× Cookies are disabled! This site requires cookies to be enabled to work properly
SHA256: 0cc967c90f2de494a3b4f28091e097dc2a9964e769ba0d3ee6ff8220c15a2a11
File name: cndrive32.exe
Detection ratio: 59 / 67
Analysis date: 2017-10-23 16:06:52 UTC ( 8 months, 4 weeks ago )
Antivirus Result Update
Ad-Aware Gen:Variant.Buzus.2 20171023
AegisLab Troj.W32.Buzus.euvf!c 20171023
AhnLab-V3 Trojan/Win32.Buzus.R572 20171023
ALYac Gen:Variant.Buzus.2 20171023
Antiy-AVL Trojan/Win32.Buzus 20171023
Arcabit Trojan.Buzus.2 20171023
Avast Win32:Trojan-gen 20171023
AVG Win32:Trojan-gen 20171023
Avira (no cloud) TR/ATRAPS.Gen2 20171023
AVware Trojan.Win32.Buzus.expr (v) 20171023
Baidu Win32.Trojan.WisdomEyes.16070401.9500.9998 20171023
BitDefender Gen:Variant.Buzus.2 20171023
Bkav W32.CndriveGH.Trojan 20171023
CAT-QuickHeal VirTool.DelfInject.BE 20171020
ClamAV Win.Trojan.Buzus-8445 20171023
CMC Trojan.Win32.Buzus!O 20171023
Comodo TrojWare.Win32.Trojan.Buzus.HV0 20171023
CrowdStrike Falcon (ML) malicious_confidence_100% (D) 20171016
Cylance Unsafe 20171023
Cyren W32/Trojan.XDRD-1029 20171023
DrWeb Win32.HLLW.Autoruner.22584 20171023
eGambit malicious_confidence_92% 20171023
Emsisoft Gen:Variant.Buzus.2 (B) 20171023
Endgame malicious (high confidence) 20171016
ESET-NOD32 a variant of Win32/Injector.CJU 20171023
F-Prot W32/MalwareS.BINE 20171023
F-Secure Gen:Variant.Buzus.2 20171023
Fortinet W32/Injector.fam!tr 20171023
GData Gen:Variant.Buzus.2 20171023
Ikarus Backdoor.Win32.Rbot 20171023
Sophos ML heuristic 20170914
Jiangmin Trojan/Buzus.alja 20171023
K7AntiVirus Trojan ( 0017fd301 ) 20171023
K7GW Trojan ( 0017fd301 ) 20171023
Kaspersky Trojan.Win32.Buzus.evud 20171023
MAX malware (ai score=85) 20171023
McAfee RDN/Checkout 20171023
McAfee-GW-Edition RDN/Checkout 20171023
Microsoft Worm:Win32/Pushbot 20171023
eScan Gen:Variant.Buzus.2 20171023
NANO-Antivirus Trojan.Win32.Buzus.bjtid 20171023
Panda Generic Malware 20171023
Qihoo-360 Win32/Trojan.47c 20171023
Rising Malware.Heuristic!ET#94% (RDM+:cmRtazo3ehU2X1/wOwRfxr367cGx) 20171023
SentinelOne (Static ML) static engine - malicious 20171019
Sophos AV Mal/Generic-E 20171023
Symantec W32.Spybot.Worm 20171023
Tencent Win32.Trojan.Buzus.Pdmq 20171023
TheHacker Trojan/Buzus.euvf 20171017
TrendMicro WORM_BUZUS.SMX 20171023
TrendMicro-HouseCall WORM_BUZUS.SMX 20171023
VBA32 BScope.Trojan.MTA.0635 20171023
VIPRE Trojan.Win32.Buzus.expr (v) 20171023
ViRobot Trojan.Win32.Buzus.75776.K 20171023
Webroot W32.Malware.Gen 20171023
WhiteArmor Malware.HighConfidence 20171016
Yandex Trojan.Buzus!vsnp7YExges 20171021
Zillya Trojan.Buzus.Win32.53687 20171021
ZoneAlarm by Check Point Trojan.Win32.Buzus.evud 20171023
Alibaba 20170911
Avast-Mobile 20171023
Kingsoft 20171023
Malwarebytes 20171023
nProtect 20171023
Palo Alto Networks (Known Signatures) 20171023
SUPERAntiSpyware 20171023
Symantec Mobile Insight 20171011
TotalDefense 20171023
Trustlook 20171023
Zoner 20171023
The file being studied is a Portable Executable file! More specifically, it is a Win32 EXE file for the Windows GUI subsystem.
PE header basic information
Target machine Intel 386 or later processors and compatible processors
Compilation timestamp 2010-07-23 06:40:24
Entry Point 0x00006494
Number of sections 8
PE sections
PE imports
RegOpenKeyExA
RegFlushKey
RegQueryValueExA
RegCloseKey
ExcludeClipRect
GetOutlineTextMetricsW
ColorCorrectPalette
AbortPath
GetStretchBltMode
GetROP2
CreateCompatibleDC
GetTextAlign
GetTextCharacterExtra
GetStdHandle
EnterCriticalSection
GetPrivateProfileStructA
FreeLibrary
ExitProcess
GetThreadLocale
LoadLibraryA
RtlUnwind
DebugActiveProcess
DeleteCriticalSection
GetStartupInfoA
GetLocaleInfoA
LocalAlloc
UnhandledExceptionFilter
GetAtomNameW
GetCommandLineA
FlushInstructionCache
RaiseException
CreateFiber
TlsFree
GetModuleHandleA
WriteFile
GetCurrentThreadId
LocalFree
InitializeCriticalSection
CreateFileW
VirtualFree
TlsGetValue
Sleep
IsBadReadPtr
TlsSetValue
GetTickCount
GetVersion
VirtualAlloc
LeaveCriticalSection
SysReAllocStringLen
SysFreeString
GetCaretBlinkTime
SetWindowTextA
GetClassNameW
EnableMenuItem
EnumClipboardFormats
GetClassLongW
FlashWindow
DrawIconEx
WaitForInputIdle
GetCapture
GetClassWord
MessageBoxA
DialogBoxParamA
EnumPropsW
DestroyCursor
UnloadKeyboardLayout
EnumPropsExA
IsIconic
GetKeyboardType
GetFileVersionInfoA
timeKillEvent
GetDriverModuleHandle
mixerGetControlDetailsA
midiInMessage
midiOutReset
joyGetDevCapsA
midiInUnprepareHeader
Number of PE resources by type
RT_BITMAP 9
RT_DIALOG 8
RT_ICON 7
RT_MENU 6
RT_MESSAGETABLE 5
RT_CURSOR 5
RT_GROUP_ICON 5
RT_GROUP_CURSOR 3
RT_STRING 3
RT_FONTDIR 2
RT_ACCELERATOR 2
RT_FONT 1
Number of PE resources by language
NEUTRAL 56
PE resources
ExifTool file metadata
MIMEType
application/octet-stream

