× Cookies are disabled! This site requires cookies to be enabled to work properly
SHA256: 87d809141f03ad74c605af8c700408d26bcfd5f00d9ed14d002105d03c25b1bb
File name: subid1.exe
Detection ratio: 22 / 56
Analysis date: 2016-06-08 09:20:04 UTC ( 1 year, 5 months ago ) View latest
Antivirus Result Update
AegisLab Troj.Crypt.Xpack!c 20160608
AhnLab-V3 Trojan/Win32.Cerber 20160608
Avast Win32:Malware-gen 20160608
AVG Generic_r.JTQ 20160608
Avira (no cloud) TR/Crypt.Xpack.pyla 20160608
Baidu Win32.Trojan.WisdomEyes.151026.9950.9999 20160608
Bkav HW32.Packed.4CEA 20160608
DrWeb Trojan.MulDrop6.43388 20160608
ESET-NOD32 Win32/Filecoder.Cerber.B 20160608
Fortinet W32/Filecoder_Cerber.B!tr 20160608
GData Win32.Trojan-Ransom.Cerber.DIKF5G 20160608
Jiangmin Trojan.Selfdel.cet 20160608
Kaspersky Trojan-Ransom.Win32.Zerber.dua 20160608
Malwarebytes Ransom.Cerber 20160608
McAfee Artemis!3361479396E8 20160608
McAfee-GW-Edition BehavesLike.Win32.PWSZbot.ch 20160608
Qihoo-360 Win32/Trojan.a68 20160608
Rising Malware.Generic!KzT23pRzXLO@2 (Thunder) 20160608
Sophos AV Mal/Cerber-C 20160608
Symantec Trojan.Cryptolocker.AH 20160608
TrendMicro Ransom_CERBER.CL 20160608
TrendMicro-HouseCall Ransom_CERBER.CL 20160608
Ad-Aware 20160608
Alibaba 20160608
ALYac 20160608
Antiy-AVL 20160608
Arcabit 20160608
AVware 20160608
Baidu-International 20160606
BitDefender 20160608
CAT-QuickHeal 20160608
ClamAV 20160608
CMC 20160607
Comodo 20160608
Cyren 20160608
Emsisoft 20160608
F-Prot 20160608
F-Secure 20160608
Ikarus 20160608
K7AntiVirus 20160608
K7GW 20160608
Kingsoft 20160608
Microsoft 20160608
eScan 20160608
NANO-Antivirus 20160608
nProtect 20160607
Panda 20160607
SUPERAntiSpyware 20160608
Tencent 20160608
TheHacker 20160607
VBA32 20160607
VIPRE 20160608
ViRobot 20160608
Yandex 20160607
Zillya 20160607
Zoner 20160608
The file being studied is a Portable Executable file! More specifically, it is a Win32 EXE file for the Windows GUI subsystem.
FileVersionInfo properties
Copyright
Copyright © Reen

