× Cookies are disabled! This site requires cookies to be enabled to work properly
SHA256: 26a41286ec3341e2dc8b25c566300ddc2ba4283bbf04caacefb49c3da123d290
File name: fdd263154dbda7d49224c75e88d700ac
Detection ratio: 30 / 55
Analysis date: 2014-11-12 09:43:10 UTC ( 4 years, 4 months ago )
Antivirus Result Update
Ad-Aware Gen:Variant.Strictor.68594 20141112
AhnLab-V3 Trojan/Win32.Necurs 20141111
Avast Win32:Malware-gen 20141112
AVG Generic_r.EGM 20141112
Avira (no cloud) TR/Zbot.A.1388 20141112
AVware Trojan.Win32.Generic!BT 20141112
BitDefender Gen:Variant.Strictor.68594 20141112
Cyren W32/Trojan.ZLYT-6339 20141112
DrWeb Trojan.Kovter.15 20141112
Emsisoft Gen:Variant.Strictor.68594 (B) 20141112
ESET-NOD32 a variant of Win32/Injector.BPAF 20141112
F-Secure Gen:Variant.Strictor.68594 20141112
Fortinet W32/BPAF!tr 20141112
GData Gen:Variant.Strictor.68594 20141112
Ikarus Trojan.Win32.Inject 20141112
K7GW Trojan ( 004b076f1 ) 20141112
Kaspersky Trojan-Spy.Win32.Zbot.unqe 20141112
Malwarebytes Trojan.Agent.ED 20141112
McAfee Artemis!FDD263154DBD 20141112
McAfee-GW-Edition BehavesLike.Win32.Downloader.dc 20141112
Microsoft VirTool:Win32/CeeInject 20141112
eScan Gen:Variant.Strictor.68594 20141112
NANO-Antivirus Trojan.Win32.Encoder.dijrkc 20141112
Panda Trj/CI.A 20141110
Qihoo-360 HEUR/QVM07.1.Malware.Gen 20141112
Sophos AV Mal/Generic-S 20141112
Symantec WS.Reputation.1 20141112
TotalDefense Win32/CInject.IeUTCU 20141111
VBA32 BScope.Malware-Cryptor.Hlux 20141111
VIPRE Trojan.Win32.Generic!BT 20141112
AegisLab 20141112
Yandex 20141111
Antiy-AVL 20141112
Baidu-International 20141107
Bkav 20141112
ByteHero 20141112
CAT-QuickHeal 20141112
ClamAV 20141112
CMC 20141110
Comodo 20141112
F-Prot 20141111
Jiangmin 20141111
K7AntiVirus 20141111
Kingsoft 20141112
Norman 20141112
nProtect 20141111
Rising 20141111
SUPERAntiSpyware 20141112
Tencent 20141112
TheHacker 20141111
TrendMicro 20141112
TrendMicro-HouseCall 20141112
ViRobot 20141112
Zillya 20141111
Zoner 20141110
The file being studied is a Portable Executable file! More specifically, it is a Win32 EXE file for the Windows GUI subsystem.
PE header basic information
Target machine Intel 386 or later processors and compatible processors
Compilation timestamp 2014-10-28 16:24:34
Entry Point 0x0000204F
Number of sections 6
PE sections
PE imports
GetStartupInfoA
CreateThread
GetCurrentProcessId
GetModuleHandleA
OpenProcess
CloseHandle
GetProcAddress
LoadLibraryA
Ord(1775)
Ord(4080)
Ord(537)
Ord(4710)
Ord(3597)
Ord(939)
Ord(3136)
Ord(6375)
Ord(755)
Ord(3798)
Ord(6052)
Ord(3259)
Ord(5953)
Ord(2446)
Ord(815)
Ord(641)
Ord(5277)
Ord(2514)
Ord(4425)
Ord(3092)
Ord(4441)
Ord(1134)
Ord(941)
Ord(4465)
Ord(2863)
Ord(5300)
Ord(4627)
Ord(1168)
Ord(3738)
Ord(4853)
Ord(2982)
Ord(4234)
Ord(825)
Ord(3081)
Ord(5199)
Ord(5307)
Ord(4424)
Ord(540)
Ord(4078)
Ord(2554)
Ord(6376)
Ord(1727)
Ord(823)
Ord(2379)
Ord(2725)
Ord(4998)
Ord(800)
Ord(3749)
Ord(2512)
Ord(470)
Ord(4274)
Ord(5261)
Ord(4079)
Ord(1146)
Ord(3147)
Ord(2124)
Ord(2621)
Ord(3262)
Ord(1576)
Ord(4353)
Ord(5065)
Ord(4407)
Ord(3097)
Ord(3346)
Ord(2396)
Ord(3831)
Ord(6374)
Ord(5280)
Ord(3825)
Ord(2976)
Ord(1089)
Ord(2985)
Ord(3922)
Ord(1247)
Ord(4160)
Ord(4376)
Ord(324)
Ord(3830)
Ord(2385)
Ord(3079)
Ord(2055)
Ord(4837)
Ord(5241)
Ord(2648)
Ord(5714)
Ord(5289)
Ord(4622)
Ord(561)
Ord(4486)
Ord(4698)
Ord(5163)
Ord(5265)
Ord(4673)
Ord(5302)
Ord(5731)
__p__fmode
__CxxFrameHandler
__getmainargs
fclose
__dllonexit
_except_handler3
fseek
_onexit
ftell
exit
_XcptFilter
rewind
__setusermatherr
__p__commode
sprintf
_acmdln
fread
_adjust_fdiv
_wfopen
_exit
_setmbcp
_initterm
_controlfp
__set_app_type
GetModuleFileNameExW
GetSystemMetrics
LoadIconA
EnableWindow
PostMessageA
DrawIcon
SendMessageA
GetClientRect
GetSystemMenu
IsIconic
AppendMenuA
htonl
socket
bind
inet_addr
recvfrom
htons
closesocket
Number of PE resources by type
RT_DIALOG 2
RT_ICON 1
SY\x153 1
RT_STRING 1
RT_VERSION 1
RT_GROUP_ICON 1
Number of PE resources by language
NEUTRAL 3
CHINESE SIMPLIFIED 3
CHINESE NEUTRAL 1
PE resources
ExifTool file metadata
SubsystemVersion
4.0

