× Cookies are disabled! This site requires cookies to be enabled to work properly
SHA256: 17c78e44877d4f4146f15f700fdb18fdb96352440966565c7b2454d647e10278
File name: 77ab3cdfd859e1c06adfb8942a5e340f
Detection ratio: 16 / 51
Analysis date: 2014-05-21 16:29:45 UTC ( 4 years, 10 months ago )
Antivirus Result Update
Ad-Aware Gen:Variant.Symmi.42367 20140521
AntiVir TR/Crypt.Xpack.67383 20140521
Antiy-AVL Trojan[Spy]/Win32.Zbot 20140521
Avast Win32:Malware-gen 20140521
AVG Inject2.AFUS 20140521
BitDefender Gen:Variant.Symmi.42367 20140521
DrWeb Trojan.Proxy.26972 20140521
Emsisoft Gen:Variant.Symmi.42367 (B) 20140521
ESET-NOD32 a variant of Win32/Injector.BEDA 20140521
F-Secure Gen:Variant.Symmi.42367 20140521
GData Gen:Variant.Symmi.42367 20140521
Kaspersky Trojan-Spy.Win32.Zbot.swgc 20140521
Malwarebytes Trojan.Ransom.ED 20140521
Microsoft PWS:Win32/Zbot 20140521
eScan Gen:Variant.Symmi.42367 20140521
VIPRE Trojan.Win32.Generic!BT 20140521
AegisLab 20140521
Yandex 20140521
AhnLab-V3 20140521
Baidu-International 20140521
Bkav 20140521
ByteHero 20140521
CAT-QuickHeal 20140521
ClamAV 20140521
CMC 20140521
Commtouch 20140521
Comodo 20140520
F-Prot 20140521
Fortinet 20140521
Ikarus 20140521
Jiangmin 20140521
K7AntiVirus 20140521
K7GW 20140521
Kingsoft 20140521
McAfee 20140521
McAfee-GW-Edition 20140521
NANO-Antivirus 20140521
Norman 20140521
nProtect 20140521
Panda 20140521
Qihoo-360 20140521
Rising 20140520
Sophos AV 20140521
SUPERAntiSpyware 20140521
Symantec 20140521
Tencent 20140521
TheHacker 20140520
TotalDefense 20140521
TrendMicro 20140521
TrendMicro-HouseCall 20140521
VBA32 20140521
ViRobot 20140521
Zillya 20140521
The file being studied is a Portable Executable file! More specifically, it is a Win32 EXE file for the Windows GUI subsystem.
PE header basic information
Target machine Intel 386 or later processors and compatible processors
Compilation timestamp 2014-05-20 10:54:02
Entry Point 0x00009111
Number of sections 5
PE sections
PE imports
GetStdHandle
FileTimeToDosDateTime
GetConsoleOutputCP
ReleaseMutex
FileTimeToSystemTime
WaitForSingleObject
GetDriveTypeA
HeapDestroy
EncodePointer
GetFileAttributesW
GetLocalTime
FreeEnvironmentStringsA
DeleteCriticalSection
GetCurrentProcess
GetDriveTypeW
GetConsoleMode
GetLocaleInfoA
LocalAlloc
FreeEnvironmentStringsW
lstrcatW
GetLocaleInfoW
SetStdHandle
GetCPInfo
GetStringTypeA
WriteFile
GetSystemTimeAsFileTime
HeapReAlloc
GetStringTypeW
FreeLibrary
LocalFree
MoveFileA
InitializeCriticalSection
LoadResource
FindClose
TlsGetValue
MoveFileW
SetFileAttributesW
SetLastError
CopyFileW
GetModuleFileNameW
IsDebuggerPresent
HeapAlloc
FlushFileBuffers
GetModuleFileNameA
lstrcmpiW
HeapSetInformation
EnumSystemLocalesA
GetUserDefaultLCID
UnhandledExceptionFilter
InterlockedDecrement
MultiByteToWideChar
GetModuleHandleA
GetFullPathNameW
CreateThread
SetUnhandledExceptionFilter
CreateMutexW
MulDiv
IsProcessorFeaturePresent
DecodePointer
SetEnvironmentVariableA
TerminateProcess
WriteConsoleA
SetCurrentDirectoryW
GlobalAlloc
GetDiskFreeSpaceExW
SetEndOfFile
GetCurrentThreadId
LeaveCriticalSection
WriteConsoleW
InitializeCriticalSectionAndSpinCount
HeapFree
EnterCriticalSection
SetHandleCount
TerminateThread
LoadLibraryW
GetVersionExW
GetOEMCP
QueryPerformanceCounter
GetTickCount
TlsAlloc
GetVersionExA
LoadLibraryA
RtlUnwind
LocalLock
GlobalSize
GetStartupInfoA
GetDateFormatA
GetEnvironmentStrings
GetDateFormatW
GetStartupInfoW
CreateDirectoryW
DeleteFileW
GetProcAddress
GetProcessHeap
GetTimeFormatW
lstrcpyW
