× Cookies are disabled! This site requires cookies to be enabled to work properly
SHA256: 2968eb0eb6b6b0f4b0cda89b7902fa308350add4b6ff8983f82c5790eda2735f
File name: e65bc601fafd55b8e71cbd16a504f144f8c5f01c
Detection ratio: 4 / 57
Analysis date: 2015-04-14 16:40:49 UTC ( 3 years, 11 months ago ) View latest
Antivirus Result Update
ESET-NOD32 a variant of Win32/Kryptik.DFBR 20150414
Malwarebytes Backdoor.Bot 20150414
Symantec Suspicious.Cloud.5 20150414
Tencent Trojan.Win32.Qudamah.Gen.4 20150414
Ad-Aware 20150414
AegisLab 20150414
Yandex 20150414
AhnLab-V3 20150414
Alibaba 20150414
ALYac 20150414
Antiy-AVL 20150414
Avast 20150414
AVG 20150414
Avira (no cloud) 20150414
AVware 20150414
Baidu-International 20150414
BitDefender 20150414
Bkav 20150414
ByteHero 20150414
CAT-QuickHeal 20150414
ClamAV 20150414
CMC 20150413
Comodo 20150414
Cyren 20150414
DrWeb 20150414
Emsisoft 20150414
F-Prot 20150414
F-Secure 20150414
Fortinet 20150414
GData 20150414
Ikarus 20150414
Jiangmin 20150413
K7AntiVirus 20150414
K7GW 20150414
Kaspersky 20150414
Kingsoft 20150414
McAfee 20150414
McAfee-GW-Edition 20150414
Microsoft 20150414
eScan 20150414
NANO-Antivirus 20150414
Norman 20150414
nProtect 20150414
Panda 20150414
Qihoo-360 20150414
Rising 20150414
Sophos AV 20150414
SUPERAntiSpyware 20150414
TheHacker 20150414
TotalDefense 20150414
TrendMicro 20150414
TrendMicro-HouseCall 20150414
VBA32 20150414
VIPRE 20150414
ViRobot 20150414
Zillya 20150414
Zoner 20150413
The file being studied is a Portable Executable file! More specifically, it is a Win32 EXE file for the Windows GUI subsystem.
PE header basic information
Target machine Intel 386 or later processors and compatible processors
Compilation timestamp 2015-04-13 15:39:47
Entry Point 0x00004D30
Number of sections 5
PE sections
PE imports
capCreateCaptureWindowA
InitCommonControlsEx
ImageList_ReplaceIcon
ImageList_Destroy
Ord(8)
GetOpenFileNameA
ChooseColorA
GetSaveFileNameA
CreatePen
SaveDC
TextOutA
Rectangle
GetObjectA
LineTo
DeleteDC
RestoreDC
SetBkMode
BitBlt
GdiSetBatchLimit
SetTextColor
GetDeviceCaps
CreateFontA
CreateBitmap
MoveToEx
GetStockObject
ExtTextOutA
CreateCompatibleDC
SelectObject
GetTextExtentPoint32A
CreateSolidBrush
SetBkColor
DeleteObject
Ellipse
GetStdHandle
WaitForSingleObject
LockResource
EncodePointer
DeleteCriticalSection
GetCurrentProcess
GetConsoleMode
lstrcatA
FreeEnvironmentStringsW
SetStdHandle
WideCharToMultiByte
WriteFile
GetSystemTimeAsFileTime
HeapReAlloc
GetStringTypeW
LocalFree
InitializeCriticalSection
LoadResource
TlsGetValue
FormatMessageA
SetLastError
GetModuleFileNameW
IsDebuggerPresent
HeapAlloc
GetModuleFileNameA
HeapSetInformation
UnhandledExceptionFilter
InterlockedDecrement
MultiByteToWideChar
GetModuleHandleA
_lclose
CreateThread
SetUnhandledExceptionFilter
IsProcessorFeaturePresent
DecodePointer
TerminateProcess
GetCurrentThreadId
LeaveCriticalSection
WriteConsoleW
InitializeCriticalSectionAndSpinCount
HeapFree
EnterCriticalSection
SetHandleCount
LoadLibraryW
GetOEMCP
QueryPerformanceCounter
GetTickCount
TlsAlloc
FlushFileBuffers
RtlUnwind
GetFileSize
GetStartupInfoW
GetCPInfo
GetProcAddress
GetProcessHeap
CreateFileW
CreateEventA
GetFileType
TlsSetValue
CreateFileA
ExitProcess
InterlockedIncrement
GetLastError
LCMapStringW
GetSystemInfo
lstrlenA
GlobalFree
GetConsoleCP
GetEnvironmentStringsW
GetQueuedCompletionStatus
SizeofResource
GetCurrentProcessId
CreateIoCompletionPort
GetCurrentDirectoryA
HeapSize
GetConsoleTitleA
GetCommandLineA
EnumSystemCodePagesW
RaiseException
TlsFree
SetFilePointer
OpenFile
ReadFile
SetConsoleTitleA
CloseHandle
GetACP
GetModuleHandleW
IsValidCodePage
HeapCreate
Sleep
FindResourceA
GradientFill
VariantClear
VariantInit
GetMessageA
GetParent
UpdateWindow
EndDialog
BeginPaint
CheckRadioButton
KillTimer
PostQuitMessage
DefWindowProcA
ShowWindow
LoadBitmapA
GetClipboardData
FindWindowA
GetSystemMetrics
GetMenu
GetWindowRect
DispatchMessageA
EndPaint
SetMenu
SetDlgItemTextA
LoadImageA
MessageBoxA
SetWindowLongA
TranslateMessage
DialogBoxParamA
GetSysColor
SetActiveWindow
GetDC
RegisterClassExA
DrawTextA
SetWindowTextA
DestroyIcon
wsprintfA
RegisterClassW
FindWindowExA
SendMessageA
GetWindowTextA
GetClientRect
CreateWindowExA
GetDlgItem
SetWindowPos
InvalidateRect
GetWindowLongA
GetWindowTextLengthA
SetTimer
LoadCursorA
LoadIconA
GetMenuItemInfoA
LoadStringA
IsDlgButtonChecked
CallWindowProcA
GetSystemMenu
EnableWindow
CloseClipboard
DestroyWindow
OpenClipboard
WSASocketA
htonl
bind
WSARecv
WSASend
WSAStartup
htons
closesocket
WSAGetLastError
CoCreateInstance
SnmpUtilAsnAnyCpy
Number of PE resources by type
RT_ICON 18
RT_CURSOR 10
RT_GROUP_CURSOR 9
RT_DIALOG 5
RT_BITMAP 2
RT_GROUP_ICON 2
RT_HTML 1
RT_MANIFEST 1
Number of PE resources by language
ENGLISH US 48
PE resources
ExifTool file metadata
MIMEType
application/octet-stream

