× Cookies are disabled! This site requires cookies to be enabled to work properly
SHA256: 1d040f60b4e027b3e18140f3268d71471ca7e79d64fc80c6bf816ecfaf74be41
File name: 4000c2e94a7ee2535520a08bbe5c930e
Detection ratio: 26 / 46
Analysis date: 2013-02-15 06:04:14 UTC ( 6 years, 2 months ago )
Antivirus Result Update
AntiVir TR/Rogue.kdz.7987 20130215
Avast Win32:Downloader-SMU [Trj] 20130215
AVG SHeur4.BASV 20130215
BitDefender Trojan.Generic.KDZ.7987 20130215
Comodo UnclassifiedMalware 20130214
DrWeb Trojan.DownLoader8.2673 20130214
ESET-NOD32 a variant of Win32/Injector.ACTN 20130214
F-Secure Trojan.Generic.KDZ.7987 20130215
Fortinet W32/Zbot.ANM!tr 20130215
GData Trojan.Generic.KDZ.7987 20130215
Ikarus Trojan-Downloader.Win32.Andromeda 20130215
Kaspersky Trojan-PSW.Win32.Tepfer.fusn 20130215
Malwarebytes Trojan.Ransom 20130215
McAfee PWS-Zbot-FALF!4000C2E94A7E 20130215
McAfee-GW-Edition PWS-Zbot-FALF!4000C2E94A7E 20130215
Microsoft PWS:Win32/Fareit 20130215
eScan Trojan.Generic.KDZ.7987 20130215
Norman Troj_Generic.HMJHF 20130214
nProtect Trojan.Generic.KDZ.7987 20130215
Panda Trj/dtcontx.B 20130214
Rising Suspicious 20130205
Sophos AV Mal/EncPk-AFN 20130215
Symantec WS.Reputation.1 20130215
TotalDefense Win32/Inject.C!generic 20130214
TrendMicro-HouseCall TROJ_GEN.R47H1BC 20130215
VIPRE Trojan.Win32.Generic!BT 20130215
Yandex 20130214
AhnLab-V3 20130214
Antiy-AVL 20130214
ByteHero 20130214
CAT-QuickHeal 20130215
ClamAV 20130214
Commtouch 20130215
Emsisoft 20130215
eSafe 20130211
F-Prot 20130215
Jiangmin 20130215
K7AntiVirus 20130214
Kingsoft 20130204
NANO-Antivirus 20130215
PCTools 20130215
SUPERAntiSpyware 20130215
TheHacker 20130214
TrendMicro 20130215
VBA32 20130214
ViRobot 20130215
The file being studied is a Portable Executable file! More specifically, it is a Win32 EXE file for the Windows GUI subsystem.
PE header basic information
Target machine Intel 386 or later processors and compatible processors
Compilation timestamp 2013-02-12 14:50:53
Entry Point 0x00001000
Number of sections 4
PE sections
PE imports
InitCommonControlsEx
GetOpenFileNameA
GetSaveFileNameA
HeapFree
EnterCriticalSection
WaitForSingleObject
FreeLibrary
HeapDestroy
HeapAlloc
LoadLibraryA
SetThreadPriority
GetCurrentProcessId
GetProcAddress
GetModuleHandleA
SetFilePointer
WriteFile
CloseHandle
HeapReAlloc
GetThreadPriority
InitializeCriticalSection
HeapCreate
Sleep
SetEndOfFile
CreateFileA
ExitProcess
GetCurrentThreadId
LeaveCriticalSection
_CIasin
memset
floor
ceil
fseek
fclose
strcat
_stricmp
strcpy
_CIpow
sprintf
fopen
strlen
memcpy
strncpy
CoInitialize
GetWindowThreadProcessId
GetWindowLongA
GetForegroundWindow
EnableWindow
IsWindowVisible
EnumWindows
IsWindowEnabled
SetWindowPos
ExifTool file metadata
MIMEType
application/octet-stream

Subsystem
Windows GUI

MachineType
Intel 386 or later, and compatibles

TimeStamp
2013:02:12 14:50:53+00:00

FileType
Win32 EXE

PEType
PE32

CodeSize
30208

LinkerVersion
1.1

EntryPoint
0x1000

InitializedDataSize
3584

SubsystemVersion
4.0

ImageVersion
0.0

OSVersion
4.0

UninitializedDataSize
0

File identification
MD5 4000c2e94a7ee2535520a08bbe5c930e
SHA1 202f9500b354399e73fe517d4a5efad5b1b69842
SHA256 1d040f60b4e027b3e18140f3268d71471ca7e79d64fc80c6bf816ecfaf74be41
ssdeep
1536:Jhmzq+5hRpfvY7I1JSAtL4NOa9QIdbDpRizOvo7KL7mWjL0Gg5oDgVurRsZ:JhI1QxNb9riMo74vAGg5Ggk2Z

File size 68.4 KB ( 69991 bytes )
File type Win32 EXE
Magic literal
MS-DOS executable PE for MS Windows (GUI) Intel 80386 32-bit

TrID Windows Screen Saver (37.0%)
Win32 Executable Generic (24.1%)
Win32 Dynamic Link Library (generic) (21.4%)
Win16/32 Executable Delphi generic (5.8%)
Generic Win/DOS Executable (5.6%)
Tags
peexe

VirusTotal metadata
First submission 2013-02-12 15:32:22 UTC ( 6 years, 2 months ago )
Last submission 2013-02-15 06:04:14 UTC ( 6 years, 2 months ago )
File names 3580c.exe
4000c2e94a7ee2535520a08bbe5c930e
file2.exe
Advanced heuristic and reputation engines
ClamAV
Possibly Unwanted Application. While not necessarily malicious, the scanned file presents certain characteristics which depending on the user policies and environment may or may not represent a threat. For full details see: https://www.clamav.net/documents/potentially-unwanted-applications-pua .

Symantec reputation Suspicious.Insight
No comments. No VirusTotal Community member has commented on this item yet, be the first one to do so!

Leave your comment...

?
Post comment

You have not signed in. Only registered users can leave comments, sign in and have a voice!

No votes. No one has voted on this item yet, be the first one to do so!
Condensed report! The following is a condensed report of the behaviour of the file when executed in a controlled environment. The actions and events described were either performed by the file itself or by any other process launched by the executed file or subjected to code injection by the executed file.
Opened files
Read files
Created processes
Terminated processes
Opened mutexes
Runtime DLLs
Additional details
The file sends control codes directly to certain device drivers making use of the DeviceIoControl Windows API function.