× Cookies are disabled! This site requires cookies to be enabled to work properly
SHA256: 17377e7da3a55a2b87669cbd824b5443f77b13585b6ad60a3567f39113b9634f
File name: run.exe
Detection ratio: 20 / 57
Analysis date: 2015-04-08 04:15:07 UTC ( 2 years, 5 months ago ) View latest
Antivirus Result Update
Ad-Aware Trojan.Agent.BIWR 20150408
Avast Win32:Evo-gen [Susp] 20150408
Avira (no cloud) TR/Crypt.EPACK.33263 20150408
AVware Win32.Malware!Drop 20150408
BitDefender Trojan.Agent.BIWR 20150408
DrWeb Trojan.Rodricter.228 20150408
ESET-NOD32 a variant of Win32/Kryptik.DEJZ 20150408
F-Secure Trojan.Agent.BIWR 20150408
Fortinet W32/Kryptik.DDYW!tr 20150408
GData Trojan.Agent.BIWR 20150408
Kaspersky Backdoor.Win32.Simda.aqnd 20150408
Malwarebytes Trojan.Agent.FSA112 20150408
eScan Trojan.Agent.BIWR 20150408
Norman Simda.TLZ 20150407
Panda Trj/Genetic.gen 20150407
Symantec Downloader.Ponik 20150408
Tencent Trojan.Win32.Qudamah.Gen.7 20150408
TrendMicro BKDR_SIMDA.SMJA 20150408
TrendMicro-HouseCall BKDR_SIMDA.SMJA 20150408
VIPRE Win32.Malware!Drop 20150408
AegisLab 20150408
Yandex 20150407
AhnLab-V3 20150407
Alibaba 20150408
ALYac 20150408
Antiy-AVL 20150407
AVG 20150408
Baidu-International 20150407
Bkav 20150407
ByteHero 20150408
CAT-QuickHeal 20150408
ClamAV 20150408
CMC 20150407
Comodo 20150408
Cyren 20150408
Emsisoft 20150407
F-Prot 20150408
Ikarus 20150408
Jiangmin 20150406
K7AntiVirus 20150407
K7GW 20150407
Kingsoft 20150408
McAfee 20150408
McAfee-GW-Edition 20150408
Microsoft 20150408
NANO-Antivirus 20150408
nProtect 20150407
Qihoo-360 20150408
Rising 20150406
Sophos AV 20150408
SUPERAntiSpyware 20150408
TheHacker 20150408
TotalDefense 20150407
VBA32 20150407
ViRobot 20150408
Zillya 20150407
Zoner 20150407
The file being studied is a Portable Executable file! More specifically, it is a Win32 EXE file for the Windows GUI subsystem.
FileVersionInfo properties
Publisher Corel Corporation
PE header basic information
Target machine Intel 386 or later processors and compatible processors
Compilation timestamp 2015-04-07 17:19:21
Entry Point 0x00001270
Number of sections 9
PE sections
PE imports
LsaQueryInformationPolicy
LsaFreeMemory
RegOpenKeyA
LsaQueryInfoTrustedDomain
RegQueryValueExA
LsaLookupSids
LsaClose
LsaOpenTrustedDomain
LsaOpenPolicy
HeapFree
GetStdHandle
LCMapStringW
SetHandleCount
GetOEMCP
LCMapStringA
HeapDestroy
HeapAlloc
GetEnvironmentStringsW
LoadLibraryA
RtlUnwind
GetModuleFileNameA
FreeEnvironmentStringsA
GetStartupInfoA
GetEnvironmentStrings
GetCPInfo
UnhandledExceptionFilter
MultiByteToWideChar
FreeEnvironmentStringsW
GetCommandLineA
GetProcAddress
WideCharToMultiByte
GetStringTypeA
WriteFile
GetCurrentProcess
GetACP
GetStringTypeW
GetModuleHandleW
TerminateProcess
HeapCreate
CreateFileW
VirtualFree
GetFileType
ExitProcess
GetVersion
VirtualAlloc
LoadIconW
CoUninitialize
CoCreateInstance
CoInitialize
CLSIDFromProgID
Number of PE resources by type
RT_MANIFEST 1
RT_VERSION 1
Number of PE resources by language
ENGLISH CAN 1
ENGLISH US 1
PE resources
ExifTool file metadata
UninitializedDataSize
0

LinkerVersion
9.0

ImageVersion
0.0

FileVersionNumber
1.0.0.1

LanguageCode
English (Canadian)

FileFlagsMask
0x0017

CharacterSet
Unicode

InitializedDataSize
594944

EntryPoint
0x1270

MIMEType
application/octet-stream

TimeStamp
2015:04:07 18:19:21+01:00

FileType
Win32 EXE

PEType
PE32

SubsystemVersion
5.0

OSVersion
5.0

FileOS
Win32

Subsystem
Windows GUI

MachineType
Intel 386 or later, and compatibles

CompanyName
Corel Corporation

CodeSize
2560

FileSubtype
0

ProductVersionNumber
1.0.0.1

FileTypeExtension
exe

ObjectFileType
Executable application

File identification
MD5 f16efc6be1f2ff61b8365d36bdce3986
SHA1 7a33a256824cc97d0c679489408b3565b9ce7635
SHA256 17377e7da3a55a2b87669cbd824b5443f77b13585b6ad60a3567f39113b9634f
ssdeep
12288:Zg4ghdqnbKXNtuhYYP42WDTieS4Rv4lNl:Zg4bEN6H42De1AlNl

authentihash 7999f2215397756a8de1b4a064d42318eb3b1b0eb808ed08799f615f90a1d57b
imphash b458e9da2184d8ceafc2bf77cd636182
File size 584.5 KB ( 598528 bytes )
File type Win32 EXE
Magic literal
PE32 executable for MS Windows (GUI) Intel 80386 32-bit

TrID Win32 Executable (generic) (52.9%)
Generic Win/DOS Executable (23.5%)
DOS Executable Generic (23.4%)
Autodesk FLIC Image File (extensions: flc, fli, cel) (0.0%)
Tags
peexe

VirusTotal metadata
First submission 2015-04-08 04:15:07 UTC ( 2 years, 5 months ago )
Last submission 2015-04-08 04:15:07 UTC ( 2 years, 5 months ago )
File names KB01960734.exe
run.exe
No comments. No VirusTotal Community member has commented on this item yet, be the first one to do so!

Leave your comment...

?
Post comment

You have not signed in. Only registered users can leave comments, sign in and have a voice!

No votes. No one has voted on this item yet, be the first one to do so!
Condensed report! The following is a condensed report of the behaviour of the file when executed in a controlled environment. The actions and events described were either performed by the file itself or by any other process launched by the executed file or subjected to code injection by the executed file.
Opened files
UDP communications