× Cookies are disabled! This site requires cookies to be enabled to work properly
SHA256: 1714865c83340de583fdc7ae808b8c8af09bc9fd2bb72de05fb81991497c834e
File name: dCbnKOwlEuLSBBM.exe
Detection ratio: 43 / 57
Analysis date: 2015-08-24 07:20:41 UTC ( 2 years, 6 months ago ) View latest
Antivirus Result Update
Ad-Aware Trojan.GenericKD.2589748 20150824
Yandex Trojan.Agent!fECib/tIEj8 20150822
AhnLab-V3 Trojan/Win32.Battdil 20150824
ALYac Trojan.GenericKD.2589748 20150823
Antiy-AVL Trojan/Win32.Agent.ifvk 20150824
Arcabit Trojan.Generic.D278434 20150824
Avast Win32:Malware-gen 20150824
AVG PSW.Generic12.CAYB 20150824
Avira (no cloud) TR/Crypt.ZPACK.82336 20150824
AVware Trojan.Win32.Generic!BT 20150824
Baidu-International Trojan.Win32.Battdil.AI 20150823
BitDefender Trojan.GenericKD.2589748 20150824
Bkav HW32.Packed.BCAF 20150822
CAT-QuickHeal TrojanPWS.Zbot.rw4 20150824
Cyren W32/Trojan.HUEM-0759 20150824
DrWeb Trojan.Dyre.553 20150824
Emsisoft Trojan.GenericKD.2589748 (B) 20150824
ESET-NOD32 Win32/Battdil.AI 20150824
F-Prot W32/Trojan2.OVDN 20150824
F-Secure Trojan.GenericKD.2589748 20150824
Fortinet W32/Agent.AI!tr 20150824
GData Trojan.GenericKD.2589748 20150824
Ikarus Trojan.Inject 20150824
K7AntiVirus Trojan ( 004c91291 ) 20150824
K7GW Trojan ( 004c91291 ) 20150824
Kaspersky Trojan.Win32.Agent.ifvk 20150824
Malwarebytes Spyware.Dyre 20150824
McAfee RDN/PWS-FCDJ 20150824
McAfee-GW-Edition RDN/PWS-FCDJ 20150823
Microsoft PWS:Win32/Dyzap.Q 20150824
eScan Trojan.GenericKD.2589748 20150824
NANO-Antivirus Trojan.Win32.Agent.dukawh 20150824
nProtect Trojan.GenericKD.2589748 20150822
Panda Trj/Agent.IVN 20150823
Qihoo-360 HEUR/QVM20.1.Malware.Gen 20150824
Sophos AV Troj/Dyreza-HT 20150824
Symantec Infostealer.Dyre 20150823
TrendMicro TSPY_DYRE.CF 20150824
TrendMicro-HouseCall TSPY_DYRE.CF 20150824
VBA32 Trojan.Agent 20150822
VIPRE Trojan.Win32.Generic!BT 20150824
ViRobot Trojan.Win32.S.Agent.489472.MI[h] 20150824
Zillya Trojan.Agent.Win32.558618 20150824
AegisLab 20150824
Alibaba 20150824
ByteHero 20150824
ClamAV 20150824
CMC 20150824
Comodo 20150824
Jiangmin 20150823
Kingsoft 20150824
Rising 20150823
SUPERAntiSpyware 20150822
Tencent 20150824
TheHacker 20150824
TotalDefense 20150824
Zoner 20150824
The file being studied is a Portable Executable file! More specifically, it is a Win32 EXE file for the Windows GUI subsystem.
FileVersionInfo properties
Copyright
LexSoft©. All rights reserved.

Product LexSoft
File version 1.7
Description LexSoft
Comments LexSoft Beta Version
PE header basic information
Target machine Intel 386 or later processors and compatible processors
Compilation timestamp 2015-06-18 10:05:43
Entry Point 0x00001500
Number of sections 4
PE sections
PE imports
Polygon
CreateFontIndirectW
CreatePen
GetTextMetricsA
CombineRgn
Rectangle
GetDeviceCaps
LineTo
GetTextExtentExPointA
DeleteDC
SetBkMode
GetTextExtentExPointW
GetObjectW
BitBlt
CreateDIBSection
SetTextColor
CreatePatternBrush
GetObjectA
ExtTextOutW
IntersectClipRect
CreateBitmap
MoveToEx
GetStockObject
ExtTextOutA
SetTextAlign
RoundRect
CreateCompatibleDC
StretchBlt
GetNearestColor
CreateRectRgn
GetTextExtentPoint32W
GetTextExtentPoint32A
CreateCompatibleBitmap
CreateSolidBrush
SelectObject
SetBkColor
DeleteObject
Ellipse
OleUninitialize
CLSIDFromProgID
OleInitialize
RegisterDragDrop
CoCreateInstance
DoDragDrop
RevokeDragDrop
LoadStringW
OpenInputDesktop
SystemParametersInfoA
Number of PE resources by type
RT_MANIFEST 1
RT_DIALOG 1
RT_VERSION 1
Number of PE resources by language
NEUTRAL 3
PE resources
ExifTool file metadata
CodeSize
481792

