× Cookies are disabled! This site requires cookies to be enabled to work properly
SHA256: 9351201405b1cfdc13c55fb66da810d3d6554d9f0339a9545ebfc70f864b0bf0
File name: 2.exe
Detection ratio: 46 / 58
Analysis date: 2017-03-04 18:04:21 UTC ( 3 months, 3 weeks ago ) View latest
Antivirus Result Update
Ad-Aware Trojan.Nitol.B 20170304
AegisLab Troj.W32.Gen.mkC0 20170304
AhnLab-V3 Trojan/Win32.Nitol.C1197044 20170304
ALYac Trojan.Nitol.B 20170304
Antiy-AVL Trojan/Win32.AGeneric 20170304
Arcabit Trojan.Nitol.B 20170304
Avast Sf:Crypt-G [Trj] 20170304
AVG Atros2.AHYK 20170304
Avira (no cloud) TR/AD.Nitol.Y.441 20170304
AVware Trojan.Win32.Generic!BT 20170304
Baidu Win32.Trojan.WisdomEyes.16070401.9500.9911 20170303
BitDefender Trojan.Nitol.B 20170304
Bkav W32.GenericNitolS.Trojan 20170303
CAT-QuickHeal Trojan.ServStart.A3 20170304
Comodo TrojWare.Win32.TrojanDownloader.Small.CO 20170304
CrowdStrike Falcon (ML) malicious_confidence_100% (D) 20170130
Cyren W32/S-af015cae!Eldorado 20170304
DrWeb BackDoor.Siggen.60255 20170304
Emsisoft Trojan.Nitol.B (B) 20170304
Endgame malicious (high confidence) 20170222
ESET-NOD32 a variant of Win32/ServStart.AD 20170304
F-Prot W32/S-af015cae!Eldorado 20170304
F-Secure Trojan.Nitol.B 20170304
GData Trojan.Nitol.B 20170304
Ikarus Trojan.Win32.ServStart 20170304
Invincea ddos.win32.nitol.a 20170203
Jiangmin Trojan.Generic.aocw 20170301
K7AntiVirus Trojan ( 0001707e1 ) 20170304
K7GW Trojan ( 0001707e1 ) 20170304
Kaspersky Trojan.Win32.ServStart.cqd 20170304
Malwarebytes DDoSTool.Nitol 20170304
McAfee DoS-FBK!38E645E88C85 20170304
McAfee-GW-Edition BehavesLike.Win32.Dropper.pm 20170304
Microsoft DDoS:Win32/Nitol.B 20170304
eScan Trojan.Nitol.B 20170304
NANO-Antivirus Trojan.Win32.Siggen.dxqglj 20170304
nProtect Trojan/W32.ServStart.41984.B 20170304
Panda Trj/Genetic.gen 20170304
Qihoo-360 HEUR/QVM07.1.0000.Malware.Gen 20170304
Rising Malware.Generic.5!tfe (thunder:5:ZBpD6AWlGJP) 20170304
SUPERAntiSpyware Hack.Tool/Gen-Nitol 20170304
Symantec ML.Attribute.HighConfidence 20170303
VBA32 Trojan.ServStart 20170303
VIPRE Trojan.Win32.Generic!BT 20170304
ViRobot Trojan.Win32.7ev3n.47124[h] 20170304
Yandex Trojan.Agent!gfn/IEMjpPM 20170225
Alibaba 20170228
ClamAV 20170304
CMC 20170304
Fortinet 20170304
Kingsoft 20170304
Sophos 20170304
Tencent 20170304
TheHacker 20170302
TrendMicro 20170304
TrendMicro-HouseCall 20170304
Trustlook 20170304
Webroot 20170304
WhiteArmor 20170303
Zillya 20170304
Zoner 20170304
The file being studied is a Portable Executable file! More specifically, it is a Win32 EXE file for the Windows GUI subsystem.
PE header basic information
Target machine Intel 386 or later processors and compatible processors
Compilation timestamp 2015-09-25 19:31:48
Entry Point 0x0000531F
Number of sections 6
PE sections
PE imports
GetLastError
WriteProcessMemory
GetSystemInfo
FreeLibrary
GetTickCount
VirtualProtect
GlobalUnlock
LoadLibraryA
ExitThread
WinExec
GetCurrentProcess
GetCurrentProcessId
lstrcatA
GetProcAddress
GetLocaleInfoW
OpenMutexA
CreateMutexA
GetTempPathA
RaiseException
CreateThread
GetModuleHandleA
InterlockedExchange
lstrcpyA
GetStartupInfoA
GetComputerNameA
