× Cookies are disabled! This site requires cookies to be enabled to work properly
SHA256: 24648c7aca128d3bf899866e2769fc82f63f098f32e9ba970fa064ca477fdb3c
File name: cc.exe
Detection ratio: 3 / 56
Analysis date: 2015-07-10 18:21:13 UTC ( 3 years, 10 months ago ) View latest
Antivirus Result Update
Bkav HW32.Packed.FFDE 20150708
CAT-QuickHeal (Suspicious) - DNAScan 20150710
Qihoo-360 HEUR/Malware.QVM19.Gen 20150710
Ad-Aware 20150710
AegisLab 20150710
Yandex 20150710
AhnLab-V3 20150710
Alibaba 20150710
ALYac 20150710
Antiy-AVL 20150710
Arcabit 20150710
Avast 20150710
AVG 20150710
Avira (no cloud) 20150710
AVware 20150710
Baidu-International 20150710
BitDefender 20150710
ByteHero 20150710
ClamAV 20150710
Comodo 20150710
Cyren 20150710
DrWeb 20150710
Emsisoft 20150710
ESET-NOD32 20150710
F-Prot 20150710
F-Secure 20150710
Fortinet 20150710
GData 20150710
Ikarus 20150710
Jiangmin 20150709
K7AntiVirus 20150710
K7GW 20150710
Kaspersky 20150710
Kingsoft 20150710
Malwarebytes 20150710
McAfee 20150710
McAfee-GW-Edition 20150710
Microsoft 20150710
eScan 20150710
NANO-Antivirus 20150710
nProtect 20150710
Panda 20150710
Rising 20150709
Sophos AV 20150710
SUPERAntiSpyware 20150710
Symantec 20150710
Tencent 20150710
TheHacker 20150709
TotalDefense 20150710
TrendMicro 20150710
TrendMicro-HouseCall 20150710
VBA32 20150710
VIPRE 20150710
ViRobot 20150710
Zillya 20150710
Zoner 20150710
The file being studied is a Portable Executable file! More specifically, it is a Win32 EXE file for the Windows GUI subsystem.
Packers identified
F-PROT appended, RAR, Unicode, UPX, WWPack32
PEiD WWPack32 v1.00, v1.11, v1.12, v1.20
PE header basic information
Target machine Intel 386 or later processors and compatible processors
Compilation timestamp 2004-06-30 10:17:10
Entry Point 0x00034000
Number of sections 5
PE sections
Overlays
MD5 44f7cacc48709543d4c1c96da0873d06
File type application/x-ms-dos-executable
Offset 53760
Size 368128
Entropy 7.95
PE imports
RegDeleteKeyA
RegOpenKeyA
RegCloseKey
RegQueryValueExA
RegSetValueA
RegCreateKeyA
ImageList_ReplaceIcon
CreateFontIndirectA
GetStartupInfoA
GetTempPathA
GetWindowsDirectoryA
GetModuleHandleA
GetCurrentDirectoryA
CopyFileA
MultiByteToWideChar
GetSystemDirectoryA
SetCurrentDirectoryA
WinExec
Ord(6197)
Ord(3401)
Ord(3998)
Ord(4080)
Ord(1775)
Ord(4710)
Ord(2414)
Ord(3597)
Ord(1641)
Ord(3136)
Ord(3361)
Ord(6375)
Ord(3626)
Ord(755)
Ord(3798)
Ord(537)
Ord(2621)
Ord(3259)
Ord(2446)
Ord(2864)
Ord(6215)
Ord(5875)
Ord(815)
Ord(922)
Ord(641)
Ord(2645)
Ord(5277)
Ord(2514)
Ord(4425)
Ord(5199)
Ord(4441)
Ord(4465)
Ord(5300)
Ord(4627)
Ord(1168)
Ord(3738)
Ord(4853)
Ord(6376)
Ord(2982)
Ord(4234)
Ord(825)
Ord(3081)
Ord(3092)
Ord(5307)
Ord(4424)
Ord(540)
Ord(4078)
Ord(2554)
Ord(2862)
Ord(384)
Ord(1727)
Ord(940)
Ord(823)
Ord(2642)
Ord(2725)
Ord(3874)
Ord(4998)
Ord(5981)
Ord(2096)
Ord(800)
Ord(3749)
Ord(2512)
Ord(470)
Ord(6380)
Ord(4224)
Ord(4079)
Ord(1146)
Ord(3147)
Ord(2124)
Ord(535)
Ord(6052)
Ord(3262)
Ord(1576)
Ord(3873)
Ord(4353)
Ord(5856)
Ord(5065)
Ord(4407)
Ord(3663)
Ord(3346)
Ord(858)
Ord(2396)
Ord(3831)
Ord(6374)
Ord(686)
Ord(3825)
Ord(2976)
Ord(1089)
Ord(2985)
Ord(3922)
Ord(4376)
Ord(324)
Ord(3830)
Ord(2385)
Ord(3619)
Ord(3079)
Ord(2055)
Ord(4837)
Ord(5241)
Ord(4129)
Ord(2648)
Ord(5714)
Ord(5289)
Ord(5280)
Ord(325)
Ord(4622)
Ord(561)
Ord(5261)
Ord(924)
Ord(4486)
Ord(5789)
Ord(4698)
Ord(926)
Ord(5163)
Ord(6199)
Ord(5265)
Ord(5302)
Ord(860)
Ord(5731)
__p__fmode
sscanf
rand
fgetc
_spawnl
fread
strcat
__dllonexit
memset
_sleep
fopen
strlen
_except_handler3
?terminate@@YAXXZ
_chdrive
clock
fwrite
fprintf
fseek
_onexit
ftell
exit
_XcptFilter
memcmp
_unlink
__setusermatherr
__p__commode
_acmdln
srand
fputc
fclose
_adjust_fdiv
_getdrive
__getmainargs
_exit
_setmbcp
__CxxFrameHandler
_findnext
_findfirst
strcpy
_mkdir
time
_initterm
_controlfp
strcmp
__set_app_type
SHGetPathFromIDListA
SHGetSpecialFolderLocation
LoadIconA
EnableWindow
PostMessageA
SendMessageA
GetClientRect
GetFocus
SetActiveWindow
CoUninitialize
CoCreateInstance
CoInitialize
Number of PE resources by type
RT_DIALOG 10
RT_ICON 6
RT_GROUP_ICON 6
Number of PE resources by language
ENGLISH UK 12
FRENCH 9
FRENCH CANADIAN 1
PE resources
ExifTool file metadata
MIMEType
application/octet-stream

