× Cookies are disabled! This site requires cookies to be enabled to work properly
SHA256: 0fc6272580711ea9f5a504e0ee917b444f1e53c3a653b9136d698d8ace32501d
File name: hrubs
Detection ratio: 42 / 57
Analysis date: 2015-08-13 07:19:37 UTC ( 2 weeks, 1 day ago )
Antivirus Result Update
ALYac Trojan.GenericKDV.1340770 20150813
AVG Generic35.HPY 20150813
AVware Trojan.Win32.Sirefef.nb (v) 20150813
Ad-Aware Trojan.GenericKDV.1340770 20150813
Agnitum Trojan.Yakes!ramohUfkERM 20150812
Antiy-AVL Trojan/Win32.Yakes 20150813
Arcabit Trojan.GenericV.D147562 20150813
Avast Win32:Rootkit-gen [Rtk] 20150813
Avira TR/BitForce.A.1 20150813
Baidu-International Trojan.Win32.CoinMiner.CF 20150812
BitDefender Trojan.GenericKDV.1340770 20150813
Bkav HW32.Packed.CE42 20150812
CAT-QuickHeal Trojan.Yakes.r5 20150812
Comodo TrojWare.Win32.Kryptik.BKG 20150813
DrWeb Trojan.BtcMine.148 20150813
ESET-NOD32 Win32/CoinMiner.CF 20150813
Emsisoft Trojan.GenericKDV.1340770 (B) 20150813
F-Secure Trojan.GenericKDV.1340770 20150813
Fortinet W32/Kryptik.BJEN!tr 20150813
GData Trojan.GenericKDV.1340770 20150813
Ikarus Trojan.Win32.Kraziomel 20150813
Jiangmin Trojan/Generic.buowg 20150812
K7AntiVirus Trojan ( 003bfe081 ) 20150813
K7GW Trojan ( 003bfe081 ) 20150813
Kaspersky HEUR:Trojan.Win32.Generic 20150813
Kingsoft Win32.Troj.Undef.(kcloud) 20150813
Malwarebytes Trojan.Ransom.REL 20150813
McAfee Artemis!CE88EBB113AC 20150813
McAfee-GW-Edition BehavesLike.Win32.Dropper.dc 20150813
MicroWorld-eScan Trojan.GenericKDV.1340770 20150813
Microsoft Trojan:Win32/Yakes.A 20150813
NANO-Antivirus Trojan.Win32.BitForce.cttyjo 20150813
Panda Trj/CI.A 20150812
Qihoo-360 Win32/Trojan.26d 20150813
Sophos Mal/Generic-S 20150813
Symantec SecurityRisk.BL 20150812
Tencent Win32.Trojan.Generic.Tbsi 20150813
TrendMicro TROJ_YAKES.AJN 20150813
TrendMicro-HouseCall TROJ_YAKES.AJN 20150813
VIPRE Trojan.Win32.Sirefef.nb (v) 20150813
Zillya Trojan.CoinMiner.Win32.1016 20150813
nProtect Trojan.GenericKDV.1340770 20150812
AegisLab 20150813
AhnLab-V3 20150813
Alibaba 20150813
ByteHero 20150813
CMC 20150710
ClamAV 20150813
Cyren 20150813
F-Prot 20150813
Rising 20150812
SUPERAntiSpyware 20150813
TheHacker 20150811
TotalDefense 20150813
VBA32 20150812
ViRobot 20150813
Zoner 20150813
The file being studied is a Portable Executable file! More specifically, it is a Win32 EXE file for the Windows command line subsystem.
FileVersionInfo properties
Copyright
fVetrewrt Vere © 2012

