× Cookies are disabled! This site requires cookies to be enabled to work properly
SHA256: 769d445b5623348b243d1b1a4dd5150290c2daa4ba8e4cfe2447402a167874d3
File name: invc_2014-09-10_15-07-11_992303882.exe
Detection ratio: 27 / 55
Analysis date: 2014-09-16 07:57:53 UTC ( 4 years, 8 months ago ) View latest
Antivirus Result Update
Ad-Aware Trojan.GenericKD.1862716 20140916
Avast Win32:Trojan-gen 20140916
Avira (no cloud) TR/Agent.BFIN 20140916
Baidu-International Trojan.Win32.InfoStealer.aTtL 20140916
BitDefender Trojan.GenericKD.1862716 20140916
Bkav HW32.Paked.820B 20140915
Comodo UnclassifiedMalware 20140916
Cyren W32/Trojan.YGAL-7073 20140916
DrWeb Trojan.PWS.Stealer.4118 20140916
Emsisoft Trojan.GenericKD.1862716 (B) 20140916
ESET-NOD32 Win32/PSW.Fareit.A 20140916
F-Secure Trojan.GenericKD.1862716 20140916
Fortinet W32/Fareit.A!tr.pws 20140916
GData Trojan.GenericKD.1862716 20140916
Ikarus Trojan-Spy.Zbot 20140916
Kaspersky Trojan-PSW.Win32.Tepfer.ulvj 20140916
Malwarebytes Trojan.PWS.Fareit 20140916
McAfee RDN/Spybot.bfr!m 20140916
McAfee-GW-Edition BehavesLike.Win32.Packed.ch 20140916
Microsoft PWS:Win32/Fareit 20140916
eScan Trojan.GenericKD.1862716 20140916
Panda Trj/Chgt.F 20140915
Rising PE:Malware.FakePDF@CV!1.9C3A 20140915
Sophos AV Troj/Agent-AIWU 20140916
Symantec Trojan.Zbot 20140916
TrendMicro TROJ_MOSERAN.BMC 20140916
TrendMicro-HouseCall TROJ_MOSERAN.BMC 20140916
AegisLab 20140916
Yandex 20140916
AhnLab-V3 20140916
Antiy-AVL 20140916
AVG 20140916
AVware 20140916
ByteHero 20140916
CAT-QuickHeal 20140916
ClamAV 20140915
CMC 20140916
F-Prot 20140916
Jiangmin 20140915
K7AntiVirus 20140915
K7GW 20140915
Kingsoft 20140916
NANO-Antivirus 20140916
Norman 20140915
nProtect 20140915
Qihoo-360 20140916
SUPERAntiSpyware 20140916
Tencent 20140916
TheHacker 20140915
TotalDefense 20140915
VBA32 20140915
VIPRE 20140916
ViRobot 20140916
Zillya 20140915
Zoner 20140915
The file being studied is a Portable Executable file! More specifically, it is a Win32 EXE file for the Windows GUI subsystem.
PE header basic information
Target machine Intel 386 or later processors and compatible processors
Compilation timestamp 2014-09-15 08:36:03
Entry Point 0x00004C36
Number of sections 4
PE sections
Overlays
MD5 c7a8eb76f8a9aaeeebdfefaba2b60c2c
File type data
Offset 57344
Size 54970
Entropy 8.00
PE imports
GetStartupInfoA
GetModuleHandleA
HeapCreate
_except_handler3
_acmdln
__p__fmode
_exit
_adjust_fdiv
__p__commode
__dllonexit
_onexit
_controlfp
exit
_XcptFilter
__getmainargs
_initterm
__setusermatherr
__set_app_type
NdrMesTypeAlignSize
NdrNonConformantStringMarshall
NdrInterfacePointerUnmarshall
NdrConformantStringMarshall
NdrComplexArrayMemorySize
I_RpcNsBindingSetEntryNameW
NdrConformantVaryingArrayUnmarshall
RpcAsyncAbortCall
NdrConformantStringMemorySize
NdrMesTypeDecode
NdrPointerBufferSize
NdrConformantVaryingStructMarshall
RpcBindingInqAuthInfoExA
RpcBindingFree
NdrMesSimpleTypeAlignSize
NdrFullPointerQueryRefId
NdrXmitOrRepAsFree
NdrOleFree
RpcAsyncGetCallStatus
RpcBindingCopy
NdrConformantVaryingArrayMemorySize
NdrComplexStructBufferSize
NdrOleAllocate
NdrNsSendReceive
NdrServerCall
RpcBindingInqAuthInfoExW
RpcBindingSetAuthInfoW
NdrConformantArrayFree
NDRSContextMarshall
NdrGetBuffer
NdrEncapsulatedUnionUnmarshall
NdrClientInitialize
NdrRpcSsEnableAllocate
MIDL_wchar_strlen
NdrFixedArrayFree
NdrRpcSsDefaultAllocate
NdrServerUnmarshall
NdrRpcSmClientFree
RpcBindingInqAuthInfoA
GetMessageA
CreateWindowExA
LoadIconA
UpdateWindow
DispatchMessageA
TranslateAcceleratorA
TranslateMessage
PostQuitMessage
DefWindowProcA
ShowWindow
RegisterClassExA
DestroyWindow
Number of PE resources by type
RT_ICON 9
RT_GROUP_ICON 3
RT_MENU 1
RT_DIALOG 1
Number of PE resources by language
RUSSIAN 7
ENGLISH US 7
PE resources
ExifTool file metadata
MIMEType
application/octet-stream

