× Cookies are disabled! This site requires cookies to be enabled to work properly
SHA256: 0b507536865a47dfa862d6f4073d4fb71bb832d64b89a7470d15778135c3e783
File name: 13cccd963021243a163fbadf83b97cd56f120518
Detection ratio: 38 / 56
Analysis date: 2014-11-28 08:48:51 UTC ( 4 years, 2 months ago )
Antivirus Result Update
Ad-Aware Gen:Variant.Barys.10229 20141128
AhnLab-V3 Win-Trojan/Bladabindi.Gen 20141127
ALYac Gen:Variant.Barys.10229 20141128
Avast MSIL:Agent-ANE [Trj] 20141128
AVG MSIL.AP 20141128
Avira (no cloud) TR/Spy.Gen8 20141128
AVware Trojan.MSIL.Bladabindi.be (v) 20141121
BitDefender Gen:Variant.Barys.10229 20141128
CAT-QuickHeal Backdoor.Bladabindi.A3 20141128
Comodo TrojWare.MSIL.Bladabindi.O 20141128
Cyren W32/MSIL_Troj.AP.gen!Eldorado 20141128
DrWeb BackDoor.Bladabindi.1393 20141128
Emsisoft Gen:Variant.Barys.10229 (B) 20141128
ESET-NOD32 a variant of MSIL/Bladabindi.O 20141128
F-Prot W32/MSIL_Troj.AP.gen!Eldorado 20141128
F-Secure Gen:Variant.Barys.10229 20141128
Fortinet MSIL/Agent.PPW!tr 20141128
GData Gen:Variant.Barys.10229 20141128
Ikarus Trojan.MSIL.Bladabindi 20141128
Jiangmin Trojan/Generic.axomn 20141127
K7AntiVirus Trojan ( 700000121 ) 20141127
K7GW Trojan ( 700000121 ) 20141128
Kaspersky HEUR:Trojan.Win32.Generic 20141128
Kingsoft Win32.Troj.Undef.(kcloud) 20141128
Malwarebytes Backdoor.Bot.MSIL 20141128
McAfee Trojan-FAUE!D8EDEC08A7CB 20141128
McAfee-GW-Edition BehavesLike.Win32.Backdoor.cm 20141128
Microsoft Backdoor:MSIL/Bladabindi.AA 20141128
eScan Gen:Variant.Barys.10229 20141128
NANO-Antivirus Trojan.Win32.Autoruner.dciaqm 20141128
Norman Bladabindi.HY 20141128
Qihoo-360 Malware.QVM03.Gen 20141128
Rising PE:Backdoor.MSIL.Bladabindi!1.9DE6 20141126
Sophos AV Mal/MSIL-FE 20141128
Symantec Backdoor.Ratenjay!gen1 20141128
TrendMicro BKDR_BLADABI.SMC 20141128
TrendMicro-HouseCall BKDR_BLADABI.SMC 20141128
VIPRE Trojan.MSIL.Bladabindi.be (v) 20141128
AegisLab 20141128
Yandex 20141126
Antiy-AVL 20141128
Baidu-International 20141127
Bkav 20141127
ByteHero 20141128
ClamAV 20141128
CMC 20141127
nProtect 20141127
Panda 20141127
SUPERAntiSpyware 20141127
Tencent 20141128
TheHacker 20141124
TotalDefense 20141127
VBA32 20141127
ViRobot 20141127
Zillya 20141127
Zoner 20141127
The file being studied is a Portable Executable file! More specifically, it is a Win32 EXE file for the Windows GUI subsystem.
PE header basic information
Target machine Intel 386 or later processors and compatible processors
Compilation timestamp 2014-11-10 18:03:42
Entry Point 0x0000C42E
Number of sections 3
PE sections
PE imports
_CorExeMain
Number of PE resources by type
RT_ICON 5
RT_MANIFEST 1
RT_GROUP_ICON 1
Number of PE resources by language
NEUTRAL 7
PE resources
ExifTool file metadata
MIMEType
application/octet-stream

Subsystem
Windows GUI

MachineType
Intel 386 or later, and compatibles

TimeStamp
2014:11:10 19:03:42+01:00

FileType
Win32 EXE

PEType
PE32

CodeSize
42496

LinkerVersion
8.0

FileAccessDate
2014:11:28 09:50:21+01:00

EntryPoint
0xc42e

InitializedDataSize
110080

SubsystemVersion
4.0

ImageVersion
0.0

OSVersion
4.0

FileCreateDate
2014:11:28 09:50:21+01:00

UninitializedDataSize
0

Compressed bundles
File identification
MD5 d8edec08a7cbb4de3121afcdab038607
SHA1 13cccd963021243a163fbadf83b97cd56f120518
SHA256 0b507536865a47dfa862d6f4073d4fb71bb832d64b89a7470d15778135c3e783
ssdeep
3072:ZT3yiH+hTXEuRy+P02R4hxLB88AN2vvE7pjYFoqphjsjwoHlppHG:R3yiH+hrP0Rh1BQN2vvE7pjYFoqphjsR

authentihash c49534e786f33e423a76227ce8019a49e6192001b9e7be61bb4ad0709daf30fb
imphash f34d5f2d4577ed6d9ceec516c1f5a744
File size 149.5 KB ( 153088 bytes )
File type Win32 EXE
Magic literal
PE32 executable for MS Windows (GUI) Intel 80386 32-bit Mono/.Net assembly

TrID Generic CIL Executable (.NET, Mono, etc.) (63.1%)
Win64 Executable (generic) (23.8%)
Win32 Dynamic Link Library (generic) (5.6%)
Win32 Executable (generic) (3.8%)
Generic Win/DOS Executable (1.7%)
Tags
peexe assembly

VirusTotal metadata
First submission 2014-11-28 08:48:51 UTC ( 4 years, 2 months ago )
Last submission 2014-11-28 08:48:51 UTC ( 4 years, 2 months ago )
File names 13cccd963021243a163fbadf83b97cd56f120518
No comments. No VirusTotal Community member has commented on this item yet, be the first one to do so!

Leave your comment...

?
Post comment

You have not signed in. Only registered users can leave comments, sign in and have a voice!

No votes. No one has voted on this item yet, be the first one to do so!
Condensed report! The following is a condensed report of the behaviour of the file when executed in a controlled environment. The actions and events described were either performed by the file itself or by any other process launched by the executed file or subjected to code injection by the executed file.
DNS requests