GlobalMemoryStatusEx
GetSystemDirectoryA
GlobalLock
TerminateProcess
CreateProcessA
GlobalAlloc
VirtualFree
Sleep
GetCurrentThreadId
VirtualAlloc
LocalAlloc
Ord(4153)
Ord(4080)
Ord(3495)
Ord(4465)
Ord(3136)
Ord(4963)
Ord(4524)
Ord(5101)
Ord(5012)
Ord(5237)
Ord(4303)
Ord(5577)
Ord(3350)
Ord(6375)
Ord(2648)
Ord(4589)
Ord(3798)
Ord(6614)
Ord(3259)
Ord(1665)
Ord(2385)
Ord(2446)
Ord(5214)
Ord(5105)
Ord(5301)
Ord(2383)
Ord(4892)
Ord(5289)
Ord(6215)
Ord(1725)
Ord(5277)
Ord(3869)
Ord(1175)
Ord(6591)
Ord(815)
Ord(2723)
Ord(4467)
Ord(6858)
Ord(6835)
Ord(3351)
Ord(4696)
Ord(4953)
Ord(6845)
Ord(3454)
Ord(4353)
Ord(4441)
Ord(1134)
Ord(6805)
Ord(4108)
Ord(5104)
Ord(5300)
Ord(5284)
Ord(6175)
Ord(338)
Ord(6691)
Ord(4627)
Ord(1168)
Ord(3738)
Ord(2127)
Ord(6478)
Ord(2982)
Ord(617)
Ord(3172)
Ord(4526)
Ord(825)
Ord(6859)
Ord(5199)
Ord(5307)
Ord(4823)
Ord(2390)
Ord(2542)
Ord(4424)
Ord(3081)
Ord(5260)
Ord(5076)
Ord(6514)
Ord(4078)
Ord(3059)
Ord(2554)
Ord(1859)
Ord(6376)
Ord(4468)
Ord(2761)
Ord(401)
Ord(1727)
Ord(823)
Ord(415)
Ord(6597)
Ord(2379)
Ord(2725)
Ord(5472)
Ord(6856)
Ord(4245)
Ord(4610)
Ord(4899)
Ord(6847)
Ord(4274)
Ord(4079)
Ord(6807)
Ord(3058)
Ord(465)
Ord(6650)
Ord(1858)
Ord(2124)
Ord(5283)
Ord(6814)
Ord(4077)
Ord(6336)
Ord(6816)
Ord(3262)
Ord(5653)
Ord(674)
Ord(975)
Ord(1576)
Ord(5243)
Ord(4437)
Ord(6857)
Ord(3748)
Ord(5065)
Ord(6867)
Ord(4426)
Ord(3830)
Ord(6117)
Ord(4407)
Ord(4436)
Ord(6846)
Ord(2396)
Ord(2101)
Ord(4159)
Ord(3831)
Ord(6839)
Ord(4545)
Ord(986)
Ord(4960)
Ord(6815)
Ord(4529)
Ord(2976)
Ord(5254)
Ord(4287)
Ord(1089)
Ord(3198)
Ord(2985)
Ord(3922)
Ord(5240)
Ord(6080)
Ord(2445)
Ord(2649)
Ord(3346)
Ord(976)
Ord(2510)
Ord(1776)
Ord(402)
Ord(4347)
Ord(4623)
Ord(4238)
Ord(6800)
Ord(3749)
Ord(5281)
Ord(4720)
Ord(1081)
Ord(2878)
Ord(3079)
Ord(2512)
Ord(4428)
Ord(652)
Ord(5255)
Ord(4387)
Ord(4420)
Ord(2055)
Ord(6054)
Ord(4837)
Ord(4340)
Ord(5100)
Ord(2399)
Ord(4427)
Ord(6808)
Ord(6855)
Ord(6832)
Ord(3065)
Ord(5714)
Ord(4246)
Ord(6374)
Ord(6812)
Ord(3403)
Ord(4622)
Ord(561)
Ord(1746)
Ord(411)
Ord(4612)
Ord(2391)
Ord(5102)
Ord(4543)
Ord(4486)
Ord(2879)
Ord(3147)
Ord(3825)
Ord(715)
Ord(2880)
Ord(4698)
Ord(4370)
Ord(4588)
Ord(5163)
Ord(6055)
Ord(296)
Ord(6823)
Ord(4152)
Ord(5731)
Ord(4858)
Ord(4889)
Ord(4432)
Ord(5740)
Ord(5302)
Ord(2382)
Ord(1825)
Ord(4531)
__p__fmode
malloc
__CxxFrameHandler
srand
strcat
__dllonexit
_controlfp
strlen
strncpy
_except_handler3
strtok
_onexit
exit
_XcptFilter
__setusermatherr
rand
_adjust_fdiv
_acmdln
memset
strcspn
__p__commode
free
atoi
__getmainargs
_initterm
_setmbcp
strstr
memcpy
strcpy
time
_exit
strcmp
__set_app_type
VariantClear
ShellExecuteA
HttpSendRequestA
InternetQueryDataAvailable
HttpOpenRequestA
HttpAddRequestHeadersA
InternetCloseHandle
InternetOpenA
InternetReadFile
InternetConnectA
HttpQueryInfoA
__WSAFDIsSet
WSASocketA
htonl
socket
setsockopt
closesocket
inet_addr
send
ioctlsocket
WSAStartup
gethostbyname
select
connect
sendto
htons
recv
WSAIoctl
GetNetworkParams
Number of PE resources by type
RT_STRING 11
RT_MENU 2
RT_ACCELERATOR 1
Number of PE resources by language
ENGLISH US 14
PE resources
ExifTool file metadata
MIMEType
application/octet-stream