LinkerVersion
7.0

ImageVersion
0.0

FileSubtype
0

FileVersionNumber
1.0.0.1

UninitializedDataSize
0

LanguageCode
Icelandic

FileFlagsMask
0x003f

CharacterSet
Windows, Arabic

InitializedDataSize
241664

FileOS
Windows NT 32-bit

MIMEType
application/octet-stream

LegalCopyright
Copyright ? 2014

FileVersion
1, 0, 0, 1

TimeStamp
2014:10:28 17:24:34+01:00

FileType
Win32 EXE

PEType
PE32

InternalName
tool

FileAccessDate
2014:11:12 10:44:10+01:00

ProductVersion
1, 0, 0, 1

FileDescription
tool

OSVersion
4.0

FileCreateDate
2014:11:12 10:44:10+01:00

OriginalFilename
tool.exe

Subsystem
Windows GUI

MachineType
Intel 386 or later, and compatibles

CodeSize
8192

ProductName
tool

ProductVersionNumber
1.0.0.1

EntryPoint
0x204f

ObjectFileType
Executable application

File identification
MD5 fdd263154dbda7d49224c75e88d700ac
SHA1 b57901e41723e52a3a492537221deb4c10f41550
SHA256 26a41286ec3341e2dc8b25c566300ddc2ba4283bbf04caacefb49c3da123d290
ssdeep
6144:JlsZIjLIdwzlW9mRdCX32gmzHKlcljbsf58DZFQ/d2yf2Ikkrkgs:JlsyjLIdwzg9ICX32g+qOljbghkakgs

authentihash 93cdc58e92f5a75ca458ccc6fc8d9915bf8f9bf2aac292172ffd5a5e4feb2d66
imphash ee33aa2c30b8b2f66b18329f6ef938ed
File size 248.5 KB ( 254464 bytes )
File type Win32 EXE
Magic literal
PE32 executable for MS Windows (GUI) Intel 80386

TrID Win32 Executable MS Visual C++ (generic) (67.3%)
Win32 Dynamic Link Library (generic) (14.2%)
Win32 Executable (generic) (9.7%)
Generic Win/DOS Executable (4.3%)
DOS Executable Generic (4.3%)
Tags
peexe

VirusTotal metadata
First submission 2014-11-12 09:43:10 UTC ( 4 years, 4 months ago )
Last submission 2014-11-12 09:43:10 UTC ( 4 years, 4 months ago )
File names fdd263154dbda7d49224c75e88d700ac
26a41286ec3341e2dc8b25c566300ddc2ba4283bbf04caacefb49c3da123d290.exe
No comments. No VirusTotal Community member has commented on this item yet, be the first one to do so!

Leave your comment...

?
Post comment

You have not signed in. Only registered users can leave comments, sign in and have a voice!

No votes. No one has voted on this item yet, be the first one to do so!
Condensed report! The following is a condensed report of the behaviour of the file when executed in a controlled environment. The actions and events described were either performed by the file itself or by any other process launched by the executed file or subjected to code injection by the executed file.
Opened files
Read files
Written files
Created processes
Code injections in the following processes
Opened mutexes
Runtime DLLs
Additional details
The file sends control codes directly to certain device drivers making use of the DeviceIoControl Windows API function.