× Cookies are disabled! This site requires cookies to be enabled to work properly
SHA256: 2db74ccd5a895dcdf5bc050ab39a1c4b23fc05045fc0ebe43c76073bad85bc0f
File name: repfix.exe
Detection ratio: 2 / 57
Analysis date: 2015-01-17 20:03:28 UTC ( 4 years, 2 months ago ) View latest
Antivirus Result Update
Bkav HW32.Packed.84F2 20150117
Rising PE:Malware.XPACK-LNR/Heur!1.5594 20150117
Ad-Aware 20150117
AegisLab 20150117
Yandex 20150117
AhnLab-V3 20150117
Alibaba 20150117
ALYac 20150117
Antiy-AVL 20150117
Avast 20150117
AVG 20150117
Avira (no cloud) 20150117
AVware 20150117
Baidu-International 20150117
BitDefender 20150117
ByteHero 20150117
CAT-QuickHeal 20150117
ClamAV 20150117
CMC 20150116
Comodo 20150117
Cyren 20150117
DrWeb 20150117
Emsisoft 20150117
ESET-NOD32 20150117
F-Prot 20150117
F-Secure 20150117
Fortinet 20150117
GData 20150117
Ikarus 20150117
Jiangmin 20150116
K7AntiVirus 20150117
K7GW 20150117
Kaspersky 20150117
Kingsoft 20150117
Malwarebytes 20150117
McAfee 20150117
McAfee-GW-Edition 20150117
Microsoft 20150117
eScan 20150117
NANO-Antivirus 20150117
Norman 20150117
nProtect 20150116
Panda 20150117
Qihoo-360 20150117
Sophos AV 20150117
SUPERAntiSpyware 20150117
Symantec 20150117
Tencent 20150117
TheHacker 20150117
TotalDefense 20150116
TrendMicro 20150117
TrendMicro-HouseCall 20150117
VBA32 20150116
VIPRE 20150117
ViRobot 20150117
Zillya 20150117
Zoner 20150116
The file being studied is a Portable Executable file! More specifically, it is a Win32 EXE file for the Windows GUI subsystem.
FileVersionInfo properties
File version 8.7.6.6
Description X6G92pHZ1572
PE header basic information
Target machine Intel 386 or later processors and compatible processors
Compilation timestamp 2015-01-15 18:51:27
Entry Point 0x000102D0
Number of sections 5
PE sections
PE imports
FreeSid
LockServiceDatabase
Ord(16)
ImageList_DragShowNolock
LineDDA
ImmEscapeW
ImmGetGuideLineW
ImmConfigureIMEA
ImmNotifyIME
ImmGetVirtualKey
ImmDestroyContext
ImmGetCandidateWindow
ImmIsUIMessageW
ImmSetCompositionFontW
ImmUnregisterWordA
ImmSetCandidateWindow
ImmGetOpenStatus
ImmGetIMEFileNameW
ImmEnumRegisterWordA
ImmGetCompositionStringW
WNetGetNetworkInformationA
WNetGetUserW
WNetDisconnectDialog
WNetEnumResourceW
WNetConnectionDialog
WNetUseConnectionW
WNetCancelConnectionW
WNetCloseEnum
TransparentBlt
GetStateTextA
VarBstrFromDate
RasSetEntryPropertiesA
RasEnumDevicesW
RasValidateEntryNameA
RasRenameEntryW
RasEditPhonebookEntryW
RasHangUpW
RasDialA
RasGetConnectStatusA
RasEnumConnectionsW
RasDeleteEntryA
RasHangUpA
RasEnumEntriesA
RasCreatePhonebookEntryA
RasEditPhonebookEntryA
RasGetCountryInfoW
RasGetEntryDialParamsW
ResUtilSetPrivatePropertyList
UuidFromStringW
RpcObjectInqType
IUnknown_QueryInterface_Proxy
NdrClientContextMarshall
I_RpcSendReceive
RpcSmDestroyClientContext
RpcBindingToStringBindingW
RpcMgmtSetServerStackSize
RpcStringBindingParseA
