× Cookies are disabled! This site requires cookies to be enabled to work properly
SHA256: 08ad3d332bca4444de8a05429b3925edafd83be61b0dd57a76e73207bec19981
File name: jydemnr66.exe
Detection ratio: 11 / 55
Analysis date: 2015-04-01 08:16:03 UTC ( 4 years, 1 month ago ) View latest
Antivirus Result Update
AVware Win32.Malware!Drop 20150401
ESET-NOD32 Win32/Battdil.P 20150401
Fortinet W32/Waski.F!tr 20150401
Kaspersky Backdoor.Win32.Caphaw.vhq 20150401
McAfee Artemis!7948BF67614E 20150401
Qihoo-360 HEUR/QVM07.1.Malware.Gen 20150401
Rising PE:Malware.Obscure!1.9C59 20150331
Symantec Infostealer.Dyranges 20150401
Tencent Trojan.Win32.Qudamah.Gen.24 20150401
TrendMicro-HouseCall Suspicious_GEN.F47V0331 20150401
VIPRE Win32.Malware!Drop 20150401
Ad-Aware 20150401
AegisLab 20150401
Yandex 20150331
AhnLab-V3 20150331
Alibaba 20150401
ALYac 20150401
Antiy-AVL 20150401
Avast 20150401
AVG 20150331
Avira (no cloud) 20150401
Baidu-International 20150331
BitDefender 20150401
Bkav 20150331
ByteHero 20150401
CAT-QuickHeal 20150401
ClamAV 20150401
CMC 20150401
Comodo 20150401
Cyren 20150401
DrWeb 20150401
Emsisoft 20150401
F-Prot 20150401
F-Secure 20150401
GData 20150401
Ikarus 20150401
Jiangmin 20150331
K7AntiVirus 20150401
K7GW 20150401
Kingsoft 20150401
Malwarebytes 20150401
McAfee-GW-Edition 20150331
Microsoft 20150401
eScan 20150401
NANO-Antivirus 20150401
Norman 20150401
nProtect 20150401
Panda 20150331
Sophos AV 20150331
SUPERAntiSpyware 20150401
TheHacker 20150330
TotalDefense 20150331
TrendMicro 20150401
VBA32 20150331
ViRobot 20150401
Zillya 20150401
Zoner 20150330
The file being studied is a Portable Executable file! More specifically, it is a Win32 EXE file for the Windows GUI subsystem.
FileVersionInfo properties
Copyright
Copyright (C) 2015

File version 1, 0, 0, 1
PE header basic information
Target machine Intel 386 or later processors and compatible processors
Compilation timestamp 1982-06-30 16:40:32
Entry Point 0x0000262A
Number of sections 4
PE sections
PE imports
OpenServiceW
SetSecurityDescriptorControl
CloseServiceHandle
AVIFileAddRef
SelectObject
CreateBitmap
CreateDCW
GetLastError
HeapFree
GetStdHandle
LCMapStringW
SetHandleCount
TerminateThread
GetFileAttributesA
GetOEMCP
LCMapStringA
HeapDestroy
GetTickCount
GetEnvironmentStringsW
LoadLibraryA
RtlUnwind
GetModuleFileNameA
FreeEnvironmentStringsA
HeapAlloc
GetStartupInfoA
GetEnvironmentStrings
WideCharToMultiByte
UnhandledExceptionFilter
MultiByteToWideChar
HeapSize
FreeEnvironmentStringsW
GetCommandLineA
GetProcAddress
OpenMutexA
RaiseException
GetCPInfo
GetStringTypeA
GetModuleHandleA
WriteFile
GetCurrentProcess
ResetEvent
GetACP
HeapReAlloc
GetStringTypeW
TerminateProcess
CreateEventW
HeapCreate
VirtualFree
FindClose
Sleep
GetFileType
ExitProcess
GetVersion
VirtualAlloc
EnableWindow
LoadCursorW
PostMessageW
SendMessageW
ShowWindow
auxSetVolume
select
recv
WSAGetLastError
send
PE exports
Number of PE resources by type
RT_DIALOG 2
RT_BITMAP 1
RT_VERSION 1
Number of PE resources by language
RUSSIAN 4
PE resources
ExifTool file metadata
UninitializedDataSize
0

