× Cookies are disabled! This site requires cookies to be enabled to work properly
SHA256: eb85b01f4d462ae3d52406e0455f8c3c70b8d87c9248df6c9808f130d1d85f0f
File name: wIlBePTuGMY.exe
Detection ratio: 7 / 56
Analysis date: 2016-05-26 10:23:26 UTC ( 11 months, 1 week ago ) View latest
Antivirus Result Update
Baidu Win32.Trojan.WisdomEyes.151026.9950.9999 20160526
Bkav HW32.Packed.F2D5 20160525
Fortinet W32/Kryptik.EYDH!tr 20160526
Qihoo-360 HEUR/QVM19.1.0000.Malware.Gen 20160526
Rising Malware.Generic!5ouN2qqBQ9G@1 (Thunder) 20160526
Sophos Mal/Ransom-EH 20160526
Tencent Win32.Trojan.Raas.Auto 20160526
Ad-Aware 20160526
AegisLab 20160526
AhnLab-V3 20160525
Alibaba 20160526
ALYac 20160526
Antiy-AVL 20160526
Arcabit 20160526
Avast 20160526
AVG 20160526
Avira (no cloud) 20160526
AVware 20160526
Baidu-International 20160526
BitDefender 20160526
CAT-QuickHeal 20160526
ClamAV 20160526
CMC 20160523
Comodo 20160526
Cyren 20160526
DrWeb 20160526
Emsisoft 20160526
ESET-NOD32 20160526
F-Prot 20160526
F-Secure 20160526
GData 20160526
Ikarus 20160526
Jiangmin 20160526
K7AntiVirus 20160526
K7GW 20160526
Kaspersky 20160526
Kingsoft 20160526
Malwarebytes 20160526
McAfee 20160526
McAfee-GW-Edition 20160526
Microsoft 20160526
eScan 20160526
NANO-Antivirus 20160526
nProtect 20160526
Panda 20160525
SUPERAntiSpyware 20160526
Symantec 20160526
TheHacker 20160526
TrendMicro 20160526
TrendMicro-HouseCall 20160526
VBA32 20160525
VIPRE 20160526
ViRobot 20160526
Yandex 20160525
Zillya 20160525
Zoner 20160526
The file being studied is a Portable Executable file! More specifically, it is a Win32 EXE file for the Windows GUI subsystem.
PE header basic information
Target machine Intel 386 or later processors and compatible processors
Compilation timestamp 2016-05-26 06:03:25
Entry Point 0x00008000
Number of sections 7
PE sections
PE imports
RegCreateKeyExW
RegCloseKey
RegCreateKeyW
OpenServiceW
ControlService
RegEnumKeyW
DeleteService
RegQueryValueExW
CloseServiceHandle
RegOpenKeyA
RegisterEventSourceW
OpenProcessToken
DeregisterEventSource
RegOpenKeyExW
SetTokenInformation
RegisterServiceCtrlHandlerExW
CreateServiceW
GetTokenInformation
DuplicateTokenEx
SetServiceStatus
BuildExplicitAccessWithNameW
CreateProcessAsUserW
GetNamedSecurityInfoW
SetEntriesInAclW
RevertToSelf
StartServiceW
RegSetValueExW
EnumDependentServicesW
OpenSCManagerW
ReportEventW
QueryServiceStatusEx
StartServiceCtrlDispatcherW
ChangeServiceConfigW
SetNamedSecurityInfoW
CheckColorsInGamut
AnimatePalette
ColorMatchToTarget
AddFontMemResourceEx
AngleArc
GetStdHandle
GetDriveTypeW
FileTimeToSystemTime
GetFileAttributesA
WaitForSingleObject
GetDriveTypeA
FindResourceExW
lstrcmpW
GetLocalTime
DeleteCriticalSection
GetCurrentProcess
FileTimeToDosDateTime
GetConsoleMode
GetLocaleInfoA
LocalAlloc
lstrcatA
SetErrorMode
FreeEnvironmentStringsW
SetFileAttributesA
GetFileTime
GetTempPathA
GetShortPathNameA
GetCPInfo
GetProcAddress
InterlockedExchange
WriteFile
GetSystemTimeAsFileTime
EnumResourceLanguagesA
GetDiskFreeSpaceA
GetStringTypeW
GetFullPathNameA
FreeLibrary
LocalFree
MoveFileA
ResumeThread
InitializeCriticalSection
LoadResource
GlobalHandle
InterlockedDecrement
GetProfileIntA
GetStringTypeExA
SetLastError
GetUserDefaultUILanguage
LocalLock
GetUserDefaultLangID
GetModuleFileNameW
IsDebuggerPresent
HeapAlloc
FlushFileBuffers
GetModuleFileNameA
QueryPerformanceFrequency
HeapSetInformation
