× Cookies are disabled! This site requires cookies to be enabled to work properly
SHA256: 0fc6272580711ea9f5a504e0ee917b444f1e53c3a653b9136d698d8ace32501d
File name: A0138239.exe
Detection ratio: 40 / 51
Analysis date: 2014-04-02 11:29:20 UTC ( 2 weeks, 1 day ago )
Antivirus Result Update
AVG Generic35.HPY 20140402
Ad-Aware Trojan.GenericKD.1338915 20140402
Agnitum Trojan.Yakes!ramohUfkERM 20140401
AntiVir TR/BitForce.A.1 20140402
Antiy-AVL Trojan/Win32.Yakes 20140402
Avast Win32:Rootkit-gen [Rtk] 20140402
Baidu-International Trojan.Win32.Yakes.AEXL 20140402
BitDefender Trojan.GenericKD.1338915 20140402
Bkav W32.Clod01d.Trojan.d410 20140402
CAT-QuickHeal Trojan.Yakes 20140402
CMC Packed.Win32.Katusha.1!O 20140331
Commtouch W32/Trojan.FNQH-2664 20140402
Comodo TrojWare.Win32.Kryptik.BKG 20140402
DrWeb Trojan.BtcMine.148 20140402
ESET-NOD32 Win32/CoinMiner.CF 20140402
Emsisoft Trojan.Win32.Yakes (A) 20140402
F-Secure Trojan.GenericKD.1338915 20140402
Fortinet W32/Kryptik.BJEN!tr 20140401
GData Trojan.GenericKD.1338915 20140402
Ikarus Trojan.Win32.Yakes 20140402
K7AntiVirus Trojan ( 003bfe081 ) 20140401
K7GW Trojan ( 003bfe081 ) 20140401
Kaspersky HEUR:Trojan.Win32.Generic 20140402
Kingsoft Win32.Troj.Undef.(kcloud) 20140402
Malwarebytes Trojan.Ransom.REL 20140402
McAfee RDN/Generic.dx!cr3 20140402
McAfee-GW-Edition RDN/Generic.dx!cr3 20140401
MicroWorld-eScan Trojan.GenericKD.1338915 20140402
Microsoft Trojan:Win32/Yakes.A 20140402
NANO-Antivirus Trojan.Win32.BitForce.cttyjo 20140402
Norman Troj_Generic.QKOFS 20140402
Panda Trj/CI.A 20140402
Qihoo-360 Win32/Trojan.26d 20140402
Rising PE:Malware.XPACK-HIE/Heur!1.9C48 20140402
Sophos Mal/Generic-S 20140402
Symantec SecurityRisk.BL 20140402
TrendMicro TROJ_YAKES.AJN 20140402
TrendMicro-HouseCall TROJ_YAKES.AJN 20140402
VIPRE Trojan.Win32.Sirefef.nb (v) 20140402
nProtect Trojan.GenericKD.1338915 20140402
AegisLab 20140402
AhnLab-V3 20140401
ByteHero 20140402
ClamAV 20140402
F-Prot 20140402
Jiangmin 20140402
SUPERAntiSpyware 20140402
TheHacker 20140401
TotalDefense 20140401
VBA32 20140402
ViRobot 20140402
The file being studied is a Portable Executable file! More specifically, it is a Win32 EXE file for the Windows command line subsystem.
Authenticode signature block
Copyright
fVetrewrt Vere © 2012

Publisher fVetrewrt Vere
Product fVetrewrt Vere
Original name hrubs.exe
Internal name hrubs
File version a 1 RC116.53051016.2216
Description fVetrewrt Vere
PE header basic information
Target machine Intel 386 or later processors and compatible processors
Compilation timestamp 2013-09-29 16:42:48
Link date 5:42 PM 9/29/2013
Entry Point 0x00025AFF
Number of sections 5
PE sections
PE imports
glClipPlane
DragAcceptFiles
DragFinish
GetSystemTime
CreateWaitableTimerA
lstrcmpiA
GetDriveTypeA
ExpungeConsoleCommandHistoryA
GetCurrentProcess
GetVolumeInformationA
SetConsoleCursor
MultiByteToWideChar
SetFilePointerEx
GetConsoleTitleA
GetCurrentThread
OpenMutexA
GetThreadIOPendingFlag
WaitForDebugEvent
GetProcessWorkingSetSize
GetSystemTimes
GetLogicalDriveStringsA
GetNumberFormatA
LocalHandle
GetProfileIntA
VirtualAlloc
BeginUpdateResourceA
OpenInputDesktop
GetParent
GetInputState
SetProcessDefaultLayout
SetClipboardViewer
GetClassInfoExW
GetWindowThreadProcessId
LoadCursorFromFileA
GetMenuDefaultItem
SetClipboardData
CreateMDIWindowA
SetCursorPos
PackDDElParam
CharPrevExA
DrawFocusRect
IsClipboardFormatAvailable
OpenWindowStationA
SetMessageExtraInfo
DrawFrame
RegisterServicesProcess
RegisterMessagePumpHook
ModifyMenuA
Number of PE resources by type
RT_VERSION 1
Number of PE resources by language
NEUTRAL 1
ExifTool file metadata
SubsystemVersion
4.0

