× Cookies are disabled! This site requires cookies to be enabled to work properly
SHA256: 5f9cfbf3e71b18452c255a43e8404e37307c29b3561728ac44304c9cac82470a
File name: 333.exe
Detection ratio: 2 / 55
Analysis date: 2014-09-15 10:19:06 UTC ( 4 years, 8 months ago ) View latest
Antivirus Result Update
AhnLab-V3 Spyware/Win32.Zbot 20140915
Bkav HW32.Paked.69FE 20140913
Ad-Aware 20140915
AegisLab 20140915
Yandex 20140914
Antiy-AVL 20140915
Avast 20140915
AVG 20140915
Avira (no cloud) 20140915
AVware 20140915
Baidu-International 20140915
BitDefender 20140915
ByteHero 20140915
CAT-QuickHeal 20140915
ClamAV 20140914
CMC 20140915
Comodo 20140915
Cyren 20140915
DrWeb 20140915
Emsisoft 20140915
ESET-NOD32 20140915
F-Prot 20140913
F-Secure 20140915
Fortinet 20140915
GData 20140915
Ikarus 20140915
Jiangmin 20140914
K7AntiVirus 20140912
K7GW 20140912
Kaspersky 20140915
Kingsoft 20140915
Malwarebytes 20140915
McAfee 20140915
McAfee-GW-Edition 20140915
Microsoft 20140915
eScan 20140915
NANO-Antivirus 20140915
Norman 20140914
nProtect 20140914
Panda 20140915
Qihoo-360 20140915
Rising 20140914
Sophos AV 20140915
SUPERAntiSpyware 20140914
Symantec 20140915
Tencent 20140915
TheHacker 20140913
TotalDefense 20140914
TrendMicro 20140915
TrendMicro-HouseCall 20140915
VBA32 20140915
VIPRE 20140915
ViRobot 20140915
Zillya 20140915
Zoner 20140912
The file being studied is a Portable Executable file! More specifically, it is a Win32 EXE file for the Windows GUI subsystem.
Packers identified
F-PROT ZIP
PE header basic information
Target machine Intel 386 or later processors and compatible processors
Compilation timestamp 2014-09-15 08:21:39
Entry Point 0x0000467C
Number of sections 4
PE sections
Overlays
MD5 377ce79760af87779f6badedf53755e2
File type data
Offset 32768
Size 193384
Entropy 8.00
PE imports
GetStartupInfoA
HeapCreate
GetModuleHandleA
_except_handler3
_acmdln
_adjust_fdiv
__p__fmode
__p__commode
__setusermatherr
__dllonexit
_onexit
_controlfp
exit
_XcptFilter
__getmainargs
_exit
_initterm
__set_app_type
RpcRevertToSelf
RpcMgmtEpEltInqNextW
char_array_from_ndr
RpcMgmtEpUnregister
RpcMgmtEpEltInqNextA
RpcNetworkIsProtseqValidA
RpcBindingToStringBindingW
RpcImpersonateClient
RpcSmSetThreadHandle
RpcAsyncAbortCall
RpcSsGetThreadHandle
short_array_from_ndr
RpcNsBindingInqEntryNameW
RpcBindingReset
RpcSsAllocate
RpcAsyncGetCallStatus
RpcEpRegisterNoReplaceW
UuidCreateNil
RpcBindingInqAuthInfoW
RpcMgmtSetAuthorizationFn
RpcAsyncCompleteCall
RpcSmSwapClientAllocFree
NdrXmitOrRepAsUnmarshall
RpcMgmtStopServerListening
RpcServerUseAllProtseqsIf
RpcServerUseProtseqIfExA
RpcSmClientFree
SetupCopyErrorW
SetupAddToSourceListA
GetMessageA
CreateWindowExA
LoadIconA
UpdateWindow
DispatchMessageA
TranslateAcceleratorA
TranslateMessage
PostQuitMessage
DefWindowProcA
ShowWindow
RegisterClassExA
DestroyWindow
Number of PE resources by type
RT_ICON 3
RT_GROUP_ICON 2
RT_MENU 1
RT_DIALOG 1
RT_MANIFEST 1
Number of PE resources by language
ENGLISH US 7
RUSSIAN 1
PE resources
ExifTool file metadata
MIMEType
application/octet-stream

Subsystem
Windows GUI

SubsystemVersion
4.0

MachineType
Intel 386 or later, and compatibles

TimeStamp
2014:09:15 09:21:39+01:00

FileType
Win32 EXE

PEType
PE32

CodeSize
16384

LinkerVersion
6.0

FileTypeExtension
exe

InitializedDataSize
1986560

ImageFileCharacteristics
No relocs, Executable, No line numbers, No symbols, 32-bit

EntryPoint
0x467c

OSVersion
4.0

ImageVersion
0.0

UninitializedDataSize
0

Compressed bundles
File identification
MD5 e33a9ba53fd5377dd7817266d4c89c01
SHA1 019503c04754e10dfa73a18829b614dc7f32820b
SHA256 5f9cfbf3e71b18452c255a43e8404e37307c29b3561728ac44304c9cac82470a
ssdeep
6144:J2w9G5AT8hpqivZbdlVTNHlCFjUulpKvU:J2w6AT8h4iv9VTXx4AvU

authentihash 04049e5cc7d5a37061140139b7fdbbb30ba87b4d19ad15ed1cfc1f902ed9b9ee
imphash 8011a5460c7c57f0f1b34b4a478b23e9
File size 220.9 KB ( 226152 bytes )
File type Win32 EXE
Magic literal
PE32 executable for MS Windows (GUI) Intel 80386 32-bit

TrID Win32 Dynamic Link Library (generic) (38.4%)
Win32 Executable (generic) (26.3%)
OS/2 Executable (generic) (11.8%)
Generic Win/DOS Executable (11.6%)
DOS Executable Generic (11.6%)
Tags
peexe overlay

VirusTotal metadata
First submission 2014-09-15 10:19:06 UTC ( 4 years, 8 months ago )
Last submission 2015-04-05 20:08:02 UTC ( 4 years, 1 month ago )
File names e33a9ba53fd5377dd7817266d4c89c01.exe
vti-rescan
333.exe
5f9cfbf3e71b18452c255a43e8404e37307c29b3561728ac44304c9cac82470a.exe
WC8b22c3.sys
Advanced heuristic and reputation engines
Symantec reputation Suspicious.Insight
No comments. No VirusTotal Community member has commented on this item yet, be the first one to do so!

Leave your comment...

?
Post comment

You have not signed in. Only registered users can leave comments, sign in and have a voice!

No votes. No one has voted on this item yet, be the first one to do so!
Condensed report! The following is a condensed report of the behaviour of the file when executed in a controlled environment. The actions and events described were either performed by the file itself or by any other process launched by the executed file or subjected to code injection by the executed file.
Opened files
Read files
Written files
Deleted files
Created processes
Code injections in the following processes
Created mutexes
Opened mutexes
Runtime DLLs
Additional details
The file sends control codes directly to certain device drivers making use of the DeviceIoControl Windows API function.
DNS requests