× Cookies are disabled! This site requires cookies to be enabled to work properly
SHA256: 29e9dc7eec14edd99f2802d54c641e093408af81331b296b4a8d20bc4a537ccd
File name: Bulhax.exe
Detection ratio: 8 / 57
Analysis date: 2016-09-26 19:50:48 UTC ( 2 years, 5 months ago ) View latest
Antivirus Result Update
Avira (no cloud) TR/Crypt.ZPACK.uvcbi 20160926
Bkav W32.eHeur.Malware07 20160926
CrowdStrike Falcon (ML) malicious_confidence_100% (D) 20160725
ESET-NOD32 Win32/PSW.Papras.EJ 20160926
Sophos ML virus.win32.sality.at 20160917
Kaspersky UDS:DangerousObject.Multi.Generic 20160926
Malwarebytes Backdoor.Bot 20160926
Qihoo-360 HEUR/QVM10.1.0000.Malware.Gen 20160926
Ad-Aware 20160926
AegisLab 20160926
AhnLab-V3 20160926
Alibaba 20160926
ALYac 20160926
Antiy-AVL 20160926
Arcabit 20160926
Avast 20160926
AVG 20160926
AVware 20160926
Baidu 20160926
BitDefender 20160926
CAT-QuickHeal 20160926
ClamAV 20160926
CMC 20160921
Comodo 20160926
Cyren 20160926
DrWeb 20160926
Emsisoft 20160926
F-Prot 20160926
F-Secure 20160926
Fortinet 20160926
GData 20160926
Ikarus 20160926
Jiangmin 20160926
K7AntiVirus 20160926
K7GW 20160926
Kingsoft 20160926
McAfee 20160923
McAfee-GW-Edition 20160926
Microsoft 20160926
eScan 20160926
NANO-Antivirus 20160926
nProtect 20160926
Panda 20160926
Rising 20160926
Sophos AV 20160926
SUPERAntiSpyware 20160926
Symantec 20160926
Tencent 20160926
TheHacker 20160926
TrendMicro 20160926
TrendMicro-HouseCall 20160926
VBA32 20160926
VIPRE 20160926
ViRobot 20160926
Yandex 20160926
Zillya 20160926
Zoner 20160926
The file being studied is a Portable Executable file! More specifically, it is a Win32 EXE file for the Windows GUI subsystem.
FileVersionInfo properties
Copyright
Copyright © 2013. All rights reserved.

