× Cookies are disabled! This site requires cookies to be enabled to work properly
SHA256: 13701cc910b4d980196223915afb7d1473e999473fd6473cc977635ed7c4933e
File name: kero.exe
Detection ratio: 7 / 56
Analysis date: 2015-09-20 01:11:04 UTC ( 3 years, 6 months ago ) View latest
Antivirus Result Update
Cyren W32/Agent.XL.gen!Eldorado 20150919
F-Prot W32/Agent.XL.gen!Eldorado 20150919
K7AntiVirus Trojan ( 004ce5451 ) 20150919
K7GW Trojan ( 004ce5451 ) 20150919
Kaspersky UDS:DangerousObject.Multi.Generic 20150920
McAfee-GW-Edition BehavesLike.Win32.PackedAP.fh 20150919
Qihoo-360 HEUR/QVM10.1.Malware.Gen 20150920
Ad-Aware 20150919
AegisLab 20150919
Yandex 20150919
AhnLab-V3 20150919
Alibaba 20150918
ALYac 20150920
Antiy-AVL 20150920
Arcabit 20150919
Avast 20150920
AVG 20150919
Avira (no cloud) 20150919
AVware 20150919
Baidu-International 20150919
BitDefender 20150919
Bkav 20150919
ByteHero 20150920
CAT-QuickHeal 20150919
ClamAV 20150918
CMC 20150920
Comodo 20150919
DrWeb 20150920
Emsisoft 20150919
ESET-NOD32 20150919
F-Secure 20150919
Fortinet 20150920
GData 20150920
Ikarus 20150919
Jiangmin 20150919
Kingsoft 20150920
Malwarebytes 20150919
McAfee 20150920
Microsoft 20150919
eScan 20150919
NANO-Antivirus 20150920
nProtect 20150918
Panda 20150919
Rising 20150919
Sophos AV 20150919
SUPERAntiSpyware 20150919
Symantec 20150919
TheHacker 20150919
TotalDefense 20150920
TrendMicro 20150920
TrendMicro-HouseCall 20150920
VBA32 20150918
VIPRE 20150920
ViRobot 20150919
Zillya 20150919
Zoner 20150920
The file being studied is a Portable Executable file! More specifically, it is a Win32 EXE file for the Windows GUI subsystem.
FileVersionInfo properties
Copyright
© Microsoft Corporation. All rights reserved.

