× Cookies are disabled! This site requires cookies to be enabled to work properly
SHA256: 095a1f54fe71e6daadec7f928d6877ab4c81c1a680f1f30ee7b9ebf7f26b4af4
File name: 632.exe
Detection ratio: 1 / 55
Analysis date: 2015-07-06 08:06:24 UTC ( 2 years, 1 month ago ) View latest
Antivirus Result Update
Qihoo-360 HEUR/QVM20.1.Malware.Gen 20150706
Ad-Aware 20150706
AegisLab 20150706
Yandex 20150630
AhnLab-V3 20150705
Alibaba 20150630
ALYac 20150706
Antiy-AVL 20150706
Arcabit 20150706
Avast 20150706
AVG 20150706
Avira (no cloud) 20150706
AVware 20150706
Baidu-International 20150706
BitDefender 20150706
Bkav 20150704
ByteHero 20150706
CAT-QuickHeal 20150704
ClamAV 20150706
Comodo 20150706
Cyren 20150706
DrWeb 20150706
Emsisoft 20150706
ESET-NOD32 20150706
F-Prot 20150706
F-Secure 20150706
Fortinet 20150706
GData 20150702
Ikarus 20150706
Jiangmin 20150703
K7AntiVirus 20150706
K7GW 20150706
Kaspersky 20150706
Kingsoft 20150706
Malwarebytes 20150706
McAfee 20150706
McAfee-GW-Edition 20150705
Microsoft 20150706
eScan 20150706
NANO-Antivirus 20150706
nProtect 20150703
Panda 20150705
Rising 20150706
Sophos AV 20150706
SUPERAntiSpyware 20150706
Symantec 20150706
Tencent 20150706
TheHacker 20150706
TrendMicro 20150706
TrendMicro-HouseCall 20150706
VBA32 20150703
VIPRE 20150706
ViRobot 20150706
Zillya 20150706
Zoner 20150706
The file being studied is a Portable Executable file! More specifically, it is a Win32 EXE file for the Windows GUI subsystem.
FileVersionInfo properties
Copyright
© ?????????? ??????????. ??? ????? ????????.

Product ???????????? ??????? Microsoft® Windows®
Original name SendCMsg.dll
Internal name SENDCMSG
File version 5.1.2600.5524 (xpsp.080413-2108)
Description ???????? ????????? ???????
PE header basic information
Target machine Intel 386 or later processors and compatible processors
Compilation timestamp 1990-08-04 02:13:09
Entry Point 0x00052FD0
Number of sections 7
PE sections
PE imports
GetModuleHandleA
WaitForSingleObject
ResetEvent
CreateFileA
GetModuleFileNameA
GetModuleHandleW
SetDlgItemInt
PostMessageA
SetWindowsHookExA
GetDlgItemInt
GetDlgItemTextA
Number of PE resources by type
RT_DIALOG 3
RT_STRING 2
TYPELIB 1
RT_MANIFEST 1
RT_BITMAP 1
RT_VERSION 1
Number of PE resources by language
RUSSIAN 9
PE resources
ExifTool file metadata
UninitializedDataSize
4608

LinkerVersion
4.24

ImageVersion
1.0

FileSubtype
0

FileVersionNumber
5.1.2600.5514

LanguageCode
Russian

FileFlagsMask
0x003f

CharacterSet
Unicode

InitializedDataSize
373248

EntryPoint
0x52fd0

OriginalFileName
SendCMsg.dll

MIMEType
application/octet-stream

LegalCopyright
. .

FileVersion
5.1.2600.5524 (xpsp.080413-2108)

TimeStamp
1990:08:04 03:13:09+01:00

FileType
Win32 EXE

PEType
PE32

InternalName
SENDCMSG

ProductVersion
5.1.2600.5524

SubsystemVersion
4.2

OSVersion
4.2

FileOS
Windows NT 32-bit

Subsystem
Windows GUI

MachineType
Intel 386 or later, and compatibles

CodeSize
36864

ProductName
Microsoft Windows

ProductVersionNumber
5.1.2600.5514

FileTypeExtension
exe

ObjectFileType
Dynamic link library

Compressed bundles
File identification
MD5 9daf4c0bca8fbba53517fdab1ef4e16d
SHA1 cf4ce7bd7a6a57a9d4fd01be419921024b889148
SHA256 095a1f54fe71e6daadec7f928d6877ab4c81c1a680f1f30ee7b9ebf7f26b4af4
ssdeep
1536:xwRCYD5XL5x2bYU3Gg2Bx/bIYziTB16SUf30X3Y6cOtCY9z3uhuN9/IbkCUoiV:x8xCL0/iTAr6cO53uQ8b5Uoi

authentihash 2040f0b0b7c8ccf74bd08b21ca754e725ad6150e9fec34f1be69f43bfeae5f4e
imphash 5d22a489d9e39a6e5e50ca8cddbba0a7
File size 409.0 KB ( 418816 bytes )
File type Win32 EXE
Magic literal
PE32 executable for MS Windows (GUI) Intel 80386 32-bit system file

TrID Win32 Dynamic Link Library (generic) (43.5%)
Win32 Executable (generic) (29.8%)
Generic Win/DOS Executable (13.2%)
DOS Executable Generic (13.2%)
VXD Driver (0.2%)
Tags
peexe

VirusTotal metadata
First submission 2015-07-06 07:34:42 UTC ( 2 years, 1 month ago )
Last submission 2015-07-07 10:31:58 UTC ( 2 years, 1 month ago )
File names blogdynamoocom.exe
9daf4c0bca8fbba53517fdab1ef4e16d blogdynamoocom.exe.x
SendCMsg.dll
632_exe
9daf4c0bca8fbba53517fdab1ef4e16d.exe
CF4CE7BD7A6A57A9D4FD01BE419921024B889148
632.exe
SENDCMSG
6e7dfca1c8635f0da3eb8bc86985997c51c33ad3
blogdynamoocom.exe.dqt
632.exe
Advanced heuristic and reputation engines
Symantec reputation Suspicious.Insight
No comments. No VirusTotal Community member has commented on this item yet, be the first one to do so!

Leave your comment...

?
Post comment

You have not signed in. Only registered users can leave comments, sign in and have a voice!

No votes. No one has voted on this item yet, be the first one to do so!
Condensed report! The following is a condensed report of the behaviour of the file when executed in a controlled environment. The actions and events described were either performed by the file itself or by any other process launched by the executed file or subjected to code injection by the executed file.
Opened files
Read files
Written files
Deleted files
Code injections in the following processes
Created mutexes
Opened mutexes
Opened service managers
Opened services
Hooking activity
Runtime DLLs
Additional details
The file installs an application-defined hook procedure into a hook chain. You would install a hook procedure to monitor the system for certain types of events. These events are associated either with a specific thread or with all threads in the same desktop as the calling thread. This is done making use of the SetWindowsHook Windows API function.
HTTP requests
DNS requests
TCP connections