× Cookies are disabled! This site requires cookies to be enabled to work properly
SHA256: 02bfccf4da659e1caff6926916a92677d3c581bc31f655d884c92e9ad1f6ebba
File name: 80aff3257ec4f6f7bd5e5259ea08815e
Detection ratio: 24 / 54
Analysis date: 2014-07-16 11:25:09 UTC ( 3 years, 3 months ago ) View latest
Antivirus Result Update
Ad-Aware Trojan.GenericKD.1761673 20140716
AntiVir TR/Injector.wqsb 20140716
Avast Win32:Malware-gen 20140716
Baidu-International Trojan.Win32.Generik.BHWYFRLQ 20140716
BitDefender Trojan.GenericKD.1761673 20140716
Commtouch W32/Trojan.OTLB-2455 20140716
DrWeb BackDoor.Kuluoz.4 20140716
Emsisoft Trojan.GenericKD.1761673 (B) 20140716
ESET-NOD32 a variant of Generik.HWYFRLQ 20140716
F-Prot W32/Trojan3.JIV 20140716
F-Secure Trojan.GenericKD.1761673 20140716
GData Trojan.GenericKD.1761673 20140716
Ikarus Trojan-Spy.Zbot 20140716
Kaspersky Net-Worm.Win32.Aspxor.bpzd 20140716
McAfee RDN/Generic.tfr!eb 20140716
McAfee-GW-Edition Artemis!80AFF3257EC4 20140715
eScan Trojan.GenericKD.1761673 20140716
Qihoo-360 HEUR/Malware.QVM07.Gen 20140716
Rising PE:Malware.FakeDOC@CV!1.9C3C 20140716
Sophos AV Mal/EncPk-AAQ 20140716
Symantec Trojan.Asprox.B 20140716
TrendMicro TROJ_MIPC.008575GG14 20140716
TrendMicro-HouseCall TROJ_MIPC.008575GG14 20140716
VIPRE Trojan.Win32.Kuluoz.dad (v) 20140716
AegisLab 20140716
Yandex 20140715
AhnLab-V3 20140715
Antiy-AVL 20140716
AVG 20140716
Bkav 20140716
ByteHero 20140716
CAT-QuickHeal 20140716
ClamAV 20140716
CMC 20140716
Comodo 20140716
Fortinet 20140716
Jiangmin 20140716
K7AntiVirus 20140715
K7GW 20140716
Kingsoft 20140716
Malwarebytes 20140716
Microsoft 20140716
NANO-Antivirus 20140716
Norman 20140716
nProtect 20140715
Panda 20140716
SUPERAntiSpyware 20140716
Tencent 20140716
TheHacker 20140714
TotalDefense 20140716
VBA32 20140715
ViRobot 20140716
Zillya 20140715
Zoner 20140714
The file being studied is a Portable Executable file! More specifically, it is a Win32 EXE file for the Windows GUI subsystem.
PE header basic information
Target machine Intel 386 or later processors and compatible processors
Compilation timestamp 2014-07-16 05:02:48
Entry Point 0x00004B65
Number of sections 4
PE sections
PE imports
GetStdHandle
HeapDestroy
GetFileAttributesW
FreeEnvironmentStringsA
DeleteCriticalSection
GetCurrentProcess
GetLocaleInfoA
LocalAlloc
SetErrorMode
FreeEnvironmentStringsW
GetLocaleInfoW
SetStdHandle
GetCPInfo
GetStringTypeA
InterlockedExchange
WriteFile
GetTimeZoneInformation
HeapReAlloc
GetStringTypeW
GetOEMCP
LocalFree
FormatMessageW
GetEnvironmentVariableA
LoadResource
FindClose
TlsGetValue
SetLastError
InitializeCriticalSection
HeapAlloc
GetModuleFileNameA
EnumSystemLocalesA
UnhandledExceptionFilter
LoadLibraryExW
MultiByteToWideChar
FatalAppExitA
GetModuleHandleA
SetEnvironmentVariableA
TerminateProcess
InterlockedDecrement
SetEndOfFile
GetVersion
InterlockedIncrement
HeapFree
EnterCriticalSection
SetHandleCount
FreeLibrary
QueryPerformanceCounter
IsBadWritePtr
TlsAlloc
GetVersionExA
LoadLibraryA
RtlUnwind
GetStartupInfoA
GetStartupInfoW
DeleteFileW
GetUserDefaultLCID
CompareStringW
GetCurrentThreadId
CompareStringA
IsValidLocale
GetProcAddress
CreateEventW
CreateEventA
GetFileType
TlsSetValue
CreateFileA
ExitProcess
LeaveCriticalSection
GetLastError
LCMapStringW
GetSystemInfo
lstrlenA
GlobalFree
LCMapStringA
GetEnvironmentStringsW
lstrlenW
SizeofResource
CompareFileTime
GetCurrentProcessId
WideCharToMultiByte
HeapSize
GetCommandLineA
GetCurrentThread
TlsFree
SetFilePointer
ReadFile
GetACP
GetModuleHandleW
GetEnvironmentStrings
IsValidCodePage
HeapCreate
VirtualFree
Sleep
VirtualAlloc
SHFileOperationW
GetSystemMetrics
Ord(138)
Number of PE resources by type
RT_ICON 1
RT_GROUP_ICON 1
Number of PE resources by language
ENGLISH US 2
PE resources
ExifTool file metadata
MIMEType
application/octet-stream

