× Cookies are disabled! This site requires cookies to be enabled to work properly
SHA256: ac32f46cf7272aeba55f01be1356a17f0c55dd32ebde9ad70a0d1d6e7e8062ed
File name: sovt6NoQMPXfU.exe
Detection ratio: 6 / 56
Analysis date: 2016-05-27 10:43:53 UTC ( 1 year, 4 months ago ) View latest
Antivirus Result Update
Baidu Win32.Trojan.WisdomEyes.151026.9950.9997 20160527
Bkav HW32.Packed.6EB5 20160527
CAT-QuickHeal (Suspicious) - DNAScan 20160527
McAfee-GW-Edition BehavesLike.Win32.Almanahe.ch 20160527
Qihoo-360 QVM20.1.Malware.Gen 20160527
Rising Malware.XPACK-HIE/Heur!1.9C48 20160527
Ad-Aware 20160527
AegisLab 20160527
AhnLab-V3 20160527
Alibaba 20160527
ALYac 20160527
Antiy-AVL 20160527
Arcabit 20160527
Avast 20160527
AVG 20160527
Avira (no cloud) 20160527
AVware 20160527
Baidu-International 20160527
BitDefender 20160527
ClamAV 20160527
CMC 20160523
Comodo 20160527
Cyren 20160527
DrWeb 20160527
Emsisoft 20160527
ESET-NOD32 20160527
F-Prot 20160527
F-Secure 20160527
Fortinet 20160527
GData 20160527
Ikarus 20160527
Jiangmin 20160527
K7AntiVirus 20160527
K7GW 20160527
Kaspersky 20160527
Kingsoft 20160527
Malwarebytes 20160527
McAfee 20160527
Microsoft 20160527
eScan 20160527
NANO-Antivirus 20160527
nProtect 20160527
Panda 20160526
Sophos AV 20160527
SUPERAntiSpyware 20160527
Symantec 20160527
Tencent 20160527
TheHacker 20160526
TrendMicro 20160527
TrendMicro-HouseCall 20160527
VBA32 20160527
VIPRE 20160527
ViRobot 20160527
Yandex 20160526
Zillya 20160526
Zoner 20160527
The file being studied is a Portable Executable file! More specifically, it is a Win32 EXE file for the Windows GUI subsystem.
PE header basic information
Target machine Intel 386 or later processors and compatible processors
Compilation timestamp 2016-05-27 07:53:20
Entry Point 0x00008000
Number of sections 6
PE sections
PE imports
RegCreateKeyExW
RegCloseKey
RegCreateKeyW
OpenServiceW
ControlService
QueryServiceStatusEx
DeleteService
RegQueryValueExW
GetNamedSecurityInfoW
RegOpenKeyA
RegisterEventSourceW
OpenProcessToken
DeregisterEventSource
SetServiceStatus
RegEnumKeyW
SetTokenInformation
CreateServiceW
GetTokenInformation
DuplicateTokenEx
CloseServiceHandle
RegOpenKeyExW
BuildExplicitAccessWithNameW
CreateProcessAsUserW
SetEntriesInAclW
RevertToSelf
StartServiceW
RegSetValueExW
EnumDependentServicesW
OpenSCManagerW
ReportEventW
RegisterServiceCtrlHandlerExW
StartServiceCtrlDispatcherW
ChangeServiceConfigW
SetNamedSecurityInfoW
CancelDC
AbortPath
BeginPath
ColorMatchToTarget
GetStdHandle
FileTimeToDosDateTime
FileTimeToSystemTime
GetFileAttributesA
WaitForSingleObject
GetDriveTypeA
lstrcmpW
GetLocalTime
DeleteCriticalSection
GetCurrentProcess
GetDriveTypeW
GetConsoleMode
GetLocaleInfoA
LocalAlloc
lstrcatA
ExpandEnvironmentStringsA
SetErrorMode
GetFileInformationByHandle
SetStdHandle
GetFileTime
FindResourceExA
GetShortPathNameA
GetCPInfo
LoadLibraryW
InterlockedExchange
WriteFile
GetSystemTimeAsFileTime
EnumResourceLanguagesA
GetDiskFreeSpaceA
GetStringTypeW
SetFileAttributesA
SetEvent
LocalFree
MoveFileA
ResumeThread
InitializeCriticalSection
LoadResource
GlobalHandle
TlsGetValue
GetProfileIntA
GetStringTypeExA
SetLastError
GetUserDefaultUILanguage
LocalLock
GetUserDefaultLangID
GetModuleFileNameW
GlobalFindAtomA
HeapAlloc
GetVersionExA
GetModuleFileNameA
RaiseException
HeapSetInformation
GetVolumeInformationA
LoadLibraryExA
GetPrivateProfileStringA
