× Cookies are disabled! This site requires cookies to be enabled to work properly
SHA256: 11717471e1086ebae16252120073135cee3f969b7a46fea08624918f66087906
File name: bin.exe
Detection ratio: 2 / 57
Analysis date: 2015-01-19 08:43:53 UTC ( 2 years, 9 months ago ) View latest
Antivirus Result Update
Norman Dridex.K 20150119
Rising PE:Malware.XPACK-LNR/Heur!1.5594 20150118
Ad-Aware 20150119
AegisLab 20150119
Yandex 20150118
AhnLab-V3 20150119
Alibaba 20150119
ALYac 20150119
Antiy-AVL 20150119
Avast 20150119
AVG 20150119
Avira (no cloud) 20150119
AVware 20150119
Baidu-International 20150119
BitDefender 20150119
Bkav 20150117
ByteHero 20150119
CAT-QuickHeal 20150119
ClamAV 20150119
CMC 20150119
Comodo 20150119
Cyren 20150119
DrWeb 20150119
Emsisoft 20150119
ESET-NOD32 20150119
F-Prot 20150119
F-Secure 20150119
Fortinet 20150119
GData 20150119
Ikarus 20150119
Jiangmin 20150118
K7AntiVirus 20150118
K7GW 20150117
Kaspersky 20150119
Kingsoft 20150119
Malwarebytes 20150119
McAfee 20150119
McAfee-GW-Edition 20150119
Microsoft 20150119
eScan 20150119
NANO-Antivirus 20150119
nProtect 20150116
Panda 20150118
Qihoo-360 20150119
Sophos AV 20150119
SUPERAntiSpyware 20150118
Symantec 20150119
Tencent 20150119
TheHacker 20150118
TotalDefense 20150118
TrendMicro 20150119
TrendMicro-HouseCall 20150119
VBA32 20150119
VIPRE 20150119
ViRobot 20150119
Zillya 20150119
Zoner 20150116
The file being studied is a Portable Executable file! More specifically, it is a Win32 EXE file for the Windows command line subsystem.
FileVersionInfo properties
Copyright
© ?????????? ??????????. ??? ????? ????????.