Subsystem
Windows GUI

MachineType
Intel 386 or later, and compatibles

FileTypeExtension
exe

TimeStamp
2014:07:16 06:02:48+01:00

FileType
Win32 EXE

PEType
PE32

CodeSize
53248

LinkerVersion
7.1

EntryPoint
0x4b65

InitializedDataSize
77824

SubsystemVersion
4.0

ImageVersion
0.0

OSVersion
4.0

UninitializedDataSize
0

Compressed bundles
File identification
MD5 80aff3257ec4f6f7bd5e5259ea08815e
SHA1 de60bd0f035a633eddadcee3b232b97e4b71e79e
SHA256 02bfccf4da659e1caff6926916a92677d3c581bc31f655d884c92e9ad1f6ebba
ssdeep
3072:MuU5jhHLNiVx5kF0DWbZVtbWpiDghKewQiZB+Y4:PU5NBiV/kF0DWtVFWptoewQO4

authentihash 5d76308dd36368d6295d73b83ef7201a7af9e369aeac82fbbf20acf2d4c8b9ba
imphash 7c71f01bf6587507222a790c819fa0be
File size 132.0 KB ( 135168 bytes )
File type Win32 EXE
Magic literal
PE32 executable for MS Windows (GUI) Intel 80386 32-bit

TrID Win32 Executable MS Visual C++ (generic) (67.4%)
Win32 Dynamic Link Library (generic) (14.2%)
Win32 Executable (generic) (9.7%)
Generic Win/DOS Executable (4.3%)
DOS Executable Generic (4.3%)
Tags
peexe

VirusTotal metadata
First submission 2014-07-15 19:18:03 UTC ( 3 years, 3 months ago )
Last submission 2016-06-08 22:02:51 UTC ( 1 year, 4 months ago )
File names isheriff_80aff3257ec4f6f7bd5e5259ea08815e.bin
Copy_of_document_July-15-2014_exe
80aff3257ec4f6f7bd5e5259ea08815e.exe
Copy_of_document_July-15-2014.exe
80aff3257ec4f6f7bd5e5259ea08815e
copy_of_document_july-15-2014.exe
80aff3257ec4f6f7bd5e5259ea08815e.malware
02bfccf4da659e1caff6926916a92677d3c581bc31f655d884c92e9ad1f6ebba.exe
Advanced heuristic and reputation engines
Symantec reputation Suspicious.Insight
Behaviour characterization
Zemana
dll-injection

No comments. No VirusTotal Community member has commented on this item yet, be the first one to do so!

Leave your comment...

?
Post comment

You have not signed in. Only registered users can leave comments, sign in and have a voice!

No votes. No one has voted on this item yet, be the first one to do so!
Condensed report! The following is a condensed report of the behaviour of the file when executed in a controlled environment. The actions and events described were either performed by the file itself or by any other process launched by the executed file or subjected to code injection by the executed file.
Opened files
Created processes
Created mutexes
Opened mutexes
Runtime DLLs