SubsystemVersion
4.0

Comments
LexSoft Beta Version

InitializedDataSize
6656

ImageVersion
0.0

ProductName
LexSoft

FileVersionNumber
1.7.0.0

UninitializedDataSize
0

LanguageCode
English (U.S.)

FileFlagsMask
0x0000

CharacterSet
Windows, Latin1

LinkerVersion
6.0

FileTypeExtension
exe

MIMEType
application/octet-stream

Subsystem
Windows GUI

FileVersion
1.7

TimeStamp
2015:06:18 11:05:43+01:00

FileType
Win32 EXE

PEType
PE32

ProductVersion
1.7.0.0

FileDescription
LexSoft

OSVersion
4.0

FileOS
Win32

LegalCopyright
LexSoft . All rights reserved.

MachineType
Intel 386 or later, and compatibles

CompanyName
Proposition Inc.

LegalTrademarks
LexSoft . 2014

FileSubtype
0

ProductVersionNumber
1.7.0.0

EntryPoint
0x1500

ObjectFileType
Executable application

Compressed bundles
File identification
MD5 167da484bc485f49f1e08a026e044bd0
SHA1 7233066b811881635282117cfbe887ca9f49c94a
SHA256 1714865c83340de583fdc7ae808b8c8af09bc9fd2bb72de05fb81991497c834e
ssdeep
6144:IwNfysJpiUc+ZKM5gnGDAYYhg4xlpMAVMGWEmS4WU/pzcjR7a:DCGvXGg4q+RVURzo

authentihash f2d9cfca646a2161c67c8ec300ddcf5180fb64f21a17998ddeaed68e2f41afb8
imphash 63b2ea2ad8650e75e23268c425a2e87e
File size 478.0 KB ( 489472 bytes )
File type Win32 EXE
Magic literal
PE32 executable for MS Windows (GUI) Intel 80386 32-bit

TrID Win32 Executable MS Visual C++ 4.x (88.6%)
Win32 Dynamic Link Library (generic) (4.3%)
Win32 Executable (generic) (2.9%)
Win16/32 Executable Delphi generic (1.3%)
Generic Win/DOS Executable (1.3%)
Tags
peexe

VirusTotal metadata
First submission 2015-07-22 11:22:20 UTC ( 2 years, 7 months ago )
Last submission 2015-11-09 17:33:39 UTC ( 2 years, 3 months ago )
File names bsTcWdgManDWenP.exe
bocyjjimaxpbkkr.exe
dCbnKOwlEuLSBBM.exe
RLTALOVhWOsufTU.exe
bloosid.exe
fdoqjwrugyiihha.exe
7233066B811881635282117CFBE887CA9F49C94A
167DA484BC485F49F1E08A026E044BD0
uYCwfrOjkMyIjQr.exe
tyGgBhXDAvRXHbj.exe
bloosid.exe.3448.dr
qJsBBmDcbgnHRcP.exe
ApgPkneDQXgjjtW.exe
NFho1c.js
Advanced heuristic and reputation engines
TrendMicro-HouseCall
TrendMicro's heuristic engine has flagged this file as: Suspicious_GEN.F47V0722.

Symantec reputation Suspicious.Insight
No comments. No VirusTotal Community member has commented on this item yet, be the first one to do so!

Leave your comment...

?
Post comment

You have not signed in. Only registered users can leave comments, sign in and have a voice!

No votes. No one has voted on this item yet, be the first one to do so!
Condensed report! The following is a condensed report of the behaviour of the file when executed in a controlled environment. The actions and events described were either performed by the file itself or by any other process launched by the executed file or subjected to code injection by the executed file.
Runtime DLLs