Subsystem
Windows GUI

MachineType
Intel 386 or later, and compatibles

FileTypeExtension
exe

TimeStamp
2010:07:23 07:40:24+01:00

FileType
Win32 EXE

PEType
PE32

CodeSize
23552

LinkerVersion
2.25

EntryPoint
0x6494

InitializedDataSize
51200

SubsystemVersion
4.0

ImageVersion
0.0

OSVersion
4.0

UninitializedDataSize
0

File identification
MD5 40fcb4945c05369094cd9200a2377546
SHA1 3e8aadd4d1c58a6e0f25e176b3db01f50885aebc
SHA256 0cc967c90f2de494a3b4f28091e097dc2a9964e769ba0d3ee6ff8220c15a2a11
ssdeep
1536:OLraVAE5nW7URTKficlvQ9YEhmATpmn/hUwoWsPS:F5nIURTKficlvQDhY6ms6

authentihash 5d9c6d83e96e63d0e97a2576fc7511408f1ada9f2f8ffdf378d53c7ea205e909
imphash c07456b48d9464798e2fc4529fc4ea6a
File size 74.0 KB ( 75776 bytes )
File type Win32 EXE
Magic literal
PE32 executable for MS Windows (GUI) Intel 80386 32-bit

TrID Win32 Dynamic Link Library (generic) (38.3%)
Win32 Executable (generic) (26.2%)
Win16/32 Executable Delphi generic (12.0%)
Generic Win/DOS Executable (11.6%)
DOS Executable Generic (11.6%)
Tags
peexe

VirusTotal metadata
First submission 2010-07-23 07:05:23 UTC ( 7 years, 12 months ago )
Last submission 2015-02-28 03:25:53 UTC ( 3 years, 4 months ago )
File names cndrive32.exe
mjs.exe-Kkj8AJ
aa
lCJvAEF.doc
Advanced heuristic and reputation engines
Symantec reputation Suspicious.Insight
No comments. No VirusTotal Community member has commented on this item yet, be the first one to do so!

Leave your comment...

?
Post comment

You have not signed in. Only registered users can leave comments, sign in and have a voice!

No votes. No one has voted on this item yet, be the first one to do so!