× Cookies are disabled! This site requires cookies to be enabled to work properly
SHA256: 1e0eee70f23cf0b425cf68f9e9ad328a54211e1029eef199fb85f5b17a4f4e16
File name: Mgtste.exe
Detection ratio: 42 / 56
Analysis date: 2015-10-09 09:37:01 UTC ( 3 years, 4 months ago )
Antivirus Result Update
Ad-Aware Trojan.GenericKD.2718960 20151009
Yandex Worm.Ngrbot!qQuqCblGhwQ 20151008
AhnLab-V3 Trojan/Win32.MDA 20151008
ALYac Trojan.GenericKD.2718960 20151009
Antiy-AVL Worm/Win32.Ngrbot 20151009
Arcabit Trojan.Generic.D297CF0 20151009
Avast Win32:Malware-gen 20151009
AVG Crypt4.CHIA 20151009
Avira (no cloud) TR/Crypt.Xpack.269742 20151009
AVware Trojan.Win32.Generic!BT 20151009
BitDefender Trojan.GenericKD.2718960 20151009
Bkav W32.TaskmanDorkbotL.Trojan 20151008
Cyren W32/Agent.XL.gen!Eldorado 20151009
DrWeb BackDoor.IRC.NgrBot.42 20151009
Emsisoft Trojan.GenericKD.2718960 (B) 20151009
ESET-NOD32 a variant of Win32/Kryptik.DWOX 20151009
F-Prot W32/Agent.XL.gen!Eldorado 20151009
F-Secure Trojan.GenericKD.2718960 20151008
Fortinet W32/Kryptik.DWOX!tr 20151009
GData Trojan.GenericKD.2718960 20151009
Ikarus Trojan.Win32.Crypt 20151009
Jiangmin Backdoor/Androm.sxo 20151008
K7AntiVirus Trojan ( 004cf5c91 ) 20151009
K7GW Trojan ( 004cf5c91 ) 20151009
Kaspersky Worm.Win32.Ngrbot.atbj 20151009
Malwarebytes Ransom.CryptoWall 20151009
McAfee RDN/Generic.bfr 20151009
McAfee-GW-Edition RDN/Generic.bfr 20151008
Microsoft Worm:Win32/Dorkbot!rfn 20151009
eScan Trojan.GenericKD.2718960 20151009
NANO-Antivirus Trojan.Win32.Ngrbot.dwwjae 20151009
nProtect Trojan.GenericKD.2718960 20151008
Panda Trj/Genetic.gen 20151009
Qihoo-360 HEUR/QVM10.1.Malware.Gen 20151009
Rising PE:Malware.Obscure/Heur!1.A121[F1] 20151008
Sophos AV Mal/Wonton-BB 20151009
Tencent Win32.Trojan.Crypt.Hryy 20151009
TrendMicro TROJ_FORUCON.BMC 20151009
TrendMicro-HouseCall TROJ_FORUCON.BMC 20151009
VBA32 Backdoor.Androm 20151008
VIPRE Trojan.Win32.Generic!BT 20151009
ViRobot Worm.Win32.A.Ngrbot.296448[h] 20151009
AegisLab 20151009
Alibaba 20151009
Baidu-International 20151009
ByteHero 20151009
CAT-QuickHeal 20151009
ClamAV 20151009
CMC 20151009
Comodo 20151009
Kingsoft 20151009
SUPERAntiSpyware 20151008
TheHacker 20151008
TotalDefense 20151009
Zillya 20151008
Zoner 20151009
The file being studied is a Portable Executable file! More specifically, it is a Win32 EXE file for the Windows GUI subsystem.
PE header basic information
Target machine Intel 386 or later processors and compatible processors
Compilation timestamp 2015-09-11 07:55:35
Entry Point 0x0000576E
Number of sections 4
PE sections
PE imports
GetBitmapBits
AddFontResourceA
GetWindowOrgEx
PatBlt
SetWindowOrgEx
GetCurrentPositionEx
SaveDC
TextOutA
CreateFontIndirectA
GetTextMetricsA
GetClipBox
EnumFontsA
GetPixel
Rectangle
GetObjectA
ExcludeClipRect
LineTo
DeleteDC
RestoreDC
SetBkMode
GetSystemPaletteEntries
SetPixel
Arc
DeleteObject
IntersectClipRect
BitBlt
RealizePalette
SetTextColor
ExtFloodFill
GetDeviceCaps
RectVisible
CreateBitmap
MoveToEx
CreatePalette
GetStockObject
CreateDIBitmap
CreateBrushIndirect
SelectPalette
UnrealizeObject
GetDIBits
RoundRect
StretchBlt
StretchDIBits
SetStretchBltMode
CreateCompatibleDC
Chord
SetROP2
CreateRectRgn
RemoveFontResourceA
SelectObject
GetTextExtentPoint32A
Pie
CreateCompatibleBitmap
GetPaletteEntries
CreateSolidBrush
Polyline
SetViewportOrgEx
GetTextExtentPointA
SetBkColor
LineDDA
Ellipse
CreatePenIndirect
GetStdHandle
GetConsoleOutputCP
FileTimeToSystemTime
GetComputerNameA
GetOverlappedResult
GetDriveTypeA
GetLocalTime
FreeEnvironmentStringsA
DeleteCriticalSection
GetCurrentProcess
GetConsoleMode
GetLocaleInfoA
LocalAlloc
UnhandledExceptionFilter
GetLogicalDrives
FreeEnvironmentStringsW
GetLocaleInfoW
SetStdHandle
WideCharToMultiByte
GetFileAttributesA
GetStringTypeA
WriteFile
GetSystemTimeAsFileTime
GetDiskFreeSpaceA
GetStringTypeW
GetFullPathNameA
FreeLibrary
LocalFree
MoveFileA
InitializeCriticalSection
LoadResource
GlobalHandle
FindClose
TlsGetValue
FormatMessageA
SetLastError
GetSystemTime
GetEnvironmentVariableA
GetUserDefaultLangID
CopyFileA
ExitProcess
GetVersionExA
GetModuleFileNameA
EnumSystemLocalesA
GetPrivateProfileStringA