Product Augusta Downloaded
File version 7.4.5.2
Description Garmin Clothing
PE header basic information
Target machine Intel 386 or later processors and compatible processors
Compilation timestamp 2016-09-26 00:47:19
Entry Point 0x0000F5F5
Number of sections 5
PE sections
Overlays
MD5 0d8d75e0c3f9e38098e378e59e6d0a38
File type data
Offset 394752
Size 37
Entropy 4.97
PE imports
SetSecurityDescriptorOwner
SetSecurityDescriptorDacl
RegCloseKey
AddAccessDeniedAce
FreeSid
RegQueryValueExA
GetSecurityDescriptorDacl
AddAccessAllowedAce
AllocateAndInitializeSid
GetAce
IsValidAcl
InitializeAcl
RegCreateKeyExA
LookupAccountNameW
RegOpenKeyExA
SetFileSecurityA
InitializeSecurityDescriptor
AddAce
SetSecurityDescriptorGroup
IsValidSecurityDescriptor
AVIStreamGetFrame
CreateICA
SetMapMode
TextOutA
GetPaletteEntries
SetDeviceGammaRamp
GetPixel
GetDeviceCaps
CreateDCA
DeleteDC
SetBkMode
BitBlt
CreateDIBSection
SetTextColor
GetObjectA
GetCurrentObject
GetDIBits
CreateCompatibleDC
StretchBlt
SelectObject
GetTextMetricsA
SetDIBColorTable
CreateSolidBrush
DPtoLP
GetMapMode
SetBkColor
DeleteObject
CreateCompatibleBitmap
gluOrtho2D
ImmGetDescriptionA
ImmGetConversionStatus
ImmGetContext
ImmGetOpenStatus
ImmReleaseContext
ImmSetOpenStatus
ImmIsIME
GetStdHandle
GetConsoleOutputCP
WaitForSingleObject
FreeEnvironmentStringsA
DeleteCriticalSection
GetCurrentProcess
GetConsoleMode
GetLocaleInfoA
LocalAlloc
lstrcatA
ExpandEnvironmentStringsA
FreeEnvironmentStringsW
GetLocaleInfoW
SetStdHandle
WideCharToMultiByte
LoadLibraryW
GetStringTypeA
WriteFile
GetSystemTimeAsFileTime
GlobalMemoryStatusEx
HeapReAlloc
GetStringTypeW
LocalFree
GetLogicalDriveStringsA
TlsGetValue
GetProfileIntA
SetLastError
IsDebuggerPresent
ExitProcess
GetModuleFileNameA
EnumSystemLocalesA
WriteProfileStringA
UnhandledExceptionFilter
InterlockedDecrement
MultiByteToWideChar
FormatMessageA
SetFilePointer
CreateSemaphoreA
SetUnhandledExceptionFilter
MulDiv
TerminateProcess
WriteConsoleA
GlobalAlloc
GetCurrentThreadId
LeaveCriticalSection
WriteConsoleW
InitializeCriticalSectionAndSpinCount
HeapFree
EnterCriticalSection
SetHandleCount
lstrcmpiA
GetOEMCP
QueryPerformanceCounter
GetTickCount
TlsAlloc
FlushFileBuffers
LoadLibraryA
RtlUnwind
GetStartupInfoA
GetFileSize
OpenProcess
GetUserDefaultLCID
GetProcessHeap
lstrcpyA
IsValidLocale
GetProcAddress
LocalSize
CreateEventA
GetFileType
TlsSetValue
CreateFileA
HeapAlloc
InterlockedIncrement
GetLastError
LCMapStringW
lstrlenA
GetConsoleCP
LCMapStringA
GetEnvironmentStringsW
GlobalUnlock
CreateProcessW
GetEnvironmentStrings
GetCurrentProcessId
GetCPInfo
HeapSize
GetCommandLineA
RaiseException
ReleaseSemaphore
TlsFree
GetModuleHandleA
ReadFile
CloseHandle
GetACP
GlobalLock
GetModuleHandleW
CreateProcessA
IsValidCodePage
HeapCreate
VirtualFree
Sleep
VirtualAlloc
DrawDibDraw
NetSessionDel
NetUnjoinDomain
SafeArrayAccessData
VariantClear
SysAllocString
SafeArrayDestroy
OleLoadPicture
LoadTypeLib
SysFreeString
SafeArrayCreateVector
OleLoadPicturePath
glTranslatef
glTexSubImage2D
glShadeModel
glEnable
glClearColor
glVertex3f
glClear
glTexCoord2f
glMatrixMode
glDepthFunc
glEnd
glBegin
glRotatef
glHint
glLoadIdentity
glClearDepth
ReadProcessorPwrScheme
CallNtPowerInformation
GetProcessMemoryInfo
SetupCopyOEMInfA
SHCreateDirectoryExA
Ord(256)
SHBrowseForFolderA
SHGetSpecialFolderPathA
DragQueryFileA
SetFocus
GetMessageA
GetForegroundWindow
GetParent
UpdateWindow
SetMenuItemBitmaps
BeginPaint
EndDialog
GetCursorInfo
CopyIcon
DefWindowProcA
DestroyMenu
DefMDIChildProcA
SetWindowTextA
MessageBeep
SetClipboardViewer
GetWindowThreadProcessId
GetDesktopWindow
GetSystemMetrics
IsWindow
GetWindowRect
DispatchMessageA
EndPaint
PeekMessageA
SetDlgItemTextA
PostMessageA
DrawIcon
WindowFromPoint
MessageBoxA
GetClassNameA
GetClipboardData
GetWindowLongA
TranslateMessage
DialogBoxParamA
DestroyCursor
GetSysColor
GetWindowWord
GetDC
GetKeyState
GetCursorPos
SystemParametersInfoA
CreatePopupMenu
DrawFocusRect
DrawIconEx
SendMessageA
GetClientRect
GetDlgItem
SetWindowPos
RegisterClassA
SetRect
GetScrollInfo
CallNextHookEx
InsertMenuA
wsprintfA
EnumPropsA
CreateWindowExA
LoadCursorA
LoadIconA
DrawTextA
GetKeyboardLayout
FillRect
AttachThreadInput
SetDlgItemInt
InflateRect
LoadImageA
GetCursor
ReleaseDC
GetIconInfo
IsDialogMessageA
OpenClipboard
OpenThemeData
GetFileVersionInfoSizeA
GetFileVersionInfoA
SCardConnectA
g_rgSCardT0Pci
SCardEstablishContext
g_rgSCardT1Pci
SCardTransmit
SCardListReadersA
GdiplusShutdown
GdipFree
GdipCloneImage
GdipCreateBitmapFromHBITMAP
GdipAlloc
GdipDisposeImage
GdipSaveImageToFile
GdiplusStartup
CreateStreamOnHGlobal
CoInitialize
ProgIDFromCLSID
CoCreateInstance
StgOpenStorage
CoTaskMemFree
Number of PE resources by type
RT_DIALOG 5
RT_ICON 5
RT_BITMAP 5
RT_STRING 3
RT_MENU 3
RT_MANIFEST 1
RT_VERSION 1
RT_GROUP_ICON 1
Number of PE resources by language
ENGLISH US 24
PE resources
Debug information
ExifTool file metadata
SubsystemVersion
5.0