Product ???????????? ??????? Microsoft® Windows®
Original name ipxroute.exe
Internal name ipxroute.exe
File version 5.41.2600.5512 (xpsp.080413-0852)
Description ????????????? ?????????? NWLink
PE header basic information
Target machine Intel 386 or later processors and compatible processors
Compilation timestamp 2015-01-19 07:19:12
Entry Point 0x00006900
Number of sections 5
PE sections
PE imports
RegFlushKey
RegCloseKey
RegQueryValueExA
RegSetValueExA
RegDeleteValueA
RegCreateKeyExA
RegOpenKeyExA
GetBrushOrgEx
GetDIBColorTable
DeleteEnhMetaFile
SetMapMode
GetWindowOrgEx
GetPaletteEntries
PatBlt
GetClipBox
GetCurrentPositionEx
SaveDC
GetWinMetaFileBits
CreateFontIndirectA
GetTextMetricsA
MaskBlt
SetStretchBltMode
GetEnhMetaFilePaletteEntries
GetPixel
GetDCOrgEx
Rectangle
BitBlt
GetObjectA
ExcludeClipRect
LineTo
DeleteDC
RestoreDC
SetBkMode
GetSystemPaletteEntries
SetPixel
EndDoc
SetWindowOrgEx
StartPage
IntersectClipRect
CreateHalftonePalette
CreateDIBSection
CopyEnhMetaFileA
RealizePalette
SetTextColor
GetDeviceCaps
MoveToEx
SetEnhMetaFileBits
SetAbortProc
CreateDCA
CreateBitmap
CreateICA
RectVisible
CreatePalette
GetStockObject
CreateDIBitmap
PlayEnhMetaFile
SelectPalette
ExtTextOutA
UnrealizeObject
GetDIBits
GetEnhMetaFileBits
SetBrushOrgEx
SelectClipRgn
RoundRect
StretchBlt
GetBitmapBits
CreateCompatibleDC
SetROP2
EndPage
SelectObject
GetTextExtentPoint32A
Pie
SetDIBColorTable
CreateCompatibleBitmap
StartDocA
GetEnhMetaFileHeader
CreateBrushIndirect
CreateSolidBrush
Polyline
SetViewportOrgEx
GetTextExtentPointA
SetBkColor
SetWinMetaFileBits
DeleteObject
Ellipse
CreatePenIndirect
SetThreadLocale
GetStdHandle
FileTimeToDosDateTime
GetFileAttributesA
WaitForSingleObject
GetLocalTime
DeleteCriticalSection
GetLocaleInfoA
LocalAlloc
SetErrorMode
GetCPInfo
InterlockedExchange
WriteFile
GetDiskFreeSpaceA
GetFullPathNameA
FreeLibrary
MoveFileA
ResumeThread
InitializeCriticalSection
LoadResource
GlobalHandle
FindClose
InterlockedDecrement
FormatMessageA
GetStringTypeExA
GlobalFindAtomA
ExitProcess
GetModuleFileNameA
EnumCalendarInfoA
GetPrivateProfileStringA
UnhandledExceptionFilter
TlsGetValue
MultiByteToWideChar
SetFilePointer
CreateThread
GetExitCodeThread
GlobalAddAtomA
MulDiv
GlobalAlloc
SetEndOfFile
GetCurrentThreadId
LeaveCriticalSection
SleepEx
EnterCriticalSection
SetEvent
GetTickCount
GetVersionExA
LoadLibraryA
GetDateFormatA
GetFileSize
DeleteFileA
GlobalLock
GlobalReAlloc
lstrcmpA
FindFirstFileA
lstrcpyA
GetProfileStringA
ResetEvent
GetTempFileNameA
FindNextFileA
lstrcmpW
GetProcAddress
GetTimeZoneInformation
CreateEventA
GetFileType
TlsSetValue
CreateFileA
InterlockedIncrement
GetLastError
FreeConsole
GlobalDeleteAtom
GetSystemInfo
GlobalFree
GlobalGetAtomNameA
GetThreadLocale
GlobalUnlock
VirtualQuery
GetShortPathNameA
GetDevicePowerState
FileTimeToLocalFileTime
SizeofResource
WritePrivateProfileStringA
GetCurrentProcessId
LockResource
SuspendThread
RaiseException
GetModuleHandleA
ReadFile
CloseHandle
GetACP
GetVersion
FreeResource
VirtualFree
Sleep
FindResourceA
VirtualAlloc
CompareStringA
VariantChangeType
SafeArrayGetLBound
SafeArrayPtrOfIndex
SysAllocStringLen
VariantClear
SafeArrayCreate
SysReAllocStringLen
SafeArrayGetUBound
VariantCopy
GetErrorInfo
SysFreeString
VariantInit
SHBrowseForFolderA
SHGetDesktopFolder
SHGetPathFromIDListA
Shell_NotifyIconA
SHGetMalloc
ShellExecuteA
SHFileOperationA
StrStrA
MapWindowPoints
GetForegroundWindow
EnableScrollBar
DestroyMenu
SetWindowPos
IsWindow
DispatchMessageA
EndPaint
SetMenuItemInfoA
CharUpperBuffA
WindowFromPoint
SetActiveWindow
GetDC
GetCursorPos
DrawTextA
GetClassInfoA
GetMenu
UnregisterClassA
SendMessageA
GetClientRect
CharLowerBuffA
SetScrollPos
CallNextHookEx
TrackPopupMenu
ClientToScreen
GetActiveWindow
ShowCursor
GetMenuItemCount
GetWindowTextA
DestroyWindow
DrawEdge
GetParent
UpdateWindow
SetPropA
EqualRect
EnumWindows
DefMDIChildProcA
ShowWindow
SetClassLongA
GetPropA
GetDesktopWindow
TranslateMDISysAccel
GetTabbedTextExtentA
EnableWindow
SetWindowPlacement
ChildWindowFromPoint
TranslateMessage
IsWindowEnabled
GetWindow
ActivateKeyboardLayout
CreatePopupMenu
GetIconInfo
LoadStringA
SetParent
SetClipboardData
ScrollWindow
CharLowerA
IsZoomed
GetWindowPlacement
GetKeyboardLayoutList
DrawMenuBar
IsIconic
GetSubMenu
GetDCEx
GetKeyboardLayout
FillRect
EnumThreadWindows
CharNextA
GetSysColorBrush
CreateMenu
GetUpdateRect
IsChild
IsDialogMessageA
SetFocus
CreateWindowExA
MapVirtualKeyA
BeginPaint
KillTimer
DefWindowProcA
GetClipboardData
SendDlgItemMessageA
GetSystemMetrics
EnableMenuItem
SetScrollRange
GetWindowRect
InflateRect
SetCapture
DrawIcon
GetScrollRange
SetWindowLongA
WaitMessage
SetWindowTextA
CheckMenuItem
DrawFocusRect
GetLastActivePopup
DrawIconEx
SetTimer
GetDlgItem
ScreenToClient
InsertMenuA
LoadCursorA
GetKeyboardState
SetWindowsHookExA
GetMenuItemInfoA
GetMenuState
ShowOwnedPopups
GetMenuItemID
SetForegroundWindow
CharToOemA
EmptyClipboard
IntersectRect
GetScrollInfo
GetCapture
FindWindowA
GetWindowThreadProcessId
ShowScrollBar
DrawFrameControl
SetMenu
CallWindowProcA
GetMenuStringA
MessageBoxA
GetCursor
GetWindowDC
DestroyCursor
AdjustWindowRectEx
LoadKeyboardLayoutA
GetSysColor
SetScrollInfo
GetKeyState
SystemParametersInfoA
DestroyIcon
GetKeyNameTextA
WinHelpA
FrameRect
SetRect
DeleteMenu
InvalidateRect
DefFrameProcA
CreateIcon
IsRectEmpty
GetClassNameA
GetFocus
CloseClipboard
GetKeyboardType
UnhookWindowsHookEx
SetCursor
GetFileVersionInfoSizeA
GetFileVersionInfoA
VerQueryValueA
GetOpenFileNameA
ChooseColorA
ChooseFontA
CoCreateInstance
CoUninitialize
CoInitialize
CoTaskMemAlloc
Number of PE resources by type
RT_VERSION 1
Number of PE resources by language
RUSSIAN 1
PE resources
Debug information
ExifTool file metadata
SubsystemVersion
4.0

