× Cookies are disabled! This site requires cookies to be enabled to work properly
SHA256: 201f53068429e57f2aefa89699e780375f39d41267173966c1c2adc3f62b0227
File name: rundll32.exe
Detection ratio: 54 / 56
Analysis date: 2017-01-26 20:26:37 UTC ( 1 year, 10 months ago ) View latest
Antivirus Result Update
Ad-Aware Trojan.Generic.6257285 20170126
AegisLab Troj.Spy.W32.Agent.bqde!c 20170126
AhnLab-V3 HEUR/Fakon.mwf 20170126
ALYac Trojan.Generic.6257285 20170126
Antiy-AVL Trojan/Win32.Agentb.aanb 20170126
Arcabit Trojan.Generic.D5F7A85 20170126
Avast AutoIt:Agent-DG [Trj] 20170126
AVG Worm/Autoit.ANUZ 20170126
Avira (no cloud) TR/Spy.Babonock.A.3 20170126
AVware Trojan.Win32.Generic!BT 20170126
Baidu Win32.Trojan.Agent.acd 20170125
BitDefender Trojan.Generic.6257285 20170126
CAT-QuickHeal Trojan.Babnock.AZ5 20170125
ClamAV Win.Trojan.Babonock-1 20170125
CMC Trojan-Spy.Win32.Agent!O 20170126
Comodo Heur.Suspicious 20170126
CrowdStrike Falcon (ML) malicious_confidence_86% (W) 20161024
Cyren W32/Agent.NTAB-6527 20170126
DrWeb Trojan.Siggen4.28479 20170126
Emsisoft Trojan.Generic.6257285 (B) 20170126
ESET-NOD32 Win32/AHK.L 20170126
F-Prot W32/Agent.JZY 20170126
F-Secure Trojan.Generic.6257285 20170126
Fortinet W32/Agent.BQDE!tr 20170126
GData Trojan.Generic.6257285 20170126
Ikarus Trojan-Spy.Win32.Agent 20170126
Sophos ML worm.win32.yuner.a 20170111
Jiangmin Packed.Katusha.arca 20170126
K7AntiVirus Riskware ( 0040eff71 ) 20170126
K7GW Riskware ( 0040eff71 ) 20170126
Kaspersky Trojan.Win32.Agentb.aanb 20170126
Malwarebytes Trojan.Agent.H 20170126
McAfee Babonock 20170126
McAfee-GW-Edition BehavesLike.Win32.Dropper.jh 20170126
Microsoft Trojan:Win32/Peals.B!gfc 20170126
eScan Trojan.Generic.6257285 20170126
NANO-Antivirus Trojan.Win32.Siggen4.efhexy 20170126
nProtect Trojan/W32.Agent.680603 20170126
Panda Generic Malware 20170126
Qihoo-360 Win32/Trojan.Spy.884 20170126
Rising Worm.Win32.Autorun.uav (classic) 20170126
Sophos AV Mal/Babonock-A 20170126
SUPERAntiSpyware Trojan.Agent/Gen-Autoit 20170126
Symantec Trojan.Gen 20170126
Tencent Win32.Trojan.Agentb.Egxu 20170126
TheHacker Trojan/Spy.Agent.bqde 20170125
TotalDefense Win32/SillyAutorun.FJR 20170126
TrendMicro WORM_OTORUN.MS 20170126
TrendMicro-HouseCall WORM_OTORUN.MS 20170126
VBA32 TrojanSpy.AutoIt 20170126
VIPRE Trojan.Win32.Generic!BT 20170126
Yandex TrojanSpy.Agent!gTwjmLLb1qo 20170126
Zillya Trojan.Autoit.Win32.7130 20170126
Zoner Trojan.AHK.L 20170126
Alibaba 20170122
Kingsoft 20170126
Trustlook 20170126
ViRobot 20170126
WhiteArmor 20170123
The file being studied is a Portable Executable file! More specifically, it is a Win32 EXE file for the Windows GUI subsystem.
PE header basic information
Target machine Intel 386 or later processors and compatible processors
Compilation timestamp 2011-01-18 14:44:33
Entry Point 0x0007ADD4
Number of sections 4
PE sections
Overlays
MD5 22b1a0fc058e495248f9f9200eb481bc
File type data
Offset 676352
Size 4251
Entropy 7.96
PE imports
RegDeleteKeyA
CloseServiceHandle
LookupPrivilegeValueA
RegEnumKeyExA
GetUserNameA
RegDeleteValueA
OpenProcessToken
AdjustTokenPrivileges
RegQueryValueExA
LockServiceDatabase
RegSetValueExA
RegEnumValueA
RegCreateKeyExA
RegOpenKeyExA