Product mink picul felty
Original name mink.exe
Internal name mink
File version 5.9.0.61906
Description mink hond spurling
PE header basic information
Target machine Intel 386 or later processors and compatible processors
Compilation timestamp 2004-12-09 18:36:05
Entry Point 0x00001962
Number of sections 4
PE sections
Overlays
MD5 cce7d5eb3ad5f865fc7e4876b78d263f
File type data
Offset 136704
Size 295
Entropy 7.16
PE imports
ADSIGetFirstRow
Component
BuildADsPathFromParent
LdapValueFreeLen
ChangeSeparator
AllocADsStr
BuildADsPathFromLDAPPath
ADSIGetNextRow
LdapGetSubSchemaSubEntryPath
LdapTypeToAdsTypeGeneralizedTime
AdsTypeToLdapTypeCopyDNWithBinary
ADSICloseDSObject
LdapModifyS
LdapDeleteExtS
LdapCompareExt
LdapMakeSchemaCacheObsolete
MapADSTypeToLDAPType
BerBvFree
ADsEncodeBinaryData
LdapTypeToAdsTypeDNWithBinary
LdapOpenObject
SchemaGetPropertyInfo
ReallocADsMem
LdapSearchS
LdapTypeBinaryToString
BuildADsParentPathFromObjectInfo
GetDeviceCaps
PlayEnhMetaFileRecord
CreateICA
DeleteObject
CreatePen
EnumFontFamiliesExW
GetStockObject
GetPixel
CreateBitmapIndirect
CreateFontIndirectExW
LCMapStringW
SetHandleCount
lstrcmpiA
GetEnvironmentStringsA
GetOEMCP
LCMapStringA
GetEnvironmentStringsW
GetFileAttributesW
lstrcmpiW
GetLocalTime
FreeEnvironmentStringsA
GetEnvironmentStrings
FreeEnvironmentStringsW
GetStringTypeA
lstrcmpA
InterlockedExchange
GetSystemTimeAsFileTime
lstrcmpW
GetStringTypeW
QueryPerformanceCounter
HeapCreate
CreateFileW
GetVersion
VirtualAlloc
GetCursorPos
GetSystemMetrics
GetFocus
IsWindowVisible
FindWindowW
GetDesktopWindow
GetClientRect
GetDlgItem
GetRawInputDeviceList
FindWindowA
ShowWindow
ToAsciiEx
InvalidateRect
SetWindowsHookA
DrawMenuBarTemp
Number of PE resources by type
RT_ICON 3
RT_DIALOG 2
RT_STRING 1
RT_VERSION 1
RT_GROUP_ICON 1
Number of PE resources by language
ENGLISH US 8
PE resources
ExifTool file metadata
MIMEType
application/octet-stream

Subsystem
Windows GUI

MachineType
Intel 386 or later, and compatibles

FileTypeExtension
exe

TimeStamp
2004:12:09 19:36:05+01:00

FileType
Win32 EXE

PEType
PE32

CodeSize
7168

LinkerVersion
8.0

Warning
Error processing PE data dictionary

EntryPoint
0x1962

InitializedDataSize
153088

SubsystemVersion
5.0

ImageVersion
1.0

OSVersion
5.0

UninitializedDataSize
0

File identification
MD5 3361479396e88f2c04c015018c6f1b50
SHA1 65ee9db1e68e9a84fd0d6a039f11257974dac1d1
SHA256 87d809141f03ad74c605af8c700408d26bcfd5f00d9ed14d002105d03c25b1bb
ssdeep
3072:5jYFtrnz2QVsDReiq9GCMDAhU0jqI07PWQZBmJoAGHjRumwE:5sneQi+GnDAa0p0rWQiJoAGHdN

authentihash cb5188d8ccb4420add23820e4770e2aa5a765aee19d5b5281852c1c40e549666
imphash 60584e120f5e4241a96039e2cf0f873d
File size 133.8 KB ( 136999 bytes )
File type Win32 EXE
Magic literal
PE32 executable for MS Windows (GUI) Intel 80386 32-bit

TrID Win32 Dynamic Link Library (generic) (43.5%)
Win32 Executable (generic) (29.8%)
Generic Win/DOS Executable (13.2%)
DOS Executable Generic (13.2%)
Tags
peexe suspicious-udp overlay

VirusTotal metadata
First submission 2016-06-07 21:37:42 UTC ( 1 year, 5 months ago )
Last submission 2017-11-12 13:53:09 UTC ( 1 week, 1 day ago )
File names mink.exe
mink
subid1.exe
3361479396e88f2c04c015018c6f1b50.virobj
No comments. No VirusTotal Community member has commented on this item yet, be the first one to do so!

Leave your comment...

?
Post comment

You have not signed in. Only registered users can leave comments, sign in and have a voice!

No votes. No one has voted on this item yet, be the first one to do so!
Condensed report! The following is a condensed report of the behaviour of the file when executed in a controlled environment. The actions and events described were either performed by the file itself or by any other process launched by the executed file or subjected to code injection by the executed file.
Opened files
Read files
Written files
Copied files
Deleted files
Created processes
Created mutexes
Opened mutexes
Searched windows
Opened service managers
Opened services
Runtime DLLs
HTTP requests
DNS requests
TCP connections
UDP communications