× Cookies are disabled! This site requires cookies to be enabled to work properly
SHA256: 267b06b836e034eee4266ee0235dd356fce53a030dc12dd3aac01e011df8d46c
File name: xw2urt.exe
Detection ratio: 6 / 54
Analysis date: 2014-07-30 03:36:52 UTC ( 4 years, 7 months ago ) View latest
Antivirus Result Update
AntiVir TR/Crypt.ZPACK.90423 20140729
Avast Win32:Malware-gen 20140730
Bkav HW32.Laneul.xugu 20140728
ESET-NOD32 a variant of Win32/Kryptik.CHSU 20140729
Malwarebytes Trojan.Agent.ED 20140730
TrendMicro-HouseCall Suspicious_GEN.F47V0729 20140730
Ad-Aware 20140730
AegisLab 20140730
Yandex 20140729
AhnLab-V3 20140729
Antiy-AVL 20140730
AVG 20140729
AVware 20140730
Baidu-International 20140729
BitDefender 20140730
ByteHero 20140730
CAT-QuickHeal 20140729
ClamAV 20140730
CMC 20140728
Commtouch 20140730
Comodo 20140730
DrWeb 20140730
Emsisoft 20140730
F-Prot 20140730
F-Secure 20140730
Fortinet 20140730
GData 20140730
Ikarus 20140730
Jiangmin 20140725
K7AntiVirus 20140728
K7GW 20140728
Kaspersky 20140729
Kingsoft 20140730
McAfee 20140730
McAfee-GW-Edition 20140729
Microsoft 20140730
eScan 20140730
NANO-Antivirus 20140730
Norman 20140729
nProtect 20140729
Panda 20140729
Qihoo-360 20140730
Rising 20140729
Sophos AV 20140730
SUPERAntiSpyware 20140730
Symantec 20140730
Tencent 20140730
TheHacker 20140728
TotalDefense 20140730
TrendMicro 20140730
VBA32 20140729
VIPRE 20140730
ViRobot 20140729
Zoner 20140729
The file being studied is a Portable Executable file! More specifically, it is a Win32 EXE file for the Windows GUI subsystem.
PE header basic information
Target machine Intel 386 or later processors and compatible processors
Compilation timestamp 2014-07-29 09:36:10
Entry Point 0x0000C227
Number of sections 4
PE sections
PE imports
GetTokenInformation
OpenProcessToken
InitializeSecurityDescriptor
InitializeAcl
GetNamedSecurityInfoA
GetLengthSid
ImageList_LoadImageA
ImageList_Draw
ImageList_EndDrag
GetOpenFileNameA
SetMapMode
TextOutW
CreatePen
TextOutA
CreateFontIndirectA
Rectangle
GetObjectA
LineTo
DeleteDC
SetBkMode
ChoosePixelFormat
BitBlt
RealizePalette
SetTextColor
FrameRgn
MoveToEx
GetStockObject
SelectPalette
SelectClipRgn
CreateCompatibleDC
SetROP2
SelectObject
Pie
Ellipse
CreateSolidBrush
SetBkColor
GetCharWidth32A
DeleteObject
CreateCompatibleBitmap
GetStdHandle
FileTimeToSystemTime
WaitForSingleObject
EncodePointer
GetFileAttributesW
DeleteCriticalSection
GetCurrentProcess
GetConsoleMode
LocalAlloc
FreeEnvironmentStringsW
SetStdHandle
GetCPInfo
WriteFile
GetSystemTimeAsFileTime
HeapReAlloc
GetStringTypeW
LocalFree
SetConsoleWindowInfo
InterlockedDecrement
GetEnvironmentVariableW
SetLastError
GetModuleFileNameW
IsDebuggerPresent
ExitProcess
FlushFileBuffers
GetModuleFileNameA
SetConsoleScreenBufferSize
HeapSetInformation
UnhandledExceptionFilter
TlsGetValue
MultiByteToWideChar
SetUnhandledExceptionFilter
IsProcessorFeaturePresent
DecodePointer
SetEnvironmentVariableA
GlobalMemoryStatus
FindCloseChangeNotification
GetCurrentThreadId
LeaveCriticalSection
WriteConsoleW
InitializeCriticalSectionAndSpinCount
HeapFree
EnterCriticalSection
SetHandleCount
LoadLibraryW
GetOEMCP
QueryPerformanceCounter
GetTickCount
TlsAlloc
GetVersionExA
RtlUnwind
GetStartupInfoW
GetProcAddress
CompareStringW
lstrcpyW
GetFileInformationByHandle
FreeConsole
TerminateProcess
DuplicateHandle
CreateFileW
SetConsoleActiveScreenBuffer
GetFileType
TlsSetValue
HeapAlloc
InterlockedIncrement
GetLastError
LCMapStringW
FindFirstChangeNotificationA
GetSystemInfo
lstrlenA
GetConsoleCP
GetEnvironmentStringsW
FileTimeToLocalFileTime
GetCurrentDirectoryW
GetCurrentProcessId
GetCommandLineW
WideCharToMultiByte
HeapSize
GetCommandLineA
RaiseException
TlsFree
SetFilePointer
CloseHandle
GetACP
GetModuleHandleW
GetSystemTimeAdjustment
IsValidCodePage
HeapCreate
Sleep
IsBadReadPtr
GradientFill
SHGetPathFromIDListW
SHBrowseForFolderW
CommandLineToArgvW
StrChrW
SHAutoComplete
StrCpyNW
SHCreateStreamOnFileW
GetParent
EnableWindow
GetCursorInfo
SetLayeredWindowAttributes
EndDialog
BeginPaint
HideCaret
DrawIcon
KillTimer
ShowWindow
GetSystemMetrics
SetWindowPos
SendDlgItemMessageA
CharLowerA
MessageBoxW
AppendMenuA
GetWindowRect
EndPaint
PostMessageA
MoveWindow
LoadImageW
MessageBoxA
IsMenu
GetWindowDC
SendDlgItemMessageW
GetDC
GetCursorPos
SystemParametersInfoA
CreatePopupMenu
wsprintfA
IsWindowVisible
SendMessageA
SetWindowTextW
CharToOemA
GetDlgItem
CreateMenu
IsWindow
MonitorFromWindow
ScreenToClient
InvalidateRect
GetWindowLongA
SetTimer
LoadCursorA
DrawTextA
FillRect
ShowCursor
IsDlgButtonChecked
GetClientRect
GetWindowTextW
GetClassNameA
ReleaseDC
GetTopWindow
GetWindowInfo
CharNextW
SetCursor
PdhOpenQueryA
Number of PE resources by type
RT_MENU 2
RT_DIALOG 2
RT_MANIFEST 1
Struct(240) 1
Number of PE resources by language
ENGLISH US 6
PE resources
ExifTool file metadata
MIMEType
application/octet-stream

