× Cookies are disabled! This site requires cookies to be enabled to work properly
SHA256: e3e4fc413590209b563f70f91773bccbd62e926cd13729cf668d42e471242784
File name: run.exe
Detection ratio: 11 / 57
Analysis date: 2016-09-12 14:53:11 UTC ( 5 months, 2 weeks ago ) View latest
Antivirus Result Update
AegisLab Troj.W32.Gen.lwft 20160912
AhnLab-V3 Trojan/Win32.Injector.N1513959653 20160912
CAT-QuickHeal (Suspicious) - DNAScan 20160912
CrowdStrike Falcon (ML) malicious_confidence_61% (D) 20160725
Invincea worm.win32.taterf.b 20160912
Malwarebytes Trojan.ModUPX 20160912
Rising Malware.Heuristic!ET (rdm+) 20160912
TheHacker Posible_Worm32 20160911
TrendMicro PAK_Generic.005 20160912
TrendMicro-HouseCall PAK_Generic.005 20160912
ViRobot Trojan.Win32.S.Agent.31744.QX[h] 20160912
ALYac 20160912
AVG 20160912
AVware 20160912
Ad-Aware 20160912
Alibaba 20160912
Antiy-AVL 20160912
Arcabit 20160912
Avast 20160912
Avira (no cloud) 20160912
Baidu 20160912
BitDefender 20160912
Bkav 20160912
CMC 20160912
ClamAV 20160912
Comodo 20160912
Cyren 20160912
DrWeb 20160912
ESET-NOD32 20160912
Emsisoft 20160912
F-Prot 20160912
F-Secure 20160912
Fortinet 20160912
GData 20160912
Ikarus 20160912
Jiangmin 20160912
K7AntiVirus 20160912
K7GW 20160912
Kaspersky 20160912
Kingsoft 20160912
McAfee 20160912
McAfee-GW-Edition 20160911
eScan 20160912
Microsoft 20160912
NANO-Antivirus 20160912
Panda 20160912
Qihoo-360 20160912
SUPERAntiSpyware 20160912
Sophos 20160912
Symantec 20160912
Tencent 20160912
VBA32 20160912
VIPRE 20160912
Yandex 20160911
Zillya 20160911
Zoner 20160912
nProtect 20160912
The file being studied is a Portable Executable file! More specifically, it is a Win32 EXE file for the Windows command line subsystem.
Packers identified
F-PROT UPX
PE header basic information
Target machine Intel 386 or later processors and compatible processors
Compilation timestamp 2015-04-19 00:49:18
Entry Point 0x000142B0
Number of sections 3
PE sections
PE imports
VirtualFree
ExitProcess
VirtualProtect
LoadLibraryA
VirtualAlloc
GetProcAddress
PathFindFileNameA
ExifTool file metadata
MIMEType
application/octet-stream

Subsystem
Windows command line

MachineType
Intel 386 or later, and compatibles

FileTypeExtension
exe

TimeStamp
2015:04:19 01:49:18+01:00

FileType
Win32 EXE

PEType
PE32

CodeSize
32768

LinkerVersion
9.0

EntryPoint
0x142b0

InitializedDataSize
4096

SubsystemVersion
5.0

ImageVersion
0.0

OSVersion
5.0

UninitializedDataSize
49152

File identification
MD5 2981570f50a97d709c7f7c229aa9b221
SHA1 0ea45532f0e5544a3d81d147512da1955c1a66b7
SHA256 e3e4fc413590209b563f70f91773bccbd62e926cd13729cf668d42e471242784
ssdeep
768:NCzFHgVh7VtGbaoyuPXiBH6ISbCLoHJZ7yBz5iYmeBR0SgsbBUW3:N+FAVhjGwOiBaGcHJZ7yF5rOqU

authentihash d11b44790994e19d6845f36cf0aee9b82a0616c7c18b94aae012e3c4dd2a17ac
imphash 786fb8fd85c55281215cf43644d5de43
File size 31.0 KB ( 31744 bytes )
File type Win32 EXE
Magic literal
PE32 executable for MS Windows (console) Intel 80386 32-bit

TrID Win32 EXE Yoda's Crypter (60.7%)
Win32 Dynamic Link Library (generic) (15.0%)
Win32 Executable (generic) (10.3%)
Clipper DOS Executable (4.6%)
Generic Win/DOS Executable (4.5%)
Tags
peexe upx

VirusTotal metadata
First submission 2015-04-19 01:25:37 UTC ( 1 year, 10 months ago )
Last submission 2017-02-23 17:16:02 UTC ( 19 hours, 15 minutes ago )
File names run.exe
run.exe
run.exe
run.exe
run.exe
run.exe
run.exe
run.exe
run.exe
run.exe
run.exe
run.exe
run.exe
run.exe
2981570f50a97d709c7f7c229aa9b221.exe
run.exe
run.exe
run.exe
ff65b5647817757a0c4cda4cd5efeea7_run.exe.safe
run.exe
run.exe
run.exe.vir
run.exe
Advanced heuristic and reputation engines
ClamAV
Possibly Unwanted Application. While not necessarily malicious, the scanned file presents certain characteristics which depending on the user policies and environment may or may not represent a threat. For full details see: https://www.clamav.net/documents/potentially-unwanted-applications-pua .

Symantec reputation Suspicious.Insight
No comments. No VirusTotal Community member has commented on this item yet, be the first one to do so!

Leave your comment...

?
Post comment

You have not signed in. Only registered users can leave comments, sign in and have a voice!

No votes. No one has voted on this item yet, be the first one to do so!
Condensed report! The following is a condensed report of the behaviour of the file when executed in a controlled environment. The actions and events described were either performed by the file itself or by any other process launched by the executed file or subjected to code injection by the executed file.
Runtime DLLs
UDP communications