× Cookies are disabled! This site requires cookies to be enabled to work properly
SHA256: 76e1c59e0bc39c8b5f31a8697ee139044a31f5191839ea76dffd9195401e8a9d
File name: 0ada26c3cdd21625f154d6f7054cb65e43795128
Detection ratio: 50 / 63
Analysis date: 2017-08-21 04:31:03 UTC ( 6 months ago )
Antivirus Result Update
Ad-Aware Trojan.Agent.CLFN 20170821
AegisLab Uds.Dangerousobject.Multi!c 20170821
AhnLab-V3 Trojan/Win32.Kryptik.C2087773 20170821
ALYac Trojan.Agent.CLFN 20170820
Antiy-AVL Trojan/Win32.TSGeneric 20170821
Arcabit Trojan.Agent.CLFN 20170821
Avast Win32:Malware-gen 20170821
AVG Win32:Malware-gen 20170821
Avira (no cloud) TR/Dropper.lfcce 20170820
AVware Trojan.Win32.Generic!BT 20170821
Baidu Win32.Trojan.WisdomEyes.16070401.9500.9998 20170817
BitDefender Trojan.Agent.CLFN 20170821
Comodo TrojWare.Win32.Crypt.AH 20170821
CrowdStrike Falcon (ML) malicious_confidence_100% (D) 20170804
Cylance Unsafe 20170821
Cyren W32/Trojan.ITPS-7671 20170821
DrWeb Trojan.Inject2.56431 20170821
Emsisoft Trojan.Agent.CLFN (B) 20170821
Endgame malicious (high confidence) 20170721
ESET-NOD32 a variant of Win32/Kryptik.FVNY 20170821
F-Secure Trojan.Agent.CLFN 20170821
Fortinet W32/Kryptik.FVNQ!tr 20170821
GData Trojan.Agent.CLFN 20170821
Ikarus Trojan.Win32.Crypt 20170820
Sophos ML heuristic 20170818
Jiangmin Trojan.Diple.amnh 20170821
K7AntiVirus Trojan ( 005146ce1 ) 20170821
K7GW Trojan ( 005146ce1 ) 20170817
Kaspersky Trojan.Win32.Dovs.hc 20170821
Malwarebytes Trojan.Bunitu 20170821
MAX malware (ai score=87) 20170821
McAfee Trojan-FLWN!93147D3941CC 20170821
McAfee-GW-Edition BehavesLike.Win32.PWSZbot.dc 20170821
Microsoft Trojan:Win32/Dynamer!rfn 20170821
eScan Trojan.Agent.CLFN 20170821
NANO-Antivirus Trojan.Win32.Dovs.erxaks 20170821
nProtect Trojan/W32.Agent.305152.HU 20170821
Palo Alto Networks (Known Signatures) generic.ml 20170821
Panda Trj/Emotet.A 20170820
SentinelOne (Static ML) static engine - malicious 20170806
Sophos AV Mal/Generic-S 20170821
Symantec Trojan.Gen 20170820
Tencent Win32.Trojan.Dovs.Hqbc 20170821
TrendMicro TSPY_EMOTET.SMD3 20170821
TrendMicro-HouseCall TROJ_GEN.R047H09HF17 20170821
VIPRE Trojan.Win32.Generic!BT 20170821
ViRobot Trojan.Win32.Agent.303104.BI 20170821
Webroot W32.Trojan.Gen 20170821
Yandex Trojan.Dovs! 20170818
ZoneAlarm by Check Point Trojan.Win32.Dovs.hc 20170821
Alibaba 20170821
CAT-QuickHeal 20170821
ClamAV 20170821
CMC 20170820
F-Prot 20170821
Kingsoft 20170821
Qihoo-360 20170821
SUPERAntiSpyware 20170821
Symantec Mobile Insight 20170818
TheHacker 20170821
TotalDefense 20170821
Trustlook 20170821
VBA32 20170818
WhiteArmor 20170817
Zillya 20170819
Zoner 20170821
The file being studied is a Portable Executable file! More specifically, it is a Win32 EXE file for the Windows GUI subsystem.
PE header basic information
Target machine Intel 386 or later processors and compatible processors
Compilation timestamp 2017-08-14 11:10:20
Entry Point 0x00005DAE
Number of sections 7
PE sections
PE imports
SetPixel
GetEnhMetaFileHeader
SetPolyFillMode
SetStretchBltMode
GetLastError
InitializeCriticalSectionAndSpinCount
HeapFree
IsProcessorFeaturePresent
EnterCriticalSection
LCMapStringW
ReadFile
LoadLibraryW
GetConsoleCP
GetOEMCP
QueryPerformanceCounter
HeapReAlloc
IsDebuggerPresent
GetTickCount
TlsAlloc
GetEnvironmentStringsW
FlushFileBuffers
WaitForSingleObjectEx
RtlUnwind
lstrlenW
FreeLibrary
GetStdHandle
HeapAlloc
DeleteCriticalSection
GetCurrentProcess
GetStartupInfoW
GetFileType
GetConsoleMode
GetStringTypeW
GetCurrentProcessId
GetUserDefaultLCID
EnumSystemLocalesW
GetCommandLineW
WideCharToMultiByte
UnhandledExceptionFilter
LoadLibraryExW
MultiByteToWideChar
HeapSize
SetFilePointerEx
FreeEnvironmentStringsW
GetCommandLineA
GetProcAddress
InitializeSListHead
GetLocaleInfoW
SetStdHandle
RaiseException
GetCPInfo
GetModuleFileNameW
TlsFree
FindNextFileW
SetUnhandledExceptionFilter
WriteFile
CloseHandle
GetSystemTimeAsFileTime
IsValidLocale
GetACP
FindFirstFileExW
DecodePointer
GetModuleHandleW
SetEvent
TerminateProcess
CreateEventW
ResetEvent
GetModuleHandleExW
IsValidCodePage
CreateFileW
FindClose
TlsGetValue
SetLastError
ReadConsoleW
TlsSetValue
EncodePointer
GetCurrentThreadId
GetProcessHeap
ExitProcess
WriteConsoleW
LeaveCriticalSection
ShellAboutA
FindExecutableA
DragQueryFileW
DragAcceptFiles
DragQueryPoint
DragQueryFileA
ShellExecuteA
DragFinish
GetListBoxInfo
GetDlgCtrlID
GetRawInputDeviceInfoW
SendDlgItemMessageA
GetAltTabInfoA
GetRawInputBuffer
GetDialogBaseUnits
UserHandleGrantAccess
RegisterRawInputDevices
GetNextDlgTabItem
GetNextDlgGroupItem
RealGetWindowClassA
Number of PE resources by type
RT_BITMAP 5
RT_MENU 5
RT_ICON 2
Q 1
RT_GROUP_ICON 1
Number of PE resources by language
NEUTRAL 14
PE resources
Debug information
ExifTool file metadata
MIMEType
application/octet-stream

