× Cookies are disabled! This site requires cookies to be enabled to work properly
SHA256: 24d6d05591b9b471d764c1c7d5ff2ec4ac41f4dcffccdcb06aea225fb3cf1509
File name: magent
Detection ratio: 31 / 55
Analysis date: 2014-11-17 22:33:17 UTC ( 2 years, 7 months ago )
Antivirus Result Update
Ad-Aware Trojan.GenericKD.1967925 20141117
AhnLab-V3 Trojan/Win32.ZBot 20141117
Avast Win32:Malware-gen 20141117
Avira (no cloud) TR/Agent.398848.43 20141117
AVware Trojan.Win32.Generic!BT 20141117
Baidu-International Trojan.Win32.Kryptik.bCNTX 20141107
BitDefender Trojan.GenericKD.1967925 20141117
Comodo UnclassifiedMalware 20141117
Emsisoft Trojan.GenericKD.1967925 (B) 20141117
ESET-NOD32 a variant of Win32/Kryptik.CNTX 20141117
F-Secure Trojan.GenericKD.1967925 20141116
Fortinet W32/Zbot.CNTX!tr 20141117
GData Trojan.GenericKD.1967925 20141117
Ikarus Trojan-Spy.Zbot 20141117
K7AntiVirus Trojan ( 004b08c51 ) 20141117
K7GW Trojan ( 004b08c51 ) 20141117
Kaspersky Trojan-Spy.Win32.Zbot.unud 20141117
McAfee RDN/Generic PWS.y!bbs 20141117
McAfee-GW-Edition BehavesLike.Win32.Dropper.fc 20141117
Microsoft PWS:Win32/Zbot 20141117
eScan Trojan.GenericKD.1967925 20141117
Norman Troj_Generic.XFUMX 20141117
nProtect Trojan.GenericKD.1967925 20141117
Panda Trj/CI.A 20141117
Qihoo-360 HEUR/QVM10.1.Malware.Gen 20141117
Rising PE:Malware.XPACK-HIE/Heur!1.9C48 20141117
Sophos Mal/Generic-S 20141117
Symantec WS.Reputation.1 20141117
Tencent Win32.Trojan-spy.Zbot.Wlpk 20141117
TrendMicro-HouseCall Suspicious_GEN.F47V1114 20141117
VIPRE Trojan.Win32.Generic!BT 20141117
AegisLab 20141117
Yandex 20141117
Antiy-AVL 20141117
AVG 20141117
Bkav 20141117
ByteHero 20141117
CAT-QuickHeal 20141117
ClamAV 20141117
CMC 20141117
Cyren 20141117
DrWeb 20141117
F-Prot 20141117
Jiangmin 20141117
Kingsoft 20141117
Malwarebytes 20141117
NANO-Antivirus 20141117
SUPERAntiSpyware 20141117
TheHacker 20141117
TotalDefense 20141117
TrendMicro 20141117
VBA32 20141117
ViRobot 20141117
Zillya 20141117
Zoner 20141112
The file being studied is a Portable Executable file! More specifically, it is a Win32 EXE file for the Windows GUI subsystem.
FileVersionInfo properties
Copyright
Copyright (C) 2001-2014 Mail.Ru

