× Cookies are disabled! This site requires cookies to be enabled to work properly
SHA256: 5db8207e1891b01b84c987f8065c2f646cbcceae9ff5af5198a05f75766e8c39
File name: 111.exe
Detection ratio: 22 / 53
Analysis date: 2014-09-11 20:55:01 UTC ( 4 years, 8 months ago ) View latest
Antivirus Result Update
Ad-Aware Gen:Variant.Graftor.155018 20140911
AhnLab-V3 Dropper/Win32.Necurs 20140911
Avast Win32:Malware-gen 20140911
AVG Inject2.AVGR 20140911
Avira (no cloud) TR/Cutwail.eet 20140911
Baidu-International Trojan.Win32.Wigon.BKQ 20140911
BitDefender Gen:Variant.Graftor.155018 20140911
Bkav HW32.Laneul.sswu 20140911
Emsisoft Gen:Variant.Graftor.155018 (B) 20140911
ESET-NOD32 Win32/Wigon.KQ 20140911
F-Prot W32/Powessere.A.gen!Eldorado 20140911
F-Secure Gen:Variant.Graftor.155018 20140911
GData Gen:Variant.Graftor.155018 20140911
Ikarus Trojan.Win32.Wigon 20140911
Kaspersky Trojan.Win32.Cutwail.eet 20140911
Malwarebytes Trojan.Ransom.ED 20140911
McAfee RDN/Generic.dx!dfh 20140911
McAfee-GW-Edition BehavesLike.Win32.PWSZbot.ch 20140911
eScan Gen:Variant.Graftor.155018 20140911
Qihoo-360 Win32/Trojan.Multi.daf 20140911
Sophos AV Mal/Generic-S 20140911
Tencent Win32.Trojan.Bp-generic.Jaiu 20140911
AegisLab 20140911
Yandex 20140911
Antiy-AVL 20140911
AVware 20140911
ByteHero 20140911
CAT-QuickHeal 20140911
ClamAV 20140910
CMC 20140908
Comodo 20140911
Cyren 20140911
DrWeb 20140911
Fortinet 20140911
Jiangmin 20140911
K7AntiVirus 20140911
K7GW 20140911
Kingsoft 20140911
Microsoft 20140911
NANO-Antivirus 20140911
Norman 20140911
nProtect 20140911
Panda 20140911
Rising 20140911
SUPERAntiSpyware 20140911
Symantec 20140911
TheHacker 20140911
TotalDefense 20140911
VBA32 20140911
VIPRE 20140911
ViRobot 20140911
Zillya 20140910
Zoner 20140910
The file being studied is a Portable Executable file! More specifically, it is a Win32 EXE file for the Windows GUI subsystem.
FileVersionInfo properties
Copyright
Copyright (C) Powder 2008-2013

Publisher Headed badly Columbus - www.Powder.com
Product Powder
File version 3.0.0.1
Description Pain syllable zero buffalo elephant influence
PE header basic information
Target machine Intel 386 or later processors and compatible processors
Compilation timestamp 2014-09-10 14:45:42
Entry Point 0x00002A23
Number of sections 4
PE sections
PE imports
RegQueryValueA
RegOpenKeyExA
RegCloseKey
ImageList_Add
GetLastError
InitializeCriticalSection
HeapFree
GetStdHandle
EnterCriticalSection
GetConsoleOutputCP
SetHandleCount
GetSystemInfo
GetConsoleCP
GetOEMCP
GetEnvironmentStringsW
HeapDestroy
ExitProcess
CreateTapePartition
TlsAlloc
FlushFileBuffers
VirtualProtect
GetVersionExA
GetModuleFileNameA
RtlUnwind
FoldStringA
FreeEnvironmentStringsA
DeleteCriticalSection
GetStartupInfoA
LoadLibraryExA
GetEnvironmentStrings
GetConsoleMode
GetLocaleInfoA
InterlockedIncrement
GetTimeZoneInformation
LCMapStringA
GetCPInfo
UnhandledExceptionFilter
InterlockedDecrement
MultiByteToWideChar
FreeEnvironmentStringsW
GetCommandLineA
GetProcAddress
TlsFree
SetStdHandle
LCMapStringW
CompareStringW
RaiseException
WideCharToMultiByte
GetStringTypeA
SetFilePointer
GetCurrentProcessId
GetModuleHandleA
SetUnhandledExceptionFilter
WriteFile
GetCurrentProcess
CloseHandle
GetSystemTimeAsFileTime
GetACP
HeapReAlloc
GetStringTypeW
GetModuleHandleW
SetEnvironmentVariableA
HeapAlloc
TerminateProcess
QueryPerformanceCounter
WriteConsoleA
GetEnvironmentVariableA
HeapCreate
SetLastError
VirtualQuery
VirtualFree
ConvertThreadToFiber
TlsGetValue
Sleep
GetFileType
GetTickCount
TlsSetValue
CreateFileA
GetCurrentThreadId
OutputDebugStringA
LeaveCriticalSection
VirtualAlloc
GetNumberFormatW
WriteConsoleW
CompareStringA
MapWindowPoints
MapDialogRect
GetMessageTime
PaintDesktop
DragObject
EnumPropsExW
GetWindowTextA
EnumDesktopsW
CharLowerW
ClipCursor
GetQueueStatus
DefWindowProcA
GetMenuItemInfoW
FindDebugInfoFileEx
MapDebugInformation
SymGetSymFromName
SymGetOptions
ImageNtHeader
CreateStreamOnHGlobal
StgCreateDocfileOnILockBytes
CreateILockBytesOnHGlobal
Number of PE resources by type
RT_BITMAP 27
RT_MENU 8
RT_GROUP_CURSOR 4
RT_CURSOR 4
RT_VERSION 1
RT_GROUP_ICON 1
Number of PE resources by language
NEUTRAL 28
ENGLISH US 16
ARABIC SYRIA 1
PE resources
ExifTool file metadata
LegalTrademarks
Powder

