× Cookies are disabled! This site requires cookies to be enabled to work properly
SHA256: 23652601d30979ca898368aa0d74a7712c55c0cb73fb718fb6d7894cff1aa64e
File name: b43e9210da3e06dc2b88ae028a13d8c5
Detection ratio: 19 / 52
Analysis date: 2014-07-18 11:16:05 UTC ( 2 years, 7 months ago ) View latest
Antivirus Result Update
AVG Crypt3.AFFE 20140718
AntiVir TR/Injector.awzq.9 20140718
Avast Win32:Trojan-gen 20140718
Commtouch W32/Trojan.IHFU-4548 20140718
ESET-NOD32 a variant of Win32/Kryptik.CGUS 20140718
F-Prot W32/Trojan3.JJV 20140718
Fortinet W32/Kryptik.CGUS!tr 20140718
Ikarus Trojan.Win32.Kryptik 20140718
Kaspersky Net-Worm.Win32.Aspxor.bpzp 20140718
McAfee RDN/Generic BackDoor!zc 20140718
McAfee-GW-Edition Packed-BQ!B43E9210DA3E 20140717
Norman Suspicious_Gen4.GTTKE 20140718
Qihoo-360 HEUR/Malware.QVM07.Gen 20140718
Rising PE:Malware.FakeDOC@CV!1.9C3C 20140718
Sophos Mal/Agent-APA 20140718
Symantec Trojan.Asprox.B 20140718
Tencent Win32.Worm-net.Aspxor.Pdcg 20140718
TrendMicro BKDR_KULUOZ.SMZG 20140718
VIPRE Trojan.Win32.Kuluoz.dad (v) 20140718
Ad-Aware 20140718
AegisLab 20140718
Yandex 20140718
AhnLab-V3 20140717
Antiy-AVL 20140718
Baidu-International 20140718
BitDefender 20140718
Bkav 20140717
ByteHero 20140718
CAT-QuickHeal 20140718
CMC 20140717
ClamAV 20140717
Comodo 20140718
DrWeb 20140718
Emsisoft 20140717
F-Secure 20140718
GData 20140718
Jiangmin 20140718
K7AntiVirus 20140717
K7GW 20140717
Kingsoft 20140718
Malwarebytes 20140718
eScan 20140718
Microsoft 20140718
NANO-Antivirus 20140718
Panda 20140718
SUPERAntiSpyware 20140718
TheHacker 20140717
TotalDefense 20140718
VBA32 20140717
ViRobot 20140718
Zoner 20140714
nProtect 20140717
The file being studied is a Portable Executable file! More specifically, it is a Win32 EXE file for the Windows GUI subsystem.
PE header basic information
Target machine Intel 386 or later processors and compatible processors
Compilation timestamp 2014-07-18 04:51:06
Entry Point 0x00004EF5
Number of sections 4
PE sections
PE imports
GetStdHandle
GetFileAttributesA
HeapDestroy
GetFileAttributesW
FreeEnvironmentStringsA
DeleteCriticalSection
GetCurrentProcess
GetLocaleInfoA
LocalAlloc
SetErrorMode
FreeEnvironmentStringsW
GetLocaleInfoW
SetStdHandle
GetCPInfo
GetStringTypeA
InterlockedExchange
WriteFile
GetTimeZoneInformation
HeapReAlloc
GetStringTypeW
GetOEMCP
LocalFree
FormatMessageW
GetEnvironmentVariableA
LoadResource
FindClose
TlsGetValue
SetLastError
InitializeCriticalSection
HeapAlloc
GetModuleFileNameA
EnumSystemLocalesA
UnhandledExceptionFilter
LoadLibraryExW
MultiByteToWideChar
FatalAppExitA
GetModuleHandleA
SetEnvironmentVariableA
TerminateProcess
InterlockedDecrement
GlobalAlloc
SetEndOfFile
GetVersion
InterlockedIncrement
HeapFree
EnterCriticalSection
SetHandleCount
FreeLibrary
QueryPerformanceCounter
IsBadWritePtr
TlsAlloc
GetVersionExA
LoadLibraryA
RtlUnwind
GetStartupInfoA
GetStartupInfoW
DeleteFileW
GetUserDefaultLCID
CompareStringW
GetCurrentThreadId
CompareStringA
IsValidLocale
GetProcAddress
CreateEventW
CreateEventA
GetFileType
TlsSetValue
CreateFileA
ExitProcess
LeaveCriticalSection
GetLastError
LCMapStringW
GetSystemInfo
lstrlenA
GlobalFree
LCMapStringA
GetEnvironmentStringsW
lstrlenW
SizeofResource
CompareFileTime
GetCurrentProcessId
GetCommandLineW
WideCharToMultiByte
HeapSize
GetCommandLineA
GetCurrentThread
TlsFree
SetFilePointer
ReadFile
GetACP
GetModuleHandleW
GetEnvironmentStrings
IsValidCodePage
HeapCreate
VirtualFree
Sleep
VirtualAlloc
SHFileOperationW
GetSystemMetrics
Ord(138)
Number of PE resources by type
RT_ICON 1
RT_GROUP_ICON 1
Number of PE resources by language
ENGLISH US 2
PE resources
ExifTool file metadata
MIMEType
application/octet-stream

