× Cookies are disabled! This site requires cookies to be enabled to work properly
SHA256: 19087ac411a0abe45eca3084b80d13a20191911b836cfa32665e0e02cef33664
File name: 43a5cf91f76af5579b66743719cf1ad11b23ee74
Detection ratio: 23 / 55
Analysis date: 2014-10-11 10:49:13 UTC ( 4 years, 5 months ago ) View latest
Antivirus Result Update
Ad-Aware Trojan.GenericKD.1911512 20141011
AhnLab-V3 Trojan/Win32.Necurs 20141010
Avast Win32:Malware-gen 20141011
AVG Crypt3.AVEW 20141011
Avira (no cloud) TR/Crypt.ZPACK.108311 20141011
Baidu-International Trojan.Win32.Kryptik.bCNDW 20141011
BitDefender Trojan.GenericKD.1911512 20141011
Bkav HW32.Paked.4604 20141011
Emsisoft Trojan.GenericKD.1911512 (B) 20141011
ESET-NOD32 a variant of Win32/Kryptik.CNDW 20141011
F-Secure Trojan.GenericKD.1911512 20141011
Fortinet W32/Kryptik.CNCU!tr 20141011
GData Trojan.GenericKD.1911512 20141011
Ikarus Trojan.Win32.Crypt 20141011
Kaspersky Trojan-Spy.Win32.Zbot.ujae 20141011
Malwarebytes Trojan.Ursnif 20141011
McAfee Artemis!059CA1249FD3 20141011
McAfee-GW-Edition BehavesLike.Win32.PWSZbot.dc 20141011
Microsoft PWS:Win32/Zbot 20141011
eScan Trojan.GenericKD.1911512 20141011
Panda Trj/CI.A 20141010
Sophos AV Mal/Generic-S 20141011
TrendMicro-HouseCall TROJ_GEN.R02PH01JB14 20141011
AegisLab 20141011
Yandex 20141010
Antiy-AVL 20141011
AVware 20141011
ByteHero 20141011
CAT-QuickHeal 20141011
ClamAV 20141011
CMC 20141009
Comodo 20141011
Cyren 20141011
DrWeb 20141011
F-Prot 20141009
Jiangmin 20141010
K7AntiVirus 20141010
K7GW 20141011
Kingsoft 20141011
NANO-Antivirus 20141011
Norman 20141011
nProtect 20141010
Qihoo-360 20141011
Rising 20141011
SUPERAntiSpyware 20141011
Symantec 20141011
Tencent 20141011
TheHacker 20141010
TotalDefense 20141011
TrendMicro 20141011
VBA32 20141010
VIPRE 20141011
ViRobot 20141011
Zillya 20141011
Zoner 20141010
The file being studied is a Portable Executable file! More specifically, it is a Win32 EXE file for the Windows GUI subsystem.
FileVersionInfo properties
PE header basic information
Target machine Intel 386 or later processors and compatible processors
Compilation timestamp 2014-10-09 14:55:24
Entry Point 0x00001F7D
Number of sections 4
PE sections
PE imports
CertGetNameStringA
CryptVerifyMessageSignature
CryptGetMessageSignerCount
SelectObject
GetStockObject
TextOutA
CreateFontIndirectA
SetBkMode
DeleteObject
SetTextColor
GetLastError
InitializeCriticalSectionAndSpinCount
HeapFree
IsProcessorFeaturePresent
EnterCriticalSection
LCMapStringW
SetHandleCount
LoadLibraryW
GetOEMCP
QueryPerformanceCounter
IsDebuggerPresent
GetTickCount
TlsAlloc
GetEnvironmentStringsW
GetVersionExA
GetModuleFileNameA
RtlUnwind
GetStdHandle
HeapSetInformation
GetCurrentProcess
GetStartupInfoW
GetPrivateProfileStringA
DecodePointer
GetCurrentProcessId
WideCharToMultiByte
UnhandledExceptionFilter
TlsGetValue
MultiByteToWideChar
HeapSize
FreeEnvironmentStringsW
GetCommandLineA
GetProcAddress
EncodePointer
GetProcessHeap
ExitProcess
GetCPInfo
GetModuleFileNameW
TlsFree
DeleteCriticalSection
SetUnhandledExceptionFilter
WriteFile
GetSystemTimeAsFileTime
GetACP
HeapReAlloc
GetStringTypeW
GetModuleHandleW
LocalFree
TerminateProcess
IsValidCodePage
HeapCreate
OpenEventW
InterlockedDecrement
Sleep
GetFileType
TlsSetValue
HeapAlloc
GetCurrentThreadId
InterlockedIncrement
LocalAlloc
SetLastError
LeaveCriticalSection
StrRChrA
SetForegroundWindow
EnumWindowStationsW
DefWindowProcA
ShowWindow
SendDlgItemMessageA
IsWindow
AppendMenuA
GetWindowRect
EndPaint
SetMenu
SetDlgItemTextA
GetDlgItemTextA
AdjustWindowRectEx
GetWindow
CheckDlgButton
InsertMenuItemA
CreatePopupMenu
SendMessageA
GetDesktopWindow
GetDlgItem
DrawMenuBar
RegisterClassA
GetWindowLongA
GetWindowTextLengthA
CreateMenu
LoadCursorA
SetWindowTextA
GetSysColorBrush
IsWindowUnicode
GetWindowTextA
IsDialogMessageA
DestroyWindow
Number of PE resources by type
RT_DIALOG 2
RT_GROUP_CURSOR 2
RT_ICON 2
RT_CURSOR 2
Struct(240) 1
RT_MANIFEST 1
RT_BITMAP 1
RT_GROUP_ICON 1
Number of PE resources by language
ENGLISH US 12
PE resources
Debug information
ExifTool file metadata
MIMEType
application/octet-stream

