× Cookies are disabled! This site requires cookies to be enabled to work properly
SHA256: 235b8651f9f98b10c4aabbe18d5635ec23418091d3a012192dbdd32d3364fde6
File name: 13a937dfcae05cea69431a6b496152f7.dec
Detection ratio: 25 / 54
Analysis date: 2015-07-13 18:55:05 UTC ( 2 years, 6 months ago )
Antivirus Result Update
Ad-Aware Gen:Variant.Dyzap.16 20150713
Arcabit Trojan.Dyzap.16 20150713
Avast Win32:Malware-gen 20150713
Avira (no cloud) W32/Etap 20150713
BitDefender Gen:Variant.Dyzap.16 20150713
ByteHero Virus.Win32.Part.a 20150713
Comodo TrojWare.Win32.PWS.Dyzap.MY 20150713
Cyren W32/Dropper.gen8!Maximus 20150713
DrWeb MULDROP.Trojan 20150713
Emsisoft Gen:Variant.Dyzap.16 (B) 20150713
ESET-NOD32 a variant of Win32/Exploit.CVE-2013-3660.P 20150713
F-Prot W32/Dropper.gen8!Maximus 20150713
F-Secure Gen:Variant.Dyzap.16 20150713
Fortinet W32/Sikutan.C!tr 20150713
GData Gen:Variant.Dyzap.16 20150713
Ikarus Trojan.Win32.Exploit 20150713
Malwarebytes Spyware.Dyre 20150713
McAfee-GW-Edition BehavesLike.Win32.CryptDoma.jc 20150713
eScan Gen:Variant.Dyzap.16 20150713
Panda Trj/Genetic.gen 20150713
Sophos AV Troj/UACMe-A 20150713
TrendMicro Cryp_Xin2 20150713
TrendMicro-HouseCall Cryp_Xin2 20150713
VBA32 suspected of Trojan.Downloader.gen.h 20150713
VIPRE BehavesLike.Win32.Malware.bsf (vs) 20150713
AegisLab 20150713
Yandex 20150713
AhnLab-V3 20150713
Alibaba 20150713
Antiy-AVL 20150713
AVG 20150713
Baidu-International 20150713
Bkav 20150713
CAT-QuickHeal 20150713
ClamAV 20150713
Jiangmin 20150710
K7AntiVirus 20150713
K7GW 20150713
Kaspersky 20150713
Kingsoft 20150713
McAfee 20150713
Microsoft 20150713
NANO-Antivirus 20150713
nProtect 20150713
Qihoo-360 20150713
Rising 20150713
SUPERAntiSpyware 20150713
Symantec 20150713
Tencent 20150713
TheHacker 20150713
TotalDefense 20150713
ViRobot 20150713
Zillya 20150713
Zoner 20150713
The file being studied is a Portable Executable file! More specifically, it is a Win32 EXE file for the Windows GUI subsystem.
Packers identified
F-PROT embedded
PE header basic information
Target machine Intel 386 or later processors and compatible processors
Compilation timestamp 2015-07-13 11:52:45
Entry Point 0x0000167F
Number of sections 5
PE sections
PE imports
GetTokenInformation
GetSidSubAuthorityCount
LookupPrivilegeValueA
GetSidSubAuthority
RegCloseKey
OpenProcessToken
AdjustTokenPrivileges
FreeSid
RegQueryValueExA
AllocateAndInitializeSid
RegEnumKeyA
RegSetValueExA
EqualSid
RegOpenKeyExA
CreateToolhelp32Snapshot
GetLastError
HeapFree
OpenProcess
GetSystemInfo
lstrcpynA
lstrcmpiA
CopyFileA
ExitProcess
FlushFileBuffers
GetVersionExA
LoadLibraryA
lstrcmpiW
Process32Next
Process32NextW
HeapAlloc
GetCurrentProcess
SizeofResource
lstrlenA
LocalAlloc
Process32First
LockResource
CreateDirectoryA
DeleteFileA
DeleteFileW
lstrcatW
TerminateThread
Process32FirstW
GetProcessHeap
GetModuleFileNameW
SetFilePointer
GetTempPathA
CreateThread
GetFileAttributesA
GetModuleHandleA
lstrcmpA
lstrcatA
lstrcpyA
CloseHandle
GetComputerNameA
ExpandEnvironmentStringsA
LocalFree
TerminateProcess
CreateProcessA
GetModuleFileNameA
GetEnvironmentVariableA
LoadResource
WriteFile
Sleep
CreateFileA
GetTickCount
FindResourceA
GetCurrentProcessId
GetProcAddress
ShellExecuteExA
ShellExecuteExW
PathRemoveArgsA
PathRemoveFileSpecW
PathRemoveFileSpecA
PathGetArgsA
GetWindowLongA
RemovePropA
CreatePopupMenu
wsprintfA
SetPropA
GetMenuItemRect
RegisterClassExW
EnumWindows
DefWindowProcW
SendMessageA
EnableScrollBar
GetClassNameA
GetDlgItem
CreateWindowExW
wvsprintfA
SwitchToThisWindow
GetClientRect
GetPropA
SetActiveWindow
DestroyWindow
IsThemeActive
InternetConnectA
HttpOpenRequestA
HttpSendRequestA
InternetCloseHandle
InternetOpenA
ZwQueryInformationProcess
_chkstk
strcat
RtlAdjustPrivilege
strcpy
Number of PE resources by type
RT_RCDATA 1
Number of PE resources by language
ENGLISH US 1
PE resources
ExifTool file metadata
MIMEType
application/octet-stream

