× Cookies are disabled! This site requires cookies to be enabled to work properly
SHA256: 116f8f7abfb473f9eec9cad87ddc9b4b3bfbe1ead08a1ea83dbc2fc646a229e1
File name: 5dae2d0bcba77caf683b6b3923b34204.dec
Detection ratio: 27 / 56
Analysis date: 2015-06-30 14:25:16 UTC ( 3 years, 2 months ago )
Antivirus Result Update
Ad-Aware Gen:Variant.Dyzap.16 20150630
AhnLab-V3 Trojan/Win32.Dyzap 20150630
ALYac Gen:Variant.Dyzap.16 20150630
Antiy-AVL Trojan[Banker]/Win32.Dyre 20150630
Arcabit Trojan.Dyzap.16 20150630
Avast Win32:Injector-CPV [Trj] 20150630
AVG Generic_r.FIN 20150630
Avira (no cloud) W32/Etap 20150630
BitDefender Gen:Variant.Dyzap.16 20150630
Comodo TrojWare.Win32.PWS.Dyzap.MY 20150630
Cyren W32/Dropper.gen8!Maximus 20150630
DrWeb MULDROP.Trojan 20150630
Emsisoft Gen:Variant.Dyzap.16 (B) 20150630
ESET-NOD32 a variant of Win32/Exploit.CVE-2013-3660.P 20150630
F-Prot W32/Dropper.gen8!Maximus 20150630
F-Secure Gen:Variant.Dyzap.16 20150630
GData Gen:Variant.Dyzap.16 20150630
K7AntiVirus Exploit ( 004c61c11 ) 20150630
K7GW Exploit ( 004c61c11 ) 20150630
Kaspersky Trojan-Banker.Win32.Dyre.rs 20150630
Malwarebytes Spyware.Dyre 20150630
eScan Gen:Variant.Dyzap.16 20150630
Panda Trj/Genetic.gen 20150630
Sophos AV Troj/UACMe-A 20150630
TrendMicro Cryp_Xin2 20150630
TrendMicro-HouseCall Cryp_Xin2 20150630
VBA32 suspected of Trojan.Downloader.gen.h 20150630
AegisLab 20150630
Yandex 20150629
Alibaba 20150630
AVware 20150630
Baidu-International 20150630
Bkav 20150630
ByteHero 20150630
CAT-QuickHeal 20150630
ClamAV 20150630
Fortinet 20150630
Ikarus 20150630
Jiangmin 20150629
Kingsoft 20150630
McAfee 20150630
McAfee-GW-Edition 20150630
Microsoft 20150630
NANO-Antivirus 20150630
nProtect 20150630
Qihoo-360 20150630
Rising 20150630
SUPERAntiSpyware 20150630
Symantec 20150630
Tencent 20150630
TheHacker 20150630
TotalDefense 20150630
VIPRE 20150630
ViRobot 20150630
Zillya 20150630
Zoner 20150630
The file being studied is a Portable Executable file! More specifically, it is a Win32 EXE file for the Windows GUI subsystem.
PE header basic information
Target machine Intel 386 or later processors and compatible processors
Compilation timestamp 2015-06-29 10:56:50
Entry Point 0x0000153D
Number of sections 5
PE sections
PE imports
GetTokenInformation
GetSidSubAuthorityCount
LookupPrivilegeValueA
GetSidSubAuthority
RegCloseKey
OpenProcessToken
AdjustTokenPrivileges
FreeSid
RegQueryValueExA
AllocateAndInitializeSid
RegEnumKeyA
RegSetValueExA
EqualSid
RegOpenKeyExA
CreateToolhelp32Snapshot
GetLastError
HeapFree
OpenProcess
GetSystemInfo
lstrcpynA
GetModuleFileNameW
ExitProcess
FlushFileBuffers
GetVersionExA
GetModuleFileNameA
LoadLibraryA
Process32Next
Process32NextW
HeapAlloc
GetCurrentProcess
SizeofResource
lstrlenA
LocalAlloc
Process32First
LockResource
CreateDirectoryA
DeleteFileA
DeleteFileW
lstrcatW
TerminateThread
Process32FirstW
GetProcessHeap
SetFilePointer
GetTempPathA
lstrcmpiA
CreateThread
GetFileAttributesA
GetModuleHandleA
lstrcmpA
lstrcatA
lstrcpyA
CloseHandle
GetComputerNameA
ExpandEnvironmentStringsA
LocalFree
TerminateProcess
CreateProcessA
lstrcmpiW
GetEnvironmentVariableA
LoadResource
WriteFile
Sleep
CreateFileA
GetTickCount
FindResourceA
GetCurrentProcessId
GetProcAddress
ShellExecuteExA
ShellExecuteExW
PathRemoveArgsA
PathRemoveFileSpecW
PathRemoveFileSpecA
PathGetArgsA
GetWindowLongA
RemovePropA
CreatePopupMenu
wsprintfA
SetPropA
GetMenuItemRect
RegisterClassExW
EnumWindows
DefWindowProcW
SendMessageA
EnableScrollBar
GetClassNameA
GetDlgItem
CreateWindowExW
wvsprintfA
SwitchToThisWindow
GetClientRect
GetPropA
SetActiveWindow
DestroyWindow
IsThemeActive
InternetConnectA
HttpOpenRequestA
HttpSendRequestA
InternetCloseHandle
InternetOpenA
ZwQueryInformationProcess
_chkstk
strcat
RtlAdjustPrivilege
strcpy
Number of PE resources by type
RT_RCDATA 1
Number of PE resources by language
ENGLISH US 1
PE resources
ExifTool file metadata
MIMEType
application/octet-stream

