× Cookies are disabled! This site requires cookies to be enabled to work properly
SHA256: 150872022d30ede70f0d959b671281d44b55883a229e07dd0bdcf33a0a827274
File name: soundrec.exe
Detection ratio: 47 / 57
Analysis date: 2017-02-03 09:44:27 UTC ( 2 weeks, 6 days ago )
Antivirus Result Update
ALYac Gen:Variant.Kazy.172419 20170203
AVG Worm/Generic3.DY 20170202
AVware Trojan.Win32.ZAccess.n (v) 20170203
Ad-Aware Gen:Variant.Kazy.172419 20170203
AegisLab Troj.W32.Bublik!c 20170203
AhnLab-V3 Spyware/Win32.Zbot.R47869 20170202
Antiy-AVL Trojan[Spy]/Win32.Zbot 20170203
Arcabit Trojan.Kazy.D2A183 20170203
Avast Win32:Karagany 20170203
Avira (no cloud) TR/Crypt.EPACK.Gen2 20170203
Baidu Win32.Trojan.WisdomEyes.16070401.9500.9999 20170125
BitDefender Gen:Variant.Kazy.172419 20170203
Bkav W32.Clod7ba.Trojan.816a 20170203
CMC Trojan.Win32.Obfuscated.2!O 20170203
Comodo TrojWare.Win32.Trojan.Agent.Gen 20170203
CrowdStrike Falcon (ML) malicious_confidence_86% (W) 20170130
Cyren W32/Zbot.JC.gen!Eldorado 20170202
DrWeb Trojan.Necurs.97 20170203
ESET-NOD32 a variant of Win32/Kryptik.BAZP 20170203
Emsisoft Gen:Variant.Kazy.172419 (B) 20170203
F-Prot W32/Zbot.JC.gen!Eldorado 20170203
F-Secure Gen:Variant.Kazy.172419 20170203
GData Gen:Variant.Kazy.172419 20170203
Ikarus Worm.Win32.Cridex 20170203
Invincea trojan.win32.sirefef.p 20170111
K7AntiVirus Riskware ( 0040eff71 ) 20170203
K7GW Riskware ( 0040eff71 ) 20170203
Kaspersky Trojan.Win32.Bublik.auyd 20170203
Malwarebytes Spyware.Zbot.ED 20170203
McAfee PWS-Zbot-FATG!330AD00466BD 20170203
McAfee-GW-Edition PWS-Zbot-FATG!330AD00466BD 20170203
eScan Gen:Variant.Kazy.172419 20170203
Microsoft Worm:Win32/Cridex.E 20170203
NANO-Antivirus Trojan.Win32.Bublik.csfbse 20170203
Panda Trj/Genetic.gen 20170202
Qihoo-360 Win32/Trojan.688 20170203
Rising Trojan.Generic-JwXkEYtDCRJ (cloud) 20170203
Sophos Troj/Zbot-FCO 20170203
Symantec Trojan.Zbot 20170202
Tencent Win32.Trojan.Bublik.Lfzu 20170203
TrendMicro WORM_CRIDEX.RD 20170203
TrendMicro-HouseCall WORM_CRIDEX.RD 20170203
VBA32 SScope.Malware-Cryptor.Hlux 20170202
VIPRE Trojan.Win32.ZAccess.n (v) 20170203
ViRobot Trojan.Win32.Z.Zbot.296448.BD[h] 20170203
Yandex Trojan.Bublik!LdrAGmPeehg 20170203
Zillya Trojan.Bublik.Win32.11210 20170201
Alibaba 20170122
CAT-QuickHeal 20170203
ClamAV 20170203
Fortinet 20170203
Jiangmin 20170203
Kingsoft 20170203
SUPERAntiSpyware 20170203
TheHacker 20170202
TotalDefense 20170203
Trustlook 20170203
WhiteArmor 20170202
Zoner 20170203
nProtect 20170203
The file being studied is a Portable Executable file! More specifically, it is a Win32 EXE file for the Windows GUI subsystem.
FileVersionInfo properties
Copyright
© ?????????? ??????????. ??? ????? ????????.