RegCloseKey
OpenSCManagerA
UnlockServiceDatabase
RegQueryInfoKeyA
RegConnectRegistryA
ImageList_Destroy
ImageList_AddMasked
ImageList_GetIconSize
Ord(6)
ImageList_Create
Ord(17)
ImageList_ReplaceIcon
GetOpenFileNameA
GetSaveFileNameA
CreatePolygonRgn
GetSystemPaletteEntries
GetTextMetricsA
GetClipBox
GetPixel
GetObjectA
ExcludeClipRect
EnumFontFamiliesExA
DeleteDC
SetBkMode
BitBlt
CreateDIBSection
SetTextColor
GetDeviceCaps
FillRgn
CreateEllipticRgn
CreateDCA
CreateFontA
GetStockObject
GetDIBits
GdiFlush
CreateRoundRectRgn
CreateCompatibleDC
GetTextFaceA
CreateRectRgn
GetClipRgn
CreateSolidBrush
SelectObject
SetBkColor
DeleteObject
CreateCompatibleBitmap
GetPrivateProfileSectionNamesA
GetStdHandle
FileTimeToSystemTime
GetFileAttributesA
GetDriveTypeA
GetLocalTime
DeleteCriticalSection
GetDiskFreeSpaceA
GetCurrentDirectoryA
GetConsoleMode
GetLocaleInfoA
SetErrorMode
FreeEnvironmentStringsW
GetLocaleInfoW
SetFileAttributesA
GetTempPathA
GetCPInfo
LoadLibraryW
WriteFile
GetSystemTimeAsFileTime
HeapReAlloc
GetStringTypeW
GetFullPathNameA
GetExitCodeProcess
MoveFileA
GetEnvironmentVariableA
LoadResource
FindClose
InterlockedDecrement
FormatMessageA
OutputDebugStringA
SetLastError
GetSystemTime
DeviceIoControl
InitializeCriticalSection
WriteProcessMemory
GetModuleFileNameW
Beep
CopyFileA
ExitProcess
FlushFileBuffers
RemoveDirectoryA
HeapSetInformation
GetVolumeInformationA
LoadLibraryExA
GetPrivateProfileStringA
SetThreadPriority
GetUserDefaultLCID
UnhandledExceptionFilter
TlsGetValue
MultiByteToWideChar
SetFilePointerEx
WritePrivateProfileSectionA
CreateMutexA
SetFilePointer
CreateThread
GetPrivateProfileSectionA
GetExitCodeThread
SetUnhandledExceptionFilter
GetCurrentProcess
MulDiv
IsProcessorFeaturePresent
SetEnvironmentVariableA
SetPriorityClass
TerminateProcess
GlobalAlloc
LocalFileTimeToFileTime
SetEndOfFile
GetCurrentThreadId
LeaveCriticalSection
SetCurrentDirectoryA
WriteConsoleW
InitializeCriticalSectionAndSpinCount
HeapFree
EnterCriticalSection
SetHandleCount
lstrcmpiA
GetOEMCP
QueryPerformanceCounter
GetTickCount
TlsAlloc
VirtualProtect
GetVersionExA
LoadLibraryA
RtlUnwind
FreeLibrary
GlobalSize
GetDateFormatA
GetFileSize
OpenProcess
CreateDirectoryA
DeleteFileA
GetWindowsDirectoryA
GetStartupInfoW
ReadProcessMemory
GlobalLock
GetProcessHeap
GetFileSizeEx
FindFirstFileA
EnumResourceNamesA
CompareStringA
GetComputerNameA
FindNextFileA
IsValidLocale
GetProcAddress
CreateFileW
IsDebuggerPresent
GetFileType
SetVolumeLabelA
TlsSetValue
CreateFileA
HeapAlloc
InterlockedIncrement
GetLastError
SystemTimeToFileTime
LCMapStringW
GlobalFree
GetConsoleCP
GetEnvironmentStringsW
GlobalUnlock
VirtualQuery
GetModuleFileNameA
GetShortPathNameA
FileTimeToLocalFileTime
SizeofResource
WritePrivateProfileStringA
GetCurrentProcessId
LockResource
SetFileTime
HeapQueryInformation
WideCharToMultiByte
HeapSize
GetCommandLineA
RaiseException
TlsFree
GetModuleHandleA
ReadFile
CloseHandle
EnumSystemLocalesA
GetACP
GetModuleHandleW
SetStdHandle
CreateProcessA
IsValidCodePage
HeapCreate
Sleep
FindResourceA
GetTimeFormatA
SafeArrayDestroy
VariantChangeType
SysFreeString
SafeArrayGetLBound
SysStringLen
SafeArrayPtrOfIndex
SafeArrayCreate
VariantClear
SysAllocString