Subsystem
Windows GUI

MachineType
Intel 386 or later, and compatibles

TimeStamp
2015:07:13 12:52:45+01:00

FileType
Win32 EXE

PEType
PE32

CodeSize
31232

LinkerVersion
10.0

FileTypeExtension
exe

InitializedDataSize
674816

SubsystemVersion
5.1

EntryPoint
0x167f

OSVersion
5.1

ImageVersion
0.0

UninitializedDataSize
0

File identification
MD5 70dd92d532fd4d4ea6edfeeb5adf7995
SHA1 b2c60caa0c34e0ee7c6da78bb824258e3272ae29
SHA256 235b8651f9f98b10c4aabbe18d5635ec23418091d3a012192dbdd32d3364fde6
ssdeep
12288:kLcUyppsNNxmNN85p2NNoNVyqo7OI7Nez+gNL4qXYWDyglKQV0HA1:ORNNENNdNNAVy01+RqXRyHQyH

authentihash 01e3232ad98eb16c456a6c82f332c4aa491abe8bc60ad30df25f45c11ce4b17c
imphash 43a8f44d23ef4c62cdf4689724d4a037
File size 690.5 KB ( 707072 bytes )
File type Win32 EXE
Magic literal
PE32 executable for MS Windows (GUI) Intel 80386 32-bit

TrID Win32 Executable MS Visual C++ (generic) (35.8%)
Win64 Executable (generic) (31.7%)
Windows screen saver (15.0%)
Win32 Dynamic Link Library (generic) (7.5%)
Win32 Executable (generic) (5.1%)
Tags
peexe cve-2013-3660 exploit

VirusTotal metadata
First submission 2015-07-13 18:55:05 UTC ( 2 years, 6 months ago )
Last submission 2015-07-13 18:55:05 UTC ( 2 years, 6 months ago )
File names 13a937dfcae05cea69431a6b496152f7.dec
Advanced heuristic and reputation engines
Symantec reputation Suspicious.Insight
No comments. No VirusTotal Community member has commented on this item yet, be the first one to do so!

Leave your comment...

?
Post comment

You have not signed in. Only registered users can leave comments, sign in and have a voice!

No votes. No one has voted on this item yet, be the first one to do so!
Condensed report! The following is a condensed report of the behaviour of the file when executed in a controlled environment. The actions and events described were either performed by the file itself or by any other process launched by the executed file or subjected to code injection by the executed file.
Opened files
Read files
Written files
Deleted files
Created processes
Code injections in the following processes
Created mutexes
Opened mutexes
Opened service managers
Opened services
Runtime DLLs
HTTP requests
TCP connections