× Cookies are disabled! This site requires cookies to be enabled to work properly
SHA256: 162138857d8be589da82d9b27c99eaafca1699d28745f92ff4b48f9688489e51
File name: c7427303fc5d3257d9cc4027000e95b3658131ce
Detection ratio: 9 / 57
Analysis date: 2015-03-07 05:40:04 UTC ( 4 years ago )
Antivirus Result Update
AhnLab-V3 Malware/Win32.Generic 20150306
Avast Win32:Evo-gen [Susp] 20150307
Avira (no cloud) TR/Crypt.EPACK.31261 20150307
ESET-NOD32 a variant of Win32/Kryptik.DAXZ 20150307
Kaspersky Trojan-Spy.Win32.Zbot.vddl 20150307
Malwarebytes Trojan.Agent.ED 20150307
McAfee Artemis!C4D72582F9B9 20150307
McAfee-GW-Edition Artemis 20150307
NANO-Antivirus Virus.Win32.Gen-Crypt.ccnc 20150307
Ad-Aware 20150307
AegisLab 20150307
Yandex 20150306
Alibaba 20150307
ALYac 20150307
Antiy-AVL 20150307
AVG 20150307
AVware 20150307
Baidu-International 20150306
BitDefender 20150307
Bkav 20150306
ByteHero 20150307
CAT-QuickHeal 20150306
ClamAV 20150306
CMC 20150304
Comodo 20150307
Cyren 20150307
DrWeb 20150306
Emsisoft 20150307
F-Prot 20150307
F-Secure 20150307
Fortinet 20150307
GData 20150307
Ikarus 20150307
Jiangmin 20150306
K7AntiVirus 20150306
K7GW 20150307
Kingsoft 20150307
Microsoft 20150307
eScan 20150307
Norman 20150306
nProtect 20150306
Panda 20150306
Qihoo-360 20150307
Rising 20150306
Sophos AV 20150307
SUPERAntiSpyware 20150307
Symantec 20150307
Tencent 20150307
TheHacker 20150306
TotalDefense 20150307
TrendMicro 20150307
TrendMicro-HouseCall 20150307
VBA32 20150306
VIPRE 20150307
ViRobot 20150307
Zillya 20150306
Zoner 20150306
The file being studied is a Portable Executable file! More specifically, it is a Win32 EXE file for the Windows GUI subsystem.
PE header basic information
Target machine Intel 386 or later processors and compatible processors
Compilation timestamp 2005-04-13 16:40:59
Entry Point 0x00001000
Number of sections 10
PE sections
PE imports
GetObjectA
GetCurrentObject
CreateScalableFontResourceW
GetClipRgn
CreateRoundRectRgn
SetPixelFormat
TranslateCharsetInfo
GetCharABCWidthsFloatA
EndPath
FillPath
CreateDCW
ResetDCW
ModifyWorldTransform
GetTextExtentPointW
CreateMetaFileW
Number of PE resources by type
RT_BITMAP 1
RT_VERSION 1
Number of PE resources by language
NEUTRAL 1
ENGLISH US 1
PE resources
ExifTool file metadata
MIMEType
application/octet-stream

Subsystem
Windows GUI

MachineType
Intel 386 or later, and compatibles

TimeStamp
2005:04:13 17:40:59+01:00

FileType
Win32 EXE

PEType
PE32

CodeSize
340480

LinkerVersion
0.0

EntryPoint
0x1000

InitializedDataSize
141312

SubsystemVersion
4.1

ImageVersion
0.0

OSVersion
4.0

UninitializedDataSize
0

File identification
MD5 c4d72582f9b9accb73d339e987f14753
SHA1 0da1cdd32a8f5ce67092705d700841d2d8a6f04b
SHA256 162138857d8be589da82d9b27c99eaafca1699d28745f92ff4b48f9688489e51
ssdeep
1536:daD0gnZoSMrHdaUE+/pv4Vdm1IAKZRCpaFWp:dXgZohBrxpw78tKnpWp

authentihash 85af1f27308e6ae003b6a94e1d02e7e14ef8403ecee3d4389871680e21909a4c
imphash dd00e093e7baf90adba7f12868a09136
File size 479.0 KB ( 490496 bytes )
File type Win32 EXE
Magic literal
PE32 executable for MS Windows (GUI) Intel 80386 32-bit

TrID Win32 Executable (generic) (52.7%)
Generic Win/DOS Executable (23.4%)
DOS Executable Generic (23.4%)
VXD Driver (0.3%)
Tags
peexe

VirusTotal metadata
First submission 2015-03-07 05:40:04 UTC ( 4 years ago )
Last submission 2015-03-07 05:40:04 UTC ( 4 years ago )
File names c7427303fc5d3257d9cc4027000e95b3658131ce
Advanced heuristic and reputation engines
Symantec reputation Suspicious.Insight
No comments. No VirusTotal Community member has commented on this item yet, be the first one to do so!

Leave your comment...

?
Post comment

You have not signed in. Only registered users can leave comments, sign in and have a voice!

No votes. No one has voted on this item yet, be the first one to do so!
Condensed report! The following is a condensed report of the behaviour of the file when executed in a controlled environment. The actions and events described were either performed by the file itself or by any other process launched by the executed file or subjected to code injection by the executed file.
Opened files
Read files
Written files
Copied files
Deleted files
Created processes
Code injections in the following processes
Created mutexes
Opened mutexes
Searched windows
Opened service managers
Opened services
Runtime DLLs
Additional details
The file sends control codes directly to certain device drivers making use of the DeviceIoControl Windows API function.