Subsystem
Windows GUI

MachineType
Intel 386 or later, and compatibles

FileTypeExtension
exe

TimeStamp
2014:07:18 05:51:06+01:00

FileType
Win32 EXE

PEType
PE32

CodeSize
53248

LinkerVersion
7.1

EntryPoint
0x4ef5

InitializedDataSize
77824

SubsystemVersion
4.0

ImageVersion
0.0

OSVersion
4.0

UninitializedDataSize
0

File identification
MD5 b43e9210da3e06dc2b88ae028a13d8c5
SHA1 16c8a500a4e83aa38dbee79892484e086cfdf7dd
SHA256 23652601d30979ca898368aa0d74a7712c55c0cb73fb718fb6d7894cff1aa64e
ssdeep
3072:OB6zN74u95FlDXjGWbZVtbWpiDghKjaZsnm:Ki0u9TNXjGWtVFWptojk

authentihash 0f2017e416dd7603e8c3ba2c4ff41ab2da9932156dc91747edbc3a03e0879a91
imphash 91c36f72885815486e9c52238364508f
File size 132.0 KB ( 135168 bytes )
File type Win32 EXE
Magic literal
PE32 executable for MS Windows (GUI) Intel 80386 32-bit

TrID Win32 Executable MS Visual C++ (generic) (42.2%)
Win64 Executable (generic) (37.3%)
Win32 Dynamic Link Library (generic) (8.8%)
Win32 Executable (generic) (6.0%)
Generic Win/DOS Executable (2.7%)
Tags
peexe

VirusTotal metadata
First submission 2014-07-17 18:43:46 UTC ( 2 years, 7 months ago )
Last submission 2014-08-16 22:31:59 UTC ( 2 years, 6 months ago )
File names 23652601d30979ca898368aa0d74a7712c55c0cb73fb718fb6d7894cff1aa64e.exe
Copy_of_document_July-17-2014.exe
b43e9210da3e06dc2b88ae028a13d8c5.malware
irllvghq.exe
b43e9210da3e06dc2b88ae028a13d8c5.exe
b43e9210da3e06dc2b88ae028a13d8c5
Advanced heuristic and reputation engines
Symantec reputation Suspicious.Insight
No comments. No VirusTotal Community member has commented on this item yet, be the first one to do so!

Leave your comment...

?
Post comment

You have not signed in. Only registered users can leave comments, sign in and have a voice!

No votes. No one has voted on this item yet, be the first one to do so!
Condensed report! The following is a condensed report of the behaviour of the file when executed in a controlled environment. The actions and events described were either performed by the file itself or by any other process launched by the executed file or subjected to code injection by the executed file.
Opened files
Created processes
Created mutexes
Opened mutexes
Runtime DLLs