Subsystem
Windows GUI

MachineType
Intel 386 or later, and compatibles

FileTypeExtension
exe

TimeStamp
2015:04:13 16:39:47+01:00

FileType
Win32 EXE

PEType
PE32

CodeSize
56320

LinkerVersion
10.0

EntryPoint
0x4d30

InitializedDataSize
307712

SubsystemVersion
5.1

ImageVersion
0.0

OSVersion
5.1

UninitializedDataSize
0

File identification
MD5 d0713dd24cd34a5b92237b47207c2b40
SHA1 6e2a009c2325874b3e4f817386e50308084e5a5c
SHA256 2968eb0eb6b6b0f4b0cda89b7902fa308350add4b6ff8983f82c5790eda2735f
ssdeep
6144:d+bkXIKEOR6anJ64+enO5BycAa+z/r7Lluuuuuxu1uouEMX:d6kXIKj6cMAVz/PLluuuuuxu1uouBX

authentihash 1551dae3b83a24ac46622cc7fdb5cd9ffb80dcc79e71ad005576c32a2aaa92bd
imphash 1493110c9ae2dde3eb1fc563c67a4864
File size 356.5 KB ( 365056 bytes )
File type Win32 EXE
Magic literal
PE32 executable for MS Windows (GUI) Intel 80386 32-bit

TrID Win32 Executable MS Visual C++ (generic) (67.3%)
Win32 Dynamic Link Library (generic) (14.2%)
Win32 Executable (generic) (9.7%)
Generic Win/DOS Executable (4.3%)
DOS Executable Generic (4.3%)
Tags
peexe

VirusTotal metadata
First submission 2015-04-14 16:40:49 UTC ( 3 years, 11 months ago )
Last submission 2015-04-26 18:28:22 UTC ( 3 years, 11 months ago )
File names virussign.com_d0713dd24cd34a5b92237b47207c2b40.vir
e65bc601fafd55b8e71cbd16a504f144f8c5f01c
No comments. No VirusTotal Community member has commented on this item yet, be the first one to do so!

Leave your comment...

?
Post comment

You have not signed in. Only registered users can leave comments, sign in and have a voice!

No votes. No one has voted on this item yet, be the first one to do so!
Condensed report! The following is a condensed report of the behaviour of the file when executed in a controlled environment. The actions and events described were either performed by the file itself or by any other process launched by the executed file or subjected to code injection by the executed file.
Opened files
Read files
Written files
Created processes
Created mutexes
Opened mutexes
Searched windows
Hooking activity
Runtime DLLs
Additional details
The file sends control codes directly to certain device drivers making use of the DeviceIoControl Windows API function.
The file installs an application-defined hook procedure into a hook chain. You would install a hook procedure to monitor the system for certain types of events. These events are associated either with a specific thread or with all threads in the same desktop as the calling thread. This is done making use of the SetWindowsHook Windows API function.
UDP communications