× Cookies are disabled! This site requires cookies to be enabled to work properly
SHA256: 11180718a1232092b1a24ce2b2a4ae2ce80d1e168b6c3d1ff30647c8dff4ecb5
File name: 42a03f44feb714390e8c613b031abd4b
Detection ratio: 23 / 54
Analysis date: 2016-01-28 18:02:25 UTC ( 3 years ago ) View latest
Antivirus Result Update
Ad-Aware Trojan.GenericKD.3010848 20160128
AegisLab Troj.GameThief.W32.OnLineGames 20160128
ALYac Trojan.GenericKD.3010848 20160128
Antiy-AVL Trojan/Win32.Waldek 20160128
Arcabit Trojan.Generic.D2DF120 20160128
Avast Win32:Malware-gen 20160128
AVG Downloader.Generic14.AMGS 20160128
Avira (no cloud) TR/AD.Gootkit.Y.88 20160128
BitDefender Trojan.GenericKD.3010848 20160128
Emsisoft Trojan.GenericKD.3010848 (B) 20160128
ESET-NOD32 Win32/TrojanDownloader.Agent.BXE 20160128
F-Secure Trojan.GenericKD.3010848 20160128
Fortinet W32/Agent.BXE!tr.dldr 20160128
GData Trojan.GenericKD.3010848 20160128
Kaspersky Trojan.Win32.Waldek.bsv 20160128
Microsoft TrojanSpy:Win32/Ursnif.HN 20160128
eScan Trojan.GenericKD.3010848 20160128
nProtect Trojan.GenericKD.3010848 20160128
Panda Trj/GdSda.A 20160127
Qihoo-360 QVM07.1.Malware.Gen 20160128
Sophos AV Mal/Generic-S 20160128
Symantec Suspicious.Cloud.9 20160128
VIPRE Trojan.Win32.Generic!BT 20160128
Yandex 20160128
AhnLab-V3 20160128
Alibaba 20160128
Baidu-International 20160128
Bkav 20160128
ByteHero 20160128
CAT-QuickHeal 20160128
ClamAV 20160128
CMC 20160111
Comodo 20160128
Cyren 20160128
DrWeb 20160128
F-Prot 20160128
Ikarus 20160128
Jiangmin 20160128
K7AntiVirus 20160128
K7GW 20160128
Malwarebytes 20160128
McAfee 20160128
McAfee-GW-Edition 20160128
NANO-Antivirus 20160128
Rising 20160128
SUPERAntiSpyware 20160128
TheHacker 20160124
TotalDefense 20160128
TrendMicro 20160128
TrendMicro-HouseCall 20160128
VBA32 20160128
ViRobot 20160128
Zillya 20160128
Zoner 20160128
The file being studied is a Portable Executable file! More specifically, it is a Win32 EXE file for the Windows GUI subsystem.
PE header basic information
Target machine Intel 386 or later processors and compatible processors
Compilation timestamp 2006-06-17 04:31:58
Entry Point 0x00005B56
Number of sections 4
PE sections
PE imports
RegRestoreKeyA
LsaQueryTrustedDomainInfoByName
LookupPrivilegeValueW
LsaNtStatusToWinError
RegDeleteKeyW
GetExplicitEntriesFromAclW
SetPrivateObjectSecurity
GetSecurityDescriptorControl
LookupAccountNameW
RegSetValueA
RegCreateKeyW
RegQueryInfoKeyW
LookupAccountSidA
GetAce
RegRestoreKeyW
RegSetValueW
GetAclInformation
DecryptFileW
RegQueryValueExW
GetExplicitEntriesFromAclA
SetSecurityDescriptorDacl
GetNamedSecurityInfoW
RegCreateKeyExW
GetFileSecurityW
GetSecurityDescriptorSacl
LsaClose
MakeAbsoluteSD
GetKernelObjectSecurity
RegOpenKeyExW
SetFileSecurityW
ObjectDeleteAuditAlarmW
LsaQueryTrustedDomainInfo
RegisterEventSourceA
AbortSystemShutdownA
ReadEventLogA
GetNamedSecurityInfoA
RegOpenKeyExA
RegReplaceKeyW
MapGenericMask
CopySid
RegQueryValueW
GetTokenInformation
DuplicateTokenEx
RegLoadKeyA
LsaLookupNames
DeleteAce
LookupAccountNameA
IsValidSid
ImpersonateSelf
CreateProcessAsUserA
ObjectCloseAuditAlarmW
RegDeleteValueW
GetPrivateObjectSecurity
OpenThreadToken
OpenEventLogW
RevertToSelf
BuildSecurityDescriptorW
ImpersonateNamedPipeClient
InitializeSid
CreateProcessAsUserW
RegCreateKeyExA
LsaRetrievePrivateData
LsaQueryInformationPolicy
LsaFreeMemory
ReportEventA
RegSaveKeyA
SetKernelObjectSecurity
BuildTrusteeWithSidA
MakeSelfRelativeSD
RegEnumValueW
AllocateAndInitializeSid
InitializeSecurityDescriptor
AbortSystemShutdownW
RegQueryMultipleValuesW
CreateRestrictedToken
RegEnumValueA
RegUnLoadKeyW
PrivilegeCheck
RegSetKeySecurity
GetEffectiveRightsFromAclW
SetSecurityDescriptorGroup
SetNamedSecurityInfoW
IsValidSecurityDescriptor
BuildTrusteeWithSidW
ImageList_DragLeave
ImageList_Replace
ImageList_ReplaceIcon
ImageList_Duplicate
Ord(2)
CreateFontIndirectA
CreateMetaFileA
AnimatePalette
CreateBitmap
CreateRoundRectRgn
DebugActiveProcess
GlobalHandle
HeapFree
WriteFileEx
__p__fmode
strstr
fgetc
_eof
_wcsrev
_ismbcl0
__getmainargs
_initterm
_controlfp
log10
towupper
_wchmod
__set_app_type
LPSAFEARRAY_UserFree
LPSAFEARRAY_UserSize
RasSetEntryPropertiesA
RasGetCountryInfoA
RasValidateEntryNameA
RasEditPhonebookEntryW
RasHangUpW
RasSetEntryDialParamsA
RasGetProjectionInfoW
RasValidateEntryNameW
RasGetErrorStringA
RasGetEntryPropertiesW
RasGetCountryInfoW
RasSetEntryPropertiesW
RasGetEntryDialParamsA
RasGetProjectionInfoA
RasHangUpA
RasDialA
RasCreatePhonebookEntryW
RasDeleteEntryA
Number of PE resources by type
RT_RCDATA 6
RT_DIALOG 2
RT_ICON 1
RT_GROUP_ICON 1
RT_VERSION 1
Number of PE resources by language
GERMAN 5
BULGARIAN DEFAULT 3
ENGLISH UK 3
PE resources
ExifTool file metadata
UninitializedDataSize
0

