× Cookies are disabled! This site requires cookies to be enabled to work properly
SHA256: 02d1cf0e77bb0d3dfe8d0d259e0c63ec059acd099db50f35fa69b440dfdad8ce
File name: monflal.exe
Detection ratio: 6 / 52
Analysis date: 2014-06-04 05:41:29 UTC ( 4 years, 9 months ago ) View latest
Antivirus Result Update
Avast Win32:Malware-gen 20140604
Bkav HW32.CDB.19d7 20140603
ESET-NOD32 a variant of Generik.DQTWICD 20140604
Kaspersky Trojan-Spy.Win32.Zbot.tdlu 20140604
Malwarebytes Spyware.Zbot.VXGen 20140604
Rising PE:Malware.XPACK-LNR/Heur!1.5594 20140603
Ad-Aware 20140604
AegisLab 20140604
Yandex 20140602
AhnLab-V3 20140603
AntiVir 20140604
Antiy-AVL 20140603
AVG 20140604
Baidu-International 20140603
BitDefender 20140604
ByteHero 20140604
CAT-QuickHeal 20140604
ClamAV 20140603
CMC 20140604
Commtouch 20140604
Comodo 20140604
DrWeb 20140604
Emsisoft 20140604
F-Prot 20140604
F-Secure 20140604
Fortinet 20140604
GData 20140604
Ikarus 20140604
Jiangmin 20140531
K7AntiVirus 20140603
K7GW 20140603
Kingsoft 20140604
McAfee 20140604
McAfee-GW-Edition 20140603
Microsoft 20140604
eScan 20140604
NANO-Antivirus 20140604
Norman 20140603
nProtect 20140603
Panda 20140603
Qihoo-360 20140604
Sophos AV 20140604
SUPERAntiSpyware 20140604
Symantec 20140604
Tencent 20140604
TheHacker 20140602
TotalDefense 20140603
TrendMicro 20140604
TrendMicro-HouseCall 20140604
VBA32 20140603
VIPRE 20140604
ViRobot 20140604
The file being studied is a Portable Executable file! More specifically, it is a Win32 EXE file for the Windows GUI subsystem.
FileVersionInfo properties
Publisher Attachmate Corporation
Original name Ssyeepa.exe
Internal name Kubohe
File version 1, 8, 5
Description Walyn Ebyruxy Jomopax
PE header basic information
Target machine Intel 386 or later processors and compatible processors
Compilation timestamp 2011-04-09 21:57:17
Entry Point 0x0001A36A
Number of sections 4
PE sections
PE imports
RegRestoreKeyA
RegCloseKey
ImpersonateAnonymousToken
GetExplicitEntriesFromAclW
CryptSetProviderA
CryptGetKeyParam
LsaClose
QueryServiceStatus
ConvertToAutoInheritPrivateObjectSecurity
PrivilegedServiceAuditAlarmA
BuildImpersonateTrusteeA
MakeAbsoluteSD2
SetFileSecurityA
SystemFunction011
LsaSetInformationPolicy
RegConnectRegistryA
EnableTrace
GetOverlappedAccessResults
LsaOpenPolicySce
LsaICLookupNames
LsaEnumerateTrustedDomains
LsaGetRemoteUserName
ProcessTrace
RegEnumValueW
GetServiceDisplayNameW
BuildTrusteeWithObjectsAndNameW
LsaSetSecurityObject
CryptSignHashW
AccessCheckByTypeResultList
ConvertSecurityDescriptorToAccessW
GetMultipleTrusteeA
SystemFunction001
ConnectNamedPipe
GetCalendarInfoA
OpenEventW
BindIoCompletionCallback
EnumUILanguagesW
SetColorProfileElementReference
CreateProfileFromLogColorSpaceA
GetPS2ColorRenderingDictionary
CloseColorProfile
GetColorDirectoryW
CreateColorTransformA
SetColorProfileHeader
EnumColorProfilesA
GetColorProfileElementTag
GetCountColorProfileElements
ConvertColorNameToIndex
OpenColorProfileA
DeleteColorTransform
CreateDeviceLinkProfile
CreateMultiProfileTransform
UnregisterCMMW
UninstallColorProfileA
GetColorProfileElement
InstallColorProfileW
DisassociateColorProfileFromDeviceA
CreateColorTransformW
