× Cookies are disabled! This site requires cookies to be enabled to work properly
SHA256: 0c3cd8256bbc05ae61755704c8cfd1ea6f85695ea827a3b44596c8c9c98f8d3c
File name: 5a326f3af066008db07c8277dc296127
Detection ratio: 30 / 57
Analysis date: 2015-03-29 19:37:55 UTC ( 3 years, 11 months ago ) View latest
Antivirus Result Update
Ad-Aware Trojan.Agent.BIPR 20150329
ALYac Trojan.Agent.BIPR 20150329
Antiy-AVL Trojan/Win32.Yakes 20150329
AVG FileCryptor.AUG 20150329
Avira (no cloud) TR/Crypt.Xpack.172028 20150329
AVware Trojan.Win32.Generic.pak!cobra 20150329
BitDefender Trojan.Agent.BIPR 20150329
Bkav HW32.Packed.918E 20150328
Comodo UnclassifiedMalware 20150329
Cyren W32/Trojan.HIIJ-7597 20150329
DrWeb Trojan.Encoder.514 20150329
Emsisoft Trojan.Agent.BIPR (B) 20150329
ESET-NOD32 Win32/Spy.Zbot.ACB 20150329
F-Prot W32/Trojan3.OLX 20150329
F-Secure Trojan.Agent.BIPR 20150329
Fortinet W32/Zbot.ACB!tr.spy 20150329
GData Trojan.Agent.BIPR 20150329
Ikarus Trojan-Spy.Agent 20150329
K7AntiVirus Trojan ( 00498ab51 ) 20150329
K7GW Trojan ( 004b8a7e1 ) 20150329
Kaspersky Trojan-Spy.Win32.Zbot.vgij 20150329
Malwarebytes Spyware.Password 20150329
McAfee Artemis!5A326F3AF066 20150329
eScan Trojan.Agent.BIPR 20150329
NANO-Antivirus Trojan.Win32.Tepfer.dpubjo 20150329
Rising PE:Malware.Obscure/Heur!1.9E03 20150329
Sophos AV Troj/Fondu-EM 20150329
Tencent Trojan.Win32.YY.Gen.24 20150329
TrendMicro-HouseCall TROJ_GEN.R0CCB01CT15 20150329
VIPRE Trojan.Win32.Generic.pak!cobra 20150329
AegisLab 20150329
Yandex 20150329
AhnLab-V3 20150329
Alibaba 20150329
Avast 20150329
Baidu-International 20150329
ByteHero 20150329
CAT-QuickHeal 20150328
ClamAV 20150329
CMC 20150327
Jiangmin 20150328
Kingsoft 20150329
McAfee-GW-Edition 20150329
Microsoft 20150329
Norman 20150329
nProtect 20150327
Panda 20150327
Qihoo-360 20150329
SUPERAntiSpyware 20150329
Symantec 20150329
TheHacker 20150327
TotalDefense 20150329
TrendMicro 20150329
VBA32 20150327
ViRobot 20150329
Zillya 20150329
Zoner 20150327
The file being studied is a Portable Executable file! More specifically, it is a Win32 EXE file for the Windows GUI subsystem.
PE header basic information
Target machine Intel 386 or later processors and compatible processors
Compilation timestamp 2015-03-26 16:18:08
Entry Point 0x0001050F
Number of sections 5
PE sections
Overlays
MD5 0a7caa9043b47d701aa8623541524f08
File type data
Offset 106496
Size 204800
Entropy 7.93
PE imports
RegDeleteKeyW
RegCreateKeyW
TranslateCharsetInfo
GetCharWidth32A
StretchDIBits
GetSystemTimeAdjustment
GetStartupInfoA
GetStdHandle
GetModuleHandleA
GetOverlappedResult
CreateFileMappingA
Ord(1775)
Ord(4080)
Ord(4710)
Ord(3597)
Ord(3495)
Ord(3136)
Ord(4963)
Ord(4524)
Ord(554)
Ord(1842)
Ord(5237)
Ord(4303)
Ord(5577)
Ord(3350)
Ord(6375)
Ord(4589)
Ord(3798)
Ord(2621)
Ord(3259)
Ord(3610)
Ord(5290)
Ord(2446)
Ord(2884)
Ord(2864)
Ord(5301)
Ord(807)
Ord(4163)
Ord(6215)
Ord(6625)
Ord(1725)
Ord(517)
Ord(4529)
Ord(2652)
Ord(4531)
Ord(815)
Ord(2723)
Ord(366)
Ord(641)
Ord(796)
Ord(5277)
Ord(2514)
Ord(4953)
Ord(338)
Ord(3454)
Ord(5199)
Ord(567)
Ord(1134)
Ord(4465)
Ord(4108)
Ord(5300)
Ord(6175)
Ord(6216)
Ord(5265)
Ord(4425)
Ord(1669)
Ord(4627)
Ord(1168)
Ord(3738)
Ord(4853)
Ord(2982)
Ord(617)
Ord(3172)
Ord(4526)
Ord(4234)
Ord(825)
Ord(3081)
Ord(5307)
Ord(4242)
Ord(4823)
Ord(2390)
Ord(4441)
Ord(2542)
Ord(4424)
Ord(540)
Ord(5260)
Ord(5076)
Ord(4078)
Ord(4464)
Ord(3059)
Ord(2554)
Ord(5252)
Ord(6376)
Ord(5282)
Ord(4614)
Ord(2117)
Ord(1727)
Ord(823)
Ord(1920)
Ord(2379)
Ord(2725)
Ord(1776)
Ord(4998)
Ord(5472)
Ord(4376)
Ord(4436)
Ord(4457)
Ord(800)
Ord(656)
Ord(3749)
Ord(2512)
Ord(4427)
Ord(4274)
Ord(5261)
Ord(4696)
Ord(6131)
Ord(4079)
Ord(4467)
Ord(3058)
Ord(3147)
Ord(2124)
Ord(4615)
Ord(2879)
Ord(4077)
Ord(6336)
Ord(3262)
Ord(5653)
Ord(674)
Ord(975)
Ord(1576)
Ord(5243)
Ord(4353)
Ord(6157)
Ord(3748)
Ord(5065)
Ord(1665)
Ord(4407)
Ord(4426)
Ord(784)
Ord(6117)
Ord(3346)
Ord(2086)
Ord(2396)
Ord(4159)
Ord(3831)
Ord(520)
Ord(6374)
Ord(5280)
Ord(986)
Ord(4612)
Ord(3825)
Ord(2976)
Ord(2535)
Ord(1089)
Ord(3198)
Ord(2985)
Ord(3922)
Ord(5240)
Ord(6080)
Ord(4151)
Ord(2649)
Ord(6052)
Ord(2510)
Ord(3402)
Ord(5214)
Ord(6000)
Ord(4623)
Ord(324)
Ord(4262)
Ord(4238)
Ord(3830)
Ord(5103)
Ord(2385)
Ord(4613)
Ord(4349)
Ord(2878)
Ord(3079)
Ord(4899)
Ord(6334)
Ord(652)
Ord(4387)
Ord(4723)
Ord(4420)
Ord(2055)
Ord(4837)
Ord(5241)
Ord(5100)
Ord(2399)
Ord(5012)
Ord(2648)
Ord(3065)
Ord(5714)
Ord(5289)
Ord(4545)
Ord(3403)
Ord(4622)
Ord(561)
Ord(1746)
Ord(4960)
Ord(4543)
Ord(2302)
Ord(4610)
Ord(2859)
Ord(4486)
Ord(4341)
Ord(529)
Ord(4698)
Ord(5163)
Ord(6055)
Ord(296)
Ord(4858)
Ord(4889)
Ord(4432)
Ord(5740)
Ord(5302)
Ord(1825)
Ord(5731)
_except_handler3
__p__fmode
__CxxFrameHandler
_acmdln
_ftol
_adjust_fdiv
floor
__p__commode
__dllonexit
_setmbcp
_exit
?terminate@@YAXXZ
exit
_XcptFilter
__getmainargs
_initterm
_controlfp
_onexit
__setusermatherr
__set_app_type
GetCursorPos
ReleaseDC
OpenClipboard
IsWindow
EnableWindow
UpdateWindow
PostMessageA
SystemParametersInfoW
SetCapture
GetDlgItemTextA
SendMessageA
SetClassLongW
GetDlgItem
RegisterWindowMessageA
GetDoubleClickTime
MessageBoxIndirectA
CheckDlgButton
GetDC
InvalidateRect
Number of PE resources by type
RT_STRING 15
RT_DIALOG 12
RT_ICON 1
Struct(241) 1
RT_MENU 1
RT_ACCELERATOR 1
RT_BITMAP 1
RT_GROUP_ICON 1
Number of PE resources by language
CHINESE SIMPLIFIED 31
NEUTRAL 2
PE resources
ExifTool file metadata
MIMEType
application/octet-stream

