× Cookies are disabled! This site requires cookies to be enabled to work properly
SHA256: 1ba0ee97381c7e26589f56a8e45212c784ccfc41b9bb57eb783964be5afb49c9
File name: 39UvZmv.exe
Detection ratio: 5 / 46
Analysis date: 2013-08-16 15:14:01 UTC ( 5 years, 9 months ago ) View latest
Antivirus Result Update
AhnLab-V3 Trojan/Win32.Tepfer 20130816
ESET-NOD32 Win32/Kryptik.BIEP 20130816
Malwarebytes Malware.Packer.ORPC 20130816
McAfee PWS-Zbot-FBDT!5DFA7D4BFEC8 20130816
Rising Backdoor.Agent!5632 20130816
Yandex 20130816
AntiVir 20130816
Antiy-AVL 20130816
Avast 20130816
AVG 20130816
BitDefender 20130816
ByteHero 20130814
CAT-QuickHeal 20130816
ClamAV 20130816
Commtouch 20130816
Comodo 20130816
DrWeb 20130816
Emsisoft 20130816
F-Prot 20130816
F-Secure 20130816
Fortinet 20130816
GData 20130816
Ikarus 20130816
Jiangmin 20130816
K7AntiVirus 20130816
K7GW 20130816
Kaspersky 20130816
Kingsoft 20130723
McAfee-GW-Edition 20130816
Microsoft 20130816
eScan 20130816
NANO-Antivirus 20130816
Norman 20130816
nProtect 20130816
Panda 20130816
PCTools 20130816
Sophos AV 20130816
SUPERAntiSpyware 20130816
Symantec 20130816
TheHacker 20130816
TotalDefense 20130815
TrendMicro 20130816
TrendMicro-HouseCall 20130816
VBA32 20130816
VIPRE 20130816
ViRobot 20130816
The file being studied is a Portable Executable file! More specifically, it is a Win32 EXE file for the Windows GUI subsystem.
PE header basic information
Target machine Intel 386 or later processors and compatible processors
Compilation timestamp 2013-06-16 11:22:34
Entry Point 0x0000169F
Number of sections 4
PE sections
Overlays
MD5 bf619eac0cdf3f68d496ea9344137e8b
File type ASCII text
Offset 311808
Size 512
Entropy 0.00
PE imports
SetVolumeLabelW
CreateFileMappingW
DeviceIoControl
GetConsoleAliasA
GetShortPathNameW
GetStringTypeW
GetStringTypeA
InitializeCriticalSection
CreatePipe
DeleteFileA
GetACP
CreateSemaphoreW
SetCurrentDirectoryA
FatalExit
CreateMailslotA
LoadLibraryA
GetProcessHeap
VirtualAlloc
GetModuleHandleW
WriteConsoleW
SetEnvironmentVariableA
DllEnumClassObjects
ShowModelessHTMLDialog
ShowHTMLDialog
ShowModalDialog
Number of PE resources by type
RT_ICON 3
RT_GROUP_ICON 1
RT_RCDATA 1
Struct(25) 1
Number of PE resources by language
FRENCH BELGIAN 6
PE resources
ExifTool file metadata
MIMEType
application/octet-stream

Subsystem
Windows GUI

MachineType
Intel 386 or later, and compatibles

TimeStamp
2013:06:16 12:22:34+01:00

FileType
Win32 EXE

PEType
PE32

CodeSize
2048

LinkerVersion
2.25

FileTypeExtension
exe

InitializedDataSize
512

SubsystemVersion
5.1

EntryPoint
0x169f

OSVersion
5.1

ImageVersion
0.0

UninitializedDataSize
0

File identification
MD5 5dfa7d4bfec8eaeb38f111175dfe9ccf
SHA1 2bb5da1fcdfe815771b559c99871b1b4f4470dce
SHA256 1ba0ee97381c7e26589f56a8e45212c784ccfc41b9bb57eb783964be5afb49c9
ssdeep
6144:in2lnHHnHrLrLLrLrDd0DrYEyaYUeW5gtHc+Bz0J/FX6p9uaoY4/R6AY7:Ik0D8Ey5UJ5H+BWQ9uaoYDAw

authentihash a5d88388d6079050dbc528045d0b15c24a7086d524955428a6575d5650a45486
imphash b4838d3b349d6d5b12776c7f0244f304
File size 305.0 KB ( 312320 bytes )
File type Win32 EXE
Magic literal
PE32 executable for MS Windows (GUI) Intel 80386 32-bit

TrID Win32 Dynamic Link Library (generic) (38.2%)
Win32 Executable (generic) (26.2%)
Win16/32 Executable Delphi generic (12.0%)
Generic Win/DOS Executable (11.6%)
DOS Executable Generic (11.6%)
Tags
peexe overlay

VirusTotal metadata
First submission 2013-08-16 15:14:01 UTC ( 5 years, 9 months ago )
Last submission 2015-02-01 14:54:48 UTC ( 4 years, 3 months ago )
File names CB9D.tar.gz
aa
39UvZmv.exe
3NK9PJ.tar.gz
5dfa7d4bfec8eaeb38f111175dfe9ccf.exe
Advanced heuristic and reputation engines
Symantec reputation Suspicious.Insight
No comments. No VirusTotal Community member has commented on this item yet, be the first one to do so!

Leave your comment...

?
Post comment

You have not signed in. Only registered users can leave comments, sign in and have a voice!

No votes. No one has voted on this item yet, be the first one to do so!
Condensed report! The following is a condensed report of the behaviour of the file when executed in a controlled environment. The actions and events described were either performed by the file itself or by any other process launched by the executed file or subjected to code injection by the executed file.
Opened files
Read files
Written files
Created processes
Code injections in the following processes
Created mutexes
Opened mutexes
Runtime DLLs
Additional details
The file sends control codes directly to certain device drivers making use of the DeviceIoControl Windows API function.
UDP communications