Product ???????????? ??????? Microsoft® Windows®
Original name sndrec32.exe
Internal name soundrec.exe
File version 5.1.2600.5512 (xpsp.080413-0845)
Description ???????????
PE header basic information
Target machine Intel 386 or later processors and compatible processors
Compilation timestamp 2013-05-07 07:28:20
Entry Point 0x00036E30
Number of sections 11
PE sections
PE imports
OpenEncryptedFileRawW
RegOpenKeyExW
CreateFileW
GetWindowsDirectoryW
ReadFile
ExitProcess
GetStartupInfoW
LoadLibraryA
GetProcAddress
LoadIconW
LoadIconA
_purecall
__p__fmode
malloc
_putenv
__wgetmainargs
_ftol
_wfopen
_wcsnicmp
__dllonexit
_open_osfhandle
_snwprintf
fread
_wcsicmp
wcsrchr
_wcsupr
fflush
_onexit
_vsnwprintf
_cexit
wcslen
_c_exit
wcscpy
clearerr
wcscmp
_errno
_tzset
fseek
_mbslen
_getpid
_wcsdup
mktime
ftell
isalpha
exit
_XcptFilter
realloc
wcsncat
_filelength
_local_unwind2
_adjust_fdiv
_wcmdln
__CxxFrameHandler
_mbscpy
_CxxThrowException
wcspbrk
_fdopen
wcstok
fclose
__p__commode
__setusermatherr
_wcsrev
free
wcscat
wcsncmp
_except_handler3
calloc
_controlfp
wprintf
_wcslwr
wcsncpy
memmove
localtime
swscanf
isspace
wcschr
swprintf
time
fwrite
wcsstr
_initterm
_exit
_wtoi
__set_app_type
Number of PE resources by type
RT_ICON 15
RT_STRING 9
RT_DIALOG 4
RT_GROUP_ICON 4
RT_RCDATA 2
RT_MANIFEST 1
RT_MENU 1
RT_ACCELERATOR 1
RT_BITMAP 1
RT_VERSION 1
Number of PE resources by language
RUSSIAN 35
ENGLISH US 3
GERMAN SWISS 1
PE resources
ExifTool file metadata
UninitializedDataSize
0

LinkerVersion
9.0

ImageVersion
0.0

FileSubtype
0

FileVersionNumber
5.1.2600.5512

LanguageCode
Russian

FileFlagsMask
0x003f

CharacterSet
Unicode

InitializedDataSize
86528

EntryPoint
0x36e30

OriginalFileName
sndrec32.exe

MIMEType
application/octet-stream

LegalCopyright
. .

FileVersion
5.1.2600.5512 (xpsp.080413-0845)

TimeStamp
2013:05:07 08:28:20+01:00

FileType
Win32 EXE

PEType
PE32

InternalName
soundrec.exe

ProductVersion
5.1.2600.5512

SubsystemVersion
5.0

OSVersion
5.0

FileOS
Windows NT 32-bit

Subsystem
Windows GUI

MachineType
Intel 386 or later, and compatibles

CodeSize
208896

ProductName
Microsoft Windows

ProductVersionNumber
5.1.2600.5512

FileTypeExtension
exe

ObjectFileType
Executable application

File identification
MD5 330ad00466bd44a5fb2786f0f5e2d0da
SHA1 c86324d9ad20731e34d1c1be5631a6dfe544f328
SHA256 150872022d30ede70f0d959b671281d44b55883a229e07dd0bdcf33a0a827274
ssdeep
6144:X4p93q+aP+MWChp8Nnt32dHEwJMqzU3b:XUDspWBL32+wJtq

authentihash e8e5d95d88e73b5e32d31f7223ebd107472a5c15c2e12cbf6fb589a0cfcc817b
imphash b882e34f1a027824a4c2aa420665e203
File size 289.5 KB ( 296448 bytes )
File type Win32 EXE
Magic literal
PE32 executable for MS Windows (GUI) Intel 80386 32-bit

TrID Win64 Executable (generic) (64.6%)
Win32 Dynamic Link Library (generic) (15.4%)
Win32 Executable (generic) (10.5%)
Generic Win/DOS Executable (4.6%)
DOS Executable Generic (4.6%)
Tags
peexe

VirusTotal metadata
First submission 2013-05-07 22:38:59 UTC ( 3 years, 9 months ago )
Last submission 2013-05-09 06:40:27 UTC ( 3 years, 9 months ago )
File names 1867988.exe
sndrec32.exe
330ad00466bd44a5fb2786f0f5e2d0da.exe
KB00240793.vir
soundrec.exe
KB00678383.exe
readme.exe
info.exe
Advanced heuristic and reputation engines
Symantec reputation Suspicious.Insight
No comments. No VirusTotal Community member has commented on this item yet, be the first one to do so!

Leave your comment...

?
Post comment

You have not signed in. Only registered users can leave comments, sign in and have a voice!

No votes. No one has voted on this item yet, be the first one to do so!
Condensed report! The following is a condensed report of the behaviour of the file when executed in a controlled environment. The actions and events described were either performed by the file itself or by any other process launched by the executed file or subjected to code injection by the executed file.
Opened files
Read files
Opened mutexes
Runtime DLLs
Additional details
The file sends control codes directly to certain device drivers making use of the DeviceIoControl Windows API function.
UDP communications