIW
PathFindExtensionW
PathCombineW
PathRemoveBackslashW
WinHttpSetOption
WinHttpConnect
WinHttpQueryHeaders
WinHttpSendRequest
WinHttpCloseHandle
WinHttpQueryDataAvailable
WinHttpCrackUrl
WinHttpReceiveResponse
WinHttpOpen
WinHttpOpenRequest
WinHttpReadData
WSAStartup
gethostbyname
WSACleanup
rand
__wgetmainargs
srand
_time64
memcmp
memset
??_V@YAXPEAX@Z
_fmode
_vsnwprintf
_amsg_exit
?terminate@@YAXXZ
__C_specific_handler
??1type_info@@UEAA@XZ
memcpy
??2@YAPEAX_K@Z
exit
_XcptFilter
_commode
__setusermatherr
_wcmdln
_cexit
_CxxThrowException
_itow
_initterm
??3@YAXPEAX@Z
_vsnprintf
_exit
__set_app_type
_wtoi
NtQueryInformationProcess
CoInitializeEx
CoCreateInstance
CoUninitialize
CoInitializeSecurity
Number of PE resources by type
RT_RCDATA 2
Number of PE resources by language
NEUTRAL 2
PE resources
ExifTool file metadata
MIMEType
application/octet-stream

Subsystem
Windows GUI

MachineType
AMD AMD64

FileTypeExtension
exe

TimeStamp
2016:10:11 20:05:00+01:00

FileType
Win64 EXE

PEType
PE32+

CodeSize
69120

LinkerVersion
10.0

EntryPoint
0x11734

InitializedDataSize
30208

SubsystemVersion
5.2

ImageVersion
0.0

OSVersion
5.2

UninitializedDataSize
0

File identification
MD5 bd79db0f9f8263a215e527d6627baf2f
SHA1 4aa9d185fd3db9703f628dab4ea6b5d901a6c4d0
SHA256 690a2e86a141d890c8ef94587ceb6366c01a8d9c74309606885ed7a784a98c30
ssdeep
3072:BuKbw3eyNCInYw6fSttjGt7xVtOloFdv5rQg:Bvbw3e2YRmtjGt7pym

authentihash 1e5194dc9e7bef233cc6dbd1234d372cad845bd314393a6c6296f526883e6fb6
imphash 6df399864d8f93847297b1fde190a2c3
File size 98.0 KB ( 100352 bytes )
File type Win32 EXE
Magic literal
PE32+ executable for MS Windows (GUI) Mono/.Net assembly

TrID Win64 Executable (generic) (87.3%)
Generic Win/DOS Executable (6.3%)
DOS Executable Generic (6.3%)
Tags
64bits peexe assembly

VirusTotal metadata
First submission 2016-10-18 19:02:31 UTC ( 11 months ago )
Last submission 2016-11-21 20:58:38 UTC ( 10 months ago )
File names trick3.exe
690a2e86a141d890c8ef94587ceb6366c01a8d9c74309606885ed7a784a98c30.bin
Advanced heuristic and reputation engines
No comments. No VirusTotal Community member has commented on this item yet, be the first one to do so!

Leave your comment...

?
Post comment

You have not signed in. Only registered users can leave comments, sign in and have a voice!

No votes. No one has voted on this item yet, be the first one to do so!