DsUnquoteRdnValueA
DsReplicaUpdateRefsW
DsCrackNamesA
DsReplicaUpdateRefsA
DsUnquoteRdnValueW
DsCrackNamesW
DsGetSpnA
DsGetDomainControllerInfoW
DsListServersForDomainInSiteA
DsReplicaGetInfoW
DsFreeSchemaGuidMapA
DsListInfoForServerW
DsFreeSpnArrayA
DsInheritSecurityIdentityA
DsServerRegisterSpnW
DsUnBindW
DsReplicaModifyW
DsFreeSpnArrayW
DsFreeSchemaGuidMapW
DsReplicaAddW
DsFreePasswordCredentials
DsReplicaSyncAllW
DsListSitesA
DsCrackSpnW
DsFreeDomainControllerInfoW
DsReplicaAddA
DsReplicaSyncA
DsReplicaSyncAllA
GetUserNameExW
QueryContextAttributesA
AcceptSecurityContext
SealMessage
AddSecurityPackageW
FreeContextBuffer
AddSecurityPackageA
LsaCallAuthenticationPackage
InitializeSecurityContextA
DeleteSecurityPackageW
DeleteSecurityContext
QuerySecurityPackageInfoA
QueryCredentialsAttributesW
LsaLogonUser
InitializeSecurityContextW
VerifySignature
SaslInitializeSecurityContextA
ImportSecurityContextW
DecryptMessage
ImportSecurityContextA
AcquireCredentialsHandleA
SaslEnumerateProfilesW
GetComputerObjectNameW
AcquireCredentialsHandleW
SaslAcceptSecurityContext
FreeCredentialsHandle
CM_Get_Class_Name_ExW
SetupDiGetDeviceInterfaceDetailW
SetupDiOpenDeviceInfoA
SetupQueueCopyIndirectA
CM_Get_Hardware_Profile_InfoW
SetupAddToSourceListA
SetupGetLineCountW
SetupCopyErrorA
CM_Get_Device_Interface_Alias_ExA
CM_Get_DevNode_Registry_Property_ExW
SetupRemoveFromSourceListW
CM_Get_Device_IDW
SetupDiBuildClassInfoListExA
SetupDiGetHwProfileListExW
SetupDiGetHwProfileFriendlyNameExA
CM_Delete_DevNode_Key
SetupGetBinaryField
CM_Setup_DevNode_Ex
SetupInstallFilesFromInfSectionW
SetupDiGetClassDevsA
SetupRenameErrorW
SetupSetPlatformPathOverrideA
CM_Remove_SubTree
SetupDiClassNameFromGuidA
SetupDiClassGuidsFromNameExA
CM_Detect_Resource_Conflict
SetupDiGetDeviceInfoListDetailA
SetupQueryInfFileInformationW
SetupPromptReboot
SetupQueryDrivesInDiskSpaceListW
SetupInitializeFileLogA
DdeAbandonTransaction
DrawAnimatedRects
GetClassInfoExW
SwitchDesktop
DdeAccessData
DefWindowProcW
DestroyMenu
SetClassLongA
EnumDisplayMonitors
GetSystemMetrics
IsCharAlphaW
CreateDesktopA
SetMenuItemInfoA
WindowFromPoint
OemToCharBuffW
CascadeWindows
TranslateMessage
SetMenuItemInfoW
IMPSetIMEA
SetWindowsHookW
OemKeyScan
CloseWindowStation
DdeFreeDataHandle
CallWindowProcW
CountClipboardFormats
IsDlgButtonChecked
GetWindowWord
LoadAcceleratorsW
GetWindowTextA
IsChild
TrustIsCertificateSelfSigned
SoftpubAuthenticode
HTTPSFinalProv
WTHelperGetFileName
CryptCATPutMemberInfo
CryptCATGetMemberInfo
WintrustAddDefaultForUsage
WTHelperCertIsSelfSigned
AddPersonalTrustDBPages
WTHelperOpenKnownStores
CryptCATCDFEnumMembers
WVTAsn1SpcStatementTypeEncode
CryptSIPRemoveSignedDataMsg
SoftpubLoadMessage
WTHelperGetKnownUsages
DriverCleanupPolicy
WTHelperGetAgencyInfo
TrustFindIssuerCertificate
WVTAsn1SpcFinancialCriteriaInfoEncode
CryptCATEnumerateMember
WintrustGetRegPolicyFlags
WintrustCertificateTrust
CryptCATGetCatAttrInfo
WintrustRemoveActionID
WVTAsn1SpcPeImageDataEncode
WintrustLoadFunctionPointers
Number of PE resources by type
RT_VERSION 1
Number of PE resources by language
ENGLISH AUS 1
PE resources
ExifTool file metadata
MIMEType
application/octet-stream

