× Cookies are disabled! This site requires cookies to be enabled to work properly
SHA256: 1f38b9d44b6b82cbf7968b7fb4a3574c2530354537f231f1cc0278de1bbe4c45
File name: 2ddd94f056c0fd585e4021edb255bf23199b303e
Detection ratio: 38 / 57
Analysis date: 2016-05-10 13:26:50 UTC ( 3 years ago )
Antivirus Result Update
Ad-Aware Gen:Variant.Zusy.52925 20160510
ALYac Gen:Variant.Zusy.52925 20160510
Antiy-AVL Trojan/Win32.SGeneric 20160510
Arcabit Trojan.Zusy.DCEBD 20160510
AVG Pakes_c.BPRY 20160510
Avira (no cloud) TR/Zusy.52925 20160510
AVware Trojan.Win32.Generic!BT 20160510
Baidu-International Backdoor.Win32.Gulpix.aiv 20160510
BitDefender Gen:Variant.Zusy.52925 20160510
Bkav HW32.Packed.9523 20160510
CAT-QuickHeal Backdoor.Plugx.r4 20160510
CMC Trojan.Win32.Swizzor.1!O 20160510
DrWeb Trojan.DownLoader9.62563 20160510
Emsisoft Gen:Variant.Zusy.52925 (B) 20160510
F-Secure Gen:Variant.Zusy.52925 20160510
Fortinet W32/Malware_fam.NB 20160510
GData Gen:Variant.Zusy.52925 20160510
Ikarus Trojan.Win32.Pakes 20160510
Jiangmin Backdoor.Gulpix.m 20160510
K7AntiVirus Riskware ( 0040eff71 ) 20160510
K7GW Riskware ( 0040eff71 ) 20160510
Kaspersky Backdoor.Win32.Gulpix.aiv 20160510
McAfee RDN/Generic BackDoor 20160510
McAfee-GW-Edition BehavesLike.Win32.Packed.dc 20160510
Microsoft Backdoor:Win32/Plugx.A 20160510
eScan Gen:Variant.Zusy.52925 20160510
NANO-Antivirus Trojan.Win32.XPACK.cxpjta 20160510
Panda Generic Malware 20160509
Qihoo-360 Win32/Trojan.5e1 20160510
Rising Trjoan.Generic-sEPnKONKe4L (Cloud) 20160510
Sophos AV Troj/Plugx-BZ 20160510
Symantec Backdoor.Trojan 20160510
TrendMicro BKDR_PLUGX.DUK 20160510
TrendMicro-HouseCall BKDR_PLUGX.DUK 20160510
VIPRE Trojan.Win32.Generic!BT 20160510
ViRobot Trojan.Win32.Z.Agent.258048.B[h] 20160510
Yandex Trojan.DownLoader! 20160508
Zillya Backdoor.Gulpix.Win32.227 20160510
AegisLab 20160510
AhnLab-V3 20160510
Alibaba 20160510
Avast 20160510
Baidu 20160510
ClamAV 20160509
Comodo 20160510
Cyren 20160510
ESET-NOD32 20160510
F-Prot 20160510
Kingsoft 20160510
Malwarebytes 20160510
nProtect 20160510
SUPERAntiSpyware 20160510
Tencent 20160510
TheHacker 20160510
TotalDefense 20160510
VBA32 20160510
Zoner 20160510
The file being studied is a Portable Executable file! More specifically, it is a Win32 EXE file for the Windows GUI subsystem.
PE header basic information
Target machine Intel 386 or later processors and compatible processors
Compilation timestamp 2014-04-25 21:40:34
Entry Point 0x000015AF
Number of sections 4
PE sections
PE imports
GetSystemTime
GetLastError
InitializeCriticalSection
HeapFree
GetStdHandle
EnterCriticalSection
LCMapStringW
SetHandleCount
GetModuleFileNameW
GetOEMCP
LCMapStringA
IsDebuggerPresent
HeapAlloc
TlsAlloc
GetEnvironmentStringsW
GetVersionExA
GetModuleFileNameA
RtlUnwind
LoadLibraryA
FreeEnvironmentStringsA
DeleteCriticalSection
GetCurrentProcess
GetEnvironmentStrings
GetLocaleInfoA
GetCurrentProcessId
GetCommandLineW
GetCPInfo
UnhandledExceptionFilter
InterlockedDecrement
MultiByteToWideChar
GetStartupInfoW
FreeEnvironmentStringsW
GetCommandLineA
GetProcAddress
TlsFree
HeapSize
LeaveCriticalSection
WideCharToMultiByte
GetStringTypeA
GetModuleHandleA
SetUnhandledExceptionFilter
WriteFile
GetStartupInfoA
GetSystemTimeAsFileTime
GetACP
HeapReAlloc
GetStringTypeW
HeapDestroy
TerminateProcess
QueryPerformanceCounter
IsValidCodePage
HeapCreate
VirtualFree
TlsGetValue
Sleep
GetFileType
GetTickCount
TlsSetValue
ExitProcess
GetCurrentThreadId
GetProcessHeap
VirtualAlloc
SetLastError
InterlockedIncrement
RegisterClassExW
CreateWindowExW
UpdateWindow
EndPaint
EndDialog
BeginPaint
GetMessageW
TranslateMessage
DefWindowProcW
LoadStringW
LoadCursorW
LoadIconW
DialogBoxParamW
LoadAcceleratorsW
PostQuitMessage
ShowWindow
TranslateAcceleratorW
DispatchMessageW
DestroyWindow
Number of PE resources by type
RT_ICON 16
RT_GROUP_ICON 2
RT_DIALOG 1
RT_MANIFEST 1
RT_STRING 1
RT_MENU 1
RT_ACCELERATOR 1
Number of PE resources by language
CHINESE SIMPLIFIED 22
ENGLISH US 1
PE resources
Debug information
ExifTool file metadata
MIMEType
application/octet-stream

