× Cookies are disabled! This site requires cookies to be enabled to work properly
SHA256: 2379afe3746f27400b10dd6615deea8555814f0b76f29898a36d700b2ed4e0e9
File name: vt-upload-e7SDv
Detection ratio: 41 / 55
Analysis date: 2014-12-05 04:24:23 UTC ( 4 years, 3 months ago )
Antivirus Result Update
Ad-Aware Gen:Variant.Symmi.28740 20141205
Yandex Trojan.Agent!dEcf1PEuW5k 20141203
AhnLab-V3 Trojan/Win32.Agent 20141204
ALYac Gen:Variant.Symmi.28740 20141205
Antiy-AVL Trojan/Win32.Agent 20141205
Avast Win32:Crypt-QUS [Trj] 20141205
AVG Dropper.Generic8.BQVP 20141204
Avira (no cloud) TR/Crypt.Xpack.43893 20141205
AVware Trojan.Win32.EncPk.akv (v) 20141205
Baidu-International Trojan.Win32.Agent.AknZ 20141204
BitDefender Gen:Variant.Symmi.28740 20141205
CAT-QuickHeal Trojan.ZAgent.rb 20141204
Comodo UnclassifiedMalware 20141204
Cyren W32/FakeAV.HLCI-8476 20141205
DrWeb Trojan.Packed.23907 20141205
ESET-NOD32 Win32/Caphaw.I 20141205
F-Secure Gen:Variant.Symmi.28740 20141205
Fortinet W32/BackDoor.FBFT!tr 20141205
GData Gen:Variant.Symmi.28740 20141205
Ikarus Trojan.Agent4 20141205
Jiangmin Trojan/Agent.jrgn 20141204
K7AntiVirus Riskware ( 0040eff71 ) 20141204
K7GW Riskware ( 0040eff71 ) 20141204
Kaspersky HEUR:Trojan.Win32.Generic 20141205
Kingsoft Win32.Troj.Generic.a.(kcloud) 20141205
Malwarebytes Trojan.Ransom.ED 20141205
McAfee BackDoor-FBDF!76102403A742 20141205
McAfee-GW-Edition BehavesLike.Win32.Vundo.dh 20141205
Microsoft Backdoor:Win32/Caphaw.D 20141205
eScan Gen:Variant.Symmi.28740 20141205
Norman FakeAV.CMED 20141204
Panda Generic Malware 20141204
Qihoo-360 Win32/Trojan.Multi.daf 20141205
Sophos AV Mal/EncPk-AKV 20141205
Symantec Trojan.Gen.3 20141205
Tencent Win32.Trojan.Agent.Afhg 20141205
TrendMicro TROJ_SPNR.15IA13 20141205
TrendMicro-HouseCall TROJ_SPNR.15IA13 20141205
VBA32 Hoax.Foreign 20141204
VIPRE Trojan.Win32.EncPk.akv (v) 20141205
Zillya Trojan.Agent.Win32.401851 20141204
AegisLab 20141205
Bkav 20141204
ByteHero 20141205
ClamAV 20141205
CMC 20141204
F-Prot 20141205
NANO-Antivirus 20141205
nProtect 20141204
Rising 20141204
SUPERAntiSpyware 20141205
TheHacker 20141205
TotalDefense 20141204
ViRobot 20141204
Zoner 20141204
The file being studied is a Portable Executable file! More specifically, it is a Win32 EXE file for the Windows GUI subsystem.
PE header basic information
Target machine Intel 386 or later processors and compatible processors
Compilation timestamp 2013-08-13 19:19:50
Entry Point 0x00005070
Number of sections 11
PE sections
PE imports
GetTextExtentPoint32A
TextOutA
GetTextMetricsA
SetBkColor
GetCharWidth32A
SetRectRgn
SetTextColor
HeapFree
TerminateThread
GlobalFree
WaitForSingleObject
QueryPerformanceCounter
ExitProcess
VirtualProtect
LoadLibraryA
VirtualQuery
RtlUnwind
GetModuleFileNameA
GetStartupInfoA
SetThreadPriority
GetCurrentProcessId
GetCurrentDirectoryA
GetCommandLineA
GetProcAddress
GetProcessHeap
CreateThread
GetModuleHandleA
InterlockedExchange
GetCurrentProcess
CloseHandle
GetSystemTimeAsFileTime
GetComputerNameA
ExitThread
HeapReAlloc
TerminateProcess
GlobalAlloc
Sleep
GetTickCount
GetProcessVersion
HeapAlloc
GetCurrentThreadId
VirtualAlloc
ReleaseDC
GetSystemMetrics
ShowCaret
DrawTextA
UnregisterHotKey
EndPaint
BeginPaint
HideCaret
MessageBoxA
SetCaretPos
GetDesktopWindow
GetClientRect
wsprintfA
PostQuitMessage
DefWindowProcA
SendMessageA
MessageBeep
DestroyCaret
GetDC
GetKeyState
timeBeginPeriod
SCardAccessStartedEvent
Number of PE resources by type
RT_MANIFEST 1
Number of PE resources by language
NEUTRAL 1
PE resources
ExifTool file metadata
MIMEType
application/octet-stream