LinkerVersion
9.0

ImageVersion
0.0

FileSubtype
0

FileVersionNumber
7.4.5.2

UninitializedDataSize
0

LanguageCode
English (U.S.)

FileFlagsMask
0x003f

CharacterSet
Unicode

InitializedDataSize
262144

EntryPoint
0xf5f5

MIMEType
application/octet-stream

LegalCopyright
Copyright 2013. All rights reserved.

FileVersion
7.4.5.2

TimeStamp
2016:09:26 01:47:19+01:00

FileType
Win32 EXE

PEType
PE32

ProductVersion
7.4.5.2

FileDescription
Garmin Clothing

OSVersion
5.0

FileOS
Windows NT 32-bit

Subsystem
Windows GUI

MachineType
Intel 386 or later, and compatibles

CompanyName
Adobe Systems, Incorporated

CodeSize
131584

ProductName
Augusta Downloaded

ProductVersionNumber
7.4.5.2

FileTypeExtension
exe

ObjectFileType
Executable application

File identification
MD5 0f224615564f250b28888953fa1b2775
SHA1 4a4665e1fc33897cbae085fcac1cdc89691253a8
SHA256 29e9dc7eec14edd99f2802d54c641e093408af81331b296b4a8d20bc4a537ccd
ssdeep
6144:pfeyZtO3CflrbMQJ3Yfjyc0KOX50tFhhfcNk/CnKJmMi:oy/O3CflrbMQebB0KbtFhhfck/CnKAd

authentihash 2a0a7196c79c11b5994e72efe5bf6709a6a01d30d7b896663de86711bdc52a11
imphash e055ad6f0bc58e882af3980756af8de6
File size 385.5 KB ( 394789 bytes )
File type Win32 EXE
Magic literal
PE32 executable for MS Windows (GUI) Intel 80386 32-bit

TrID Win32 Executable MS Visual C++ (generic) (38.7%)
Win64 Executable (generic) (34.3%)
Windows screen saver (16.2%)
Win32 Executable (generic) (5.6%)
Generic Win/DOS Executable (2.4%)
Tags
peexe overlay

VirusTotal metadata
First submission 2016-09-26 19:50:48 UTC ( 2 years, 5 months ago )
Last submission 2016-09-26 19:50:48 UTC ( 2 years, 5 months ago )
File names Bulhax.exe
No comments. No VirusTotal Community member has commented on this item yet, be the first one to do so!

Leave your comment...

?
Post comment

You have not signed in. Only registered users can leave comments, sign in and have a voice!

No votes. No one has voted on this item yet, be the first one to do so!
Condensed report! The following is a condensed report of the behaviour of the file when executed in a controlled environment. The actions and events described were either performed by the file itself or by any other process launched by the executed file or subjected to code injection by the executed file.
Opened files
Read files
Runtime DLLs
UDP communications