× Cookies are disabled! This site requires cookies to be enabled to work properly
SHA256: 0803eb5aabb7a5454d0fe7da7fb3ceaecb23c828a4de934633406c6ad8154c1e
File name: doc.exe
Detection ratio: 18 / 53
Analysis date: 2016-08-06 07:24:42 UTC ( 2 years, 7 months ago ) View latest
Antivirus Result Update
Ad-Aware Trojan.GenericKD.3443373 20160806
Arcabit Trojan.Generic.D348AAD 20160806
AVG Generic_r.MAP 20160806
BitDefender Trojan.GenericKD.3443373 20160806
Cyren W32/TeslaCrypt.G.gen!Eldorado 20160806
Emsisoft Trojan.GenericKD.3443373 (B) 20160806
ESET-NOD32 Win32/TrojanDownloader.Agent.CKQ 20160806
F-Prot W32/TeslaCrypt.G.gen!Eldorado 20160806
Fortinet W32/Agent.CKQ!tr.dldr 20160806
GData Trojan.GenericKD.3443373 20160806
Kaspersky Trojan.Win32.Inject.aarzg 20160806
McAfee RDN/Generic.com 20160806
McAfee-GW-Edition BehavesLike.Win32.Downloader.dc 20160805
eScan Trojan.GenericKD.3443373 20160806
Panda Generic Suspicious 20160805
Sophos AV Mal/Generic-S 20160806
Symantec Heur.AdvML.B 20160806
ViRobot Trojan.Win32.U.Agent.254464.C[h] 20160806
AegisLab 20160806
AhnLab-V3 20160805
Alibaba 20160805
ALYac 20160806
Antiy-AVL 20160806
Avast 20160806
Avira (no cloud) 20160806
AVware 20160806
Baidu 20160806
Bkav 20160805
CAT-QuickHeal 20160805
ClamAV 20160806
CMC 20160804
Comodo 20160806
DrWeb 20160806
F-Secure 20160806
Ikarus 20160805
Jiangmin 20160806
K7AntiVirus 20160806
K7GW 20160806
Kingsoft 20160806
Malwarebytes 20160806
Microsoft 20160806
NANO-Antivirus 20160806
nProtect 20160805
Qihoo-360 20160806
SUPERAntiSpyware 20160806
Tencent 20160806
TheHacker 20160806
TrendMicro 20160806
TrendMicro-HouseCall 20160806
VBA32 20160805
VIPRE 20160806
Zillya 20160805
Zoner 20160806
The file being studied is a Portable Executable file! More specifically, it is a Win32 EXE file for the Windows GUI subsystem.
FileVersionInfo properties
Copyright
XMedia Recode ©. All rights reserved.

