× Cookies are disabled! This site requires cookies to be enabled to work properly
SHA256: 28317a47d566d6ae7437b66274dcdbff51374761e1c201fa7e9bd0f77d7c9ed7
File name: 28317A47D566D6AE7437B66274DCDBFF51374761E1C201FA7E9BD0F77D7C9ED7.dat
Detection ratio: 46 / 56
Analysis date: 2015-10-26 20:47:08 UTC ( 3 months, 2 weeks ago )
Antivirus Result Update
ALYac Gen:Variant.Sirefef.2550 20151027
AVG Win32/Heur 20151026
AVware Trojan.Win32.Sirefef.ax (v) 20151026
Ad-Aware Gen:Variant.Sirefef.2550 20151027
Agnitum Backdoor.ZAccess!8WjaJ0vU5fo 20151026
AhnLab-V3 Win-Trojan/Malpacked3.Gen 20151026
Antiy-AVL Trojan[Backdoor]/Win32.ZAccess 20151027
Arcabit Trojan.Sirefef.D9F6 20151027
Avast Win32:Sirefef-AZK [Trj] 20151027
Avira TR/ATRAPS.Gen 20151027
Baidu-International Adware.Win32.iBryte.AXTL 20151026
BitDefender Gen:Variant.Sirefef.2550 20151027
CAT-QuickHeal TrojanDropper.Sirefef.r4 20151026
Comodo TrojWare.Win32.Kryptik.AJJK 20151027
Cyren W32/Zaccess.AB.gen!Eldorado 20151027
DrWeb BackDoor.Maxplus.7078 20151027
ESET-NOD32 a variant of Win32/Kryptik.AXSL 20151027
Emsisoft Gen:Variant.Sirefef.2550 (B) 20151027
F-Prot W32/Zaccess.AB.gen!Eldorado 20151027
F-Secure Gen:Variant.Sirefef.2550 20151027
Fortinet W32/ZAccess.MOW!worm 20151026
GData Gen:Variant.Sirefef.2550 20151027
Ikarus Virus.Win32.Heur 20151027
Jiangmin Backdoor/PMax.bar 20151026
K7AntiVirus Trojan ( 0042fce41 ) 20151026
K7GW Trojan ( 0042fce41 ) 20151026
Kaspersky HEUR:Trojan.Win32.Generic 20151027
Malwarebytes Trojan.Agent.NR 20151026
McAfee ZeroAccess-FBKG!D848763FC366 20151027
McAfee-GW-Edition BehavesLike.Win32.PWSZbot.cc 20151027
MicroWorld-eScan Gen:Variant.Sirefef.2550 20151027
Microsoft TrojanDropper:Win32/Sirefef.gen!B 20151027
NANO-Antivirus Trojan.Win32.Maxplus.bqofwo 20151026
Panda Trj/Genetic.gen 20151026
Qihoo-360 Win32/Trojan.Dropper.c9f 20151027
Rising PE:Trojan.Win32.Generic.148B1841!344660033 [F] 20151026
SUPERAntiSpyware Trojan.Agent/Gen-Sirefef 20151027
Sophos Mal/EncPk-ADI 20151027
Symantec Trojan.Gen 20151026
Tencent Win32.Trojan.Generic.Wqwm 20151027
TrendMicro TROJ_SPNR.14D213 20151027
TrendMicro-HouseCall TROJ_SPNR.14D213 20151027
VBA32 Backdoor.ZAccess 20151026
VIPRE Trojan.Win32.Sirefef.ax (v) 20151027
Zillya Backdoor.ZAccess.Win32.17522 20151026
nProtect Trojan/W32.Agent.166400.OL 20151026
AegisLab 20151026
Alibaba 20151026
Bkav 20151026
ByteHero 20151027
CMC 20151026
ClamAV 20151027
TheHacker 20151026
TotalDefense 20151026
ViRobot 20151026
Zoner 20151026
The file being studied is a Portable Executable file! More specifically, it is a Win32 EXE file for the Windows GUI subsystem.
PE header basic information
Target machine Intel 386 or later processors and compatible processors
Compilation timestamp 2013-03-29 17:14:30
Link date 6:14 PM 3/29/2013
Entry Point 0x0000BAA9
Number of sections 4
PE sections
PE imports
CreateToolbarEx
ImageList_Remove
CreatePropertySheetPageW
Ord(6)
GetTextMetricsW
CreateFontIndirectW
CreatePen
SaveDC
CreateFontIndirectA
GetTextMetricsA
SetStretchBltMode
GetObjectA
DeleteDC
GetObjectW
RealizePalette
SetTextColor
GetTextExtentPointW
GetDeviceCaps
MoveToEx
CreateFontA
EnumFontFamiliesExW
GetStockObject
SelectPalette
UnrealizeObject
SetTextAlign
SelectClipRgn
SetBrushOrgEx
CreateRectRgn
GetNearestPaletteIndex
GetCharWidth32W
GetPaletteEntries
SetViewportExtEx
GetStartupInfoA
WriteProfileStringA
lstrcatA
GetModuleHandleA
lstrcmpA
ReadFile
GetCommandLineW
GetCurrentDirectoryA
CreateMutexW
Sleep
lstrlenW
MapWindowPoints
SetWindowRgn
UpdateWindow
EndDialog
OffsetRect
GetCapture
CheckRadioButton
SetSysColors
GetMessageW
CheckMenuRadioItem
MessageBeep
CharToOemBuffA
HiliteMenuItem
MessageBoxW
PeekMessageW
RegisterClassExW
UnhookWindowsHookEx
SetCapture
MoveWindow
GetSystemMenu
RegisterDeviceNotificationW
TranslateMessage
ChildWindowFromPoint
PostMessageW
CheckDlgButton
CreateDialogParamW
GetProcessDefaultLayout
SendMessageW
RegisterClassW
EnableMenuItem
InvalidateRect
GetTopWindow
GetWindowTextW
SetDlgItemTextW
DeferWindowPos
LoadCursorW
EnumDisplaySettingsW
GetWindowLongW
GetMenu
SetMenu
OpenClipboard
GetOpenFileNameA
GetFileTitleA
ChooseColorA
PrintDlgW
PrintDlgExA
GetSaveFileNameA
ChooseFontA
strchr
sscanf
wcstoul
wcschr
_time64
swscanf
isxdigit
iswxdigit
strtoul
_mbctoupper
towupper
isspace
PE exports
Debug information
ExifTool file metadata
MIMEType
application/octet-stream