Publisher Mail.Ru
Product Mail.Ru Agent
Original name magent.exe
Internal name magent
File version 6.3.8.0
Description Mail.Ru Agent
PE header basic information
Target machine Intel 386 or later processors and compatible processors
Compilation timestamp 2014-10-18 11:57:39
Entry Point 0x00008F06
Number of sections 4
PE sections
PE imports
RegSetValueExA
RegQueryValueExA
RegCloseKey
RegCreateKeyExA
GetOpenFileNameA
GetOpenFileNameW
CommDlgExtendedError
CreateICA
TextOutW
PatBlt
CreatePen
TextOutA
CreateFontIndirectA
GetTextMetricsA
CreateRectRgnIndirect
GetBitmapBits
DeleteDC
DeleteObject
BitBlt
SetTextColor
GetTextExtentPointW
GetTextExtentPoint32W
GetStockObject
SelectPalette
GdiFlush
CreateCompatibleDC
SelectObject
CreateCompatibleBitmap
CreateSolidBrush
SetBkColor
GetBkColor
Ellipse
GetStdHandle
EncodePointer
DeleteCriticalSection
GetCurrentProcess
GetConsoleMode
GetLocaleInfoA
LocalAlloc
FreeEnvironmentStringsW
CommConfigDialogA
GetLocaleInfoW
SetStdHandle
WideCharToMultiByte
LoadLibraryW
WriteFile
GetSystemTimeAsFileTime
HeapReAlloc
GetStringTypeW
GetFullPathNameA
SetEvent
LocalFree
InitializeCriticalSection
FindClose
TlsGetValue
FormatMessageA
SetLastError
GetSystemTime
GetModuleFileNameW
IsDebuggerPresent
ExitProcess
FlushFileBuffers
GetModuleFileNameA
HeapSetInformation
EnumSystemLocalesA
UnhandledExceptionFilter
InterlockedDecrement
MultiByteToWideChar
GetModuleHandleA
SetUnhandledExceptionFilter
IsProcessorFeaturePresent
DecodePointer
SetEnvironmentVariableA
TerminateProcess
SetEndOfFile
GetCurrentThreadId
InterlockedIncrement
WriteConsoleW
InitializeCriticalSectionAndSpinCount
HeapFree
EnterCriticalSection
SetHandleCount
lstrcmpiA
GetOEMCP
QueryPerformanceCounter
GetTickCount
TlsAlloc
GetVersionExA
RtlUnwind
GetStartupInfoW
GetUserDefaultLCID
GetProcessHeap
CompareStringW
FindFirstFileA
FindNextFileA
IsValidLocale
GetProcAddress
GetTimeZoneInformation
CreateFileW
GetFileType
TlsSetValue
CreateFileA
HeapAlloc
LeaveCriticalSection
GetNativeSystemInfo
GetLastError
LCMapStringW
lstrlenA
GetConsoleCP
GetEnvironmentStringsW
GlobalUnlock
IsDBCSLeadByte
lstrlenW
GetCurrentProcessId
GetCPInfo
HeapSize
GetCommandLineA
RaiseException
TlsFree
SetFilePointer
ReadFile
CloseHandle
GetACP
GlobalLock
GetModuleHandleW
IsValidCodePage
HeapCreate
Sleep
NetUserEnum
NetApiBufferFree
OleCreateFontIndirect
RegisterActiveObject
SetupDiOpenDevRegKey
SetupDiEnumDeviceInfo
SetupDiGetClassDevsA
SetupDiDestroyDeviceInfoList
StrToIntA
SetFocus
GetMessageA
GetClipboardData
MapVirtualKeyA
GetForegroundWindow
GetParent
UpdateWindow
EndDialog
BeginPaint
OffsetRect
CreateIconIndirect
IsMenu
KillTimer
GetIconInfo
PostQuitMessage
DefWindowProcA
ShowWindow
DrawStateW
DrawFrameControl
SetWindowPos
GetWindowThreadProcessId
SetDlgItemInt
GetSystemMetrics
GetWindowRect
DispatchMessageA
EndPaint
SetDlgItemTextA
PostMessageA
SetRectEmpty
GetDlgItemTextA
WindowFromPoint
MessageBoxA
GetClassNameA
SetClipboardViewer
DialogBoxParamA
GetSysColor
GetDlgItemInt
GetMenuItemID
ChangeClipboardChain
GetCursorPos
SystemParametersInfoA
SendMessageA
SetWindowTextA
CreateWindowExA
IsWindowVisible
wsprintfA
GetClientRect
SetTimer
GetDlgItem
IsIconic
RegisterClassA
OemToCharA
GetSubMenu
FindWindowExA
GetDCEx
GetClassNameW
InvalidateRect
ClientToScreen
GetCursorInfo
AttachThreadInput
GetWindowTextW
GetDesktopWindow
GetCursor
GetFocus
GetDC
ReleaseDC
CloseClipboard
DestroyWindow
OpenClipboard
EnumPrintersA
socket
inet_addr
WSACleanup
WSAStartup
gethostbyname
connect
shutdown
htons
GdipLoadImageFromFile
GdipGraphicsClear
GdipCreateFromHDC
GdipCreateBitmapFromScan0
GdipDisposeImage
GdipGetImageWidth
GdipCreateHBITMAPFromBitmap
GdipGetImageHeight
GdipAlloc
GdipGetImageGraphicsContext
GdipCloneImage
GdipGetImagePixelFormat
GdipDrawImageRectI
GdipFree
GdipDeleteGraphics
Number of PE resources by type
RT_DIALOG 3
Struct(240) 3
RT_GROUP_CURSOR 2
RT_CURSOR 2
RT_ICON 1
RT_MANIFEST 1
RT_BITMAP 1
RT_VERSION 1
RT_GROUP_ICON 1
Number of PE resources by language
ENGLISH US 14
RUSSIAN 1
PE resources
ExifTool file metadata
SubsystemVersion
5.1