ExpandEnvironmentStringsW
FindNextFileW
GetTimeFormatA
FindFirstFileW
IsValidLocale
lstrcmpW
GlobalLock
WriteProfileSectionA
GetTimeZoneInformation
CreateFileW
GetFileType
TlsSetValue
CreateFileA
ExitProcess
LocalUnlock
InterlockedIncrement
GetLastError
LCMapStringW
GetSystemInfo
GlobalFree
GetConsoleCP
FindResourceW
LCMapStringA
CompareStringW
GetEnvironmentStringsW
GlobalUnlock
lstrlenW
FileTimeToLocalFileTime
SizeofResource
GetCurrentDirectoryW
GetCurrentProcessId
LockResource
GetCommandLineW
GetCurrentDirectoryA
HeapSize
GetCommandLineA
lstrcpynW
RaiseException
ReleaseSemaphore
TlsFree
SetFilePointer
ReadFile
CloseHandle
GetACP
GetModuleHandleW
GetFileAttributesExW
GetLongPathNameW
WideCharToMultiByte
IsValidCodePage
HeapCreate
GetTempPathW
VirtualFree
Sleep
VirtualAlloc
CompareStringA
RedrawWindow
LoadBitmapW
DestroyMenu
PostQuitMessage
SetWindowPos
SetScrollPos
DlgDirSelectComboBoxExA
ClientToScreen
WindowFromPoint
SetCaretBlinkTime
SetMenuItemInfoW
DispatchMessageW
ChangeClipboardChain
GetCursorPos
ReleaseDC
GetDlgCtrlID
GetMenu
GetMenuStringW
GetClientRect
ToAscii
SetCaretPos
DrawTextW
GetScrollPos
CallNextHookEx
IsClipboardFormatAvailable
LoadImageW
CountClipboardFormats
GetActiveWindow
ShowCursor
GetWindowTextW
RegisterClipboardFormatW
LockWindowUpdate
ShowCaret
ScrollWindow
PtInRect
EnableWindow
GetMessageA
GetParent
UpdateWindow
ShowScrollBar
GetMenuState
CreateCaret
GetMessageW
ShowWindow
DrawFrameControl
GetDesktopWindow
PeekMessageW
InsertMenuItemW
SetWindowPlacement
CharUpperW
ShowWindowAsync
SetClipboardViewer
TranslateMessage
GetDlgItemTextW
DestroyCaret
GetDlgItemInt
SetClipboardData
CreateCursor
SetParent
RegisterClassW
IsZoomed
GetWindowPlacement
LoadStringW
DrawMenuBar
IsWindow
EnableMenuItem
InvertRect
GetSubMenu
GetDCEx
IsDialogMessageW
FillRect
CreateAcceleratorTableW
DeferWindowPos
IsWindowUnicode
RealChildWindowFromPoint
CreateWindowExW
GetWindowLongW
DestroyWindow
IsChild
IsDialogMessageA
MapWindowPoints
RegisterWindowMessageW
GetMonitorInfoW
IsIconic
DrawEdge
BeginPaint
DefWindowProcW
DrawIcon
CheckMenuRadioItem
ArrangeIconicWindows
SetDebugErrorLevel
GetSystemMetrics
SetWindowLongW
SetScrollRange
GetWindowRect
InflateRect
SetCapture
ReleaseCapture
DrawTextExW
CharLowerW
SetWindowLongA
SendDlgItemMessageW
PostMessageW
CreateDialogParamW
CreatePopupMenu
CheckMenuItem
DrawFocusRect
DrawIconEx
SetWindowTextW
CreateMenu
GetDlgItem
ScreenToClient
TrackPopupMenu
DialogBoxIndirectParamW
GetMenuItemCount
DestroyAcceleratorTable
SetDlgItemInt
SetWindowsHookExW
LoadCursorW
LoadIconW
GetMenuItemID
InsertMenuW
SetForegroundWindow
SetFocus
OpenClipboard
EmptyClipboard
EndPaint
CreateDialogIndirectParamW
GetScrollRange
EndDialog
HideCaret
FindWindowW
GetCapture
MessageBeep
LoadMenuW
RemoveMenu
BeginDeferWindowPos
MessageBoxW
SendMessageW
RegisterClassExW
UnhookWindowsHookEx
MoveWindow
DialogBoxParamW
MessageBoxA
AppendMenuW
DestroyCursor
mouse_event
GetSysColor
SetDlgItemTextW
SetScrollInfo
GetKeyState
EndDeferWindowPos
DestroyIcon
IsWindowVisible
GetClipboardData
GetKeyboardState
SystemParametersInfoW
GetDC
FrameRect
DeleteMenu
InvalidateRect
CallWindowProcW
GetClassNameW
ModifyMenuW
MonitorFromWindow
DragDetect
CallWindowProcA
GetFocus
wsprintfW
CloseClipboard
SetCursor
SetMenu
TranslateAcceleratorW
Number of PE resources by type
RT_GROUP_CURSOR 7
RT_CURSOR 7
RT_ICON 2
JPEG 1
RT_GROUP_ICON 1
Number of PE resources by language
NEUTRAL 17
SPANISH HONDURAS 1
PE resources
ExifTool file metadata
MIMEType
application/octet-stream

