× Cookies are disabled! This site requires cookies to be enabled to work properly
SHA256: 18c7db1eff1d4dc439bbd1d7888003f4bb8e80da87bc3f2287cd83cec28799e9
File name: 18C7DB1EFF1D4DC439BBD1D7888003F4BB8E80DA87BC3F2287CD83CEC28799E9
Detection ratio: 50 / 54
Analysis date: 2014-11-04 20:16:04 UTC ( 3 years ago ) View latest
Antivirus Result Update
Ad-Aware Win32.Parite.B 20141104
Yandex Win32.Parite.B 20141104
AhnLab-V3 Win32/Parite 20141104
Antiy-AVL Virus/Win32.Parite.b 20141104
Avast Win32:Parite 20141104
AVG BackDoor.Generic_r.IBA 20141104
Avira (no cloud) W32/Parite 20141104
AVware Win32.Parite.b (v) 20141104
Baidu-International Virus.Win32.Parite.$b 20141103
BitDefender Win32.Parite.B 20141104
Bkav W32.Pinfi.B 20141104
CAT-QuickHeal W32.Perite.A 20141104
ClamAV Heuristics.W32.Parite.B 20141104
Comodo Virus.Win32.Parite.gen 20141104
Cyren W32/Parite.B 20141104
DrWeb Trojan.DownLoader11.26200 20141104
Emsisoft Win32.Parite.B (B) 20141104
ESET-NOD32 Win32/Parite.B 20141104
F-Prot W32/Parite.B 20141104
F-Secure Win32.Parite.B 20141104
Fortinet W32/Parite.B 20141104
GData Win32.Parite.B 20141104
Ikarus Virus.Parite 20141104
Jiangmin Win32/Parite.b 20141104
K7AntiVirus Virus ( 00001b711 ) 20141103
K7GW Virus ( 00001b711 ) 20141104
Kaspersky Virus.Win32.Parite.b 20141104
Kingsoft Win32.Parite.xp.1243622 20141104
Malwarebytes Trojan.Agent.RV 20141104
McAfee W32/Pate.b 20141104
McAfee-GW-Edition W32/Pate.b 20141104
Microsoft Virus:Win32/Parite.B 20141104
eScan Win32.Parite.B 20141104
NANO-Antivirus Virus.Win32.Parite.bgvo 20141104
Norman Pinfi.A 20141104
nProtect Virus/W32.Parite.C 20141104
Qihoo-360 Virus.Win32.Parite.H 20141104
Rising PE:Win32.Parite.b!16043 20141103
Sophos AV W32/Parite-B 20141104
Symantec W32.Pinfi.B 20141104
Tencent Virus.Win32.Dropper.c 20141104
TheHacker W32/Pate.B 20141104
TotalDefense Win32/Pinfi.A 20141104
TrendMicro PE_PARITE.A 20141104
TrendMicro-HouseCall PE_PARITE.A 20141104
VBA32 Virus.Win32.Parite.b 20141104
VIPRE Win32.Parite.b (v) 20141104
ViRobot Win32.Parite.A 20141104
Zillya Virus.Parite.Win32.9 20141103
Zoner Win32.Parite.B 20141104
AegisLab 20141104
ByteHero 20141104
CMC 20141104
SUPERAntiSpyware 20141104
The file being studied is a Portable Executable file! More specifically, it is a Win32 EXE file for the Windows GUI subsystem.
FileVersionInfo properties
Copyright
ujhty8,kj,