LinkerVersion
10.0

ImageVersion
0.0

FileSubtype
0

FileVersionNumber
6.3.8.0

UninitializedDataSize
0

LanguageCode
Russian

FileFlagsMask
0x003f

CharacterSet
Unicode

InitializedDataSize
128000

FileOS
Windows NT 32-bit

MIMEType
application/octet-stream

LegalCopyright
Copyright (C) 2001-2014 Mail.Ru

FileVersion
6.3.8.0

TimeStamp
2014:10:18 12:57:39+01:00

FileType
Win32 EXE

PEType
PE32

InternalName
magent

FileAccessDate
2014:11:17 23:33:32+01:00

ProductVersion
6.3.8.0

FileDescription
Mail.Ru Agent

OSVersion
5.1

FileCreateDate
2014:11:17 23:33:32+01:00

OriginalFilename
magent.exe

Subsystem
Windows GUI

MachineType
Intel 386 or later, and compatibles

CompanyName
Mail.Ru

CodeSize
269824

ProductName
Mail.Ru Agent

ProductVersionNumber
6.3.8.0

EntryPoint
0x8f06

ObjectFileType
Executable application

File identification
MD5 614cd4bf0c1042ce0577bd1dd22cbe32
SHA1 77e6b95bebfb9cd70c0c2517b1ef77e4f7768438
SHA256 24d6d05591b9b471d764c1c7d5ff2ec4ac41f4dcffccdcb06aea225fb3cf1509
ssdeep
6144:1UEZoaH733Q7y2o24ApTSPPbiiziqIEnISMZkWSXiHw4CsR:j733Q22l4GaiQrIhpSXijR

authentihash f67c7b083d6ceef12a537c5af4c8da2c88b8e17873dbc9c4e2f4a581e9a8dddb
imphash 24e0b99ce585105ad20b4a75910e3155
File size 389.5 KB ( 398848 bytes )
File type Win32 EXE
Magic literal
PE32 executable for MS Windows (GUI) Intel 80386 32-bit

TrID Win32 Executable MS Visual C++ (generic) (67.3%)
Win32 Dynamic Link Library (generic) (14.2%)
Win32 Executable (generic) (9.7%)
Generic Win/DOS Executable (4.3%)
DOS Executable Generic (4.3%)
Tags
peexe

VirusTotal metadata
First submission 2014-11-10 22:30:09 UTC ( 2 years, 7 months ago )
Last submission 2014-11-10 22:30:09 UTC ( 2 years, 7 months ago )
File names 24d6d05591b9b471d764c1c7d5ff2ec4ac41f4dcffccdcb06aea225fb3cf1509.bin
magent
magent.exe
Advanced heuristic and reputation engines
Symantec reputation Suspicious.Insight
No comments. No VirusTotal Community member has commented on this item yet, be the first one to do so!

Leave your comment...

?
Post comment

You have not signed in. Only registered users can leave comments, sign in and have a voice!

No votes. No one has voted on this item yet, be the first one to do so!
Condensed report! The following is a condensed report of the behaviour of the file when executed in a controlled environment. The actions and events described were either performed by the file itself or by any other process launched by the executed file or subjected to code injection by the executed file.
Opened files
Read files
Written files
Copied files
Deleted files
Created processes
Code injections in the following processes
Created mutexes
Opened mutexes
Searched windows
Opened service managers
Opened services
Hooking activity
Runtime DLLs
Additional details
The file sends control codes directly to certain device drivers making use of the DeviceIoControl Windows API function.
The file installs an application-defined hook procedure into a hook chain. You would install a hook procedure to monitor the system for certain types of events. These events are associated either with a specific thread or with all threads in the same desktop as the calling thread. This is done making use of the SetWindowsHook Windows API function.
DNS requests