× Cookies are disabled! This site requires cookies to be enabled to work properly
SHA256: 158dcf005a3b68acdc745b72992aae4d50718a6f27b464bf7286bf38e350ddd6
File name: moscow_times_JS.exe
Detection ratio: 12 / 48
Analysis date: 2013-12-29 06:20:32 UTC ( 1 year, 2 months ago ) View latest
Antivirus Result Update
Ad-Aware Trojan.GenericKD.1475907 20131229
AhnLab-V3 Spyware/Win32.Zbot 20131228
AntiVir TR/Crypt.Xpack.38057 20131228
BitDefender Trojan.GenericKD.1475907 20131229
Emsisoft Trojan.GenericKD.1475907 (B) 20131229
F-Secure Trojan.GenericKD.1475907 20131229
GData Trojan.GenericKD.1475907 20131229
Kaspersky Trojan-Ransom.Win32.Foreign.jxuz 20131229
Malwarebytes Trojan.Ransom.ED 20131229
MicroWorld-eScan Trojan.GenericKD.1475907 20131229
Panda Suspicious file 20131228
TrendMicro-HouseCall TROJ_GEN.R0CBH07LT13 20131229
AVG 20131228
Agnitum 20131228
Antiy-AVL 20131228
Avast 20131229
Baidu-International 20131213
Bkav 20131228
ByteHero 20131228
CAT-QuickHeal 20131228
ClamAV 20131229
Commtouch 20131229
Comodo 20131229
DrWeb 20131229
ESET-NOD32 20131228
F-Prot 20131229
Fortinet 20131229
Ikarus 20131229
Jiangmin 20131229
K7AntiVirus 20131227
K7GW 20131228
Kingsoft 20130829
McAfee 20131229
McAfee-GW-Edition 20131228
Microsoft 20131229
NANO-Antivirus 20131229
Norman 20131228
Rising 20131228
SUPERAntiSpyware 20131228
Sophos 20131229
Symantec 20131229
TheHacker 20131228
TotalDefense 20131228
TrendMicro 20131229
VBA32 20131227
VIPRE 20131229
ViRobot 20131229
nProtect 20131227
The file being studied is a Portable Executable file! More specifically, it is a Win32 EXE file for the Windows GUI subsystem.
Developer metadata
Copyright
Elerium (c) 2012

Publisher Elerium (c) 2012
Product Kaspersky Trial Reset 2012
Original name KTR2012V4.exe
Internal name KTR2012V4
File version 4.00.0003
Description Kaspersky Trial Reset 2012
Comments Kaspersky Trial Reset 2012
PE header basic information
Target machine Intel 386 or later processors and compatible processors
Compilation timestamp 2013-12-27 03:47:02
Link date 4:47 AM 12/27/2013
Entry Point 0x00006660
Number of sections 4
PE sections
PE imports
CreateBitmapIndirect
CancelDC
AnimatePalette
BeginPath
ColorCorrectPalette
CheckColorsInGamut
GetLastError
InitializeCriticalSectionAndSpinCount
HeapFree
IsProcessorFeaturePresent
EnterCriticalSection
LCMapStringW
SetHandleCount
LoadLibraryW
GetConsoleCP
GetOEMCP
QueryPerformanceCounter
WaitForSingleObject
GetTickCount
TlsAlloc
GetEnvironmentStringsW
FlushFileBuffers
GetModuleFileNameA
RtlUnwind
GetStdHandle
DeleteCriticalSection
GetCurrentProcess
CreateThread
GetStartupInfoW
GetConsoleMode
DecodePointer
GetCurrentProcessId
ReleaseSemaphore
UnhandledExceptionFilter
WideCharToMultiByte
ExitProcess
TlsGetValue
MultiByteToWideChar
HeapSize
OpenMutexW
FreeEnvironmentStringsW
GetCommandLineA
WaitForMultipleObjects
EncodePointer
GetFileType
SetStdHandle
GetCommModemStatus
CreateSemaphoreA
GetCPInfo
GetModuleFileNameW
TlsFree
SetFilePointer
HeapSetInformation
ReadFile
GetCurrentThreadId
GlobalReAlloc
SetUnhandledExceptionFilter
WriteFile
CloseHandle
GetSystemTimeAsFileTime
CreateWaitableTimerA
GetACP
HeapReAlloc
GetStringTypeW
GetModuleHandleW
EnumLanguageGroupLocalesA
IsDebuggerPresent
TerminateProcess
IsValidCodePage
HeapCreate
CreateFileW
FindClose
InterlockedDecrement
Sleep
SetLastError
TlsSetValue
HeapAlloc
SetWaitableTimer
LeaveCriticalSection
GetProcAddress
WriteConsoleW
InterlockedIncrement
WNetGetLastErrorA
WNetEnumResourceA
WNetGetNetworkInformationA
WNetCancelConnection2W
WNetGetResourceParentA
WNetGetConnectionA
glColor3ubv
glTexCoord4i
glRasterPos2iv
glScissor
glRotated
glLoadIdentity
glLoadName
wglShareLists
ShellAboutA
ShellExecuteExA
FindExecutableA
DragQueryFileW
ExtractAssociatedIconA
ShellExecuteA
MapWindowPoints
SendNotifyMessageA
GetKeyboardLayout
DrawStateA
SetCaretPos
FindWindowW
InflateRect
GetClassInfoW
EnumPropsW
CreateWindowExW
GetGUIThreadInfo
FindWindowExW
WindowFromDC
InternetFindNextFileW
GopherOpenFileA
InternetHangUp
FtpRemoveDirectoryA
InternetCanonicalizeUrlA
RetrieveUrlCacheEntryStreamW
OleQueryLinkFromData
StgGetIFillLockBytesOnFile
CoRegisterMallocSpy
OleCreateMenuDescriptor
GetConvertStg
CoFreeAllLibraries
OleLoad
CreateDataCache
HlinkSimpleNavigateToString
GetSoftwareUpdateInfo
CreateAsyncBindCtxEx
CopyBindInfo
Number of PE resources by type
RT_STRING 90
RT_VERSION 1
JPEG 1
Number of PE resources by language
ENGLISH US 91
ENGLISH JAMAICA 1
ExifTool file metadata
CodeSize
52224