Subsystem
Windows GUI

MachineType
Intel 386 or later, and compatibles

FileTypeExtension
exe

TimeStamp
2004:06:30 11:17:10+01:00

FileType
Win32 EXE

PEType
PE32

CodeSize
40960

LinkerVersion
6.0

EntryPoint
0x34000

InitializedDataSize
167936

SubsystemVersion
4.0

ImageVersion
0.0

OSVersion
4.0

UninitializedDataSize
0

File identification
MD5 9544ec12f8f8bc9eb586b2f9958eb867
SHA1 0ba69cb1b4a8285f646381ed2d71d1c0cb5cd0dd
SHA256 24648c7aca128d3bf899866e2769fc82f63f098f32e9ba970fa064ca477fdb3c
ssdeep
6144:TEM5AyAOld0LhmIjYxkGTqaznBDyzgG+Dl5gmWq//s9rLRoszg6P:pOTOs0IjY+st9I+B5W2/sBLRRzJP

authentihash ba583d5802016eeeeef7ea9277cca54057762cb576d57a4d462d9a420993108a
imphash 17386872ad661bff229d40a2a5d30f9d
File size 412.0 KB ( 421888 bytes )
File type Win32 EXE
Magic literal
PE32 executable for MS Windows (GUI) Intel 80386 32-bit

TrID Win32 Executable MS Visual C++ (generic) (30.1%)
UPX compressed Win32 Executable (29.5%)
Win32 EXE Yoda's Crypter (25.6%)
Win32 Dynamic Link Library (generic) (6.3%)
Win32 Executable (generic) (4.3%)
Tags
peexe wwpack upx overlay

VirusTotal metadata
First submission 2014-09-20 02:58:03 UTC ( 4 years, 8 months ago )
Last submission 2015-07-10 18:21:13 UTC ( 3 years, 10 months ago )
File names 24648C7ACA128D3BF899866E2769FC82F63F098F32E9BA970FA064CA477FDB3C
cc.exe
cc.exe
24648c7aca128d3bf899866e2769fc82f63f098f32e9ba970fa064ca477fdb3c
Advanced heuristic and reputation engines
ClamAV
Possibly Unwanted Application. While not necessarily malicious, the scanned file presents certain characteristics which depending on the user policies and environment may or may not represent a threat. For full details see: https://www.clamav.net/documents/potentially-unwanted-applications-pua .

Symantec reputation Suspicious.Insight
No comments. No VirusTotal Community member has commented on this item yet, be the first one to do so!

Leave your comment...

?
Post comment

You have not signed in. Only registered users can leave comments, sign in and have a voice!

No votes. No one has voted on this item yet, be the first one to do so!
Condensed report! The following is a condensed report of the behaviour of the file when executed in a controlled environment. The actions and events described were either performed by the file itself or by any other process launched by the executed file or subjected to code injection by the executed file.
Opened files
Read files
Written files
Created processes
Code injections in the following processes
Opened mutexes
Runtime DLLs
Additional details
The file sends control codes directly to certain device drivers making use of the DeviceIoControl Windows API function.