GetUserDefaultLCID
AllocConsole
GetSystemDefaultLCID
InterlockedDecrement
MultiByteToWideChar
CreateMutexA
GetModuleHandleA
CreateThread
SetMessageWaitingIndicator
GlobalAddAtomA
SetUnhandledExceptionFilter
MulDiv
GetSystemDirectoryA
MoveFileExA
SetEnvironmentVariableA
TerminateProcess
WriteConsoleA
GlobalAlloc
LocalFileTimeToFileTime
SetEndOfFile
GetCurrentThreadId
InterlockedIncrement
WriteConsoleW
InitializeCriticalSectionAndSpinCount
HeapFree
EnterCriticalSection
SetHandleCount
GetExitCodeProcess
QueryPerformanceCounter
GetTickCount
IsBadWritePtr
TlsAlloc
FlushFileBuffers
LoadLibraryA
RtlUnwind
GetStartupInfoA
GetFileSize
LCMapStringW
CreateDirectoryA
DeleteFileA
GetWindowsDirectoryA
GetCPInfo
GetProcAddress
CompareStringW
GlobalReAlloc
FindFirstFileA
GetProfileStringA
CompareStringA
CreateFileMappingA
FindNextFileA
IsValidLocale
GlobalLock
GetTimeZoneInformation
CreateEventA
IsDebuggerPresent
GetFileType
TlsSetValue
CreateFileA
HeapAlloc
LeaveCriticalSection
GetLastError
GlobalDeleteAtom
HeapCreate
GetSystemInfo
GlobalFree
GetConsoleCP
LCMapStringA
HeapReAlloc
GetEnvironmentStringsW
GlobalUnlock
IsDBCSLeadByte
CreateNamedPipeA
GetShortPathNameA
FileTimeToLocalFileTime
GetEnvironmentStrings
CompareFileTime
GetCurrentProcessId
LockResource
BeginUpdateResourceW
GetCurrentDirectoryA
HeapSize
GetCommandLineA
GetCurrentThread
OpenMutexA
RaiseException
MapViewOfFile
TlsFree
SetFilePointer
ReadFile
CloseHandle
GetACP
GetModuleHandleW
GetVersion
FreeResource
GetDefaultCommConfigA
CreateProcessA
IsValidCodePage
SetComputerNameExA
VirtualFree
Sleep
GetFileAttributesExA
FindResourceA
VirtualAlloc
GetOEMCP
MapWindowPoints
GetMessagePos
SetWindowRgn
CharPrevA
DestroyMenu
PostQuitMessage
GetForegroundWindow
LoadBitmapA
SetWindowPos
OemToCharBuffA
DispatchMessageA
EndPaint
ScrollWindowEx
CharUpperBuffA
WindowFromPoint
DrawIcon
CharUpperBuffW
SetActiveWindow
GetDC
GetCursorPos
ReleaseDC
GetDlgCtrlID
GetClassInfoA
SendMessageW
UnregisterClassA
SendMessageA
GetClientRect
CharLowerBuffA
SetScrollPos
CallNextHookEx
ClientToScreen
GetActiveWindow
ShowCursor
MsgWaitForMultipleObjects
ScrollWindow
GetWindowTextA
PtInRect
GetMessageA
GetParent
UpdateWindow
SetPropA
EqualRect
EnumWindows
DefMDIChildProcA
ShowWindow
GetPropA
GetDesktopWindow
CharToOemBuffA
DestroyIcon
TranslateMDISysAccel
EnableWindow
SetWindowPlacement
PeekMessageA
TranslateMessage
IsWindowEnabled
GetWindow
InsertMenuItemA
GetIconInfo
LoadStringA
CharLowerA
IsZoomed
GetWindowPlacement
GetWindowRgn
DrawMenuBar
IsWindow
IsIconic
RegisterClassA
GetMenuItemCount
GetWindowLongA
SetTimer
OemToCharA
ShowOwnedPopups
FillRect
EnumThreadWindows
CharNextA
WaitForInputIdle
CreateMenu
DestroyWindow
IsDialogMessageA
SetFocus
SendNotifyMessageA
MapVirtualKeyA
PostMessageA
BeginPaint
OffsetRect
GetScrollPos
KillTimer
RegisterWindowMessageA
DefWindowProcA
DrawFocusRect
RegisterWindowMessageW
GetSystemMetrics
SetWindowLongW
GetWindowRect
InflateRect
SetCapture
ReleaseCapture
CreateWindowExA
SetWindowLongA
SendDlgItemMessageW
WaitMessage
CreatePopupMenu
CheckMenuItem
GetSubMenu
GetLastActivePopup
DrawIconEx
GetDCEx
BringWindowToTop
AppendMenuA
ScreenToClient
InsertMenuA
FindWindowExA
LoadCursorA
LoadIconA
TrackPopupMenu
SetWindowsHookExA
GetMenuStringA
GetMenuState
GetSystemMenu
SetForegroundWindow
ExitWindowsEx
DrawTextA
IntersectRect
CreateIcon
GetCapture
RemovePropA
FindWindowA
MessageBeep
RemoveMenu
GetWindowThreadProcessId
MessageBoxW
GetMenu
DrawFrameControl
UnhookWindowsHookEx
CallWindowProcA
MessageBoxA
DestroyCursor
AdjustWindowRectEx
GetClassWord
MessageBoxIndirectW
GetSysColor
SetScrollInfo
GetKeyState
SystemParametersInfoA
EnableMenuItem
GetKeyNameTextA
IsWindowVisible
WinHelpA
FrameRect
SetRect
DeleteMenu
InvalidateRect
DefFrameProcA
SendMessageTimeoutA
CallWindowProcW
ChangeMenuA
SetWindowTextA
GetClassInfoW
IsRectEmpty
GetCursor
GetFocus
SetMenu
SetCursor
Number of PE resources by type
RT_STRING 7
RT_ICON 4
RT_DIALOG 1
Struct(3362) 1
RT_MANIFEST 1
RT_GROUP_ICON 1
Number of PE resources by language
NEUTRAL 13
FRENCH SWISS 1
SAAMI ARABIC MOROCCO 1
PE resources
ExifTool file metadata
MIMEType
application/octet-stream