Subsystem
Windows GUI

MachineType
Intel 386 or later, and compatibles

FileTypeExtension
exe

TimeStamp
2015:03:26 17:18:08+01:00

FileType
Win32 EXE

PEType
PE32

CodeSize
65536

LinkerVersion
6.0

EntryPoint
0x1050f

InitializedDataSize
32768

SubsystemVersion
4.0

ImageVersion
0.0

OSVersion
4.0

UninitializedDataSize
0

File identification
MD5 5a326f3af066008db07c8277dc296127
SHA1 e30a2c0397b1e989e2b25d7f7b4200fbae300586
SHA256 0c3cd8256bbc05ae61755704c8cfd1ea6f85695ea827a3b44596c8c9c98f8d3c
ssdeep
6144:cAz71iSbYGQTf0ZxSNkHMugarsVbRAZxWuyFPZ1xF:cAzp7bxEM+JPVbOZxWVFPZ/

authentihash 94e71393fa3e7b80c09abfee2a0a81146ecadf29aa76274d8b922a2c7c7db5c3
imphash 4c2ca285b5778484e0075f03ce089a89
File size 304.0 KB ( 311296 bytes )
File type Win32 EXE
Magic literal
PE32 executable for MS Windows (GUI) Intel 80386 32-bit

TrID Win64 Executable (generic) (64.6%)
Win32 Dynamic Link Library (generic) (15.3%)
Win32 Executable (generic) (10.5%)
Generic Win/DOS Executable (4.6%)
DOS Executable Generic (4.6%)
Tags
peexe via-tor overlay

VirusTotal metadata
First submission 2015-03-29 19:37:55 UTC ( 3 years, 11 months ago )
Last submission 2015-05-11 19:37:27 UTC ( 3 years, 10 months ago )
No comments. No VirusTotal Community member has commented on this item yet, be the first one to do so!

Leave your comment...

?
Post comment

You have not signed in. Only registered users can leave comments, sign in and have a voice!

No votes. No one has voted on this item yet, be the first one to do so!
Condensed report! The following is a condensed report of the behaviour of the file when executed in a controlled environment. The actions and events described were either performed by the file itself or by any other process launched by the executed file or subjected to code injection by the executed file.
Opened files
Read files
Written files
Created processes
Code injections in the following processes
Opened mutexes
Runtime DLLs
Additional details
The file sends control codes directly to certain device drivers making use of the DeviceIoControl Windows API function.
UDP communications