SubsystemVersion
5.0

Comments
Kaspersky Trial Reset 2012

LinkerVersion
9.0

ImageVersion
0.0

FileSubtype
0

FileVersionNumber
4.0.0.3

LanguageCode
English (U.S.)

FileFlagsMask
0x0000

FileDescription
Kaspersky Trial Reset 2012

CharacterSet
Unicode

InitializedDataSize
164352

FileOS
Win32

MIMEType
application/octet-stream

LegalCopyright
Elerium (c) 2012

FileVersion
4.00.0003

TimeStamp
2013:12:27 04:47:02+01:00

FileType
Win32 EXE

PEType
PE32

InternalName
KTR2012V4

FileAccessDate
2014:02:26 05:39:41+01:00

ProductVersion
4.00.0003

UninitializedDataSize
0

OSVersion
5.0

FileCreateDate
2014:02:26 05:39:41+01:00

OriginalFilename
KTR2012V4.exe

Subsystem
Windows GUI

MachineType
Intel 386 or later, and compatibles

CompanyName
Elerium (c) 2012

LegalTrademarks
Elerium (c) 2012

ProductName
Kaspersky Trial Reset 2012

ProductVersionNumber
4.0.0.3

EntryPoint
0x6660

ObjectFileType
Executable application

File identification
MD5 14c9ef92b1107e45779fe651825479cc
SHA1 bbbd85fe662f2ff93b60fca58346825df6173a47
SHA256 158dcf005a3b68acdc745b72992aae4d50718a6f27b464bf7286bf38e350ddd6
ssdeep
3072:xIaps8JOCNtU+QS4tQK6lmrCwTiVTfTnZoOQMPF6SW3IT7zzm3GAjuc3hzst:xnWWNtU+e2lsTiCMPzzmR3ha

imphash f36504096e90e8d8989a7c12591fa3b0
File size 212.5 KB ( 217600 bytes )
File type Win32 EXE
Magic literal
PE32 executable for MS Windows (GUI) Intel 80386 32-bit

TrID Win32 Executable MS Visual C++ (generic) (67.3%)
Win32 Dynamic Link Library (generic) (14.2%)
Win32 Executable (generic) (9.7%)
Generic Win/DOS Executable (4.3%)
DOS Executable Generic (4.3%)
Tags
peexe

VirusTotal metadata
First submission 2013-12-27 10:40:36 UTC ( 1 year, 2 months ago )
Last submission 2013-12-30 22:27:34 UTC ( 1 year, 2 months ago )
File names new_neutrino.bin
Fontcore.exe
~tmp6058400222837668017.tmp
KTR2012V4
moscow_times_JS.exe
KTR2012V4.exe
Advanced heuristic and reputation engines
Symantec reputation Suspicious.Insight
Behaviour characterization
Zemana
dll-injection

No comments. No VirusTotal Community member has commented on this item yet, be the first one to do so!

Leave your comment...

?
Post comment

You have not signed in. Only registered users can leave comments, sign in and have a voice!

No votes. No one has voted on this item yet, be the first one to do so!
Condensed report! The following is a condensed report of the behaviour of the file when executed in a controlled environment. The actions and events described were either performed by the file itself or by any other process launched by the executed file or subjected to code injection by the executed file.
Created processes
Code injections in the following processes
Opened mutexes
Runtime DLLs