Product ,nm,jkhyk
File version jhj
Description gsdf
Packers identified
F-PROT embedded
PE header basic information
Target machine Intel 386 or later processors and compatible processors
Compilation timestamp 2014-08-05 08:32:49
Entry Point 0x00017000
Number of sections 7
PE sections
Overlays
MD5 24a1984390ee1c8ab4c5f2874bd9f7a7
File type data
Offset 94208
Size 173530
Entropy 7.94
PE imports
RegOpenKeyA
RegCloseKey
OpenServiceA
CloseEventLog
RegQueryValueExA
OpenEventLogA
RegSetValueExA
DeleteService
ClearEventLogA
RegCreateKeyA
GetLastError
GetSystemInfo
lstrlenA
WaitForSingleObject
SetEvent
GetTickCount
GetVersionExA
GetModuleFileNameA
LoadLibraryA
GetShortPathNameA
GetCurrentProcess
SetThreadPriority
lstrcatA
DeleteFileA
GetProcAddress
CancelIo
GetProcessHeap
SetFileAttributesA
CreateMutexA
GetTempPathA
CreateThread
GetModuleHandleA
InterlockedExchange
GetStartupInfoA
CloseHandle
GetSystemDirectoryA
MoveFileExA
SetPriorityClass
OpenEventA
MoveFileA
GlobalMemoryStatus
ResumeThread
CreateProcessA
GetEnvironmentVariableA
CreateEventA
Sleep
HeapAlloc
GetCurrentThreadId
GetCurrentThread
VirtualAlloc
ResetEvent
__p__fmode
malloc
_acmdln
??1type_info@@UAE@XZ
_except_handler3
??2@YAPAXI@Z
__p__commode
exit
_XcptFilter
_ftol
strrchr
__setusermatherr
_controlfp
__CxxFrameHandler
_CxxThrowException
_adjust_fdiv
??3@YAXPAX@Z
free
atoi
__getmainargs
calloc
realloc
_initterm
memmove
time
_exit
__set_app_type
GetMessageA
FindWindowExA
GetDlgCtrlID
LoadCursorA
LoadIconA
wsprintfA
ShowWindow
GetInputState
PostMessageA
SendInput
SendMessageA
MessageBoxA
GetWindow
FindWindowA
RegisterClassA
PostThreadMessageA
setsockopt
gethostname
socket
closesocket
send
WSACleanup
WSAStartup
gethostbyname
connect
getsockname
htons
recv
select
Number of PE resources by type
RT_ICON 1
RT_DIALOG 1
RT_VERSION 1
RT_GROUP_ICON 1
Number of PE resources by language
SWEDISH 2
TURKISH DEFAULT 1
ROMANIAN 1
PE resources
ExifTool file metadata
SubsystemVersion
4.0

LinkerVersion
6.0

ImageVersion
0.0

FileSubtype
0

FileVersionNumber
4.0.0.1040

UninitializedDataSize
0

LanguageCode
English (U.S.)

FileFlagsMask
0x0000

CharacterSet
ASCII

InitializedDataSize
32768

EntryPoint
0x17000

MIMEType
application/octet-stream

Subsystem
Windows GUI

FileVersion
jhj

TimeStamp
2014:08:05 09:32:49+01:00

FileType
Win32 EXE

PEType
PE32

FileDescription
gsdf

OSVersion
4.0

FileOS
Win32

LegalCopyright
ujhty8,kj,

MachineType
Intel 386 or later, and compatibles

CompanyName
jkhk

CodeSize
57344

ProductName
,nm,jkhyk

ProductVersionNumber
4.0.0.1040

FileTypeExtension
exe

ObjectFileType
Executable application

File identification
MD5 298cd2de7d2df06c253f11c811f7614c
SHA1 028ac35bc6d5800e07a61083ed3193a561106dce
SHA256 18c7db1eff1d4dc439bbd1d7888003f4bb8e80da87bc3f2287cd83cec28799e9
ssdeep
6144:sV5YRupra5r1CQOAPLzpRgO52wPvbRtGx6ihpq:sVQu8r1RgwttZ4pq

authentihash bc724a6a0851d944a29c662aa8f8eccbe6c6001df154656a0095213c5e8ca61e
imphash b61d9df61431be71a97f70ff42a3920d
File size 261.5 KB ( 267738 bytes )
File type Win32 EXE
Magic literal
PE32 executable for MS Windows (GUI) Intel 80386 32-bit

TrID Win32 Executable MS Visual C++ (generic) (42.2%)
Win64 Executable (generic) (37.3%)
Win32 Dynamic Link Library (generic) (8.8%)
Win32 Executable (generic) (6.0%)
Generic Win/DOS Executable (2.7%)
Tags
peexe overlay

VirusTotal metadata
First submission 2014-11-04 20:16:04 UTC ( 3 years ago )
Last submission 2014-12-21 23:51:48 UTC ( 2 years, 11 months ago )
File names 18C7DB1EFF1D4DC439BBD1D7888003F4BB8E80DA87BC3F2287CD83CEC28799E9
coffee.exe
d54a0cab77e17ce3e82e4e98893befe11390687d
No comments. No VirusTotal Community member has commented on this item yet, be the first one to do so!

Leave your comment...

?
Post comment

You have not signed in. Only registered users can leave comments, sign in and have a voice!

No votes. No one has voted on this item yet, be the first one to do so!
Condensed report! The following is a condensed report of the behaviour of the file when executed in a controlled environment. The actions and events described were either performed by the file itself or by any other process launched by the executed file or subjected to code injection by the executed file.
Opened files
Read files
Written files
Copied files
Code injections in the following processes
Created mutexes
Opened mutexes
Searched windows
Hooking activity
Runtime DLLs
Additional details
The file sends control codes directly to certain device drivers making use of the DeviceIoControl Windows API function.
The file installs an application-defined hook procedure into a hook chain. You would install a hook procedure to monitor the system for certain types of events. These events are associated either with a specific thread or with all threads in the same desktop as the calling thread. This is done making use of the SetWindowsHook Windows API function.
TCP connections