Subsystem
Windows GUI

MachineType
Intel 386 or later, and compatibles

TimeStamp
2014:05:20 11:54:02+01:00

FileType
Win32 EXE

PEType
PE32

CodeSize
60928

LinkerVersion
9.0

FileAccessDate
2014:05:21 17:32:04+01:00

EntryPoint
0x9111

InitializedDataSize
183808

SubsystemVersion
5.0

ImageVersion
0.0

OSVersion
5.0

FileCreateDate
2014:05:21 17:32:04+01:00

UninitializedDataSize
0

File identification
MD5 77ab3cdfd859e1c06adfb8942a5e340f
SHA1 7781a8322ba72b9da06a54cd120cc82e21e641f7
SHA256 17c78e44877d4f4146f15f700fdb18fdb96352440966565c7b2454d647e10278
ssdeep
3072:9qO5hpgL5VraN1ndsF+AAibXroyCpqomN0p9cEe85AiHjdXRAvNFYbt:EO5hp8Q1nfibbMHE0XH5nHpW7Yh

imphash 46ef3b4a5e138ffd53b8c2511153d496
File size 240.5 KB ( 246272 bytes )
File type Win32 EXE
Magic literal
PE32 executable for MS Windows (GUI) Intel 80386 32-bit

TrID Win32 Executable MS Visual C++ (generic) (67.3%)
Win32 Dynamic Link Library (generic) (14.2%)
Win32 Executable (generic) (9.7%)
Generic Win/DOS Executable (4.3%)
DOS Executable Generic (4.3%)
Tags
peexe

VirusTotal metadata
First submission 2014-05-21 16:29:45 UTC ( 4 years, 10 months ago )
Last submission 2014-05-21 16:29:45 UTC ( 4 years, 10 months ago )
File names 77ab3cdfd859e1c06adfb8942a5e340f
msi50300.exe
Advanced heuristic and reputation engines
Symantec reputation Suspicious.Insight
Behaviour characterization
Zemana
dll-injection

No comments. No VirusTotal Community member has commented on this item yet, be the first one to do so!

Leave your comment...

?
Post comment

You have not signed in. Only registered users can leave comments, sign in and have a voice!

No votes. No one has voted on this item yet, be the first one to do so!
Condensed report! The following is a condensed report of the behaviour of the file when executed in a controlled environment. The actions and events described were either performed by the file itself or by any other process launched by the executed file or subjected to code injection by the executed file.
Moved files
Created processes
Code injections in the following processes
Opened mutexes
Runtime DLLs