Publisher fVetrewrt Vere
Product fVetrewrt Vere
Original name hrubs.exe
Internal name hrubs
File version a 1 RC116.53051016.2216
Description fVetrewrt Vere
PE header basic information
Target machine Intel 386 or later processors and compatible processors
Compilation timestamp 2013-09-29 16:42:48
Link date 5:42 PM 9/29/2013
Entry Point 0x00025AFF
Number of sections 5
PE sections
PE imports
glClipPlane
DragAcceptFiles
DragFinish
GetSystemTime
CreateWaitableTimerA
lstrcmpiA
GetDriveTypeA
ExpungeConsoleCommandHistoryA
GetCurrentProcess
GetVolumeInformationA
SetConsoleCursor
MultiByteToWideChar
SetFilePointerEx
GetConsoleTitleA
GetCurrentThread
OpenMutexA
GetThreadIOPendingFlag
WaitForDebugEvent
GetProcessWorkingSetSize
GetSystemTimes
GetLogicalDriveStringsA
GetNumberFormatA
LocalHandle
GetProfileIntA
VirtualAlloc
BeginUpdateResourceA
OpenInputDesktop
GetParent
GetInputState
SetProcessDefaultLayout
SetClipboardViewer
GetClassInfoExW
GetWindowThreadProcessId
LoadCursorFromFileA
GetMenuDefaultItem
SetClipboardData
CreateMDIWindowA
SetCursorPos
PackDDElParam
CharPrevExA
DrawFocusRect
IsClipboardFormatAvailable
OpenWindowStationA
SetMessageExtraInfo
DrawFrame
RegisterServicesProcess
RegisterMessagePumpHook
ModifyMenuA
Number of PE resources by type
RT_VERSION 1
Number of PE resources by language
NEUTRAL 1
ExifTool file metadata
SubsystemVersion
4.0

LinkerVersion
42.42

ImageVersion
6.0

FileSubtype
0

FileVersionNumber
1.0.3.69

UninitializedDataSize
0

LanguageCode
English (U.S.)

FileFlagsMask
0x003f

CharacterSet
Unicode

InitializedDataSize
88064

EntryPoint
0x25aff

OriginalFileName
hrubs.exe

MIMEType
application/octet-stream

LegalCopyright
fVetrewrt Vere 2012

FileVersion
a 1 RC116.53051016.2216

TimeStamp
2013:09:29 17:42:48+01:00

FileType
Win32 EXE

PEType
PE32

InternalName
hrubs

ProductVersion
4101.32700 RelC

FileDescription
fVetrewrt Vere

OSVersion
4.0

FileOS
Win32

Subsystem
Windows command line

MachineType
Intel 386 or later, and compatibles

CompanyName
fVetrewrt Vere

CodeSize
156672

ProductName
fVetrewrt Vere

ProductVersionNumber
3.0.101.3

FileTypeExtension
exe

ObjectFileType
Executable application

File identification
MD5 ce88ebb113ac98886d81bab67f97f201
SHA1 5392dbaeea8144b2b93034c6e5d2b6ece36207f6
SHA256 0fc6272580711ea9f5a504e0ee917b444f1e53c3a653b9136d698d8ace32501d
ssdeep
6144:cq92vD20WR14PbQ8iVZZbpbm5O3FOxlTAz:cok9Wf4PbQpZZZmEM3

authentihash ce5305d6ea47082066a1ef076123eb5eb600e7e14a4bc8e818f23706ed4d950f
imphash 8c3275591abe4af35ccdf5d8d78e96be
File size 240.0 KB ( 245760 bytes )
File type Win32 EXE
Magic literal
PE32 executable for MS Windows (console) Intel 80386 32-bit

TrID Win32 Executable (generic) (52.9%)
Generic Win/DOS Executable (23.5%)
DOS Executable Generic (23.4%)
Autodesk FLIC Image File (extensions: flc, fli, cel) (0.0%)
Tags
peexe

VirusTotal metadata
First submission 2013-10-12 10:19:11 UTC ( 1 year, 10 months ago )
Last submission 2014-04-02 11:29:20 UTC ( 1 year, 4 months ago )
File names output.16045835.txt
A0138239.exe
0fc6272580711ea9f5a504e0ee917b444f1e53c3a653b9136d698d8ace32501d
lajrm.exe
16045835
ce88ebb113ac98886d81bab67f97f201_kaf0x0
ojql.exe
hrubs.exe
eibt.exe
hrubs
Advanced heuristic and reputation engines
Symantec reputation Suspicious.Insight
Behaviour characterization
Zemana
dll-injection

No comments. No VirusTotal Community member has commented on this item yet, be the first one to do so!

Leave your comment...

?
Post comment

You have not signed in. Only registered users can leave comments, sign in and have a voice!

No votes. No one has voted on this item yet, be the first one to do so!
Condensed report! The following is a condensed report of the behaviour of the file when executed in a controlled environment. The actions and events described were either performed by the file itself or by any other process launched by the executed file or subjected to code injection by the executed file.
Opened files
Read files
Set keys
Created mutexes
Opened mutexes
Opened service managers
Opened services
Runtime DLLs
Additional details
The file sends control codes directly to certain device drivers making use of the DeviceIoControl Windows API function.
HTTP requests
DNS requests
TCP connections