Subsystem
Windows GUI

MachineType
Intel 386 or later, and compatibles

FileTypeExtension
exe

TimeStamp
2014:09:15 09:36:03+01:00

FileType
Win32 EXE

PEType
PE32

CodeSize
16384

LinkerVersion
6.0

EntryPoint
0x4c36

InitializedDataSize
1576960

SubsystemVersion
4.0

ImageVersion
0.0

OSVersion
4.0

UninitializedDataSize
0

Compressed bundles
File identification
MD5 26b198223e54cd36a8ca971b82a86d3a
SHA1 4eb2f7b4dd50702841e0c40821230f49855cc3a6
SHA256 769d445b5623348b243d1b1a4dd5150290c2daa4ba8e4cfe2447402a167874d3
ssdeep
1536:A6QUSBd08zleLKazawId0/3w3qirVF34AqPYK9FbYnwMaK80rnT3CZ3rn:Azd08yIGOqi5J4Ai9FbYw28yTe3r

authentihash 52e4a4525848331c3417dde28996815ced8441353b3c2c284fc33ff10dc185e1
imphash 77558389bcb210ec789347ffdde5ed43
File size 109.7 KB ( 112314 bytes )
File type Win32 EXE
Magic literal
PE32 executable for MS Windows (GUI) Intel 80386 32-bit

TrID Win32 Dynamic Link Library (generic) (43.5%)
Win32 Executable (generic) (29.8%)
Generic Win/DOS Executable (13.2%)
DOS Executable Generic (13.2%)
Tags
peexe overlay

VirusTotal metadata
First submission 2014-09-15 09:54:57 UTC ( 4 years, 8 months ago )
Last submission 2014-09-17 23:47:08 UTC ( 4 years, 8 months ago )
File names 26b198223e54cd36a8ca971b82a86d3a
vti-rescan
invc_2014-09-10_15-07-11_992303882.exe
0af9ab709f1aba4460e89af5ac87dd63722e40c97cd5dac82d288f549e3dd5be
769d445b5623348b243d1b1a4dd5150290c2daa4ba8e4cfe2447402a167874d3.exe
Advanced heuristic and reputation engines
No comments. No VirusTotal Community member has commented on this item yet, be the first one to do so!

Leave your comment...

?
Post comment

You have not signed in. Only registered users can leave comments, sign in and have a voice!

No votes. No one has voted on this item yet, be the first one to do so!
Condensed report! The following is a condensed report of the behaviour of the file when executed in a controlled environment. The actions and events described were either performed by the file itself or by any other process launched by the executed file or subjected to code injection by the executed file.
Opened files
Read files
Opened service managers
Opened services
Runtime DLLs
Additional details
The file sends control codes directly to certain device drivers making use of the DeviceIoControl Windows API function.
DNS requests
UDP communications