Subsystem
Windows GUI

MachineType
Intel 386 or later, and compatibles

TimeStamp
2017:08:14 12:10:20+01:00

FileType
Win32 EXE

PEType
PE32

CodeSize
108032

LinkerVersion
14.0

FileTypeExtension
exe

InitializedDataSize
200704

SubsystemVersion
5.1

EntryPoint
0x5dae

OSVersion
5.1

ImageVersion
0.0

UninitializedDataSize
0

File identification
MD5 93147d3941cc309517794556139dbd83
SHA1 0ada26c3cdd21625f154d6f7054cb65e43795128
SHA256 76e1c59e0bc39c8b5f31a8697ee139044a31f5191839ea76dffd9195401e8a9d
ssdeep
6144:U6aYMeDe5Fu7Z/3QAO2hVFleUo0QLtuZQBywfr0B:U6L0QgM3F49hLtuZQBym0B

authentihash 09e85317ed0477b09a94c4ac7e0c4c1db3059666bf4763e55a869b03ce9c715d
imphash 28984931224239c25ba089a5d9977d4a
File size 298.0 KB ( 305152 bytes )
File type Win32 EXE
Magic literal
PE32 executable for MS Windows (GUI) Intel 80386 32-bit

TrID Win32 Executable MS Visual C++ (generic) (42.2%)
Win64 Executable (generic) (37.3%)
Win32 Dynamic Link Library (generic) (8.8%)
Win32 Executable (generic) (6.0%)
Generic Win/DOS Executable (2.7%)
Tags
peexe

VirusTotal metadata
First submission 2017-08-15 02:16:05 UTC ( 6 months, 1 week ago )
Last submission 2017-08-15 07:59:50 UTC ( 6 months, 1 week ago )
File names 0ada26c3cdd21625f154d6f7054cb65e43795128
dHp.exe
No comments. No VirusTotal Community member has commented on this item yet, be the first one to do so!

Leave your comment...

?
Post comment

You have not signed in. Only registered users can leave comments, sign in and have a voice!

No votes. No one has voted on this item yet, be the first one to do so!
Condensed report! The following is a condensed report of the behaviour of the file when executed in a controlled environment. The actions and events described were either performed by the file itself or by any other process launched by the executed file or subjected to code injection by the executed file.
Created processes
Opened mutexes
Runtime DLLs
UDP communications