GetVolumeInformationA
LoadLibraryExA
GetPrivateProfileStringA
SetThreadPriority
UnhandledExceptionFilter
TlsGetValue
MultiByteToWideChar
FindNextChangeNotification
GetModuleHandleA
CreateThread
GetSystemDefaultUILanguage
GetSystemDirectoryW
GlobalAddAtomA
SetUnhandledExceptionFilter
ConvertDefaultLocale
MulDiv
SetEnvironmentVariableA
SetPriorityClass
TerminateProcess
FindCloseChangeNotification
GetNumberFormatA
CopyFileA
SearchPathA
SetEndOfFile
GetCurrentThreadId
LeaveCriticalSection
HeapCreate
WriteConsoleW
InitializeCriticalSectionAndSpinCount
HeapFree
EnterCriticalSection
SetHandleCount
lstrcmpiA
SetEvent
QueryPerformanceCounter
TlsAlloc
VirtualProtect
GetVersionExA
LoadLibraryA
RtlUnwind
GlobalSize
UnlockFile
DosDateTimeToFileTime
GetFileSize
GlobalDeleteAtom
GetPrivateProfileIntA
CreateDirectoryA
DeleteFileA
GetWindowsDirectoryA
GetStartupInfoW
GlobalLock
GetProcessHeap
CompareStringW
GetFileSizeEx
GlobalReAlloc
CreateProcessA
GetFileInformationByHandle
lstrcmpA
lstrcpyA
ResetEvent
GetTempFileNameA
CreateFileMappingA
DuplicateHandle
WaitForMultipleObjects
ExpandEnvironmentStringsA
GetCurrentDirectoryW
GetTimeZoneInformation
CreateFileW
GlobalFindAtomA
GetFileType
TlsSetValue
CreateFileA
LocalUnlock
InterlockedIncrement
GetLastError
SystemTimeToFileTime
LCMapStringW
FindFirstChangeNotificationA
GetSystemInfo
LocalFileTimeToFileTime
GlobalFree
GetConsoleCP
GlobalGetAtomNameA
GetThreadLocale
GlobalUnlock
GetEnvironmentStringsW
FindResourceExA
LockFile
lstrlenW
WinExec
OpenFile
FileTimeToLocalFileTime
SizeofResource
CompareFileTime
WritePrivateProfileStringA
GetCurrentProcessId
LockResource
SetFileTime
HeapQueryInformation
GetCurrentDirectoryA
HeapSize
GetCommandLineA
GetCurrentThread
SuspendThread
RaiseException
MapViewOfFile
TlsFree
SetFilePointer
GlobalFlags
CloseHandle
lstrcpynA
GetACP
GetModuleHandleW
FreeResource
SetStdHandle
LoadLibraryW
WideCharToMultiByte
IsValidCodePage
lstrlenA
FindResourceW
Sleep
GetFileAttributesExA
FindResourceA
GetOEMCP
CompareStringA
SHEmptyRecycleBinW
SHGetSpecialFolderPathW
PathFindFileNameW
PathFileExistsW
PathRemoveFileSpecW
PathQuoteSpacesW
StrStrIW
PathAppendW
PathCombineW
SetFocus
MapWindowPoints
GetMonitorInfoW
GetParent
LoadIconA
GetMessageW
EnumWindows
DefWindowProcW
KillTimer
DestroyMenu
TrackMouseEvent
PostQuitMessage
ShowWindow
MessageBeep
LoadMenuW
SetWindowPos
RemoveMenu
GetWindowThreadProcessId
SetCursor
SetWindowLongW
IsWindow
PeekMessageW
GetWindowRect
EnableWindow
LoadStringA
EnumChildWindows
AppendMenuW
GetWindowDC
DestroyCursor
TranslateMessage
GetWindow
PostMessageW
InvalidateRect
DispatchMessageW
GetCursorPos
ReleaseDC
UpdateLayeredWindow
CreatePopupMenu
SendMessageW
UnregisterClassA
TranslateAcceleratorW
SendMessageA
LoadStringW
SetWindowTextW
DrawTextW
LoadImageW
MonitorFromWindow
ScreenToClient
CharNextW
TrackPopupMenuEx
SetTimer
CallWindowProcW
GetClassNameW
GetMenuItemCount
CharLowerW
MonitorFromPoint
GetClientRect
GetWindowTextW
LoadCursorW
GetFocus
GetWindowLongW
SetForegroundWindow
GetMenuItemInfoW
PtInRect
VerQueryValueW
WTSEnumerateSessionsW
WTSFreeMemory
_except_handler3
_CIsin
free
exit
_CIcos
calloc
__set_app_type
Ord(8)
OleUIBusyW
Number of PE resources by type
RT_ICON 24
RT_GROUP_ICON 2
RT_STRING 1
Number of PE resources by language
ENGLISH US 27
PE resources
Debug information
ExifTool file metadata
MIMEType
application/octet-stream

