× Cookies are disabled! This site requires cookies to be enabled to work properly
SHA256: 96e751ed9ca456b341c0fc4d7deb21eeba401a16db541cb502a88e83a0ec0d59
File name: 5C65.exe
Detection ratio: 3 / 57
Analysis date: 2015-03-19 23:08:06 UTC ( 3 years, 10 months ago ) View latest
Antivirus Result Update
ESET-NOD32 a variant of Win32/Kryptik.DCJF 20150319
Malwarebytes Trojan.GenPE3.ED 20150319
Qihoo-360 HEUR/QVM07.1.Malware.Gen 20150320
Ad-Aware 20150319
AegisLab 20150319
Yandex 20150319
AhnLab-V3 20150319
Alibaba 20150319
ALYac 20150319
Antiy-AVL 20150319
Avast 20150319
AVG 20150319
Avira (no cloud) 20150319
AVware 20150319
Baidu-International 20150319
BitDefender 20150319
Bkav 20150319
ByteHero 20150320
CAT-QuickHeal 20150319
ClamAV 20150319
CMC 20150317
Comodo 20150319
Cyren 20150319
DrWeb 20150319
Emsisoft 20150319
F-Prot 20150319
F-Secure 20150319
Fortinet 20150319
GData 20150319
Ikarus 20150319
Jiangmin 20150319
K7AntiVirus 20150319
K7GW 20150319
Kaspersky 20150319
Kingsoft 20150320
McAfee 20150319
McAfee-GW-Edition 20150319
Microsoft 20150319
eScan 20150319
NANO-Antivirus 20150319
Norman 20150319
nProtect 20150319
Panda 20150318
Rising 20150319
Sophos AV 20150319
SUPERAntiSpyware 20150319
Symantec 20150319
Tencent 20150320
TheHacker 20150319
TotalDefense 20150319
TrendMicro 20150319
TrendMicro-HouseCall 20150319
VBA32 20150319
VIPRE 20150319
ViRobot 20150319
Zillya 20150319
Zoner 20150319
The file being studied is a Portable Executable file! More specifically, it is a Win32 EXE file for the Windows GUI subsystem.
PE header basic information
Target machine Intel 386 or later processors and compatible processors
Compilation timestamp 2005-09-07 04:49:15
Entry Point 0x00018856
Number of sections 3
PE sections
Overlays
MD5 ff8dadf1f5da832519a43be936d8ca9e
File type data
Offset 192512
Size 140943
Entropy 7.08
PE imports
GdiComment
SymSetOptions
GetStartupInfoA
GetModuleHandleA
GradientFill
_except_handler3
_acmdln
__p__fmode
_adjust_fdiv
__setusermatherr
__p__commode
exit
_XcptFilter
__getmainargs
_initterm
_controlfp
_exit
__set_app_type
Ord(75)
Ord(40)
Ord(23)
Ord(76)
Ord(55)
Ord(16)
Ord(28)
Ord(15)
Ord(33)
Ord(32)
Ord(26)
Ord(41)
Ord(35)
GetRoleTextW
RasDeleteEntryA
ResUtilSetDwordValue
ResUtilDupString
ResUtilFreeParameterBlock
ResUtilSetMultiSzValue
ResUtilGetDwordValue
ResUtilEnumResources
ResUtilStartResourceService
ResUtilSetExpandSzValue
ResUtilGetPropertiesToParameterBlock
ResUtilFindSzProperty
ResUtilSetPrivatePropertyList
ResUtilDupParameterBlock
ResUtilGetSzProperty
RpcAsyncRegisterInfo
NdrNonConformantStringMarshall
NdrXmitOrRepAsMemorySize
NdrConformantStringMarshall
UuidFromStringA
RpcImpersonateClient
NdrConformantVaryingArrayUnmarshall
NdrInterfacePointerBufferSize
RpcMgmtEpEltInqNextW
MesDecodeBufferHandleCreate
I_RpcNsBindingSetEntryNameA
I_RpcConnectionInqSockBuffSize
NdrServerContextUnmarshall
I_RpcBindingIsClientLocal
NdrVaryingArrayUnmarshall
NdrInterfacePointerMemorySize
I_RpcBindingInqDynamicEndpointA
I_UuidCreate
RpcEpUnregister
RpcServerRegisterIfEx
RpcMgmtInqServerPrincNameA
NdrFreeBuffer
RpcServerUseProtseqEpExW
RpcMgmtStopServerListening
RpcServerUseProtseqIfExA
RpcSsSetThreadHandle
RpcStringBindingComposeA
RpcProtseqVectorFreeW
RpcSmAllocate
RpcMgmtInqDefaultProtectLevel
RpcMgmtEnableIdleCleanup
NdrNsGetBuffer
I_RpcMapWin32Status
NdrConformantArrayMarshall
NdrByteCountPointerFree
NdrConformantArrayUnmarshall
RpcSmSetClientAllocFree
NdrUserMarshalUnmarshall
NdrPointerMarshall
RpcServerUseAllProtseqsIfEx
RpcServerInqDefaultPrincNameW
