× Cookies are disabled! This site requires cookies to be enabled to work properly
SHA256: 130c5ba319eec2c874edb3ab6bbda98b14f9abab56a340febeae3806d4db02fd
File name: 60109b1a653baea0a5b7fce87101393f12042434
Detection ratio: 34 / 52
Analysis date: 2014-05-01 12:10:04 UTC ( 4 years, 10 months ago )
Antivirus Result Update
Ad-Aware Gen:Variant.Kazy.366895 20140501
AhnLab-V3 Backdoor/Win32.Caphaw 20140430
AntiVir BDS/Caphaw.A.61 20140501
Antiy-AVL Trojan/Win32.SGeneric 20140501
Avast Win32:Rootkit-gen [Rtk] 20140501
AVG Crypt3.JGJ 20140501
Baidu-International Trojan.Win32.Kryptik.BZSO 20140501
BitDefender Gen:Variant.Kazy.366895 20140501
CMC Packed.Win32.FakeAV-Crypter.9!O 20140429
Comodo UnclassifiedMalware 20140501
DrWeb BackDoor.Caphaw.77 20140501
Emsisoft Gen:Variant.Kazy.366895 (B) 20140501
ESET-NOD32 a variant of Win32/Kryptik.BZSO 20140501
F-Secure Gen:Variant.Kazy.366895 20140501
Fortinet W32/Kryptik.BZSO!tr 20140430
GData Gen:Variant.Kazy.366895 20140501
Ikarus Trojan.Crypt3 20140501
K7AntiVirus Trojan ( 00498aa01 ) 20140430
K7GW Trojan ( 00498aa01 ) 20140430
Malwarebytes Trojan.Agent.ED 20140501
McAfee Artemis!0D6E688EAA81 20140501
McAfee-GW-Edition Artemis!0D6E688EAA81 20140430
Microsoft Backdoor:Win32/Caphaw.A 20140501
eScan Gen:Variant.Kazy.366895 20140501
NANO-Antivirus Trojan.Win32.Caphaw.cwsjdl 20140501
Panda Generic Malware 20140501
Qihoo-360 Malware.QVM20.Gen 20140501
Rising PE:Malware.Obscure!1.9C59 20140501
Sophos AV Mal/Generic-S 20140501
TotalDefense Win32/Caphaw.aOWILAC 20140501
TrendMicro TROJ_GEN.R028C0DDU14 20140501
TrendMicro-HouseCall TROJ_GEN.R028C0DDU14 20140501
VBA32 BScope.Backdoor.Caphaw 20140428
VIPRE Backdoor.Win32.Caphaw 20140501
AegisLab 20140501
Yandex 20140430
Bkav 20140428
ByteHero 20140501
CAT-QuickHeal 20140430
ClamAV 20140501
Commtouch 20140501
F-Prot 20140501
Jiangmin 20140501
Kaspersky 20140501
Kingsoft 20140501
Norman 20140501
nProtect 20140430
SUPERAntiSpyware 20140501
Symantec 20140501
TheHacker 20140501
ViRobot 20140501
Zillya 20140501
The file being studied is a Portable Executable file! More specifically, it is a Win32 EXE file for the Windows GUI subsystem.
PE header basic information
Target machine Intel 386 or later processors and compatible processors
Compilation timestamp 2014-04-13 09:43:21
Entry Point 0x00002B30
Number of sections 4
PE sections
PE imports
CreateBitmap
SelectObject
GetCurrentProcess
TerminateProcess
RtlUnwind
LoadLibraryA
WaitForSingleObject
VirtualFree
SetUnhandledExceptionFilter
UnhandledExceptionFilter
IsDebuggerPresent
DeleteAtom
CloseHandle
VirtualLock
Sleep
GetProcAddress
WaitForMultipleObjects
VirtualAlloc
GetModuleHandleW
DrawDibEnd
ICSendMessage
VariantInit
ReleaseDC
GetDC
ShowWindow
auxGetVolume
recv
closesocket
WSAGetLastError
select
CoCreateInstance
CoUninitialize
CoInitialize
Number of PE resources by type
RT_BITMAP 5
RT_STRING 1
RT_VERSION 1
RT_MANIFEST 1
Number of PE resources by language
RUSSIAN 7
ENGLISH US 1
PE resources
ExifTool file metadata
UninitializedDataSize
0

InitializedDataSize
618496

ImageVersion
0.0

ProductName
ilokophtan

FileVersionNumber
1.0.0.1

LanguageCode
Russian

FileFlagsMask
0x0017

FileDescription
KUikopus epp

CharacterSet
Unicode

LinkerVersion
8.0

MIMEType
application/octet-stream

Subsystem
Windows GUI

TimeStamp
2014:04:13 09:43:21+00:00

FileType
Win32 EXE

PEType
PE32

FileAccessDate
2014:05:01 12:11:11+00:00

ProductVersion
38, 51,332, 120

SubsystemVersion
4.0

OSVersion
4.0

FileCreateDate
2014:05:01 12:11:11+00:00

FileOS
Win32

LegalCopyright
FOMUSlimes 15

MachineType
Intel 386 or later, and compatibles

CodeSize
12288

FileSubtype
0

ProductVersionNumber
1.0.0.1

EntryPoint
0x2b30

ObjectFileType
Executable application

File identification
MD5 0d6e688eaa81090b1caca23cec69e0c2
SHA1 60109b1a653baea0a5b7fce87101393f12042434
SHA256 130c5ba319eec2c874edb3ab6bbda98b14f9abab56a340febeae3806d4db02fd
ssdeep
6144:hteGRrKHB/6PRlREg4BEhDiAdCZtzW5JBVPv6RP:ht/RrKHBiRGB0iAdC/yjnqp

imphash fbcc32018d5b50b52ef2455d77e97ee6
File size 620.0 KB ( 634880 bytes )
File type Win32 EXE
Magic literal
PE32 executable for MS Windows (GUI) Intel 80386 32-bit

TrID Win32 Dynamic Link Library (generic) (43.5%)
Win32 Executable (generic) (29.8%)
Generic Win/DOS Executable (13.2%)
DOS Executable Generic (13.2%)
Autodesk FLIC Image File (extensions: flc, fli, cel) (0.0%)
Tags
peexe

VirusTotal metadata
First submission 2014-05-01 12:10:04 UTC ( 4 years, 10 months ago )
Last submission 2014-05-01 12:10:04 UTC ( 4 years, 10 months ago )
File names 60109b1a653baea0a5b7fce87101393f12042434
No comments. No VirusTotal Community member has commented on this item yet, be the first one to do so!

Leave your comment...

?
Post comment

You have not signed in. Only registered users can leave comments, sign in and have a voice!

No votes. No one has voted on this item yet, be the first one to do so!
Condensed report! The following is a condensed report of the behaviour of the file when executed in a controlled environment. The actions and events described were either performed by the file itself or by any other process launched by the executed file or subjected to code injection by the executed file.
Opened files
Read files
Written files
Deleted files
Created mutexes
Opened mutexes
Opened service managers
Opened services
Runtime DLLs
Additional details
The file sends control codes directly to certain device drivers making use of the DeviceIoControl Windows API function.
HTTP requests
DNS requests
TCP connections
UDP communications