Subsystem
Windows GUI

MachineType
Intel 386 or later, and compatibles

TimeStamp
2014:07:29 10:36:10+01:00

FileType
Win32 EXE

PEType
PE32

CodeSize
75776

LinkerVersion
10.0

FileAccessDate
2014:07:30 04:38:21+01:00

EntryPoint
0xc227

InitializedDataSize
135680

SubsystemVersion
5.1

ImageVersion
0.0

OSVersion
5.1

FileCreateDate
2014:07:30 04:38:21+01:00

UninitializedDataSize
0

File identification
MD5 e7df0cce371445863a859ed7846162d6
SHA1 129ac3b6d72058ccaf38f9ae98992fa389d0c8bc
SHA256 267b06b836e034eee4266ee0235dd356fce53a030dc12dd3aac01e011df8d46c
ssdeep
6144:zXxVIXt0m3gQUFTSiZhIK0feyRoRk5hsm:zBVId0m3hUFTSiZhIKx0oRkt

imphash 4a97bf1c6c9f4d3b0aca6d17bd5b3f24
File size 207.5 KB ( 212480 bytes )
File type Win32 EXE
Magic literal
PE32 executable for MS Windows (GUI) Intel 80386 32-bit

TrID Win32 Executable MS Visual C++ (generic) (42.1%)
Win64 Executable (generic) (37.3%)
Win32 Dynamic Link Library (generic) (8.8%)
Win32 Executable (generic) (6.0%)
Generic Win/DOS Executable (2.7%)
Tags
peexe

VirusTotal metadata
First submission 2014-07-29 12:52:49 UTC ( 4 years, 7 months ago )
Last submission 2014-07-30 03:36:52 UTC ( 4 years, 7 months ago )
File names bdf73c133f7692ea2a1e5a45694ad7721572931965d10a0b3caf4db50983ba8b-1406638366
xw2urt.exe
Advanced heuristic and reputation engines
Symantec reputation Suspicious.Insight
No comments. No VirusTotal Community member has commented on this item yet, be the first one to do so!

Leave your comment...

?
Post comment

You have not signed in. Only registered users can leave comments, sign in and have a voice!

No votes. No one has voted on this item yet, be the first one to do so!
Condensed report! The following is a condensed report of the behaviour of the file when executed in a controlled environment. The actions and events described were either performed by the file itself or by any other process launched by the executed file or subjected to code injection by the executed file.
Opened files
Read files
Written files
Copied files
Deleted files
Created processes
Code injections in the following processes
Created mutexes
Opened mutexes
Searched windows
Opened service managers
Opened services
Hooking activity
Runtime DLLs
Additional details
The file sends control codes directly to certain device drivers making use of the DeviceIoControl Windows API function.
The file installs an application-defined hook procedure into a hook chain. You would install a hook procedure to monitor the system for certain types of events. These events are associated either with a specific thread or with all threads in the same desktop as the calling thread. This is done making use of the SetWindowsHook Windows API function.