Subsystem
Windows GUI

MachineType
Intel 386 or later, and compatibles

FileTypeExtension
exe

TimeStamp
2014:04:25 22:40:34+01:00

FileType
Win32 EXE

PEType
PE32

CodeSize
28672

LinkerVersion
8.0

EntryPoint
0x15af

InitializedDataSize
221184

SubsystemVersion
4.0

ImageVersion
0.0

OSVersion
4.0

UninitializedDataSize
0

File identification
MD5 8b583ad626a40c09f925af8fd1fd21c2
SHA1 2ddd94f056c0fd585e4021edb255bf23199b303e
SHA256 1f38b9d44b6b82cbf7968b7fb4a3574c2530354537f231f1cc0278de1bbe4c45
ssdeep
3072:ZI4bU8epxQSlID9HPj/PnlkTicmJJST4UorAzlQUElTP3TYsmxMvjstrpt:ZI4bU882kaPBkVmJgkUIAihpKqvipt

authentihash 73d77a1682f13e71cefe1a58fa642fb57ed1a4024a314714dce89c0f10925549
imphash 6d82676f27562428055e69f191089bac
File size 252.0 KB ( 258048 bytes )
File type Win32 EXE
Magic literal
PE32 executable for MS Windows (GUI) Intel 80386 32-bit

TrID Win32 Executable MS Visual C++ (generic) (78.5%)
Win32 Executable (generic) (11.3%)
Generic Win/DOS Executable (5.0%)
DOS Executable Generic (5.0%)
Tags
peexe

VirusTotal metadata
First submission 2014-04-27 06:56:09 UTC ( 5 years ago )
Last submission 2014-04-27 06:56:09 UTC ( 5 years ago )
File names 2ddd94f056c0fd585e4021edb255bf23199b303e
Advanced heuristic and reputation engines
TrendMicro-HouseCall
TrendMicro's heuristic engine has flagged this file as: TROJ_GEN.R047C0DGT15.

Symantec reputation Suspicious.Insight
No comments. No VirusTotal Community member has commented on this item yet, be the first one to do so!

Leave your comment...

?
Post comment

You have not signed in. Only registered users can leave comments, sign in and have a voice!

No votes. No one has voted on this item yet, be the first one to do so!
Condensed report! The following is a condensed report of the behaviour of the file when executed in a controlled environment. The actions and events described were either performed by the file itself or by any other process launched by the executed file or subjected to code injection by the executed file.
Opened files
Read files
Written files
Deleted files
Created processes
Terminated processes
Created mutexes
Runtime DLLs
Additional details
The file sends control codes directly to certain device drivers making use of the DeviceIoControl Windows API function.
UDP communications