× Cookies are disabled! This site requires cookies to be enabled to work properly
SHA256: 1e915d04081976adf63c42129093cf6dc12c4031fa20ce5d18ad117a23b76d40
File name: ngy4.exe
Detection ratio: 13 / 55
Analysis date: 2014-09-16 00:29:44 UTC ( 4 years, 3 months ago ) View latest
Antivirus Result Update
Avira (no cloud) TR/Dorkbot.A.214 20140915
Baidu-International Backdoor.Win32.Ruskill.aLQv 20140915
DrWeb BackDoor.Andromeda.267 20140916
ESET-NOD32 a variant of Win32/Injector.BLXA 20140916
F-Prot W32/Powessere.A.gen!Eldorado 20140916
Fortinet W32/BLXA!tr 20140916
Kaspersky Backdoor.Win32.Ruskill.zau 20140916
Malwarebytes Trojan.Agent.ED 20140915
McAfee Artemis!E1E557472E85 20140916
McAfee-GW-Edition BehavesLike.Win32.BadFile.dh 20140916
Panda Trj/Chgt.F 20140915
Sophos AV Troj/Agent-AIWT 20140916
Symantec WS.Reputation.1 20140916
Ad-Aware 20140916
AegisLab 20140915
Yandex 20140915
AhnLab-V3 20140915
Antiy-AVL 20140915
Avast 20140915
AVG 20140916
AVware 20140916
BitDefender 20140916
Bkav 20140915
ByteHero 20140916
CAT-QuickHeal 20140915
ClamAV 20140915
CMC 20140915
Comodo 20140915
Cyren 20140915
Emsisoft 20140915
F-Secure 20140915
GData 20140916
Ikarus 20140915
Jiangmin 20140915
K7AntiVirus 20140915
K7GW 20140915
Kingsoft 20140916
Microsoft 20140916
eScan 20140916
NANO-Antivirus 20140915
Norman 20140915
nProtect 20140915
Qihoo-360 20140916
Rising 20140915
SUPERAntiSpyware 20140915
Tencent 20140916
TheHacker 20140915
TotalDefense 20140915
TrendMicro 20140915
TrendMicro-HouseCall 20140916
VBA32 20140915
VIPRE 20140916
ViRobot 20140915
Zillya 20140915
Zoner 20140915
The file being studied is a Portable Executable file! More specifically, it is a Win32 EXE file for the Windows GUI subsystem.
FileVersionInfo properties
Copyright
(C) 2009-2013 TeamSpeak Systems GmbH