FileDescription
Pain syllable zero buffalo elephant influence

InitializedDataSize
93696

ImageVersion
0.0

ProductName
Powder

FileVersionNumber
1.5.0.0

LanguageCode
English (U.S.)

FileFlagsMask
0x003f

CharacterSet
Windows, Latin1

LinkerVersion
9.0

OriginalFilename
Burst.exe

MIMEType
application/octet-stream

Subsystem
Windows GUI

FileVersion
3.0.0.1

TimeStamp
2014:09:10 15:45:42+01:00

FileType
Win32 EXE

PEType
PE32

InternalName
Burst.exe

SubsystemVersion
5.0

FileAccessDate
2014:10:30 11:44:44+01:00

ProductVersion
1.0

UninitializedDataSize
0

OSVersion
5.0

FileCreateDate
2014:10:30 11:44:44+01:00

FileOS
Windows 16-bit

LegalCopyright
Copyright (C) Powder 2008-2013

MachineType
Intel 386 or later, and compatibles

CompanyName
Headed badly Columbus - www.Powder.com

CodeSize
78336

FileSubtype
0

ProductVersionNumber
1.2.0.0

EntryPoint
0x2a23

ObjectFileType
Executable application

File identification
MD5 d54b7bd12cb516945972242ea9ac84e2
SHA1 71edcdbb6aa454a7ceba00fde80c5803f6089f10
SHA256 5db8207e1891b01b84c987f8065c2f646cbcceae9ff5af5198a05f75766e8c39
ssdeep
3072:VsBTxGNyl391D73Czwor5y2yLvslFOwIArdZMDgxV:VswIXPuvyL4I8

authentihash 6bc6d2bbb11ba46d153561713838aa612441f8f0811a00643d1c1ddcc3ce020b
imphash 7110fdf7a961085c45cc97cf4cb0131b
File size 169.0 KB ( 173056 bytes )
File type Win32 EXE
Magic literal
PE32 executable for MS Windows (GUI) Intel 80386 32-bit

TrID InstallShield setup (48.1%)
Win32 Executable MS Visual C++ (generic) (34.9%)
Win32 Dynamic Link Library (generic) (7.3%)
Win32 Executable (generic) (5.0%)
Generic Win/DOS Executable (2.2%)
Tags
peexe

VirusTotal metadata
First submission 2014-09-11 05:17:21 UTC ( 4 years, 8 months ago )
Last submission 2014-10-30 10:44:36 UTC ( 4 years, 6 months ago )
File names c1l73e
aaaaaaaa.exe
111 (1).exe
vt-upload-oUcFSV
gxiynfuo.exe
111.exe
5db8207e1891b01b84c987f8065c2f646cbcceae9ff5af5198a05f75766e8c39.exe
Advanced heuristic and reputation engines
Symantec reputation Suspicious.Insight
Behaviour characterization
Zemana
dll-injection

No comments. No VirusTotal Community member has commented on this item yet, be the first one to do so!

Leave your comment...

?
Post comment

You have not signed in. Only registered users can leave comments, sign in and have a voice!

No votes. No one has voted on this item yet, be the first one to do so!
Condensed report! The following is a condensed report of the behaviour of the file when executed in a controlled environment. The actions and events described were either performed by the file itself or by any other process launched by the executed file or subjected to code injection by the executed file.
Runtime DLLs
UDP communications