× Cookies are disabled! This site requires cookies to be enabled to work properly
SHA256: 1f42cd17541ff19a0acf82ebbb1a47b5ca13984de869ddb75463a964c1934230
File name: 9v1.exe
Detection ratio: 2 / 55
Analysis date: 2014-12-23 22:20:56 UTC ( 4 years, 2 months ago ) View latest
Antivirus Result Update
Comodo Win32.PkdTdss 20141223
Malwarebytes Trojan.Zbot 20141223
Ad-Aware 20141223
AegisLab 20141223
Yandex 20141222
AhnLab-V3 20141223
ALYac 20141223
Antiy-AVL 20141223
Avast 20141223
AVG 20141223
Avira (no cloud) 20141223
AVware 20141223
Baidu-International 20141223
BitDefender 20141223
Bkav 20141223
ByteHero 20141223
CAT-QuickHeal 20141223
ClamAV 20141223
CMC 20141218
Cyren 20141223
DrWeb 20141223
Emsisoft 20141223
ESET-NOD32 20141223
F-Prot 20141223
F-Secure 20141223
Fortinet 20141223
GData 20141223
Ikarus 20141223
Jiangmin 20141223
K7AntiVirus 20141223
K7GW 20141223
Kaspersky 20141223
Kingsoft 20141223
McAfee 20141223
McAfee-GW-Edition 20141223
Microsoft 20141223
eScan 20141223
NANO-Antivirus 20141223
Norman 20141223
nProtect 20141223
Panda 20141223
Qihoo-360 20141223
Rising 20141223
Sophos AV 20141223
SUPERAntiSpyware 20141223
Symantec 20141223
Tencent 20141223
TheHacker 20141222
TotalDefense 20141223
TrendMicro 20141223
TrendMicro-HouseCall 20141223
VBA32 20141223
VIPRE 20141223
ViRobot 20141223
Zillya 20141223
Zoner 20141223
The file being studied is a Portable Executable file! More specifically, it is a Win32 EXE file for the Windows GUI subsystem.
PE header basic information
Target machine Intel 386 or later processors and compatible processors
Compilation timestamp 2005-05-09 02:31:22
Entry Point 0x00001000
Number of sections 7
PE sections
PE imports
CreateDCA
PolyPolyline
AddFontResourceA
EndPage
GdiGetSpoolFileHandle
CloseMetaFile
SetDIBColorTable
GetMetaFileA
GdiStartDocEMF
GetObjectW
CreateDIBPatternBrush
GetEnhMetaFilePaletteEntries
TextOutA
CreateHatchBrush
PolylineTo
Number of PE resources by type
RT_BITMAP 1
RT_VERSION 1
Number of PE resources by language
GERMAN 1
ENGLISH US 1
PE resources
ExifTool file metadata
MIMEType
application/octet-stream

Subsystem
Windows GUI

MachineType
Intel 386 or later, and compatibles

TimeStamp
2005:05:09 03:31:22+01:00

FileType
Win32 EXE

PEType
PE32

CodeSize
310784

LinkerVersion
0.0

FileAccessDate
2014:12:31 00:59:33+01:00

EntryPoint
0x1000

InitializedDataSize
82448

SubsystemVersion
4.1

ImageVersion
0.0

OSVersion
4.0

FileCreateDate
2014:12:31 00:59:33+01:00

UninitializedDataSize
0

File identification
MD5 5a71b8ec02a94351c35ac4252739e5e0
SHA1 b42e72ef99b64c1489e21a9f91c3070d535fffba
SHA256 1f42cd17541ff19a0acf82ebbb1a47b5ca13984de869ddb75463a964c1934230
ssdeep
1536:daWX72tF0OE3ifanjnXKqM88O30KFG6NSdjNFdbCLYcI306QRS:kWX72jei0XKqMre0KF10dZ/CUcI3V

authentihash a51065e535e9fea7640149f81dfabbeabd4482ef4a429a425a29a7fdc15aba39
imphash cf20a0856264f092b89fc6248010b88d
File size 385.5 KB ( 394752 bytes )
File type Win32 EXE
Magic literal
PE32 executable for MS Windows (GUI) Intel 80386 32-bit

TrID Win32 Executable (generic) (52.7%)
Generic Win/DOS Executable (23.4%)
DOS Executable Generic (23.4%)
VXD Driver (0.3%)
Tags
peexe

VirusTotal metadata
First submission 2014-12-23 19:51:37 UTC ( 4 years, 2 months ago )
Last submission 2014-12-23 22:20:56 UTC ( 4 years, 2 months ago )
File names 1f42cd17541ff19a0acf82ebbb1a47b5ca13984de869ddb75463a964c1934230.exe
9v1.exe
Advanced heuristic and reputation engines
Symantec reputation Suspicious.Insight
No comments. No VirusTotal Community member has commented on this item yet, be the first one to do so!

Leave your comment...

?
Post comment

You have not signed in. Only registered users can leave comments, sign in and have a voice!

No votes. No one has voted on this item yet, be the first one to do so!
Condensed report! The following is a condensed report of the behaviour of the file when executed in a controlled environment. The actions and events described were either performed by the file itself or by any other process launched by the executed file or subjected to code injection by the executed file.
Opened files
Read files
Written files
Copied files
Deleted files
Created processes
Code injections in the following processes
Created mutexes
Opened mutexes
Searched windows
Opened service managers
Opened services
Runtime DLLs
Additional details
The file sends control codes directly to certain device drivers making use of the DeviceIoControl Windows API function.