Subsystem
Windows GUI

MachineType
Intel 386 or later, and compatibles

TimeStamp
2015:09:11 08:55:35+01:00

FileType
Win32 EXE

PEType
PE32

CodeSize
105472

LinkerVersion
9.0

FileTypeExtension
exe

InitializedDataSize
189952

SubsystemVersion
5.0

EntryPoint
0x576e

OSVersion
5.0

ImageVersion
0.0

UninitializedDataSize
0

File identification
MD5 2a64b5658d81456fe0de7256128aaf3c
SHA1 a6335ac1e449cc6454ae80474d2af2f162799ae5
SHA256 1e0eee70f23cf0b425cf68f9e9ad328a54211e1029eef199fb85f5b17a4f4e16
ssdeep
6144:7KQQc7XN6MgAOp8FU65UsIRJUMGgbMJKu3qV7xPhgH:7KQQcwMg7WygMGgbMUvE

authentihash e992fd2fc97b30304a391cb52ca3d0e4750fdb9e7f9df6dac0e3f2a7491e53aa
imphash 5634939b59a0eeef3314b521a68d8e3f
File size 289.5 KB ( 296448 bytes )
File type Win32 EXE
Magic literal
PE32 executable for MS Windows (GUI) Intel 80386 32-bit

TrID Win32 Executable MS Visual C++ (generic) (67.3%)
Win32 Dynamic Link Library (generic) (14.2%)
Win32 Executable (generic) (9.7%)
Generic Win/DOS Executable (4.3%)
DOS Executable Generic (4.3%)
Tags
peexe usb-autorun

VirusTotal metadata
First submission 2015-09-11 09:57:03 UTC ( 3 years, 5 months ago )
Last submission 2015-10-09 09:37:01 UTC ( 3 years, 4 months ago )
File names hnecej.exe
qdUgnkA.exe
7drs6.exe
Mgtste.exe
No comments. No VirusTotal Community member has commented on this item yet, be the first one to do so!

Leave your comment...

?
Post comment

You have not signed in. Only registered users can leave comments, sign in and have a voice!

No votes. No one has voted on this item yet, be the first one to do so!
Condensed report! The following is a condensed report of the behaviour of the file when executed in a controlled environment. The actions and events described were either performed by the file itself or by any other process launched by the executed file or subjected to code injection by the executed file.
Opened files
Moved files
Created processes
Code injections in the following processes
Created mutexes
Opened mutexes
Runtime DLLs