× Cookies are disabled! This site requires cookies to be enabled to work properly
SHA256: 28317a47d566d6ae7437b66274dcdbff51374761e1c201fa7e9bd0f77d7c9ed7
File name: 28317A47D566D6AE7437B66274DCDBFF51374761E1C201FA7E9BD0F77D7C9ED7.dat
Detection ratio: 37 / 46
Analysis date: 2013-08-05 08:14:14 UTC ( 8 months, 2 weeks ago )
Antivirus Result Update
AVG Win32/Heur 20130804
Agnitum Backdoor.ZAccess!8WjaJ0vU5fo 20130804
AhnLab-V3 Backdoor/Win32.ZAccess 20130804
AntiVir TR/ATRAPS.Gen 20130805
Avast Win32:Sirefef-AZK [Trj] 20130805
BitDefender Trojan.Generic.KDZ.12345 20130805
Commtouch W32/Zaccess.AB.gen!Eldorado 20130805
Comodo TrojWare.Win32.Kryptik.AJJK 20130805
DrWeb BackDoor.Maxplus.7078 20130805
ESET-NOD32 a variant of Win32/Kryptik.AXTL 20130804
Emsisoft Trojan.Generic.KDZ.12345 (B) 20130805
F-Prot W32/Zaccess.AB.gen!Eldorado 20130805
F-Secure Trojan.Generic.KDZ.12345 20130805
Fortinet W32/ZAccess.MOW!worm 20130805
GData Trojan.Generic.KDZ.12345 20130805
Ikarus Virus.Win32.Heur 20130805
K7AntiVirus Riskware 20130802
Kaspersky Backdoor.Win32.ZAccess.bsle 20130805
Kingsoft Win32.Hack.ZAccess.bs.(kcloud) 20130723
Malwarebytes Trojan.Agent.NR 20130805
McAfee RDN/Generic BackDoor!if 20130805
McAfee-GW-Edition RDN/Generic BackDoor!if 20130804
MicroWorld-eScan Trojan.Generic.KDZ.12345 20130805
Microsoft TrojanDropper:Win32/Sirefef.gen!B 20130805
NANO-Antivirus Trojan.Win32.ZAccess.bmjfir 20130805
Norman Krypt.OI 20130804
PCTools HeurEngine.ZeroDayThreat 20130804
Panda Trj/Genetic.gen 20130804
Rising Trojan.Win32.Generic.148B1841 20130805
SUPERAntiSpyware Trojan.Agent/Gen-Sirefef 20130804
Sophos Mal/EncPk-ADI 20130805
Symantec Suspicious.DLoader 20130805
TrendMicro TROJ_SPNR.14D213 20130805
TrendMicro-HouseCall TROJ_SPNR.14D213 20130805
VBA32 Backdoor.PMax 20130802
VIPRE Trojan.Win32.Sirefef.ax (v) 20130805
nProtect Trojan/W32.Agent.166400.OL 20130805
Antiy-AVL 20130802
ByteHero 20130804
CAT-QuickHeal 20130805
ClamAV 20130805
Jiangmin 20130805
K7GW 20130802
TheHacker 20130805
TotalDefense 20130804
ViRobot 20130805
The file being studied is a Portable Executable file! More specifically, it is a Win32 EXE file for the Windows GUI subsystem.
PE header basic information
Target machine Intel 386 or later processors and compatible processors
Compilation timestamp 2013-03-29 17:14:30
Link date 6:14 PM 3/29/2013
Entry Point 0x0000BAA9
Number of sections 4
PE sections
PE imports
CreateToolbarEx
ImageList_Remove
CreatePropertySheetPageW
Ord(6)
GetTextMetricsW
CreateFontIndirectW
CreatePen
SaveDC
CreateFontIndirectA
GetTextMetricsA
SetStretchBltMode
GetObjectA
DeleteDC
GetObjectW
RealizePalette
SetTextColor
GetTextExtentPointW
GetDeviceCaps
MoveToEx
CreateFontA
EnumFontFamiliesExW
GetStockObject
SelectPalette
UnrealizeObject
SetTextAlign
SelectClipRgn
SetBrushOrgEx
CreateRectRgn
GetNearestPaletteIndex
GetCharWidth32W
GetPaletteEntries
SetViewportExtEx
GetStartupInfoA
WriteProfileStringA
lstrcatA
GetModuleHandleA
lstrcmpA
ReadFile
GetCommandLineW
GetCurrentDirectoryA
CreateMutexW
Sleep
lstrlenW
MapWindowPoints
SetWindowRgn
UpdateWindow
EndDialog
OffsetRect
GetCapture
CheckRadioButton
SetSysColors
GetMessageW
CheckMenuRadioItem
MessageBeep
CharToOemBuffA
HiliteMenuItem
MessageBoxW
PeekMessageW
RegisterClassExW
UnhookWindowsHookEx
SetCapture
MoveWindow
GetSystemMenu
RegisterDeviceNotificationW
TranslateMessage
ChildWindowFromPoint
PostMessageW
CheckDlgButton
CreateDialogParamW
GetProcessDefaultLayout
SendMessageW
RegisterClassW
EnableMenuItem
InvalidateRect
GetTopWindow
GetWindowTextW
SetDlgItemTextW
DeferWindowPos
LoadCursorW
EnumDisplaySettingsW
GetWindowLongW
GetMenu
SetMenu
OpenClipboard
GetOpenFileNameA
GetFileTitleA
ChooseColorA
PrintDlgW
PrintDlgExA
GetSaveFileNameA
ChooseFontA
strchr
sscanf
wcstoul
wcschr
_time64
swscanf
isxdigit
iswxdigit
strtoul
_mbctoupper
towupper
isspace
PE exports
ExifTool file metadata
MIMEType
application/octet-stream