Subsystem
Windows GUI

MachineType
Intel 386 or later, and compatibles

TimeStamp
2011:04:09 22:57:17+01:00

FileType
Win32 EXE

PEType
PE32

CodeSize
114688

LinkerVersion
7.1

FileAccessDate
2014:06:11 07:25:27+01:00

EntryPoint
0x1a36a

InitializedDataSize
167936

SubsystemVersion
4.0

ImageVersion
7.1

OSVersion
4.0

FileCreateDate
2014:06:11 07:25:27+01:00

UninitializedDataSize
0

File identification
MD5 d082a5252c1610890e652c129af3107e
SHA1 5bdaae76b9e63f0f2735d5cfb0803ab73efa633d
SHA256 02d1cf0e77bb0d3dfe8d0d259e0c63ec059acd099db50f35fa69b440dfdad8ce
ssdeep
6144:GNGacWd5fxoOB3/KqLaGo6Os9b8aCgt52rmef:gGM9D9OseaC25S

imphash 3117111b294f21f9d97bf7b00deba65b
File size 197.0 KB ( 201728 bytes )
File type Win32 EXE
Magic literal
PE32 executable for MS Windows (GUI) Intel 80386 32-bit

TrID Win32 Dynamic Link Library (generic) (43.5%)
Win32 Executable (generic) (29.8%)
Generic Win/DOS Executable (13.2%)
DOS Executable Generic (13.2%)
Autodesk FLIC Image File (extensions: flc, fli, cel) (0.0%)
Tags
peexe

VirusTotal metadata
First submission 2014-06-04 05:41:27 UTC ( 4 years, 9 months ago )
Last submission 2014-06-04 05:41:29 UTC ( 4 years, 9 months ago )
File names Kubohe
YIsdgcN.rar
KB106795265.exe
7a7710d76795ce63dd96850770b142087f68680f7fc060172c0a1afb5067bfd5-1401860485
Ssyeepa.exe
nana.exe
monflal.exe
Advanced heuristic and reputation engines
Symantec reputation Suspicious.Insight
No comments. No VirusTotal Community member has commented on this item yet, be the first one to do so!

Leave your comment...

?
Post comment

You have not signed in. Only registered users can leave comments, sign in and have a voice!

No votes. No one has voted on this item yet, be the first one to do so!
Condensed report! The following is a condensed report of the behaviour of the file when executed in a controlled environment. The actions and events described were either performed by the file itself or by any other process launched by the executed file or subjected to code injection by the executed file.
Opened files
Read files
Opened mutexes
Runtime DLLs
Additional details
The file sends control codes directly to certain device drivers making use of the DeviceIoControl Windows API function.