Product Sun Old
Original name Sun Old
Internal name Sun Old
File version 4.3.6.4
Description Thermostat One Perspective Torito Adjoining
Comments Thermostat One Perspective Torito Adjoining
PE header basic information
Target machine Intel 386 or later processors and compatible processors
Compilation timestamp 2016-08-03 10:53:41
Entry Point 0x0000B557
Number of sections 6
PE sections
PE imports
Ord(4)
Ord(6)
Ord(5)
Ord(9)
RegSetValueExA
RegCloseKey
RegCreateKeyExA
ImageList_GetImageCount
InitCommonControlsEx
ImageList_Destroy
CreateToolbarEx
ImageList_Draw
ImageList_GetImageInfo
ImageList_Create
Ord(17)
ImageList_GetBkColor
ImageList_ReplaceIcon
ImageList_LoadImageA
GetOpenFileNameA
SetMapMode
CreatePen
TextOutA
GetTextMetricsA
SetStretchBltMode
Rectangle
GetObjectA
CreateCompatibleDC
DeleteDC
SetBkMode
DeleteObject
CreateHatchBrush
MoveToEx
GetStockObject
SetViewportOrgEx
LineTo
RoundRect
StretchBlt
StretchDIBits
ExtEscape
SelectObject
SetWindowExtEx
CreateSolidBrush
DPtoLP
SetTextColor
SetBkColor
SetViewportExtEx
GetStdHandle
GetConsoleOutputCP
WaitForSingleObject
FreeEnvironmentStringsA
DeleteCriticalSection
GetCurrentProcess
GetConsoleMode
GetLocaleInfoA
FreeEnvironmentStringsW
GetLocaleInfoW
SetStdHandle
WideCharToMultiByte
GetStringTypeA
WriteFile
GetSystemTimeAsFileTime
EnumResourceLanguagesA
HeapReAlloc
GetStringTypeW
SetEvent
LoadResource
InterlockedDecrement
GetFullPathNameW
SetLastError
IsDebuggerPresent
ExitProcess
GetModuleFileNameA
EnumSystemLocalesA
LoadLibraryExA
UnhandledExceptionFilter
TlsGetValue
MultiByteToWideChar
GetModuleHandleA
SetUnhandledExceptionFilter
TerminateProcess
WriteConsoleA
GlobalAlloc
GetCurrentThreadId
LeaveCriticalSection
WriteConsoleW
InitializeCriticalSectionAndSpinCount
HeapFree
EnterCriticalSection
SetHandleCount
LoadLibraryW
GetOEMCP
QueryPerformanceCounter
GetTickCount
TlsAlloc
FlushFileBuffers
LoadLibraryA
RtlUnwind
GetStartupInfoA
GetUserDefaultLCID
FindFirstFileA
IsValidLocale
GetProcAddress
GetConsoleWindow
CreateEventA
GetFileType
TlsSetValue
CreateFileA
HeapAlloc
InterlockedIncrement
GetLastError
LCMapStringW
GlobalFree
GetConsoleCP
LCMapStringA
GetEnvironmentStringsW
GlobalUnlock
lstrlenW
GetEnvironmentStrings
GetCurrentProcessId
LockResource
GetCPInfo
HeapSize
GetCommandLineA
RaiseException
TlsFree
SetFilePointer
ReadFile
SetConsoleTitleA
CloseHandle
GetACP
GlobalLock
GetModuleHandleW
SizeofResource
IsValidCodePage
HeapCreate
VirtualFree
Sleep
FindResourceA
VirtualAlloc
acmMetrics
acmFormatEnumA
SafeArrayAccessData
SafeArrayGetLBound
SafeArrayUnaccessData
VariantClear
SafeArrayDestroy
SafeArrayCreate
SafeArrayGetUBound
SafeArrayGetDim
RpcBindingFromStringBindingW
RpcStringBindingComposeW
UuidCreate
RpcStringFreeW
SHGetFolderPathW
SHGetSpecialFolderLocation
SHGetMalloc
SHGetSpecialFolderPathA
Shell_NotifyIconA
PathFindFileNameA
EmptyClipboard
UpdateWindow
EndDialog
BeginPaint
GetScrollPos
EnableScrollBar
PostQuitMessage
DefWindowProcA
ShowWindow
SendDlgItemMessageA
SetScrollPos
SetScrollRange
DestroyIcon
DispatchMessageA
ScreenToClient
LookupIconIdFromDirectory
MessageBoxA
PeekMessageA
SetWindowLongA
TranslateMessage
GetAsyncKeyState
InvalidateRect
CheckMenuRadioItem
GetDC
InsertMenuItemA
GetCursorPos
ReleaseDC
CreatePopupMenu
GetMenu
wsprintfA
SetClipboardData
IsWindowVisible
SendMessageA
SetForegroundWindow
GetClientRect
GetDlgItem
EnableMenuItem
RegisterClassA
DeleteMenu
AppendMenuA
LoadAcceleratorsA
GetWindowLongA
FindWindowExA
CreateWindowExA
LoadCursorA
LoadIconA
FillRect
CreateIconFromResource
LoadImageA
GetSystemMenu
SetScrollInfo
EndPaint
CloseClipboard
DestroyWindow
OpenClipboard
mmioClose
mmioOpenA
mmioDescend
WSAEnumProtocolsA
htons
gethostbyaddr
inet_addr
connect
CLSIDFromString
CoInitialize
StgOpenStorage
OleGetClipboard
Number of PE resources by type
RT_ICON 5
RT_DIALOG 4
RT_GROUP_CURSOR 2
RT_CURSOR 2
RT_MANIFEST 1
RT_MENU 1
RT_BITMAP 1
RT_VERSION 1
RT_GROUP_ICON 1
Number of PE resources by language
ENGLISH US 18
PE resources
Debug information
ExifTool file metadata
LegalTrademarks
XMedia Recode . All rights reserved.