Subsystem
Windows GUI

MachineType
Intel 386 or later, and compatibles

TimeStamp
2013:03:29 17:14:30+00:00

FileType
Win32 EXE

PEType
PE32

CodeSize
51712

LinkerVersion
10.0

EntryPoint
0xbaa9

InitializedDataSize
113664

SubsystemVersion
5.1

ImageVersion
0.0

OSVersion
5.1

UninitializedDataSize
0

File identification
MD5 d848763fc366f3ecb45146279b44f16a
SHA1 72e5861fda7f0eaba62b1a0a9f8ab7f138f78061
SHA256 28317a47d566d6ae7437b66274dcdbff51374761e1c201fa7e9bd0f77d7c9ed7
ssdeep
3072:1Iq7eX8HrKE7sX68UIq65IZrOWVvmL9Isb/r1zDTLOOXm/iEL:1IysXz5VLesbdDTLOCSiEL

File size 162.5 KB ( 166400 bytes )
File type Win32 EXE
Magic literal
PE32 executable for MS Windows (GUI) Intel 80386 32-bit

TrID Windows Screen Saver (46.4%)
Win32 Dynamic Link Library (generic) (23.3%)
Win32 Executable (generic) (15.9%)
Generic Win/DOS Executable (7.0%)
DOS Executable Generic (7.0%)
Tags
peexe

VirusTotal metadata
First submission 2013-03-30 00:19:13 UTC ( 1 year ago )
Last submission 2013-08-05 08:14:14 UTC ( 8 months, 2 weeks ago )
File names file-5322430_ViR
d848763fc366f3ecb45146279b44f16a.72e5861fda7f0eaba62b1a0a9f8ab7f138f78061
stp.exe
28317A47D566D6AE7437B66274DCDBFF51374761E1C201FA7E9BD0F77D7C9ED7.dat
No comments. No VirusTotal Community member has commented on this item yet, be the first one to do so!

Leave your comment...

?
Post comment

You have not signed in. Only registered users can leave comments, sign in and have a voice!

No votes. No one has voted on this item yet, be the first one to do so!
Condensed report! The following is a condensed report of the behaviour of the file when executed in a controlled environment. The actions and events described were either performed by the file itself or by any other process launched by the executed file or subjected to code injection by the executed file.
Opened files
Read files
Created processes
Opened mutexes
Opened service managers
Opened services
Runtime DLLs
Additional details
The file sends control codes directly to certain device drivers making use of the DeviceIoControl Windows API function.
HTTP requests
DNS requests
TCP connections
UDP communications