NdrXmitOrRepAsUnmarshall
NDRSContextMarshallEx
MesBufferHandleReset
NdrServerUnmarshall
I_RpcServerRegisterForwardFunction
RpcEpResolveBinding
NdrServerInitialize
I_RpcFreePipeBuffer
RpcNsBindingInqEntryNameA
NdrFixedArrayBufferSize
I_RpcFreeBuffer
NdrServerInitializeUnmarshall
NdrConformantStructMarshall
UuidIsNil
I_RpcSsDontSerializeContext
NdrRpcSsDisableAllocate
RpcBindingInqAuthInfoW
NdrNonConformantStringUnmarshall
data_size_ndr
RpcServerUseProtseqIfA
MesEncodeIncrementalHandleCreate
NdrFixedArrayMemorySize
NdrServerInitializePartial
RpcBindingSetOption
NdrFixedArrayUnmarshall
RpcServerUseAllProtseqs
NdrSimpleStructMarshall
RpcServerUseAllProtseqsIf
NdrFixedArrayFree
NDRSContextUnmarshallEx
NdrEncapsulatedUnionFree
RpcSmClientFree
RpcMgmtSetCancelTimeout
RpcSmDisableAllocate
NdrClientContextUnmarshall
NdrRpcSmSetClientToOsf
NdrInterfacePointerMarshall
NdrConformantVaryingStructMemorySize
RpcEpRegisterA
RpcNetworkInqProtseqsW
RpcServerUseProtseqEpA
NdrNonEncapsulatedUnionFree
NdrSimpleTypeUnmarshall
RpcSsFree
NdrVaryingArrayFree
RpcBindingInqAuthInfoExA
NdrSendReceive
NdrServerInitializeNew
NdrNonConformantStringBufferSize
NdrSimpleStructUnmarshall
char_from_ndr
NdrConformantStructFree
NdrMesSimpleTypeDecode
RpcServerUseProtseqA
RpcIfInqId
SetupFindNextLine
PathRemoveArgsW
StrIsIntlEqualA
PathIsURLA
StrTrimW
PathIsDirectoryA
PathFindOnPathW
StrFormatByteSizeA
PathIsUNCServerShareW
PathCompactPathA
PathCompactPathExW
PathMakePrettyW
SHRegCloseUSKey
SetTimer
CallWindowProcW
IsDialogMessageW
OffsetRect
GetWindowTextW
GetKeyboardLayout
PeekMessageA
FindWindowExW
SendDlgItemMessageW
VerFindFileA
VerInstallFileW
VerFindFileW
InternetCanonicalizeUrlW
HttpQueryInfoW
InternetCrackUrlW
InternetErrorDlg
InternetCanonicalizeUrlA
RetrieveUrlCacheEntryFileW
GetUrlCacheEntryInfoExA
HttpSendRequestExA
HttpOpenRequestW
CreateUrlCacheGroup
GetUrlCacheEntryInfoA
InternetReadFileExA
InternetQueryOptionW
InternetGetCookieA
InternetReadFileExW
InternetQueryOptionA
FtpRenameFileW
InternetAutodial
FindFirstUrlCacheEntryExW
GopherCreateLocatorA
InternetFindNextFileA
InternetCheckConnectionW
InternetGoOnline
FtpGetCurrentDirectoryW
FtpCreateDirectoryW
InternetCrackUrlA
mciGetDeviceIDFromElementIDW
waveOutSetVolume
waveOutReset
mciSendStringW
waveOutGetDevCapsA
midiStreamPosition
mciGetErrorStringA
waveInStop
midiStreamStop
sndPlaySoundW
waveInGetErrorTextA
mmioSendMessage
midiOutGetErrorTextA
midiOutMessage
mixerGetNumDevs
mixerOpen
joySetCapture
waveInGetDevCapsA
waveInGetPosition
waveOutGetNumDevs
midiInGetID
auxGetNumDevs
mmioOpenW
mmioClose
midiInGetDevCapsW
joyGetThreshold
mciSetYieldProc
waveOutPrepareHeader
waveOutBreakLoop
mmioGetInfo
auxOutMessage
waveOutGetPitch
mmioOpenA
timeGetDevCaps
OpenDriver
mmioStringToFOURCCW
mmioInstallIOProcW
waveOutGetErrorTextW
midiInAddBuffer
CloseDriver
midiOutGetNumDevs
midiInStop
mciSendCommandW
mixerClose
midiStreamOpen
waveInUnprepareHeader
mciGetDeviceIDA
waveInStart
mmioInstallIOProcA
PdhUpdateLogW
PdhEnumObjectItemsW
PdhBrowseCountersW
PdhUpdateLogA
PdhValidatePathA
PdhSetCounterScaleFactor
PdhParseCounterPathW
PdhGetDllVersion
PdhOpenQueryA
PdhConnectMachineA
PdhMakeCounterPathW
PdhGetDefaultPerfObjectW
PdhSelectDataSourceA
PdhGetFormattedCounterArrayW
PdhOpenQueryW
PdhGetCounterTimeBase
PdhGetFormattedCounterArrayA
PdhConnectMachineW
PdhGetCounterInfoW
PdhGetDefaultPerfCounterA
PdhOpenLogW
PdhGetRawCounterArrayW
PdhGetDefaultPerfCounterW
PdhParseInstanceNameW
URLOpenPullStreamA
ExifTool file metadata
MIMEType
application/octet-stream

