× Cookies are disabled! This site requires cookies to be enabled to work properly
SHA256: 151b7eca391c57feb7edc80a38ec6e22ead95e8cf14a821fc327e73ce7686351
File name: codex-gigas_264e9b6ee718266c36645e6507eca7d1
Detection ratio: 42 / 57
Analysis date: 2016-05-19 11:40:45 UTC ( 11 months, 2 weeks ago )
Antivirus Result Update
Ad-Aware Trojan.Generic.9280255 20160519
AhnLab-V3 Packed/Win32.Generic 20160519
ALYac Trojan.Generic.9280255 20160519
Antiy-AVL Trojan[Spy]/Win32.Zbot 20160519
Arcabit Trojan.Generic.D8D9AFF 20160519
Avast Win32:Evo-gen [Susp] 20160519
AVG PSW.Generic11.AETD 20160519
Avira (no cloud) TR/Crypt.XPACK.Gen7 20160519
AVware Trojan.Win32.Generic!BT 20160519
Baidu Win32.Trojan.WisdomEyes.151026.9950.9978 20160519
Baidu-International Trojan.Win32.Zbot.ujby 20160519
BitDefender Trojan.Generic.9280255 20160519
Bkav W32.Clodb87.Trojan.1565 20160518
CAT-QuickHeal TrojanPWS.Zbot.r4 20160518
ClamAV Win.Trojan.9280255-1 20160519
DrWeb Trojan.PWS.Panda.2401 20160519
Emsisoft Trojan.Generic.9280255 (B) 20160519
ESET-NOD32 a variant of Win32/Kryptik.BEAK 20160519
F-Secure Trojan.Generic.9280255 20160519
Fortinet W32/Kryptik.BEAK!tr 20160519
GData Trojan.Generic.9280255 20160519
Ikarus Trojan-PWS.Win32.Zbot 20160519
Jiangmin TrojanSpy.Zbot.djsq 20160519
K7AntiVirus Trojan ( 00488f271 ) 20160519
K7GW Trojan ( 00488f271 ) 20160519
Kaspersky Trojan-Spy.Win32.Zbot.ujby 20160519
McAfee GenericR-HMS!6EEAC247F0EF 20160519
McAfee-GW-Edition BehavesLike.Win32.PWSZbot.fm 20160519
Microsoft PWS:Win32/Zbot 20160519
eScan Trojan.Generic.9280255 20160519
NANO-Antivirus Trojan.Win32.XPACK.dgmvdc 20160519
nProtect Trojan.Generic.9280255 20160519
Panda Trj/Dtcontx.F 20160518
Qihoo-360 HEUR/Malware.QVM07.Gen 20160519
Rising Trjoan.Generic-rkVBqNAMwCD (Cloud) 20160519
Sophos Mal/Generic-S 20160519
Symantec Packed.Generic.453 20160519
Tencent Win32.Backdoor.Bp-generic.Oayz 20160519
VBA32 TrojanSpy.Zbot 20160519
VIPRE Trojan.Win32.Generic!BT 20160519
Yandex Trojan.Kryptik!whBHUJsBmc4 20160518
Zillya Trojan.Zbot.Win32.168250 20160519
AegisLab 20160519
Alibaba 20160516
CMC 20160516
Comodo 20160519
Cyren 20160519
F-Prot 20160519
Kingsoft 20160519
Malwarebytes 20160519
SUPERAntiSpyware 20160519
TheHacker 20160519
TotalDefense 20160519
TrendMicro 20160519
TrendMicro-HouseCall 20160519
ViRobot 20160519
Zoner 20160519
The file being studied is a Portable Executable file! More specifically, it is a Win32 EXE file for the Windows GUI subsystem.
PE header basic information
Target machine Intel 386 or later processors and compatible processors
Compilation timestamp 2013-06-18 08:02:38
Entry Point 0x000024CC
Number of sections 4
PE sections
Overlays
MD5 8b09077f3247e86f728c65db0e12172e
File type data
Offset 344064
Size 2608
Entropy 4.02
PE imports
ImmInstallIMEA
GetStdHandle
GetFileAttributesA
WaitForSingleObject
HeapDestroy
FreeEnvironmentStringsA
DeleteCriticalSection
GetCurrentProcess
GetLocaleInfoA
LocalAlloc
FreeEnvironmentStringsW
GetLocaleInfoW
SetStdHandle
WideCharToMultiByte
GetProcAddress
GetStringTypeA
InterlockedExchange
WriteFile
HeapReAlloc
GetStringTypeW
LocalFree
InitializeCriticalSection
FindClose
TlsGetValue
SetLastError
GetEnvironmentVariableA
GetModuleFileNameW
ExitProcess
GetModuleFileNameA
EnumSystemLocalesA
SetConsoleCtrlHandler
UnhandledExceptionFilter
InterlockedDecrement
MultiByteToWideChar
FatalAppExitA
CreateMutexA
GetModuleHandleA
SetUnhandledExceptionFilter
SetEnvironmentVariableA
TerminateProcess
GetVersion
GetCurrentThreadId
InterlockedIncrement
HeapFree
EnterCriticalSection
SetHandleCount
GetVersionExW
GetOEMCP
GetTickCount
IsBadWritePtr
TlsAlloc
GetVersionExA
LoadLibraryA
RtlUnwind
GetStartupInfoA
GetStartupInfoW
GetUserDefaultLCID
CompareStringW
CompareStringA
CreateFileMappingA
IsValidLocale
GlobalLock
GetTimeZoneInformation
CreateEventA
GetFileType
TlsSetValue
HeapAlloc
LeaveCriticalSection
GetLastError
LCMapStringW
GetSystemInfo
lstrlenA
LCMapStringA
GetEnvironmentStringsW
GlobalUnlock
GetEnvironmentStrings
GetCurrentProcessId
LockResource
GetCommandLineW
GetCPInfo
GetCommandLineA
InterlockedCompareExchange
GetCurrentThread
TlsFree
SetFilePointer
GetACP
GetModuleHandleW
SizeofResource
IsValidCodePage
HeapCreate
VirtualFree
Sleep
IsBadReadPtr
IsBadCodePtr
VirtualAlloc
CreateStreamOnHGlobal
OleUninitialize
CoUninitialize
CoInitialize
OleInitialize
StgCreateDocfileOnILockBytes
OleFlushClipboard
ReleaseStgMedium
CLSIDFromString
RegisterDragDrop
CoCreateInstance
CoInitializeSecurity
CoDisconnectObject
CoFreeUnusedLibraries
OleRun
CoTaskMemFree
CoGetClassObject
Number of PE resources by type
RT_ICON 1
RT_GROUP_ICON 1
Number of PE resources by language
ENGLISH US 2
PE resources
ExifTool file metadata
MIMEType
application/octet-stream