Subsystem
Windows GUI

MachineType
Intel 386 or later, and compatibles

TimeStamp
2015:06:29 11:56:50+01:00

FileType
Win32 EXE

PEType
PE32

CodeSize
31232

LinkerVersion
10.0

FileTypeExtension
exe

InitializedDataSize
491520

SubsystemVersion
5.1

EntryPoint
0x153d

OSVersion
5.1

ImageVersion
0.0

UninitializedDataSize
0

File identification
MD5 f5f51af06842a1b0db6f5aa3f13e0485
SHA1 5cce452e2be7a20f260be6ade6268e5ca188d2e2
SHA256 116f8f7abfb473f9eec9cad87ddc9b4b3bfbe1ead08a1ea83dbc2fc646a229e1
ssdeep
12288:11NhVXy65OZWsGuTUXAyhKgotU19imRIIT2dtX:DFy6cZWsGuxSoQIyQtX

authentihash 09527870cdce29c894e58d1e23a10d6514625bac471c3442f16cedc8fc628e5f
imphash 83168b499d80fb368e900be11cb60fbc
File size 511.5 KB ( 523776 bytes )
File type Win32 EXE
Magic literal
PE32 executable for MS Windows (GUI) Intel 80386 32-bit

TrID Win32 Executable MS Visual C++ (generic) (52.5%)
Windows screen saver (22.0%)
Win32 Dynamic Link Library (generic) (11.0%)
Win32 Executable (generic) (7.5%)
Generic Win/DOS Executable (3.3%)
Tags
peexe cve-2013-3660 exploit

VirusTotal metadata
First submission 2015-06-30 14:25:16 UTC ( 3 years, 2 months ago )
Last submission 2015-06-30 14:25:16 UTC ( 3 years, 2 months ago )
File names 5dae2d0bcba77caf683b6b3923b34204.dec
Advanced heuristic and reputation engines
Symantec reputation Suspicious.Insight
No comments. No VirusTotal Community member has commented on this item yet, be the first one to do so!

Leave your comment...

?
Post comment

You have not signed in. Only registered users can leave comments, sign in and have a voice!

No votes. No one has voted on this item yet, be the first one to do so!
Condensed report! The following is a condensed report of the behaviour of the file when executed in a controlled environment. The actions and events described were either performed by the file itself or by any other process launched by the executed file or subjected to code injection by the executed file.
Opened files
Read files
Written files
Deleted files
Created processes
Code injections in the following processes
Created mutexes
Opened mutexes
Opened service managers
Opened services
Runtime DLLs