Product TeamSpeak 3 Server
Internal name TeamSpeak 3 Server
File version 1, 0, 0, 0
Description TeamSpeak 3 Server
PE header basic information
Target machine Intel 386 or later processors and compatible processors
Compilation timestamp 2014-09-15 10:57:05
Entry Point 0x000078C1
Number of sections 4
PE sections
PE imports
ReplaceFileA
CreateFiberEx
GetStdHandle
GetConsoleOutputCP
ReleaseMutex
GetFileAttributesA
DeactivateActCtx
WaitForSingleObject
LockResource
HeapDestroy
EncodePointer
SetFileTime
CreateTimerQueue
QueueUserAPC
SetInformationJobObject
FreeEnvironmentStringsA
DeleteCriticalSection
GetCurrentProcess
GetConsoleMode
GetLocaleInfoA
lstrcatA
SetErrorMode
IsProcessInJob
RequestWakeupLatency
FreeEnvironmentStringsW
GetThreadContext
SetStdHandle
GetCommModemStatus
GetTempPathA
WideCharToMultiByte
GetThreadIOPendingFlag
GetStringTypeA
IsSystemResumeAutomatic
WriteFile
GetSystemTimeAsFileTime
GetThreadTimes
TransmitCommChar
HeapReAlloc
GetStringTypeW
SetFileAttributesA
GetExitCodeProcess
MoveFileA
IsWow64Process
GetThreadPriority
InitAtomTable
InitializeCriticalSection
GlobalCompact
FindClose
TlsGetValue
FindNextChangeNotification
GetTickCount
OutputDebugStringA
SetLastError
PeekNamedPipe
GetWriteWatch
GetNamedPipeInfo
ReadFile
UpdateResourceW
GetModuleFileNameW
CopyFileA
ExitProcess
GetVersionExA
GetModuleFileNameA
FlushViewOfFile
SetProcessWorkingSetSize
GetPriorityClass
LoadLibraryExA
GetPrivateProfileStringA
UnhandledExceptionFilter
InterlockedDecrement
MultiByteToWideChar
FlushInstructionCache
GetModuleHandleA
CreateThread
DisconnectNamedPipe
SetUnhandledExceptionFilter
GetProcessPriorityBoost
MulDiv
GetSystemDirectoryA
SetHandleInformation
LocalUnlock
SetPriorityClass
GetThreadSelectorEntry
TerminateProcess
WriteConsoleA
FreeUserPhysicalPages
GetVersion
VirtualQuery
SearchPathA
GetCurrentThreadId
LeaveCriticalSection
SetCurrentDirectoryA
WriteConsoleW
LocalCompact
AreFileApisANSI
HeapFree
EnterCriticalSection
SetHandleCount
GetThreadPriorityBoost
lstrcmpiA
SetTapeParameters
GetOEMCP
QueryPerformanceCounter
CreateJobSet
CancelWaitableTimer
DisableThreadLibraryCalls
TlsAlloc
VirtualProtect
FlushFileBuffers
LoadLibraryA
DeleteFileA
RtlUnwind
FreeLibrary
ConvertFiberToThread
GetStartupInfoA
GetProcessIoCounters
DecodePointer
GetFileSize
GlobalDeleteAtom
GetNamedPipeHandleStateA
CreateDirectoryA
SetProcessPriorityBoost
GetFullPathNameA
GetProcAddress
GetNamedPipeHandleStateW
GetProcessHeap
CreateFileMappingW
AssignProcessToJobObject
GetFileInformationByHandle
lstrcmpA
FindFirstFileA
GlobalFree
WTSGetActiveConsoleSessionId
GetDiskFreeSpaceA
GlobalUnWire
CreateMemoryResourceNotification
MapUserPhysicalPagesScatter
GetTempFileNameA
FindNextFileA
ExpandEnvironmentStringsA
EscapeCommFunction
SetFileApisToOEM
ConvertThreadToFiber
GetFileType
TlsSetValue
CreateFileA
HeapAlloc
PrepareTape
RemoveVectoredExceptionHandler
InterlockedIncrement
GetLastError
LCMapStringW
ResetWriteWatch
GetSystemInfo
lstrlenA
GetFileTime
GetConsoleCP
GetTapeStatus
LCMapStringA
GetProcessTimes
GlobalAlloc
GetEnvironmentStringsW
GlobalUnlock
GetDevicePowerState
RemoveDirectoryA
GetShortPathNameA
CreateFiber
GetCommTimeouts
GetEnvironmentStrings
CompareFileTime
WritePrivateProfileStringA
GetCurrentProcessId
CreateIoCompletionPort
ContinueDebugEvent
MapUserPhysicalPages
GetCPInfo
GetCommandLineA
GetCurrentThread
RaiseException
ReleaseSemaphore
TlsFree
SetFilePointer
SetCommBreak
SetSystemPowerState
PulseEvent
DeleteAtom
CloseHandle
lstrcpynA
GetACP
GlobalLock
GetModuleHandleW
GetFileAttributesExW
CreateProcessA
GetProcessHandleCount
HeapCreate
PostQueuedCompletionStatus
VirtualFree
Sleep
GetProcessVersion
SetMailslotInfo
VirtualAlloc
SetFocus
GetCursorPos
GetParent
EmptyClipboard
DestroyWindow
DrawStateA
DestroyMenu
GetRawInputDeviceList
ClipCursor
SendNotifyMessageW
CheckMenuRadioItem
MapWindowPoints
CheckMenuItem
BeginDeferWindowPos
DragObject
GetRawInputDeviceInfoW
EnableWindow
MoveWindow
ShowWindowAsync
DestroyCursor
MessageBoxExW
GetSysColor
GetDC
EndDeferWindowPos
ReleaseDC
GetDlgCtrlID
LockWorkStation
GetMenu
SetClipboardData
TileWindows
DlgDirSelectExW
GetMenuItemInfoW
AllowSetForegroundWindow
UnhookWinEvent
EnableMenuItem
ScreenToClient
GetSubMenu
LoadImageW
GetClassNameW
GetMessageA
GetMenuItemCount
GetUpdateRgn
ModifyMenuW
LockWindowUpdate
InsertMenuItemW
TabbedTextOutW
GetWindowLongW
CloseClipboard
OpenClipboard
GetMenuStringW
GetFileVersionInfoSizeA
GetFileVersionInfoA
VerQueryValueW
GetFileVersionInfoW
GetFileVersionInfoSizeW
VerQueryValueA
Number of PE resources by type
RT_VERSION 1
JPEG 1
Number of PE resources by language
NEUTRAL 2
PE resources
ExifTool file metadata
SubsystemVersion
5.0

