× Cookies are disabled! This site requires cookies to be enabled to work properly
SHA256: 09c1dd2fea65ae07e21c3e040042b34ce6b2adf6b253bb410044838c68abfde6
File name: baura.exe
Detection ratio: 3 / 52
Analysis date: 2014-05-28 12:36:49 UTC ( 4 years, 12 months ago ) View latest
Antivirus Result Update
Bkav HW32.CDB.5f48 20140528
ESET-NOD32 Win32/Spy.Zbot.AAU 20140528
Rising PE:Malware.XPACK-HIE/Heur!1.9C48 20140528
Ad-Aware 20140528
AegisLab 20140528
Yandex 20140527
AhnLab-V3 20140528
AntiVir 20140528
Antiy-AVL 20140528
Avast 20140528
AVG 20140528
Baidu-International 20140528
BitDefender 20140528
ByteHero 20140528
CAT-QuickHeal 20140528
ClamAV 20140528
CMC 20140528
Commtouch 20140528
Comodo 20140528
DrWeb 20140528
Emsisoft 20140528
F-Prot 20140528
F-Secure 20140528
Fortinet 20140528
GData 20140528
Ikarus 20140528
Jiangmin 20140528
K7AntiVirus 20140527
K7GW 20140527
Kaspersky 20140528
Kingsoft 20140528
Malwarebytes 20140528
McAfee 20140528
McAfee-GW-Edition 20140528
Microsoft 20140528
eScan 20140528
NANO-Antivirus 20140528
Norman 20140528
nProtect 20140528
Panda 20140528
Qihoo-360 20140528
Sophos AV 20140528
SUPERAntiSpyware 20140528
Symantec 20140528
Tencent 20140528
TheHacker 20140528
TotalDefense 20140528
TrendMicro 20140528
TrendMicro-HouseCall 20140528
VBA32 20140527
VIPRE 20140528
ViRobot 20140528
The file being studied is a Portable Executable file! More specifically, it is a Win32 EXE file for the Windows GUI subsystem.
PE header basic information
Target machine Intel 386 or later processors and compatible processors
Compilation timestamp 2014-05-27 20:27:36
Entry Point 0x0000116F
Number of sections 4
PE sections
PE imports
GetLastError
HeapFree
GetStdHandle
EnterCriticalSection
SetHandleCount
GetModuleFileNameW
GetOEMCP
GetEnvironmentStringsW
IsDebuggerPresent
ExitProcess
TlsAlloc
VirtualProtect
GetVersionExA
GetModuleFileNameA
RtlUnwind
LoadLibraryA
FreeEnvironmentStringsA
GetCurrentProcess
LoadLibraryExA
GetEnvironmentStrings
HeapSize
GetCurrentProcessId
GetCommandLineW
UnhandledExceptionFilter
LoadLibraryExW
MultiByteToWideChar
GetStartupInfoW
FreeEnvironmentStringsW
GetCommandLineA
GetProcAddress
GetSystemPowerStatus
EncodePointer
GetProcessHeap
GetCPInfo
TlsFree
GetModuleHandleA
GetSystemTimeAsFileTime
WriteFile
GetStartupInfoA
IsProcessorFeaturePresent
GetACP
HeapReAlloc
DecodePointer
HeapDestroy
TerminateProcess
QueryPerformanceCounter
IsValidCodePage
OutputDebugStringW
VirtualFree
TlsGetValue
GetFileType
GetTickCount
TlsSetValue
HeapAlloc
GetCurrentThreadId
VirtualAlloc
HeapCreate
SetLastError
LeaveCriticalSection
mmioOpenW
mmioRead
mmioAscend
mmioClose
Number of PE resources by type
RT_ICON 2
RT_MENU 1
RT_MANIFEST 1
RT_GROUP_ICON 1
Number of PE resources by language
ENGLISH US 5
PE resources
ExifTool file metadata
MIMEType
application/octet-stream

Subsystem
Windows GUI

MachineType
Intel 386 or later, and compatibles

FileTypeExtension
exe

TimeStamp
2014:05:27 21:27:36+01:00

FileType
Win32 EXE

PEType
PE32

CodeSize
416768

LinkerVersion
11.0

EntryPoint
0x116f

InitializedDataSize
269824

SubsystemVersion
5.0

ImageVersion
0.0

OSVersion
5.0

UninitializedDataSize
0

File identification
MD5 f110e68acb1fe9e809089ccde42cd87f
SHA1 14a646727b9641bd168ab11f3241be45c97c267d
SHA256 09c1dd2fea65ae07e21c3e040042b34ce6b2adf6b253bb410044838c68abfde6
ssdeep
12288:DH8/j68tLfqDwUEzbpPK4nbMSM0kEN5Fenwtq/IKAg1zJlUWrxz:W0wRFPK4ni0BDFeB/JAgRJlXtz

authentihash 953e400dfe40ef1736be5712201e653389f2fba895b37f7f2ce3e2ffda78530b
imphash f402871f7dadd9eba3c0e41a9fc56125
File size 671.5 KB ( 687616 bytes )
File type Win32 EXE
Magic literal
PE32 executable for MS Windows (GUI) Intel 80386 32-bit

TrID Win64 Executable (generic) (64.6%)
Win32 Dynamic Link Library (generic) (15.3%)
Win32 Executable (generic) (10.5%)
Generic Win/DOS Executable (4.6%)
DOS Executable Generic (4.6%)
Tags
peexe

VirusTotal metadata
First submission 2014-05-28 12:36:49 UTC ( 4 years, 12 months ago )
Last submission 2014-05-28 12:36:49 UTC ( 4 years, 12 months ago )
File names baura.exe
Advanced heuristic and reputation engines
ClamAV
Possibly Unwanted Application. While not necessarily malicious, the scanned file presents certain characteristics which depending on the user policies and environment may or may not represent a threat. For full details see: https://www.clamav.net/documents/potentially-unwanted-applications-pua .

Symantec reputation Suspicious.Insight
No comments. No VirusTotal Community member has commented on this item yet, be the first one to do so!

Leave your comment...

?
Post comment

You have not signed in. Only registered users can leave comments, sign in and have a voice!

No votes. No one has voted on this item yet, be the first one to do so!
Condensed report! The following is a condensed report of the behaviour of the file when executed in a controlled environment. The actions and events described were either performed by the file itself or by any other process launched by the executed file or subjected to code injection by the executed file.
Opened files
Read files
Written files
Created mutexes
Runtime DLLs
Additional details
The file sends control codes directly to certain device drivers making use of the DeviceIoControl Windows API function.