SubsystemVersion
5.0

Comments
Thermostat One Perspective Torito Adjoining

Languages
English

InitializedDataSize
145920

ImageVersion
0.0

FileSubtype
0

FileVersionNumber
4.3.6.4

LanguageCode
English (U.S.)

FileFlagsMask
0x003f

FileDescription
Thermostat One Perspective Torito Adjoining

CharacterSet
Unicode

LinkerVersion
9.0

PrivateBuild
4.3.6.4

EntryPoint
0xb557

OriginalFileName
Sun Old

MIMEType
application/octet-stream

LegalCopyright
XMedia Recode . All rights reserved.

FileVersion
4.3.6.4

TimeStamp
2016:08:03 11:53:41+01:00

FileType
Win32 EXE

PEType
PE32

InternalName
Sun Old

ProductVersion
4.3.6.4

UninitializedDataSize
0

OSVersion
5.0

FileOS
Windows NT 32-bit

Subsystem
Windows GUI

MachineType
Intel 386 or later, and compatibles

CompanyName
XMedia Recode

CodeSize
107520

ProductName
Sun Old

ProductVersionNumber
4.3.6.4

FileTypeExtension
exe

ObjectFileType
Executable application

AssemblyVersion
4.3.6.4

File identification
MD5 104906bd958368cb58e1f356e960e914
SHA1 53d06dbbdc74a51dba29f9e9451805e762a6dc23
SHA256 0803eb5aabb7a5454d0fe7da7fb3ceaecb23c828a4de934633406c6ad8154c1e
ssdeep
6144:pVc8Q5iuMJmjHGpHVBVM7itlLwFWsCaIIcpyGnH:ptmjHGp1BVEGsCbI/Gn

authentihash 240a510ccc4cd0a3088e99529a41c943ba21774ad524e56e6c93a922d62c57de
imphash f66c0f43b13a2cefd3a5bafc088cf71d
File size 248.5 KB ( 254464 bytes )
File type Win32 EXE
Magic literal
PE32 executable for MS Windows (GUI) Intel 80386 32-bit

TrID InstallShield setup (48.1%)
Win32 Executable MS Visual C++ (generic) (34.9%)
Win32 Dynamic Link Library (generic) (7.3%)
Win32 Executable (generic) (5.0%)
Generic Win/DOS Executable (2.2%)
Tags
peexe

VirusTotal metadata
First submission 2016-08-05 19:53:47 UTC ( 2 years, 7 months ago )
Last submission 2016-08-25 05:11:28 UTC ( 2 years, 7 months ago )
File names Sun Old
doc.exe
kkk
doc.exe
No comments. No VirusTotal Community member has commented on this item yet, be the first one to do so!

Leave your comment...

?
Post comment

You have not signed in. Only registered users can leave comments, sign in and have a voice!

No votes. No one has voted on this item yet, be the first one to do so!
Condensed report! The following is a condensed report of the behaviour of the file when executed in a controlled environment. The actions and events described were either performed by the file itself or by any other process launched by the executed file or subjected to code injection by the executed file.
Opened files
Read files
Runtime DLLs
UDP communications