NdrConformantVaryingArrayUnmarshall
DceErrorInqTextW
RpcServerInqBindings
RpcSsGetThreadHandle
RpcMgmtEpEltInqNextW
NdrAsyncServerCall
RpcBindingSetOption
RpcNetworkIsProtseqValidW
I_RpcNsBindingSetEntryNameW
MesDecodeBufferHandleCreate
DceErrorInqTextA
NdrStubCall
NdrServerInitializePartial
NdrOleFree
NdrServerContextUnmarshall
RpcServerInqIf
I_RpcBindingIsClientLocal
NdrConformantVaryingArrayMemorySize
short_from_ndr
I_UuidCreate
I_RpcFree
NdrComplexArrayMemorySize
RpcMgmtInqServerPrincNameA
RpcObjectSetType
NdrContextHandleSize
NdrVaryingArrayMemorySize
RpcMgmtInqServerPrincNameW
RpcStringBindingComposeA
RpcProtseqVectorFreeW
NdrServerInitializeUnmarshall
I_RpcDeleteMutex
MIDL_wchar_strcpy
RpcBindingFree
NdrPointerMemorySize
NdrComplexArrayMarshall
RpcSsAllocate
RpcAsyncGetCallStatus
RpcSmSetClientAllocFree
NdrUserMarshalUnmarshall
NdrConformantStringMemorySize
RpcMgmtInqIfIds
NdrConformantVaryingStructFree
RpcSsDestroyClientContext
I_RpcServerInqTransportType
RpcMgmtInqComTimeout
NdrClearOutParameters
RpcEpResolveBinding
NdrConformantVaryingStructBufferSize
tree_peek_ndr
RpcMgmtEpEltInqDone
RpcSsDontSerializeContext
NDRSContextUnmarshall
RpcSmSetThreadHandle
NdrXmitOrRepAsFree
NdrConformantStructMemorySize
NdrByteCountPointerBufferSize
MIDL_wchar_strlen
NdrConvert
NdrMesSimpleTypeAlignSize
RpcMgmtEpEltInqBegin
UuidIsNil
NdrMesSimpleTypeEncode
data_size_ndr
NdrConformantArrayMemorySize
RpcServerUseProtseqIfA
MesEncodeIncrementalHandleCreate
NdrFixedArrayMemorySize
NDRCContextBinding
UuidCreateNil
NdrGetDcomProtocolVersion
NdrFixedArrayUnmarshall
NdrFullPointerFree
RpcMgmtInqStats
NdrConformantStructUnmarshall
NdrNonEncapsulatedUnionMemorySize
NdrServerCall2
RpcBindingSetObject
char_array_from_ndr
NdrNonEncapsulatedUnionUnmarshall
RpcServerRegisterAuthInfoA
RpcSmDisableAllocate
I_RpcNsBindingSetEntryNameA
NdrConformantStringUnmarshall
NdrUserMarshalMarshall
RpcEpRegisterW
RpcNetworkInqProtseqsA
NdrConformantVaryingStructMemorySize
NdrFullPointerQueryRefId
NdrPointerUnmarshall
NdrRpcSmClientAllocate
I_RpcIfInqTransferSyntaxes
short_from_ndr_temp
RpcServerUseProtseqEpA
NdrComplexStructBufferSize
NdrOleAllocate
NdrNsSendReceive
I_RpcReceive
RpcBindingSetAuthInfoW
RpcMgmtWaitServerListen
NdrComplexArrayUnmarshall
NdrServerMarshall
RpcServerUseProtseqEpW
NdrVaryingArrayFree
NdrConvert2
RpcBindingInqAuthInfoW
RpcServerUseProtseqW
RpcAsyncCompleteCall
NdrSimpleStructUnmarshall
I_RpcMapWin32Status
data_from_ndr
NdrXmitOrRepAsMarshall
RpcIfInqId
SetupFindFirstLineA
SetupGetStringFieldA
SetupInstallServicesFromInfSectionA
SetupDiLoadClassIcon
SetupDiSetSelectedDevice
SetupDiGetClassImageListExA
SetupSetDirectoryIdExW
SetupDiRemoveDevice
SetupGetBinaryField
SetupRemoveFileLogEntryW
SetupGetFieldCount
SetupDiDeleteDeviceInfo
SetupPromptForDiskA
SetupDeleteErrorW
SetupGetIntField
SetupQuerySourceListW
SetupInitializeFileLogW
SetupDiEnumDriverInfoA