LinkerVersion
6.0

ImageVersion
8.2

FileVersionNumber
1.0.0.1

LanguageCode
Russian

FileFlagsMask
0x0017

CharacterSet
Unicode

InitializedDataSize
483328

EntryPoint
0x262a

MIMEType
application/octet-stream

Subsystem
Windows GUI

FileVersion
1, 0, 0, 1

TimeStamp
1982:06:30 17:40:32+01:00

FileType
Win32 EXE

PEType
PE32

ProductVersion
1, 0, 0, 1

SubsystemVersion
4.0

OSVersion
4.0

FileOS
Win32

LegalCopyright
Copyright (C) 2015

MachineType
Intel 386 or later, and compatibles

CodeSize
32768

FileSubtype
0

ProductVersionNumber
1.0.0.1

FileTypeExtension
exe

ObjectFileType
Executable application

Execution parents
File identification
MD5 7948bf67614e1c5537d59c3859f81088
SHA1 d4960cf2a8747c7ec989bb73e5c0fae08ca20d7c
SHA256 08ad3d332bca4444de8a05429b3925edafd83be61b0dd57a76e73207bec19981
ssdeep
12288:1VGGBP0moeW3GphCYzY+5cJl/rGNnMrRKbY:iSP3oeDXC+5cDjGNa4M

authentihash 9a10f47cbf09bfc73bf6d53d51a70a6e689308ed9581f6a215b8d579ee43bef1
imphash 73ab5e61d71a04f8eb848656ac34fbf5
File size 508.0 KB ( 520192 bytes )
File type Win32 EXE
Magic literal
PE32 executable for MS Windows (GUI) Intel 80386 32-bit

TrID Win32 Executable MS Visual C++ (generic) (67.4%)
Win32 Dynamic Link Library (generic) (14.2%)
Win32 Executable (generic) (9.7%)
Generic Win/DOS Executable (4.3%)
DOS Executable Generic (4.3%)
Tags
peexe

VirusTotal metadata
First submission 2015-03-31 21:27:22 UTC ( 4 years, 1 month ago )
Last submission 2015-04-07 06:41:31 UTC ( 4 years, 1 month ago )
File names iIlwlULnoVApSJJ.exe
rlrjszj66.exe
kvcyxuk03.exe
vt-upload-jBDcry
wxqbgpw81.exe
08ad3d332bca4444de8a05429b3925edafd83be61b0dd57a76e73207bec19981.bin
jydemnr66.exe
yrffqzv53.exe_
08ad3d332bca4444de8a05429b3925edafd83be61b0dd57a76e73207bec19981.exe
yMGfXJULVjNDTkt.exe
tybherf59.exe
ixnyvsy41.exe
GITBELpWVtdLvVS.exe
trknpoi43.exe
Advanced heuristic and reputation engines
Symantec reputation Suspicious.Insight
No comments. No VirusTotal Community member has commented on this item yet, be the first one to do so!

Leave your comment...

?
Post comment

You have not signed in. Only registered users can leave comments, sign in and have a voice!

No votes. No one has voted on this item yet, be the first one to do so!
Condensed report! The following is a condensed report of the behaviour of the file when executed in a controlled environment. The actions and events described were either performed by the file itself or by any other process launched by the executed file or subjected to code injection by the executed file.
Opened files
Read files
Terminated processes
Created mutexes
Opened mutexes
Opened service managers
Opened services
Runtime DLLs
Additional details
The file sends control codes directly to certain device drivers making use of the DeviceIoControl Windows API function.
UDP communications