LinkerVersion
5.0

ImageVersion
0.0

FileSubtype
0

FileVersionNumber
5.1.42600.5512

UninitializedDataSize
0

LanguageCode
Russian

FileFlagsMask
0x003f

CharacterSet
Unicode

InitializedDataSize
61440

EntryPoint
0x6900

OriginalFileName
ipxroute.exe

MIMEType
application/octet-stream

LegalCopyright
. .

FileVersion
5.41.2600.5512 (xpsp.080413-0852)

TimeStamp
2015:01:19 08:19:12+01:00

FileType
Win32 EXE

PEType
PE32

InternalName
ipxroute.exe

ProductVersion
5.41.2600.5512

FileDescription
NWLink

OSVersion
4.0

FileOS
Windows NT 32-bit

Subsystem
Windows command line

MachineType
Intel 386 or later, and compatibles

CodeSize
24576

ProductName
Microsoft Windows

ProductVersionNumber
5.1.2600.5512

FileTypeExtension
exe

ObjectFileType
Executable application

CarbonBlack CarbonBlack acts as a surveillance camera for computers
While monitoring an end-user machine in-the-wild, CarbonBlack noticed the following files in execution wrote this sample to disk.
Compressed bundles
File identification
MD5 78399ceeac46def2e7ff7d687450f52c
SHA1 31e60e4ea48c1be9343810940e1b34e4d4a8d405
SHA256 11717471e1086ebae16252120073135cee3f969b7a46fea08624918f66087906
ssdeep
1536:Y3SLg5lTMiDKNA6UxuOeiBzj89XhlFJC5toAU2w:G5QA6Uxu8B09XLy5TU2w

authentihash 917a085260a19e6cb16a26c300c86c08dcd86421a33af1fba60e35b3b881bafe
imphash eb55b9591fda14f6666d8a6c545632b0
File size 82.0 KB ( 83968 bytes )
File type Win32 EXE
Magic literal
PE32 executable for MS Windows (console) Intel 80386 32-bit

TrID Windows screen saver (46.4%)
Win32 Dynamic Link Library (generic) (23.3%)
Win32 Executable (generic) (15.9%)
Generic Win/DOS Executable (7.1%)
DOS Executable Generic (7.0%)
Tags
peexe

VirusTotal metadata
First submission 2015-01-19 08:43:53 UTC ( 2 years, 9 months ago )
Last submission 2017-07-31 14:43:17 UTC ( 2 months, 2 weeks ago )
File names 324234234.exe
bin.exe.malware
bin[1].exe
sample ._DONTEXECUTE
78399ceeac46def2e7ff7d687450f52c.exe
unconfirmed 255755.crdownload
11717471e1086ebae16252120073135cee3f969b7a46fea08624918f66087906.exe
techno-kar.ru_bin.exe
324234234.exe
vti-rescan
bin.exe.1
bin(1).exe
f_0000a4
unconfirmed 86167.crdownload
bin.exe
file-7931004_exe
bin_exe
ipxroute.exe
78399CEEAC46DEF2E7FF7D687450F52C
Advanced heuristic and reputation engines
Symantec reputation Suspicious.Insight
No comments. No VirusTotal Community member has commented on this item yet, be the first one to do so!

Leave your comment...

?
Post comment

You have not signed in. Only registered users can leave comments, sign in and have a voice!

No votes. No one has voted on this item yet, be the first one to do so!
Condensed report! The following is a condensed report of the behaviour of the file when executed in a controlled environment. The actions and events described were either performed by the file itself or by any other process launched by the executed file or subjected to code injection by the executed file.
Opened files
Read files
Created processes
Created mutexes
Opened mutexes
Runtime DLLs
Additional details
The file sends control codes directly to certain device drivers making use of the DeviceIoControl Windows API function.
HTTP requests
TCP connections