SetupQueueCopySectionW
SetupDiGetClassDevsW
SetupGetSourceInfoA
SetupInitDefaultQueueCallback
SetupFindNextMatchLineW
SetupDiSelectDevice
SetupQueryFileLogW
SetupOpenAppendInfFileW
SetupDiSetDriverInstallParamsA
SetupPromptForDiskW
SetupAdjustDiskSpaceListW
SetupDiGetDeviceInterfaceAlias
SetupDiCreateDeviceInterfaceA
SetupInstallFromInfSectionA
SetupRemoveFromSourceListA
SetupOpenAppendInfFileA
SetupQuerySpaceRequiredOnDriveA
SetupDiAskForOEMDisk
SetupInstallFilesFromInfSectionW
SetupDestroyDiskSpaceList
SetupCommitFileQueueW
SetupQueueDeleteSectionA
SetupQueryFileLogA
SetupDiSetDeviceInstallParamsW
SetupDiClassNameFromGuidExA
SetupDiGetDriverInfoDetailA
SetupSetPlatformPathOverrideA
SetupDiSetClassInstallParamsA
SetupQueueDefaultCopyW
SetupDiCreateDevRegKeyA
SetupQueryInfVersionInformationW
SetupGetLineTextW
SetupGetSourceFileLocationA
SetupDiInstallClassA
SetupDiGetClassInstallParamsA
SetupGetSourceFileSizeW
SetupIterateCabinetW
SetupAddToDiskSpaceListW
SetupDiGetClassDescriptionExW
SetupQueryDrivesInDiskSpaceListA
SetupDiMoveDuplicateDevice
SetupInstallFileExW
SetupDiSelectBestCompatDrv
SetupInstallFileW
SetupDiOpenDevRegKey
SetupPromptReboot
SetupQueueRenameSectionA
SetupOpenInfFileA
SetupOpenMasterInf
SetupInstallFileExA
SetupDiCreateDeviceInfoList
SetupGetStringFieldW
SetupIterateCabinetA
SetupAddToDiskSpaceListA
GetAsyncKeyState
DefDlgProcA
VerQueryValueW
GetFileVersionInfoW
midiStreamRestart
AddPrinterDriverExW
EnumFormsW
EnumPortsW
ReadPrinter
FreePrinterNotifyInfo
GetPrinterDataA
AddMonitorW
DocumentPropertiesA
GetFormA
EnumPrinterDriversW
DeletePortW
AddMonitorA
FindFirstPrinterChangeNotification
OpenPrinterW
GetPrinterDataExW
GetPrinterA
EnumPrintProcessorsW
DeleteMonitorW
GetPrinterDataExA
EnumPrintProcessorsA
GetPrintProcessorDirectoryW
DeletePrinterDriverA
StartPagePrinter
EnumPrintProcessorDatatypesW
SetPrinterDataExW
DeletePrinterDataW
SetJobW
EnumMonitorsW
GetJobW
EnumPrinterDriversA
AddPrintProcessorW
DeletePrintProvidorW
AddPortW
DeleteFormW
GetPrinterDriverDirectoryA
PrinterMessageBoxW
AdvancedDocumentPropertiesW
WaitForPrinterChange
FindClosePrinterChangeNotification
SetJobA
EnumPrintersW
AddPrinterDriverW
AdvancedDocumentPropertiesA
DeletePrinterDriverExA
AddFormW
PrinterMessageBoxA
CoGetStdMarshalEx
CoInternetQueryInfo
IsAsyncMoniker
URLOpenPullStreamW
URLDownloadToFileW
URLOpenBlockingStreamA
FindMediaTypeClass
CreateURLMoniker
HlinkSimpleNavigateToString
RevokeFormatEnumerator
RegisterMediaTypes
CoInternetGetProtocolFlags
URLOpenBlockingStreamW
RegisterFormatEnumerator
CoInternetCreateSecurityManager
ReleaseBindInfo
CopyBindInfo
CoGetClassObjectFromURL
Number of PE resources by type
RT_MENU 11
RT_VERSION 1
Number of PE resources by language
ENGLISH US 8
XHOSA SPANISH EL SALVADOR 1
SERBIAN *unknown* 1
HUNGARIAN *unknown* 1
POLISH DEFAULT 1
PE resources
ExifTool file metadata
SubsystemVersion
4.0