Subsystem
Windows GUI

MachineType
Intel 386 or later, and compatibles

FileTypeExtension
exe

TimeStamp
2013:06:18 09:02:38+01:00

FileType
Win32 EXE

PEType
PE32

CodeSize
45056

LinkerVersion
7.1

EntryPoint
0x24cc

InitializedDataSize
299008

SubsystemVersion
4.0

ImageVersion
0.0

OSVersion
4.0

UninitializedDataSize
0

File identification
MD5 6eeac247f0efd756e647148e0be4d984
SHA1 18bd2d9660932bda30b889906dc48502e165a593
SHA256 151b7eca391c57feb7edc80a38ec6e22ead95e8cf14a821fc327e73ce7686351
ssdeep
6144:HrNFzaW+QV191UjDIVIaN+Pu4TJESpLSYYN7H7dW4ZRdZ4n2IYm/MqicB:LPzaWTV1QDIX+P+8YN7bY4ZRgp/ViY

authentihash f72bbf67756b74d0a8dc319110da0e39eef5f9ae5f1bf2bed2904b7f32866646
imphash 4627e42d113085f4321f182c2c747b1e
File size 338.5 KB ( 346672 bytes )
File type Win32 EXE
Magic literal
PE32 executable for MS Windows (GUI) Intel 80386 32-bit

TrID Win32 Executable MS Visual C++ (generic) (67.4%)
Win32 Dynamic Link Library (generic) (14.2%)
Win32 Executable (generic) (9.7%)
Generic Win/DOS Executable (4.3%)
DOS Executable Generic (4.3%)
Tags
peexe overlay

VirusTotal metadata
First submission 2014-10-10 20:25:07 UTC ( 2 years, 6 months ago )
Last submission 2016-05-19 11:40:45 UTC ( 11 months, 2 weeks ago )
File names 6eeac247f0efd756e647148e0be4d984
codex-gigas_264e9b6ee718266c36645e6507eca7d1
Advanced heuristic and reputation engines
ClamAV
Possibly Unwanted Application. While not necessarily malicious, the scanned file presents certain characteristics which depending on the user policies and environment may or may not represent a threat. For full details see: https://www.clamav.net/documents/potentially-unwanted-applications-pua .

No comments. No VirusTotal Community member has commented on this item yet, be the first one to do so!

Leave your comment...

?
Post comment

You have not signed in. Only registered users can leave comments, sign in and have a voice!

No votes. No one has voted on this item yet, be the first one to do so!
Condensed report! The following is a condensed report of the behaviour of the file when executed in a controlled environment. The actions and events described were either performed by the file itself or by any other process launched by the executed file or subjected to code injection by the executed file.
Opened files
Read files
Written files
Deleted files
Created processes
Code injections in the following processes
Created mutexes
Opened mutexes
Runtime DLLs
Additional details
The file sends control codes directly to certain device drivers making use of the DeviceIoControl Windows API function.
DNS requests