× Cookies are disabled! This site requires cookies to be enabled to work properly
SHA256: 17ec39315de471f1c52d833bf59481d2b4b866b151fe459ca6927b540f957f43
File name: sveezback.exe
Detection ratio: 15 / 57
Analysis date: 2015-06-22 17:38:16 UTC ( 2 years, 5 months ago )
Antivirus Result Update
Ad-Aware Gen:Heur.FKP.6 20150622
ALYac Gen:Heur.FKP.6 20150622
Arcabit Trojan.FKP.6 20150622
BitDefender Gen:Heur.FKP.6 20150622
Bkav W32.FanVT.ZbotK.Worm 20150622
ByteHero Virus.Win32.Heur.c 20150622
Emsisoft Gen:Heur.FKP.6 (B) 20150622
F-Secure Gen:Heur.FKP.6 20150622
GData Gen:Heur.FKP.6 20150622
eScan Gen:Heur.FKP.6 20150622
Panda Trj/Genetic.gen 20150622
Symantec Downloader.Upatre!gen9 20150622
Tencent Trojan.Win32.Qudamah.Gen.5 20150622
TrendMicro TROJ_UPATRE.SM37 20150622
TrendMicro-HouseCall TROJ_UPATRE.SM37 20150622
AegisLab 20150622
Yandex 20150622
AhnLab-V3 20150622
Alibaba 20150621
Antiy-AVL 20150622
Avast 20150622
AVG 20150622
Avira (no cloud) 20150622
AVware 20150622
Baidu-International 20150622
CAT-QuickHeal 20150622
ClamAV 20150622
CMC 20150622
Comodo 20150622
Cyren 20150622
DrWeb 20150622
ESET-NOD32 20150622
F-Prot 20150622
Fortinet 20150622
Ikarus 20150622
Jiangmin 20150620
K7AntiVirus 20150622
K7GW 20150622
Kaspersky 20150622
Kingsoft 20150622
Malwarebytes 20150622
McAfee 20150622
McAfee-GW-Edition 20150622
Microsoft 20150622
NANO-Antivirus 20150622
nProtect 20150622
Qihoo-360 20150622
Rising 20150618
Sophos AV 20150622
SUPERAntiSpyware 20150621
TheHacker 20150622
TotalDefense 20150622
VBA32 20150620
VIPRE 20150622
ViRobot 20150622
Zillya 20150622
Zoner 20150622
The file being studied is a Portable Executable file! More specifically, it is a Win32 EXE file for the Windows GUI subsystem.
PE header basic information
Target machine Intel 386 or later processors and compatible processors
Compilation timestamp 1997-10-25 21:15:36
Entry Point 0x00001000
Number of sections 3
PE sections
Overlays
MD5 dddcdd8c0d55f19da78e74db2edc8f48
File type ASCII text
Offset 48128
Size 98
Entropy 3.30
PE imports
RegCdQueryA
RegWdQueryW
RegUserConfigRename
RegCdEnumerateW
RegCdDeleteW
RegOpenServerA
RegPdEnumerateA
RegCdEnumerateA
RegWdQueryA
RegCloseServer
RegCdQueryW
RegCdCreateW
RegCdDeleteA
SdbFindFirstNamedTag
SdbFindNextTag
SdbFindFirstTagRef
SdbFindFirstMsiPackage
SdbEnumMsiTransforms
SdbFindNextMsiPackage
SdbFindFirstTag
SdbDeletePermLayerKeys
SdbFindFirstMsiPackage_Str
CAAccessCheckEx
CAAccessCheck
ImageRvaToVa
ImageRvaToSection
HTUI_DeviceColorAdjustmentW
HTUI_DeviceColorAdjustmentA
HTUI_DeviceColorAdjustment
AllocateAttributes
LoadLibraryA
OutputDebugStringW
FindVolumeClose
IsDebuggerPresent
GetTickCount
MulDiv
GetCommandLineA
GetACP
GetSystemDirectoryA
SASetNSAccountInformation
SAGetAccountInformation
NetrJobGetInfo
SASetAccountInformation
SAGetNSAccountInformation
NetrJobEnum
SetNetScheduleAccountInformation
fopen
fread
IPSecCreateFilterData
IPSecDeleteFilterData
IPSecCopyISAKMPData
IPSecCreateNegPolData
IPSecClosePolicyStore
IPSecCopyFilterData
IPSecCopyNegPolData
IPSecCreateNFAData
IPSecCreateISAKMPData
IPSecCopyFilterSpec
IPSecCopyNFAData
IPSecCopyPolicyData
IPSecDeleteISAKMPData
IPSecCreatePolicyData
StiCreateInstance
ExifTool file metadata
MIMEType
application/octet-stream

Subsystem
Windows GUI

MachineType
Intel 386 or later, and compatibles

TimeStamp
1997:10:25 22:15:36+01:00

FileType
Win32 EXE

PEType
PE32

CodeSize
8192

LinkerVersion
5.7

FileTypeExtension
exe

InitializedDataSize
86016

SubsystemVersion
5.0

EntryPoint
0x1000

OSVersion
6.0

ImageVersion
4.0

UninitializedDataSize
438272

File identification
MD5 14b8a0f6a9258f9e73f63a4269641ca0
SHA1 75ec714725d1b0a107903ca5d9a1dbed6a9ab7ff
SHA256 17ec39315de471f1c52d833bf59481d2b4b866b151fe459ca6927b540f957f43
ssdeep
384:aXWBaKg5gOXXn2A7upWm8Sx8Tf3DeWlrAtnBD7sGNnREqFt+gRbbbbbbbF9rAcO:aXWB7Un28f3d+th79NnREq2EbbbbbbIb

authentihash 3175cb31a8afdb6c8c7a72e321b557bd7572238d3dc2f31bf53802ff2da5d8a6
imphash 1a82bbeeca5d8a93b74a0b00a0764b1d
File size 47.1 KB ( 48226 bytes )
File type Win32 EXE
Magic literal
PE32 executable for MS Windows (GUI) Intel 80386 32-bit

TrID Win32 Dynamic Link Library (generic) (34.2%)
Win32 Executable (generic) (23.4%)
Win16/32 Executable Delphi generic (10.7%)
Clipper DOS Executable (10.5%)
Generic Win/DOS Executable (10.4%)
Tags
peexe overlay

VirusTotal metadata
First submission 2015-06-22 17:38:16 UTC ( 2 years, 5 months ago )
Last submission 2015-06-22 17:38:16 UTC ( 2 years, 5 months ago )
File names sveezback.exe
No comments. No VirusTotal Community member has commented on this item yet, be the first one to do so!

Leave your comment...

?
Post comment

You have not signed in. Only registered users can leave comments, sign in and have a voice!

No votes. No one has voted on this item yet, be the first one to do so!
Condensed report! The following is a condensed report of the behaviour of the file when executed in a controlled environment. The actions and events described were either performed by the file itself or by any other process launched by the executed file or subjected to code injection by the executed file.
Opened files
Read files
Written files
Deleted files
Created processes
Shell commands
Runtime DLLs
Additional details
The file sends control codes directly to certain device drivers making use of the DeviceIoControl Windows API function.