Subsystem
Windows GUI

MachineType
Intel 386 or later, and compatibles

FileTypeExtension
exe

TimeStamp
2005:09:07 05:49:15+01:00

FileType
Win32 EXE

PEType
PE32

CodeSize
98304

LinkerVersion
6.0

EntryPoint
0x18856

InitializedDataSize
802816

SubsystemVersion
4.0

ImageVersion
0.0

OSVersion
4.0

UninitializedDataSize
0

File identification
MD5 821c8b01abbb1da4d790aa1bca98c4e4
SHA1 26f566c49702a5ed3ffed09db5c73613a1c565c1
SHA256 96e751ed9ca456b341c0fc4d7deb21eeba401a16db541cb502a88e83a0ec0d59
ssdeep
3072:whkUR53I/kUbHOhaGZjU4JcdwbyHEMRD+AB:wXI/kg+ZjnZyHEIS

authentihash 24ea322ff53a4d77007e7eaa41c5ab4ea68703f6e71ddd9122610da1b9da2874
imphash 7981e58e6209a20d68bf67d1f84720e1
File size 325.6 KB ( 333455 bytes )
File type Win32 EXE
Magic literal
PE32 executable for MS Windows (GUI) Intel 80386 32-bit

TrID Win32 Dynamic Link Library (generic) (43.5%)
Win32 Executable (generic) (29.8%)
Generic Win/DOS Executable (13.2%)
DOS Executable Generic (13.2%)
Tags
peexe cve-2013-3660 exploit overlay

VirusTotal metadata
First submission 2015-03-19 08:58:26 UTC ( 3 years, 10 months ago )
Last submission 2018-01-17 03:46:18 UTC ( 1 year ago )
File names 2696.TMP
37609.bin
5C65.tmp
6FF0.tmp
5C65.exe
Advanced heuristic and reputation engines
Symantec reputation Suspicious.Insight
No comments. No VirusTotal Community member has commented on this item yet, be the first one to do so!

Leave your comment...

?
Post comment

You have not signed in. Only registered users can leave comments, sign in and have a voice!

No votes. No one has voted on this item yet, be the first one to do so!
Condensed report! The following is a condensed report of the behaviour of the file when executed in a controlled environment. The actions and events described were either performed by the file itself or by any other process launched by the executed file or subjected to code injection by the executed file.
Opened files
Read files
Written files
Created processes
Code injections in the following processes
Opened mutexes
Runtime DLLs
UDP communications