SetThreadPriority
UnhandledExceptionFilter
InterlockedDecrement
MultiByteToWideChar
FindNextChangeNotification
GetModuleHandleA
CreateThread
GetSystemDirectoryW
GetSystemDefaultUILanguage
GlobalAddAtomA
SetUnhandledExceptionFilter
ConvertDefaultLocale
MulDiv
SetEnvironmentVariableA
SetPriorityClass
TerminateProcess
FindCloseChangeNotification
GetNumberFormatA
CopyFileA
LocalFileTimeToFileTime
SetEndOfFile
GetCurrentThreadId
LeaveCriticalSection
WriteConsoleW
InitializeCriticalSectionAndSpinCount
HeapFree
EnterCriticalSection
SetHandleCount
lstrcmpiA
GetOEMCP
QueryPerformanceCounter
TlsAlloc
VirtualProtect
FlushFileBuffers
LoadLibraryA
RtlUnwind
FreeLibrary
GlobalSize
UnlockFile
DosDateTimeToFileTime
GetFileSize
LCMapStringW
GetPrivateProfileIntA
CreateDirectoryA
DeleteFileA
GetWindowsDirectoryA
GetStartupInfoW
GetFullPathNameA
WaitForMultipleObjects
GetProcessHeap
CompareStringW
GetFileSizeEx
GlobalReAlloc
FreeEnvironmentStringsW
lstrcmpA
lstrcpyA
ResetEvent
GetTempFileNameA
CreateFileMappingA
DuplicateHandle
SearchPathA
GlobalLock
GetTimeZoneInformation
CreateFileW
IsDebuggerPresent
GetFileType
TlsSetValue
CreateFileA
LocalUnlock
InterlockedIncrement
GetLastError
IsValidCodePage
LoadLibraryExW
SystemTimeToFileTime
GlobalDeleteAtom
FindFirstChangeNotificationA
GetSystemInfo
lstrlenA
GlobalFree
GetConsoleCP
FindResourceW
GlobalGetAtomNameA
GetThreadLocale
GlobalUnlock
GetEnvironmentStringsW
GetTempPathA
LockFile
lstrlenW
WinExec
OpenFile
FileTimeToLocalFileTime
SizeofResource
CompareFileTime
WritePrivateProfileStringA
GetCurrentProcessId
LockResource
SetFileTime
HeapQueryInformation
GetCurrentDirectoryA
HeapSize
GetCommandLineA
GetCurrentThread
SuspendThread
QueryPerformanceFrequency
MapViewOfFile
TlsFree
SetFilePointer
GlobalFlags
CloseHandle
lstrcpynA
GetACP
GetModuleHandleW
FreeResource
CreateProcessA
GetProcAddress
WideCharToMultiByte
GetCurrentDirectoryW
HeapCreate
FindResourceExW
Sleep
GetFileAttributesExA
FindResourceA
CompareStringA
SHEmptyRecycleBinW
SHGetSpecialFolderPathW
PathFindFileNameW
PathFileExistsW
PathRemoveFileSpecW
PathQuoteSpacesW
StrStrIW
PathAppendW
PathCombineW
MapWindowPoints
SetFocus
GetMonitorInfoW
GetParent
LoadIconA
GetMessageW
EnumWindows
DefWindowProcW
KillTimer
DestroyMenu
TrackMouseEvent
PostQuitMessage
ShowWindow
MessageBeep
LoadMenuW
SetWindowPos
RemoveMenu
GetWindowThreadProcessId
CharLowerA
SetWindowLongW
IsWindow
PeekMessageW
GetWindowRect
EnableWindow
LoadStringA
EnumChildWindows
AppendMenuW
GetWindowDC
DestroyCursor
TranslateMessage
GetWindow
PostMessageW
InvalidateRect
SetTimer
DispatchMessageW
GetCursorPos
ReleaseDC
UpdateLayeredWindow
CreatePopupMenu
SendMessageW
UnregisterClassA
TranslateAcceleratorW
SendMessageA
LoadStringW
SetWindowTextW
GetMenuItemInfoW
DrawTextW
CallWindowProcW
MonitorFromWindow
ScreenToClient
TrackPopupMenuEx
CharNextW
LoadImageW
GetClassNameW
GetMenuItemCount
MonitorFromPoint
GetClientRect
GetWindowTextW
GetDesktopWindow
LoadCursorW
GetFocus
GetWindowLongW
SetForegroundWindow
PtInRect
SetCursor
VerQueryValueW
WTSEnumerateSessionsW
WTSFreeMemory
_except_handler3
_CIsin
free
exit
_CIcos
calloc
__set_app_type
Ord(8)
OleUIBusyW
Number of PE resources by type
RT_ICON 12
RT_BITMAP 1
RT_STRING 1
RT_GROUP_ICON 1
Number of PE resources by language
ENGLISH US 15
PE resources
Debug information
ExifTool file metadata
MIMEType
application/octet-stream