Subsystem
Windows GUI

MachineType
Intel 386 or later, and compatibles

FileTypeExtension
exe

TimeStamp
2015:09:25 20:31:48+01:00

FileType
Win32 EXE

PEType
PE32

CodeSize
18944

LinkerVersion
6.0

EntryPoint
0x531f

InitializedDataSize
22528

SubsystemVersion
4.0

ImageVersion
0.0

OSVersion
4.0

UninitializedDataSize
0

File identification
MD5 38e645e88c85b64e5c73bee15066ec19
SHA1 6224220b23d4c47686db7a12f4eca0ee6006f451
SHA256 9351201405b1cfdc13c55fb66da810d3d6554d9f0339a9545ebfc70f864b0bf0
ssdeep
384:jRa8eOnU4d/jJr0+H/DBpoMDWtnCxyTOAEjKS1D7xOz+gmLawruZPq3HWr3i5m5A:t7eOU4drJzevOAY1Zbfac4Pq3HW8EZ2

authentihash 25b26e216a4a0ab0b4f9e1919e0cfa0d21d3d6801c0e1950dce5fd7407726461
imphash b740626004dc5fb79ebaf79f203c1ff1
File size 41.0 KB ( 41984 bytes )
File type Win32 EXE
Magic literal
PE32 executable for MS Windows (GUI) Intel 80386 32-bit

TrID Win32 Executable MS Visual C++ (generic) (42.2%)
Win64 Executable (generic) (37.3%)
Win32 Dynamic Link Library (generic) (8.8%)
Win32 Executable (generic) (6.0%)
Generic Win/DOS Executable (2.7%)
Tags
peexe

VirusTotal metadata
First submission 2017-03-04 18:04:21 UTC ( 3 months, 3 weeks ago )
Last submission 2017-03-07 00:48:40 UTC ( 3 months, 3 weeks ago )
File names 9351201405b1cfdc13c55fb66da810d3d6554d9f0339a9545ebfc70f864b0bf0.bin
2.exe
No comments. No VirusTotal Community member has commented on this item yet, be the first one to do so!

Leave your comment...

?
Post comment

You have not signed in. Only registered users can leave comments, sign in and have a voice!

No votes. No one has voted on this item yet, be the first one to do so!
Condensed report! The following is a condensed report of the behaviour of the file when executed in a controlled environment. The actions and events described were either performed by the file itself or by any other process launched by the executed file or subjected to code injection by the executed file.
Opened files
Read files
Written files
Created processes
Code injections in the following processes
Opened mutexes
Runtime DLLs
UDP communications