Subsystem
Windows GUI

MachineType
Intel 386 or later, and compatibles

FileTypeExtension
exe

TimeStamp
2014:10:09 15:55:24+01:00

FileType
Win32 EXE

PEType
PE32

CodeSize
26624

LinkerVersion
10.0

ImageFileCharacteristics
No relocs, Executable, 32-bit

EntryPoint
0x1f7d

InitializedDataSize
222720

SubsystemVersion
5.1

ImageVersion
0.0

OSVersion
5.1

UninitializedDataSize
0

File identification
MD5 059ca1249fd3f066c09edbe3c8fccaf0
SHA1 fd14336c5b85b85ed16ee1826b05acea33c0ea27
SHA256 19087ac411a0abe45eca3084b80d13a20191911b836cfa32665e0e02cef33664
ssdeep
6144:Za2JOX5BGJdira9mWDZikNbBLr53nxS5rxy:I2JmBZaLtnLVnxwy

authentihash b7105819541f1a19b4cd9d7b7384fd831e0d9c7f60f4843e629552387a47b5b2
imphash 989975836c7aea30388eedeb72c0d264
File size 244.5 KB ( 250368 bytes )
File type Win32 EXE
Magic literal
PE32 executable for MS Windows (GUI) Intel 80386 32-bit

TrID Win32 Executable MS Visual C++ (generic) (41.0%)
Win64 Executable (generic) (36.3%)
Win32 Dynamic Link Library (generic) (8.6%)
Win32 Executable (generic) (5.9%)
OS/2 Executable (generic) (2.6%)
Tags
peexe

VirusTotal metadata
First submission 2014-10-10 08:13:17 UTC ( 4 years, 5 months ago )
Last submission 2018-05-14 23:49:32 UTC ( 10 months, 1 week ago )
File names output.43544734.txt
OH1M8Bt3.jpeg
19087ac411a0abe45eca3084b80d13a20191911b836cfa32665e0e02cef33664.exe
bot.exe
43a5cf91f76af5579b66743719cf1ad11b23ee74
43544734
Advanced heuristic and reputation engines
Symantec reputation Suspicious.Insight
No comments. No VirusTotal Community member has commented on this item yet, be the first one to do so!

Leave your comment...

?
Post comment

You have not signed in. Only registered users can leave comments, sign in and have a voice!

No votes. No one has voted on this item yet, be the first one to do so!
Condensed report! The following is a condensed report of the behaviour of the file when executed in a controlled environment. The actions and events described were either performed by the file itself or by any other process launched by the executed file or subjected to code injection by the executed file.
Opened files
Read files
Written files
Deleted files
Created processes
Created mutexes
Opened mutexes
Runtime DLLs
Additional details
The file sends control codes directly to certain device drivers making use of the DeviceIoControl Windows API function.