× Cookies are disabled! This site requires cookies to be enabled to work properly
SHA256: 13b7332e422824cb08834d2888a4594c6b46de80a60d3b39347386826cc956f3
File name: 6875e72b894c26025af3e48786909d142ff0ca25_exe.ex
Detection ratio: 45 / 51
Analysis date: 2014-04-05 09:38:08 UTC ( 4 years, 5 months ago )
Antivirus Result Update
Ad-Aware Trojan.Generic.3850690 20140405
Yandex Trojan.Fraudload.Gen!Pac.5 20140404
AhnLab-V3 Win-Trojan/Bredolab1.Gen 20140404
AntiVir TR/Crypt.XPACK.Gen 20140405
Avast Win32:Bredolab-CV [Trj] 20140405
AVG Win32/Cryptor 20140405
BitDefender Trojan.Generic.3850690 20140405
Bkav W32.FraudloadKA.Worm 20140405
CAT-QuickHeal Win32.Packed.Krap.x.4 20140405
ClamAV Trojan.Packed-174 20140405
CMC Packed.Win32.Katusha.3!O 20140404
Commtouch W32/SuspPack.BI.gen!Eldorado 20140405
Comodo EmailWorm.Win32.Iksmas.~PKF 20140405
DrWeb Trojan.Packed.19706 20140405
Emsisoft Trojan.Generic.3850690 (B) 20140405
ESET-NOD32 Win32/Kryptik.CRM.Gen 20140405
F-Prot W32/SuspPack.BI.gen!Eldorado 20140405
F-Secure Trojan.Generic.3850690 20140405
GData Trojan.Generic.3850690 20140405
Ikarus Packed.Win32.Krap 20140405
Jiangmin Packed.Krap.emjt 20140405
K7AntiVirus Riskware ( a02be29a0 ) 20140404
K7GW Trojan ( 0013e73b1 ) 20140404
Kaspersky Packed.Win32.Krap.x 20140405
Malwarebytes Trojan.Downloader 20140405
McAfee Generic Dropper.lr 20140405
McAfee-GW-Edition Generic Dropper.lr 20140405
Microsoft TrojanDownloader:Win32/Waledac.C 20140405
eScan Trojan.Generic.3850690 20140405
NANO-Antivirus Trojan.Win32.Genome.nqxb 20140405
Norman Bredolab.TL 20140404
nProtect Trojan.Generic.3850690 20140404
Panda Bck/Bredolab.AB 20140404
Qihoo-360 HEUR/Malware.QVM20.Gen 20140405
Rising PE:Trojan.Win32.Generic.11E393C3!300127171 20140404
Sophos AV Mal/EncPk-QY 20140405
SUPERAntiSpyware Trojan.Agent/Gen-CryptHack 20140405
Symantec Packed.Generic.265 20140405
TheHacker Trojan/Agent.gen 20140404
TotalDefense Win32/RedSQ_i 20140405
TrendMicro TROJ_BREDLAB.SM 20140405
TrendMicro-HouseCall TROJ_BREDLAB.SM 20140405
VBA32 SScope.Trojan.Agent.01175 20140404
VIPRE Packed.Win32.Krap.x (v) 20140405
ViRobot Trojan.Win32.S.Downloader.22016.M 20140405
AegisLab 20140405
Antiy-AVL 20140405
Baidu-International 20140405
ByteHero 20140405
Fortinet 20140404
Kingsoft 20140405
The file being studied is a Portable Executable file! More specifically, it is a Win32 EXE file for the Windows GUI subsystem.
PE header basic information
Target machine Intel 386 or later processors and compatible processors
Compilation timestamp 2010-02-18 07:47:20
Entry Point 0x00001048
Number of sections 4
PE sections
PE imports
GetDeviceCaps
SelectObject
GetTextExtentPoint32A
GetStockObject
CreateFontIndirectA
ExtTextOutA
GetTextMetricsA
LocalFree
GetStdHandle
Sleep
LocalAlloc
GetModuleHandleA
lstrcatA
GlobalFree
GlobalAlloc
FreeLibrary
CreateEventA
lstrcpyA
GetTickCount
CloseHandle
GetVersionExA
GetCommandLineA
GetProcAddress
GetFileSize
LoadLibraryA
GetLastError
_except_handler3
__p__fmode
_adjust_fdiv
memmove
__p__commode
wcschr
wcslen
exit
toupper
__getmainargs
_initterm
rand
wcstoul
CreateWindowExA
LoadIconA
PostQuitMessage
GetWindowRect
DispatchMessageA
EndPaint
EndDialog
BeginPaint
MessageBoxA
DefWindowProcA
GetClientRect
GetFocus
TranslateMessage
DialogBoxParamA
ShowWindow
GetSysColor
DestroyWindow
Number of PE resources by type
RT_ICON 2
RT_CURSOR 1
RT_GROUP_ICON 1
Number of PE resources by language
RUSSIAN 4
PE resources
ExifTool file metadata
MIMEType
application/octet-stream

Subsystem
Windows GUI

MachineType
Intel 386 or later, and compatibles

TimeStamp
2010:02:18 08:47:20+01:00

FileType
Win32 EXE

PEType
PE32

CodeSize
6144

LinkerVersion
6.0

FileAccessDate
2014:04:05 10:38:18+01:00

EntryPoint
0x1048

InitializedDataSize
14848

SubsystemVersion
4.0

ImageVersion
0.0

OSVersion
4.0

FileCreateDate
2014:04:05 10:38:18+01:00

UninitializedDataSize
0

File identification
MD5 89139a406231f3e2b4f13b11c70c382b
SHA1 6875e72b894c26025af3e48786909d142ff0ca25
SHA256 13b7332e422824cb08834d2888a4594c6b46de80a60d3b39347386826cc956f3
ssdeep
192:WBybjj6QKuo19Jciv0svTF7aZmuwyimPK8V6Uz8qNbY:9bj2J9JB8svTFGZN0V8gUzXNb

imphash 76d427e71a5ecd65f296234f8fd5635b
File size 21.5 KB ( 22016 bytes )
File type Win32 EXE
Magic literal
PE32 executable for MS Windows (GUI) Intel 80386 32-bit

TrID Win32 Dynamic Link Library (generic) (43.5%)
Win32 Executable (generic) (29.8%)
Generic Win/DOS Executable (13.2%)
DOS Executable Generic (13.2%)
Autodesk FLIC Image File (extensions: flc, fli, cel) (0.0%)
Tags
peexe

VirusTotal metadata
First submission 2010-02-23 23:59:34 UTC ( 8 years, 6 months ago )
Last submission 2014-04-05 09:38:08 UTC ( 4 years, 5 months ago )
File names sample_89139a406231f3e2b4f13b11c70c382b
mglqxzU0WD.msc
aa
6875e72b894c26025af3e48786909d142ff0ca25_exe.ex
fyEkamt.7z
No comments. No VirusTotal Community member has commented on this item yet, be the first one to do so!

Leave your comment...

?
Post comment

You have not signed in. Only registered users can leave comments, sign in and have a voice!

No votes. No one has voted on this item yet, be the first one to do so!
Condensed report! The following is a condensed report of the behaviour of the file when executed in a controlled environment. The actions and events described were either performed by the file itself or by any other process launched by the executed file or subjected to code injection by the executed file.
Runtime DLLs
Additional details
The file sends control codes directly to certain device drivers making use of the DeviceIoControl Windows API function.
DNS requests
UDP communications