Subsystem
Windows GUI

MachineType
Intel 386 or later, and compatibles

FileTypeExtension
exe

TimeStamp
2016:05:26 07:03:25+01:00

FileType
Win32 EXE

PEType
PE32

CodeSize
67072

LinkerVersion
8.0

EntryPoint
0x8000

InitializedDataSize
152576

SubsystemVersion
5.1

ImageVersion
8.0

OSVersion
5.1

UninitializedDataSize
0

File identification
MD5 06616d1fbb32687a6be3cfcac4596264
SHA1 3232c4b9a2a6a6065266498db79ce3f2bb9750a2
SHA256 eb85b01f4d462ae3d52406e0455f8c3c70b8d87c9248df6c9808f130d1d85f0f
ssdeep
3072:AXGljcmWD/im+2eijEWhJgiYVZw1uM97F:AXscdnJgXw1uM9

authentihash cca823be193a9bcf531930374480f56dd468bf11fb204621423c21e06d9271fe
imphash 1dc8093e34e0d4e835a21fd7b5971c8c
File size 171.5 KB ( 175616 bytes )
File type Win32 EXE
Magic literal
PE32 executable for MS Windows (GUI) Intel 80386 32-bit

TrID Win32 Executable MS Visual C++ (generic) (67.4%)
Win32 Dynamic Link Library (generic) (14.2%)
Win32 Executable (generic) (9.7%)
Generic Win/DOS Executable (4.3%)
DOS Executable Generic (4.3%)
Tags
peexe

VirusTotal metadata
First submission 2016-05-26 10:16:20 UTC ( 11 months, 1 week ago )
Last submission 2016-05-27 06:46:46 UTC ( 11 months, 1 week ago )
File names wIlBePTuGMY.exe
do5j36a.reversed.decrypted
No comments. No VirusTotal Community member has commented on this item yet, be the first one to do so!

Leave your comment...

?
Post comment

You have not signed in. Only registered users can leave comments, sign in and have a voice!

No votes. No one has voted on this item yet, be the first one to do so!
Condensed report! The following is a condensed report of the behaviour of the file when executed in a controlled environment. The actions and events described were either performed by the file itself or by any other process launched by the executed file or subjected to code injection by the executed file.
Opened files
Read files
Created mutexes
Opened mutexes
Opened service managers
Opened services
Runtime DLLs
HTTP requests
TCP connections
UDP communications