GetActiveObject
SafeArrayUnlock
SafeArrayGetUBound
OleLoadPicture
SafeArrayGetElemsize
SafeArrayGetDim
SafeArrayLock
ExtractIconA
ShellExecuteExA
DragFinish
DragQueryFileA
DragQueryPoint
SHBrowseForFolderA
SHGetDesktopFolder
SHGetPathFromIDListA
Shell_NotifyIconA
SHGetMalloc
SHFileOperationA
RedrawWindow
GetMessagePos
SetWindowRgn
UnregisterHotKey
DestroyMenu
PostQuitMessage
GetForegroundWindow
SetWindowPos
IsWindow
SetTimer
DispatchMessageA
ScreenToClient
SetMenuItemInfoA
WindowFromPoint
SetActiveWindow
GetMenuItemID
GetCursorPos
DrawTextA
GetDlgCtrlID
GetMenu
mouse_event
IsClipboardFormatAvailable
SendMessageA
GetClientRect
SetMenuDefaultItem
CallNextHookEx
LoadAcceleratorsA
GetWindowTextLengthA
CountClipboardFormats
GetTopWindow
RegisterHotKey
EnumClipboardFormats
LoadImageA
GetMenuStringA
GetWindowTextA
GetKeyState
DestroyWindow
GetMessageA
GetParent
UpdateWindow
RegisterWindowMessageA
EnumWindows
CheckRadioButton
RegisterClassExA
ShowWindow
SetMenuInfo
GetDesktopWindow
GetClipboardFormatNameA
EnableWindow
PeekMessageA
IsCharAlphaA
TranslateMessage
IsWindowEnabled
GetWindow
CharUpperA
SystemParametersInfoA
GetIconInfo
GetQueueStatus
SetClipboardData
IsCharLowerA
CharLowerA
IsZoomed
EnableMenuItem
TrackPopupMenuEx
GetSubMenu
CreateWindowExA
GetKeyboardLayout
FlashWindow
GetSysColorBrush
PtInRect
IsDialogMessageA
MapWindowPoints
MapVirtualKeyA
EmptyClipboard
SetFocus
keybd_event
KillTimer
VkKeyScanExA
DefWindowProcA
ToAsciiEx
SetClipboardViewer
GetClassNameA
SendDlgItemMessageA
GetSystemMetrics
IsIconic
GetWindowRect
PostMessageA
EnumChildWindows
SetWindowLongA
SetKeyboardState
CreatePopupMenu
CheckMenuItem
GetWindowLongA
DrawIconEx
CreateMenu
GetDlgItem
BringWindowToTop
SendInput
ClientToScreen
PostMessageW
GetClassLongA
LoadCursorA
GetKeyboardState
SetWindowsHookExA
GetMenuItemCount
AttachThreadInput
CreateIconFromResourceEx
GetDC
FillRect
SetForegroundWindow
ExitWindowsEx
PostThreadMessageA
OpenClipboard
GetAsyncKeyState
ReleaseDC
IntersectRect
EndDialog
CreateIconIndirect
FindWindowA
SetWindowTextA
MessageBeep
GetCaretPos
RemoveMenu
GetWindowThreadProcessId
AppendMenuA
UnhookWindowsHookEx
SetDlgItemTextA
MoveWindow
MessageBoxA
IsMenu
ChangeClipboardChain
AdjustWindowRectEx
LookupIconIdFromDirectoryEx
DialogBoxParamA
GetSysColor
CopyImage
IsCharAlphaNumericA
DestroyIcon
GetKeyNameTextA
IsWindowVisible
GetClipboardData
SetRect
InvalidateRect
SendMessageTimeoutA
IsCharUpperA
TranslateAcceleratorA
DefDlgProcA
CallWindowProcA
GetCursor
GetFocus
CloseClipboard
SetMenu
GetFileVersionInfoSizeA
GetFileVersionInfoA
VerQueryValueA
waveOutSetVolume
mixerGetDevCapsA
joyGetDevCapsA
mixerOpen
mixerGetLineInfoA
mixerSetControlDetails
mixerClose
mixerGetControlDetailsA
waveOutGetVolume
mixerGetLineControlsA
mciSendStringA
joyGetPosEx
WSAStartup
gethostbyname
gethostname
inet_addr
WSACleanup
CreateStreamOnHGlobal
OleUninitialize
CoUninitialize
CoInitialize
OleInitialize
CoCreateInstance
CoGetObject
CLSIDFromString
StringFromGUID2
Number of PE resources by type
RT_ICON 20
RT_GROUP_ICON 8
RT_DIALOG 1
RT_MANIFEST 1
RT_MENU 1
RT_ACCELERATOR 1
Number of PE resources by language
ENGLISH US 32
PE resources
ExifTool file metadata
MIMEType
application/octet-stream

