× Cookies are disabled! This site requires cookies to be enabled to work properly
SHA256: 8e27def9169a918c279ed328b9d93b76d43295023dff9798c1cbb64fd8957b56
File name: System_dump_SCY.exe
Detection ratio: 36 / 61
Analysis date: 2017-04-01 10:48:12 UTC ( 4 months, 2 weeks ago )
Antivirus Result Update
Ad-Aware Trojan.Slingup.A 20170331
ALYac Trojan.Slingup.A 20170331
Arcabit Trojan.Slingup.A 20170330
Avast Win32:VB-ADDL [Trj] 20170330
AVG VB2.AIHY 20170330
Avira (no cloud) TR/Dropper.Gen 20170330
Baidu Win32.Worm.VB.rt 20170331
BitDefender Trojan.Slingup.A 20170331
Comodo Packed.Win32.MUPX.Gen 20170331
CrowdStrike Falcon (ML) malicious_confidence_100% (D) 20170130
Cyren W32/Shark.A.gen!Eldorado 20170331
DrWeb Trojan.DownLoader23.20541 20170331
Emsisoft Trojan.Slingup.A (B) 20170331
Endgame malicious (high confidence) pefuj1 20170401
ESET-NOD32 a variant of Win32/VB.OOI 20170401
F-Prot W32/Shark.A.gen!Eldorado 20170401
F-Secure Trojan.Slingup.A 20170401
GData Trojan.Slingup.A 20170401
Ikarus Worm.Win32.Dorkbot 20170401
Sophos ML generic.a 20170203
Jiangmin TrojanDropper.VB.aqcl 20170401
K7AntiVirus NetWorm ( 700000151 ) 20170401
K7GW NetWorm ( 700000151 ) 20170401
Malwarebytes Backdoor.Gorynych 20170401
McAfee Artemis!3EF960DA3E4B 20170401
McAfee-GW-Edition BehavesLike.Win32.VBObfus.nt 20170401
Microsoft Backdoor:Win32/Slingup.A 20170401
eScan Trojan.Slingup.A 20170331
NANO-Antivirus Trojan.Win32.VB.dwtuzm 20170401
Qihoo-360 HEUR/QVM03.0.0000.Malware.Gen 20170401
SentinelOne (Static ML) static engine - malicious 20170330
Sophos AV Mal/Generic-S 20170331
Symantec Backdoor.Trojan 20170331
TrendMicro BKDR_SLINGUP.SM 20170331
TrendMicro-HouseCall BKDR_SLINGUP.SM 20170331
VBA32 Worm.VBNA 20170331
AegisLab 20170331
AhnLab-V3 20170331
Alibaba 20170331
Antiy-AVL 20170331
AVware 20170330
Bkav 20170330
CAT-QuickHeal 20170401
ClamAV 20170331
CMC 20170331
Fortinet 20170401
Kaspersky 20170401
Kingsoft 20170401
nProtect 20170401
Palo Alto Networks (Known Signatures) 20170401
Panda 20170401
Rising None
SUPERAntiSpyware 20170401
Symantec Mobile Insight 20170331
Tencent 20170401
TheHacker 20170330
Trustlook 20170401
VIPRE 20170331
ViRobot 20170331
Webroot 20170401
WhiteArmor 20170327
Yandex 20170327
Zillya 20170331
ZoneAlarm by Check Point 20170331
Zoner 20170401
The file being studied is a Portable Executable file! More specifically, it is a Win32 EXE file for the Windows GUI subsystem.
PE header basic information
Target machine Intel 386 or later processors and compatible processors
Compilation timestamp 2015-07-26 00:00:31
Entry Point 0x00001204
Number of sections 5
PE sections
PE imports
rtcMidCharBstr
EVENT_SINK_QueryInterface
rtcFileLen
rtcSplit
rtcMakeDir
rtcSpaceVar
rtcErrObj
rtcLeftCharVar
EVENT_SINK_AddRef
rtcRightCharBstr
rtcBstrFromAnsi
ThunRTMain
rtcVarBstrFromAnsi
__vbaExceptHandler
rtcLowerCaseVar
MethCallEngine
DllFunctionCall
rtcHexVarFromVar
rtcAnsiValueBstr
rtcFileCopy
rtcGetFileAttr
rtcRightCharVar
rtcShell
rtcRandomize
rtcDoEvents
rtcFreeFile
rtcRound
rtcSpaceBstr
rtcSaveSetting
rtcFileLength
rtcInStrRev
ProcCallEngine
rtcStringVar
rtcCommandVar
rtcMidCharVar
EVENT_SINK_Release
rtcStrConvVar2
rtcReplace
rtcFormatNumber
rtcSetFileAttr
rtcCreateObject2
rtcRandomNext
VarPtr
rtcGetSetting
rtcEnvironBstr
rtcDir
rtcLeftCharBstr
rtcGetObject
rtcTrimBstr
rtcEnvironVar
rtcKillFiles
Number of PE resources by type
CUSTOM 1
Number of PE resources by language
ARABIC NEUTRAL 1
PE resources
ExifTool file metadata
MIMEType
application/octet-stream

Subsystem
Windows GUI

MachineType
Intel 386 or later, and compatibles

TimeStamp
2015:07:26 01:00:31+01:00

FileType
Win32 EXE

PEType
PE32

CodeSize
28672

LinkerVersion
6.0

FileTypeExtension
exe

InitializedDataSize
27136

SubsystemVersion
4.0

EntryPoint
0x1204

OSVersion
4.0

ImageVersion
4.2

UninitializedDataSize
69632

File identification
MD5 3ef960da3e4bc4bc7c05d02fbf121d4e
SHA1 c6f0bae38d52232121f02b3b6b34a4e458692a5b
SHA256 8e27def9169a918c279ed328b9d93b76d43295023dff9798c1cbb64fd8957b56
ssdeep
1536:xpoAV35xXp+zlsIeOqFoABX4Nc5GOqkRnouy8+S:joAV35xXp+BiOsX4NATRoutx

authentihash c61e463275fe3e8c4ec6811ffa99ea72da3fa4debbc681920fc24c41346a565a
imphash 62f52dcfb19b195d6a8e4cce57f56917
File size 95.0 KB ( 97280 bytes )
File type Win32 EXE
Magic literal
PE32 executable for MS Windows (GUI) Intel 80386 32-bit

TrID Win32 Executable Microsoft Visual Basic 6 (52.9%)
Win32 Executable MS Visual C++ (generic) (20.1%)
Win32 EXE Yoda's Crypter (17.1%)
Win32 Dynamic Link Library (generic) (4.2%)
Win32 Executable (generic) (2.9%)
Tags
peexe

VirusTotal metadata
First submission 2017-04-01 10:48:12 UTC ( 4 months, 2 weeks ago )
Last submission 2017-04-01 10:48:12 UTC ( 4 months, 2 weeks ago )
File names System_dump_SCY.exe
No comments. No VirusTotal Community member has commented on this item yet, be the first one to do so!

Leave your comment...

?
Post comment

You have not signed in. Only registered users can leave comments, sign in and have a voice!

No votes. No one has voted on this item yet, be the first one to do so!
Condensed report! The following is a condensed report of the behaviour of the file when executed in a controlled environment. The actions and events described were either performed by the file itself or by any other process launched by the executed file or subjected to code injection by the executed file.
Opened files
Read files
Hooking activity
Runtime DLLs
Additional details
The file installs an application-defined hook procedure into a hook chain. You would install a hook procedure to monitor the system for certain types of events. These events are associated either with a specific thread or with all threads in the same desktop as the calling thread. This is done making use of the SetWindowsHook Windows API function.
UDP communications