× Cookies are disabled! This site requires cookies to be enabled to work properly
SHA256: 24f8c6ab5c26789d41d5d3fd8ce8d8c591f12447bb8165f185ba75527c434ad7
File name: 1ff393cfb71e7b47d52566dd5f3deea897cdb169
Detection ratio: 2 / 53
Analysis date: 2015-07-09 00:22:15 UTC ( 3 years, 8 months ago ) View latest
Antivirus Result Update
Kaspersky Trojan-Spy.Win32.Zbot.vrmp 20150709
Rising PE:Malware.XPACK-LNR/Heur!1.5594 20150707
Ad-Aware 20150708
AegisLab 20150708
Yandex 20150708
AhnLab-V3 20150708
Alibaba 20150630
Antiy-AVL 20150709
Arcabit 20150708
Avast 20150708
AVG 20150708
Avira (no cloud) 20150709
Baidu-International 20150708
BitDefender 20150708
Bkav 20150708
ByteHero 20150709
CAT-QuickHeal 20150708
ClamAV 20150708
Comodo 20150708
Cyren 20150709
DrWeb 20150709
Emsisoft 20150708
ESET-NOD32 20150709
F-Prot 20150708
F-Secure 20150709
Fortinet 20150708
GData 20150708
Ikarus 20150708
Jiangmin 20150708
K7AntiVirus 20150708
K7GW 20150708
Kingsoft 20150709
Malwarebytes 20150708
McAfee 20150709
McAfee-GW-Edition 20150708
Microsoft 20150708
NANO-Antivirus 20150708
nProtect 20150708
Panda 20150708
Qihoo-360 20150709
Sophos AV 20150709
SUPERAntiSpyware 20150709
Symantec 20150708
Tencent 20150709
TheHacker 20150707
TotalDefense 20150708
TrendMicro 20150709
TrendMicro-HouseCall 20150708
VBA32 20150708
VIPRE 20150708
ViRobot 20150709
Zillya 20150708
Zoner 20150708
The file being studied is a Portable Executable file! More specifically, it is a Win32 EXE file for the Windows GUI subsystem.
PE header basic information
Target machine Intel 386 or later processors and compatible processors
Compilation timestamp 2005-06-26 09:30:41
Entry Point 0x00001000
Number of sections 14
PE sections
PE imports
RegCreateKeyExW
RegCloseKey
RegCreateKeyExA
RegQueryValueExA
AdjustTokenPrivileges
InitializeAcl
RegDeleteKeyW
RegQueryValueExW
SetSecurityDescriptorDacl
CloseServiceHandle
OpenProcessToken
AddAccessAllowedAce
RegOpenKeyExW
RegOpenKeyExA
GetTokenInformation
RegQueryInfoKeyW
OpenThreadToken
RegDeleteValueW
RegSetValueExW
FreeSid
AllocateAndInitializeSid
InitializeSecurityDescriptor
RegSetValueExA
GetForegroundWindow
IMPQueryIMEA
CreateDialogIndirectParamW
UpdateWindow
EnumWindows
DefWindowProcW
GetClassInfoExA
ClipCursor
PostQuitMessage
GetParent
GetClipboardViewer
MessageBoxW
AppendMenuA
GetWindowRect
OpenIcon
DdeAddData
MoveWindow
CharToOemBuffW
IsWindowEnabled
GetSysColor
SetActiveWindow
GetKeyState
IsCharAlphaNumericA
GetDlgCtrlID
SetClassWord
EndMenu
IsZoomed
DrawTextW
SendMessageCallbackW
LoadCursorA
OemToCharA
GetKeyboardLayout
GetTopWindow
CharNextA
DestroyAcceleratorTable
CheckDlgButton
DeferWindowPos
LockWindowUpdate
EnumDisplaySettingsW
GetFocus
GetActiveWindow
CopyImage
ReplyMessage
WindowFromDC
Number of PE resources by type
RT_GROUP_CURSOR 1
RT_CURSOR 1
RT_VERSION 1
Number of PE resources by language
JAPANESE DEFAULT 3
PE resources
ExifTool file metadata
MIMEType
application/octet-stream

Subsystem
Windows GUI

MachineType
Intel 386 or later, and compatibles

FileTypeExtension
exe

TimeStamp
2005:06:26 10:30:41+01:00

FileType
Win32 EXE

PEType
PE32

CodeSize
344576

LinkerVersion
0.0

EntryPoint
0x1000

InitializedDataSize
31232

SubsystemVersion
4.1

ImageVersion
0.0

OSVersion
4.0

UninitializedDataSize
0

File identification
MD5 a5fff6636e7d9c4b385ac60a5e4ea435
SHA1 ef465899d51dfc5fa112ddcc487ddb55be08ce4e
SHA256 24f8c6ab5c26789d41d5d3fd8ce8d8c591f12447bb8165f185ba75527c434ad7
ssdeep
1536:B40hMsuUWCnejoF4dtbVvcA634TeYl31nUKMcI/QtFW5g6zGWOcxNId7qIgJ/m:2CejoUc1oTek1vLFW5SWz3Id7qIgJ/m

authentihash bb8e798f8b85bbe3bce80784c96d8b0d3ac07d6421644b0ee616cda7a526955e
imphash 8fd5f3e86311afadc220bbdfef0d3356
File size 390.0 KB ( 399360 bytes )
File type Win32 EXE
Magic literal
PE32 executable for MS Windows (GUI) Intel 80386 32-bit

TrID Win32 Executable (generic) (52.7%)
Generic Win/DOS Executable (23.4%)
DOS Executable Generic (23.4%)
VXD Driver (0.3%)
Tags
peexe

VirusTotal metadata
First submission 2015-07-09 00:22:15 UTC ( 3 years, 8 months ago )
Last submission 2015-07-09 00:22:15 UTC ( 3 years, 8 months ago )
File names 1ff393cfb71e7b47d52566dd5f3deea897cdb169
Advanced heuristic and reputation engines
Symantec reputation Suspicious.Insight
No comments. No VirusTotal Community member has commented on this item yet, be the first one to do so!

Leave your comment...

?
Post comment

You have not signed in. Only registered users can leave comments, sign in and have a voice!

No votes. No one has voted on this item yet, be the first one to do so!
Condensed report! The following is a condensed report of the behaviour of the file when executed in a controlled environment. The actions and events described were either performed by the file itself or by any other process launched by the executed file or subjected to code injection by the executed file.
Opened files
Read files
Written files
Copied files
Deleted files
Created processes
Code injections in the following processes
Created mutexes
Opened mutexes
Searched windows
Opened service managers
Opened services
Runtime DLLs