LinkerVersion
9.0

ImageVersion
0.0

FileSubtype
0

FileVersionNumber
1.0.0.0

UninitializedDataSize
0

LanguageCode
Neutral

FileFlagsMask
0x0017

CharacterSet
Unicode

InitializedDataSize
145920

EntryPoint
0x78c1

MIMEType
application/octet-stream

LegalCopyright
(C) 2009-2013 TeamSpeak Systems GmbH

FileVersion
1, 0, 0, 0

TimeStamp
2014:09:15 11:57:05+01:00

FileType
Win32 EXE

PEType
PE32

InternalName
TeamSpeak 3 Server

ProductVersion
1, 0, 0, 0

FileDescription
TeamSpeak 3 Server

OSVersion
5.0

FileOS
Win32

Subsystem
Windows GUI

MachineType
Intel 386 or later, and compatibles

CompanyName
TeamSpeak Systems GmbH

CodeSize
82432

ProductName
TeamSpeak 3 Server

ProductVersionNumber
1.0.0.0

FileTypeExtension
exe

ObjectFileType
Unknown

File identification
MD5 e1e557472e852ca8f0062785d4d65bce
SHA1 21e9b889114a365c47efc29ef1ae7d1ba656de1b
SHA256 1e915d04081976adf63c42129093cf6dc12c4031fa20ce5d18ad117a23b76d40
ssdeep
3072:zSl6EaT2Tip/qJ3sP/gsVlpgyaMGdwj4y2WdGDjF8wRE/SJYf2li55jJq:zGGVHgywWgnawRE/eyKEe

authentihash 6ed119c4c40ca2ccbb8888dc6e50581b4a10f35c36625f9790c5fb2d951c7ee6
imphash b85bb1b44c8ed80af43da3274a59d038
File size 224.0 KB ( 229376 bytes )
File type Win32 EXE
Magic literal
PE32 executable for MS Windows (GUI) Intel 80386 32-bit

TrID Win32 EXE PECompact compressed (generic) (47.3%)
Win32 Executable MS Visual C++ (generic) (35.5%)
Win32 Dynamic Link Library (generic) (7.4%)
Win32 Executable (generic) (5.1%)
Generic Win/DOS Executable (2.2%)
Tags
peexe

VirusTotal metadata
First submission 2014-09-15 12:23:14 UTC ( 4 years, 3 months ago )
Last submission 2014-10-10 03:14:45 UTC ( 4 years, 2 months ago )
File names ngy4.exe
e1e557472e852ca8f0062785d4d65bce_KB04565447.exe.exe
opdux.exe
reader_sl.exe
e1e557472e852ca8f0062785d4d65bce
output.40868997.txt
Sogmge.exe
40868997
ecpeip.pif
e1e557472e852ca8f0062785d4d65bce_KB04565447.exe
XZVYVV.EXE._21E9B889114A365C47EFC29EF1AE7D1BA656DE1B
Reader_sl (2).exe
Bsmofaj.exe
Reader_sl.exe
TeamSpeak 3 Server
Advanced heuristic and reputation engines
Symantec reputation Suspicious.Insight
No comments. No VirusTotal Community member has commented on this item yet, be the first one to do so!

Leave your comment...

?
Post comment

You have not signed in. Only registered users can leave comments, sign in and have a voice!

No votes. No one has voted on this item yet, be the first one to do so!
Condensed report! The following is a condensed report of the behaviour of the file when executed in a controlled environment. The actions and events described were either performed by the file itself or by any other process launched by the executed file or subjected to code injection by the executed file.
Runtime DLLs
UDP communications