Product Microsoft® Visual Studio® 2008
Original name XDCMAKE.EXE
Internal name XDCMAKE.EXE
File version 15.00.21022.08 built by: RTM
Description Microsoft® XML Document Contents Merge Tool
PE header basic information
Target machine Intel 386 or later processors and compatible processors
Compilation timestamp 2015-09-19 21:25:35
Entry Point 0x0001DB67
Number of sections 4
PE sections
Overlays
MD5 3f4d9e08397b397fe3ae1e3b4d516a9c
File type data
Offset 365568
Size 1300
Entropy 7.70
PE imports
CloseServiceHandle
RegCloseKey
OpenProcessToken
RegSetValueExW
RegOpenKeyExW
OpenSCManagerW
LockServiceDatabase
AdjustTokenPrivileges
QueryServiceLockStatusW
LookupPrivilegeValueW
RegEnumKeyW
UnlockServiceDatabase
RegQueryValueExW
GetBitmapBits
GetCharABCWidthsFloatW
GetRgnBox
SaveDC
TextOutA
GdiGradientFill
EndPath
RemoveFontMemResourceEx
GetPixel
GetGlyphOutlineA
Rectangle
OffsetViewportOrgEx
SetBkMode
RemoveFontResourceExA
EnumMetaFile
OffsetWindowOrgEx
GetMiterLimit
CreateEllipticRgn
FrameRgn
DeleteColorSpace
AbortPath
PtVisible
GetGraphicsMode
SetTextAlign
GetDCOrgEx
GetTextFaceA
CloseEnhMetaFile
ScaleViewportExtEx
ArcTo
CreateRectRgn
UpdateICMRegKeyA
GetEnhMetaFileHeader
WidenPath
ColorCorrectPalette
GetStdHandle
GetConsoleOutputCP
ReleaseMutex
GetFileAttributesA
WaitForSingleObject
EncodePointer
FreeEnvironmentStringsA
DeleteCriticalSection
GetCurrentProcess
GetConsoleMode
GetLocaleInfoA
GetLogicalDrives
FreeEnvironmentStringsW
GetLocaleInfoW
SetStdHandle
WideCharToMultiByte
GetStringTypeA
GetTempPathW
GetSystemTimeAsFileTime
HeapReAlloc
GetStringTypeW
GetThreadPriority
GetExitCodeProcess
ResumeThread
GetLogicalDriveStringsW
FindClose
InterlockedDecrement
QueryDosDeviceW
MoveFileW
SetFileAttributesW
GetEnvironmentVariableW
SetLastError
GetModuleFileNameW
IsDebuggerPresent
ExitProcess
GetModuleFileNameA
RaiseException
GetPriorityClass
UnhandledExceptionFilter
TlsGetValue
MultiByteToWideChar
GetModuleHandleA
SetEnvironmentVariableW
GetSystemDirectoryW
SetUnhandledExceptionFilter
MulDiv
IsProcessorFeaturePresent
DecodePointer
SetEnvironmentVariableA
TerminateProcess
WriteConsoleA
GetCurrentThreadId
LeaveCriticalSection
WriteConsoleW
CreateToolhelp32Snapshot
InitializeCriticalSectionAndSpinCount
HeapFree
GetMailslotInfo
EnterCriticalSection
SetHandleCount
LoadLibraryW
GetVersionExW
FreeLibrary
QueryPerformanceCounter
GetTickCount
DisableThreadLibraryCalls
TlsAlloc
VirtualProtect
FlushFileBuffers
LoadLibraryA
RtlUnwind
GetStartupInfoA
GetFileSize
LCMapStringW
OpenProcess
GetStartupInfoW
ReadProcessMemory
DeleteFileW
GetUserDefaultLCID
CreateFileMappingW
EnumResourceNamesW
CompareStringW
CompareStringA
FindFirstFileW
IsValidLocale
DuplicateHandle
GetProcAddress
GetTimeZoneInformation
CreateFileW
GetFileType
TlsSetValue
CreateFileA
HeapAlloc
LocalUnlock
InterlockedIncrement
GetLastError
GlobalDeleteAtom
HeapCreate
GetConsoleCP
GetTapeStatus
LCMapStringA
GetSystemWindowsDirectoryW
GetEnvironmentStringsW
GetShortPathNameA
Process32NextW
CreateProcessW
GetEnvironmentStrings
CompareFileTime
GetCurrentProcessId
GetCommandLineW
GetCPInfo
HeapSize
GetCommandLineA
Process32FirstW
GetCurrentThread
QueryPerformanceFrequency
ReleaseSemaphore
MapViewOfFile
TlsFree
SetFilePointer
ReadFile
CloseHandle
EnumSystemLocalesA
GetACP
GetModuleHandleW
GetLongPathNameW
IsValidCodePage
UnmapViewOfFile
WriteFile
VirtualFree
Sleep
GetProcessVersion
VirtualAlloc
GetOEMCP
TrackPopupMenuEx
GetMessagePos
DrawTextExW
EndDialog
EqualRect
CreateCaret
WaitForInputIdle
GetMessageW
ToAsciiEx
RemoveMenu
GetDesktopWindow
MessageBoxW
InSendMessageEx
FrameRect
OpenIcon
EnableScrollBar
GetWindowDC
ScrollDC
VkKeyScanW
GetSysColor
ChildWindowFromPointEx
GetIconInfo
PaintDesktop
GetClientRect
RegisterRawInputDevices
IsCharAlphaNumericW
GetClipboardFormatNameA
IsHungAppWindow
GetThreadDesktop
GetKeyNameTextW
GetWindowLongA
KillTimer
MapVirtualKeyExW
CloseDesktop
EnumClipboardFormats
DestroyWindow
GetKeyboardType
IsChild
OpenClipboard
VerQueryValueW
OleFlushClipboard
Number of PE resources by type
RT_DIALOG 15
RT_ICON 3
RT_BITMAP 2
RT_MANIFEST 1
RT_VERSION 1
RT_GROUP_ICON 1
Number of PE resources by language
ENGLISH US 22
NEUTRAL 1
PE resources
ExifTool file metadata
SubsystemVersion
5.0