Subsystem
Windows GUI

MachineType
Intel 386 or later, and compatibles

TimeStamp
2013:08:13 20:19:50+01:00

FileType
Win32 EXE

PEType
PE32

CodeSize
36864

LinkerVersion
6.0

FileAccessDate
2014:12:05 05:24:47+01:00

EntryPoint
0x5070

InitializedDataSize
262144

SubsystemVersion
4.0

ImageVersion
0.0

OSVersion
4.0

FileCreateDate
2014:12:05 05:24:47+01:00

UninitializedDataSize
0

File identification
MD5 76102403a7420422558db43a0796e17a
SHA1 0495b5f337521b280dfef5ac989c0684af92994e
SHA256 2379afe3746f27400b10dd6615deea8555814f0b76f29898a36d700b2ed4e0e9
ssdeep
3072:T0sURlbR/UXRIgwLvXogSxYHSfQoeAcbKSY99L3t4lZeoSnQGExoZULRZNQ74zYW:TU3REDw7ExO8eAVZL3AZeNZEWUis

authentihash fbdef203a486adb6cd8863242afca4cd8b8201f5b3f8e2122facdfdacf3792fd
imphash 8fdf9d8c38559b59ca8feab705fbe33f
File size 296.0 KB ( 303104 bytes )
File type Win32 EXE
Magic literal
PE32 executable for MS Windows (GUI) Intel 80386 32-bit

TrID Win32 Executable MS Visual C++ (generic) (67.3%)
Win32 Dynamic Link Library (generic) (14.2%)
Win32 Executable (generic) (9.7%)
Generic Win/DOS Executable (4.3%)
DOS Executable Generic (4.3%)
Tags
peexe

VirusTotal metadata
First submission 2013-08-14 05:24:01 UTC ( 5 years, 7 months ago )
Last submission 2013-08-19 08:40:02 UTC ( 5 years, 7 months ago )
File names vt-upload-e7SDv
vt-upload-JgrS8
vt-upload-PK1NS
vt-upload-pQ5LW
vt-upload-ishVO
No comments. No VirusTotal Community member has commented on this item yet, be the first one to do so!

Leave your comment...

?
Post comment

You have not signed in. Only registered users can leave comments, sign in and have a voice!

No votes. No one has voted on this item yet, be the first one to do so!
Condensed report! The following is a condensed report of the behaviour of the file when executed in a controlled environment. The actions and events described were either performed by the file itself or by any other process launched by the executed file or subjected to code injection by the executed file.
Opened files
Read files
Written files
Deleted files
Code injections in the following processes
Created mutexes
Opened mutexes
Opened service managers
Opened services
Runtime DLLs
Additional details
The file sends control codes directly to certain device drivers making use of the DeviceIoControl Windows API function.
HTTP requests
DNS requests
TCP connections