LinkerVersion
6.0

ImageVersion
0.0

FileSubtype
0

FileVersionNumber
0.217.40.140

LanguageCode
Neutral

FileFlagsMask
0x003f

CharacterSet
Unicode

InitializedDataSize
266240

EntryPoint
0x5b56

OriginalFileName
Frittered.exe

MIMEType
application/octet-stream

FileVersion
178, 60, 235, 54

TimeStamp
2006:06:17 05:31:58+01:00

FileType
Win32 EXE

PEType
PE32

ProductVersion
131, 256, 135, 11

SubsystemVersion
4.0

OSVersion
4.0

FileOS
Windows NT 32-bit

Subsystem
Windows GUI

MachineType
Intel 386 or later, and compatibles

CompanyName
Sage Software SB, Inc

CodeSize
20480

ProductName
Earache Fussiest

ProductVersionNumber
0.209.114.124

FileTypeExtension
exe

ObjectFileType
Executable application

File identification
MD5 42a03f44feb714390e8c613b031abd4b
SHA1 481503a148c316271c8333a438d24eea9ef1093d
SHA256 11180718a1232092b1a24ce2b2a4ae2ce80d1e168b6c3d1ff30647c8dff4ecb5
ssdeep
3072:dE5R3VIYEJAfDh+KRBgxnjbf+S/8hJ3oKMlPKhs3cQFfB+8SMAJjTA5dt6PmJ:4R3i5JAfDgKRBgxnVknogsla8kBTG

authentihash 592dd488879b7a97ec33bb07503f75a4647eb4f392c7e1a43e4e46ae46ab0432
imphash 223abc7ace9479392591d3c580aba95a
File size 172.0 KB ( 176128 bytes )
File type Win32 EXE
Magic literal
PE32 executable for MS Windows (GUI) Intel 80386 32-bit

TrID Win32 Dynamic Link Library (generic) (43.5%)
Win32 Executable (generic) (29.8%)
Generic Win/DOS Executable (13.2%)
DOS Executable Generic (13.2%)
Tags
suspicious-dns peexe

VirusTotal metadata
First submission 2016-01-28 18:02:25 UTC ( 3 years ago )
Last submission 2016-01-28 18:02:25 UTC ( 3 years ago )
No comments. No VirusTotal Community member has commented on this item yet, be the first one to do so!

Leave your comment...

?
Post comment

You have not signed in. Only registered users can leave comments, sign in and have a voice!

No votes. No one has voted on this item yet, be the first one to do so!
Condensed report! The following is a condensed report of the behaviour of the file when executed in a controlled environment. The actions and events described were either performed by the file itself or by any other process launched by the executed file or subjected to code injection by the executed file.
Opened files
Read files
Written files
Deleted files
Created processes
Shell commands
Opened mutexes
Opened service managers
Runtime DLLs
DNS requests
TCP connections
UDP communications