LinkerVersion
42.42

ImageVersion
6.0

FileSubtype
0

FileVersionNumber
1.0.3.69

UninitializedDataSize
0

LanguageCode
English (U.S.)

FileFlagsMask
0x003f

CharacterSet
Unicode

InitializedDataSize
88064

FileOS
Win32

MIMEType
application/octet-stream

LegalCopyright
fVetrewrt Vere 2012

FileVersion
a 1 RC116.53051016.2216

TimeStamp
2013:09:29 17:42:48+01:00

FileType
Win32 EXE

PEType
PE32

InternalName
hrubs

FileAccessDate
2014:04:02 12:29:26+01:00

ProductVersion
4101.32700 RelC

FileDescription
fVetrewrt Vere

OSVersion
4.0

FileCreateDate
2014:04:02 12:29:26+01:00

OriginalFilename
hrubs.exe

Subsystem
Windows command line

MachineType
Intel 386 or later, and compatibles

CompanyName
fVetrewrt Vere

CodeSize
156672

ProductName
fVetrewrt Vere

ProductVersionNumber
3.0.101.3

EntryPoint
0x25aff

ObjectFileType
Executable application

File identification
MD5 ce88ebb113ac98886d81bab67f97f201
SHA1 5392dbaeea8144b2b93034c6e5d2b6ece36207f6
SHA256 0fc6272580711ea9f5a504e0ee917b444f1e53c3a653b9136d698d8ace32501d
ssdeep
6144:cq92vD20WR14PbQ8iVZZbpbm5O3FOxlTAz:cok9Wf4PbQpZZZmEM3

imphash 8c3275591abe4af35ccdf5d8d78e96be
File size 240.0 KB ( 245760 bytes )
File type Win32 EXE
Magic literal
PE32 executable for MS Windows (console) Intel 80386 32-bit

TrID Win32 Executable (generic) (52.9%)
Generic Win/DOS Executable (23.5%)
DOS Executable Generic (23.4%)
Autodesk FLIC Image File (extensions: flc, fli, cel) (0.0%)
Tags
peexe

VirusTotal metadata
First submission 2013-10-12 10:19:11 UTC ( 6 months, 1 week ago )
Last submission 2014-04-02 11:29:20 UTC ( 2 weeks, 1 day ago )
File names output.16045835.txt
A0138239.exe
0fc6272580711ea9f5a504e0ee917b444f1e53c3a653b9136d698d8ace32501d
lajrm.exe
16045835
ce88ebb113ac98886d81bab67f97f201_kaf0x0
ojql.exe
hrubs.exe
eibt.exe
hrubs
Advanced heuristic and reputation engines
Symantec reputation Suspicious.Insight
Behaviour characterization
Zemana
dll-injection

No comments. No VirusTotal Community member has commented on this item yet, be the first one to do so!

Leave your comment...

?
Post comment

You have not signed in. Only registered users can leave comments, sign in and have a voice!

No votes. No one has voted on this item yet, be the first one to do so!
Condensed report! The following is a condensed report of the behaviour of the file when executed in a controlled environment. The actions and events described were either performed by the file itself or by any other process launched by the executed file or subjected to code injection by the executed file.
Opened files
Read files
Set keys
Created mutexes
Opened mutexes
Opened service managers
Opened services
Runtime DLLs
Additional details
The file sends control codes directly to certain device drivers making use of the DeviceIoControl Windows API function.
HTTP requests
DNS requests
TCP connections