LinkerVersion
9.0

ImageVersion
0.0

FileSubtype
0

FileVersionNumber
15.0.21022.8

UninitializedDataSize
0

LanguageCode
English (U.S.)

FileFlagsMask
0x003f

CharacterSet
Unicode

InitializedDataSize
182272

EntryPoint
0x1db67

OriginalFileName
XDCMAKE.EXE

MIMEType
application/octet-stream

LegalCopyright
Microsoft Corporation. All rights reserved.

FileVersion
15.00.21022.08 built by: RTM

TimeStamp
2015:09:19 22:25:35+01:00

FileType
Win32 EXE

PEType
PE32

InternalName
XDCMAKE.EXE

ProductVersion
9.00.21022.08

FileDescription
Microsoft XML Document Contents Merge Tool

OSVersion
5.0

FileOS
Win32

Subsystem
Windows GUI

MachineType
Intel 386 or later, and compatibles

CompanyName
Microsoft Corporation

CodeSize
182272

ProductName
Microsoft Visual Studio 2008

ProductVersionNumber
9.0.21022.8

FileTypeExtension
exe

ObjectFileType
Executable application

File identification
MD5 558c98ddacaf5f8c164316f55f2b10e9
SHA1 3e6ca625309d563c2b3c82e1ec5bf53e0be9acec
SHA256 13701cc910b4d980196223915afb7d1473e999473fd6473cc977635ed7c4933e
ssdeep
6144:72GRa0YJmREYr08XOfGCiZt8cSeHkSN8teKzjq2PV:5a8REYr5XOuhlSa7N8HzjqS

authentihash 3026f7911d564c74c85c021f0df8621754f31f1b14b255bb44dc42f35b239f83
imphash 80a28cd6545cf6f15db06f06f5b4b68b
File size 358.3 KB ( 366868 bytes )
File type Win32 EXE
Magic literal
PE32 executable for MS Windows (GUI) Intel 80386 32-bit

TrID Win32 Executable MS Visual C++ (generic) (42.2%)
Win64 Executable (generic) (37.3%)
Win32 Dynamic Link Library (generic) (8.8%)
Win32 Executable (generic) (6.0%)
Generic Win/DOS Executable (2.7%)
Tags
peexe overlay

VirusTotal metadata
First submission 2015-09-19 23:31:23 UTC ( 3 years, 6 months ago )
Last submission 2015-09-20 01:11:04 UTC ( 3 years, 6 months ago )
File names XDCMAKE.EXE
kero.exe
No_nameP0FMFKndjY_l4h
No comments. No VirusTotal Community member has commented on this item yet, be the first one to do so!

Leave your comment...

?
Post comment

You have not signed in. Only registered users can leave comments, sign in and have a voice!

No votes. No one has voted on this item yet, be the first one to do so!
Condensed report! The following is a condensed report of the behaviour of the file when executed in a controlled environment. The actions and events described were either performed by the file itself or by any other process launched by the executed file or subjected to code injection by the executed file.
Opened files
Read files
Written files
Copied files
Deleted files
Created processes
Code injections in the following processes
Created mutexes
Opened mutexes
Searched windows
Opened service managers
Opened services
Runtime DLLs