Subsystem
Windows GUI

MachineType
Intel 386 or later, and compatibles

FileTypeExtension
exe

TimeStamp
2013:03:29 18:14:30+01:00

FileType
Win32 EXE

PEType
PE32

CodeSize
51712

LinkerVersion
10.0

EntryPoint
0xbaa9

InitializedDataSize
113664

SubsystemVersion
5.1

ImageVersion
0.0

OSVersion
5.1

UninitializedDataSize
0

File identification
MD5 d848763fc366f3ecb45146279b44f16a
SHA1 72e5861fda7f0eaba62b1a0a9f8ab7f138f78061
SHA256 28317a47d566d6ae7437b66274dcdbff51374761e1c201fa7e9bd0f77d7c9ed7
ssdeep
3072:1Iq7eX8HrKE7sX68UIq65IZrOWVvmL9Isb/r1zDTLOOXm/iEL:1IysXz5VLesbdDTLOCSiEL

authentihash ca63dfd9915a524f85c7628a8fe451d9c6c897e8d4a45d12d104168dcb20d597
imphash 4d5892d609759f0d147a286b79205c7d
File size 162.5 KB ( 166400 bytes )
File type Win32 EXE
Magic literal
PE32 executable for MS Windows (GUI) Intel 80386 32-bit

TrID Windows screen saver (46.4%)
Win32 Dynamic Link Library (generic) (23.3%)
Win32 Executable (generic) (15.9%)
Generic Win/DOS Executable (7.1%)
DOS Executable Generic (7.0%)
Tags
peexe

VirusTotal metadata
First submission 2013-03-30 00:19:13 UTC ( 2 years, 10 months ago )
Last submission 2013-08-05 08:14:14 UTC ( 2 years, 6 months ago )
File names file-5322430_ViR
d848763fc366f3ecb45146279b44f16a.72e5861fda7f0eaba62b1a0a9f8ab7f138f78061
stp.exe
28317A47D566D6AE7437B66274DCDBFF51374761E1C201FA7E9BD0F77D7C9ED7.dat
No comments. No VirusTotal Community member has commented on this item yet, be the first one to do so!

Leave your comment...

?
Post comment

You have not signed in. Only registered users can leave comments, sign in and have a voice!

No votes. No one has voted on this item yet, be the first one to do so!
Condensed report! The following is a condensed report of the behaviour of the file when executed in a controlled environment. The actions and events described were either performed by the file itself or by any other process launched by the executed file or subjected to code injection by the executed file.
Opened files
Read files
Created processes
Opened mutexes
Opened service managers
Opened services
Runtime DLLs
Additional details
The file sends control codes directly to certain device drivers making use of the DeviceIoControl Windows API function.
HTTP requests
DNS requests
TCP connections
UDP communications