Subsystem
Windows GUI

MachineType
Intel 386 or later, and compatibles

FileTypeExtension
exe

TimeStamp
2011:01:18 15:44:33+01:00

FileType
Win32 EXE

PEType
PE32

CodeSize
569856

LinkerVersion
10.0

ImageFileCharacteristics
No relocs, Executable, 32-bit

EntryPoint
0x7add4

InitializedDataSize
105472

SubsystemVersion
5.0

ImageVersion
0.0

OSVersion
5.0

UninitializedDataSize
0

Execution parents
Compressed bundles
File identification
MD5 fe9261575638dec5742ddfba5b5fb19c
SHA1 4dc2e4f6556cfcf86d594de9bdd5f66fd9979cac
SHA256 201f53068429e57f2aefa89699e780375f39d41267173966c1c2adc3f62b0227
ssdeep
12288:DTyjXW+48qWywrU4kGFezOAVuJ5PIGww7F5DO3HYffY:fIXW/8yw1ez54lIYF5SXYHY

authentihash f09bcca96b48a67dd085b3a4edf0576318515d8f53cf3a3654282cd12dfe0d06
imphash 376583ef03e4007760fb1259334fc710
File size 664.7 KB ( 680603 bytes )
File type Win32 EXE
Magic literal
PE32 executable for MS Windows (GUI) Intel 80386 32-bit

TrID Win32 Executable MS Visual C++ (generic) (35.0%)
Win64 Executable (generic) (31.0%)
Windows screen saver (14.7%)
Win32 Dynamic Link Library (generic) (7.3%)
Win32 Executable (generic) (5.0%)
Tags
peexe usb-autorun overlay

VirusTotal metadata
First submission 2011-04-16 11:35:53 UTC ( 7 years, 8 months ago )
Last submission 2018-05-08 03:49:17 UTC ( 7 months, 2 weeks ago )
File names 4dc2e4f6556cfcf86d594de9bdd5f66fd9979cac.bin
.MySecurityData.exe
VM GILL.exe
101MSDCF.exe
days2013.exe
DCIM.exe
4dc2e4f6556cfcf86d594de9bdd5f66fd9979cac.bin
.Trashes.exe
Project_Online_Exam.exe
Новая папка.exe
sudhir_18 april.exe$
srinu.exe
rundll32.exe
My Music.exe
Adobe Photoshop CS6 13.0.1 Final Multilanguage (cracked dll) [ChingLiu].exe
manan new.exe
file-3213005_exe
2010.exe
~Restore.{645FF040-5081-101B-9F08-00AA002F954E}.exe
100MEDIA.exe
Envision.exe
Videos.exe
manan_6-8-11.exe
LOST.DIR.exe
Florian.exe
No comments. No VirusTotal Community member has commented on this item yet, be the first one to do so!

Leave your comment...

?
Post comment

You have not signed in. Only registered users can leave comments, sign in and have a voice!

No votes. No one has voted on this item yet, be the first one to do so!