Subsystem
Windows GUI

MachineType
Intel 386 or later, and compatibles

FileTypeExtension
exe

TimeStamp
2016:05:27 08:53:20+01:00

FileType
Win32 EXE

PEType
PE32

CodeSize
67584

LinkerVersion
10.0

EntryPoint
0x8000

InitializedDataSize
123392

SubsystemVersion
5.0

ImageVersion
10.0

OSVersion
5.0

UninitializedDataSize
0

File identification
MD5 d348023664889617f3e444acf050ad81
SHA1 638fca26cf1dd9402e4b681afe7af57b5bc6fe82
SHA256 ac32f46cf7272aeba55f01be1356a17f0c55dd32ebde9ad70a0d1d6e7e8062ed
ssdeep
3072:FI+lWHfqLvDFsOVM9bvsgDG66UdUP2rcNZO+vhvn:CuWHfqLr4Fq7HNU+v

authentihash 686f2250f154557f60b9cd0c1c31cecf1ed4883172fd5e38cb2c3ba5d0b3b0dc
imphash edfc3dc2a608c6537693d0ee17a67611
File size 155.5 KB ( 159232 bytes )
File type Win32 EXE
Magic literal
PE32 executable for MS Windows (GUI) Intel 80386 32-bit

TrID Win32 Executable MS Visual C++ (generic) (42.2%)
Win64 Executable (generic) (37.3%)
Win32 Dynamic Link Library (generic) (8.8%)
Win32 Executable (generic) (6.0%)
Generic Win/DOS Executable (2.7%)
Tags
peexe

VirusTotal metadata
First submission 2016-05-27 10:43:53 UTC ( 1 year, 4 months ago )
Last submission 2017-10-16 18:50:10 UTC ( 1 week ago )
File names d81.exe
sovt6NoQMPXfU.exe
sample.exe
No comments. No VirusTotal Community member has commented on this item yet, be the first one to do so!

Leave your comment...

?
Post comment

You have not signed in. Only registered users can leave comments, sign in and have a voice!

No votes. No one has voted on this item yet, be the first one to do so!
Condensed report! The following is a condensed report of the behaviour of the file when executed in a controlled environment. The actions and events described were either performed by the file itself or by any other process launched by the executed file or subjected to code injection by the executed file.
Opened files
Read files
Written files
Moved files
Deleted files
Created processes
Shell commands
Code injections in the following processes
Created mutexes
Opened mutexes
Searched windows
Opened service managers
Opened services
Runtime DLLs
Additional details
The file uses the IsDebuggerPresent Windows API function in order to see whether it is being debugged.
HTTP requests
TCP connections
UDP communications