LinkerVersion
7.0

ImageVersion
7.6

FileVersionNumber
8.7.49047.6

UninitializedDataSize
0

LanguageCode
English (U.S.)

FileFlagsMask
0x003f

CharacterSet
Windows, Latin1

InitializedDataSize
2076672

EntryPoint
0x102d0

MIMEType
application/octet-stream

FileVersion
8.7.6.6

TimeStamp
2015:01:15 19:51:27+01:00

FileType
Win32 EXE

PEType
PE32

FileDescription
X6G92pHZ1572

OSVersion
4.0

FileOS
Unknown (0x100004)

Subsystem
Windows GUI

MachineType
Intel 386 or later, and compatibles

CompanyName
CompuServe Interactive Services, Inc.

CodeSize
86016

FileSubtype
0

ProductVersionNumber
52.7.59030.6

Warning
Possibly corrupt Version resource

FileTypeExtension
exe

ObjectFileType
Executable application

PCAP parents
File identification
MD5 5cf9e839f5e9b03e20f0523072b0482d
SHA1 d0e8b31e96de5f3075a6d6e0363b9e231c0228fb
SHA256 2db74ccd5a895dcdf5bc050ab39a1c4b23fc05045fc0ebe43c76073bad85bc0f
ssdeep
6144:iK6QFvy1UKNny1w1wiI5KsqtpohFGP4T:FbFEnn1w/5KsqToha

authentihash 41f1b8def07a8b2ebae47c3bda3b1da73dd0bd19bb5847cfa0b22a09197a8278
imphash d3fd535c6ba468683129a7e72d19ee9e
File size 264.0 KB ( 270336 bytes )
File type Win32 EXE
Magic literal
PE32 executable for MS Windows (GUI) Intel 80386 32-bit

TrID Win32 Dynamic Link Library (generic) (43.5%)
Win32 Executable (generic) (29.8%)
Generic Win/DOS Executable (13.2%)
DOS Executable Generic (13.2%)
Tags
peexe

VirusTotal metadata
First submission 2015-01-17 20:03:28 UTC ( 4 years, 2 months ago )
Last submission 2015-02-11 01:53:09 UTC ( 4 years, 1 month ago )
File names repfix.exe
2db74ccd5a895dcdf5bc050ab39a1c4b23fc05045fc0ebe43c76073bad85bc0f.exe
Advanced heuristic and reputation engines
TrendMicro-HouseCall
TrendMicro's heuristic engine has flagged this file as: TROJ_GEN.F0C2C00AO15.

Symantec reputation Suspicious.Insight
No comments. No VirusTotal Community member has commented on this item yet, be the first one to do so!

Leave your comment...

?
Post comment

You have not signed in. Only registered users can leave comments, sign in and have a voice!

No votes. No one has voted on this item yet, be the first one to do so!
Condensed report! The following is a condensed report of the behaviour of the file when executed in a controlled environment. The actions and events described were either performed by the file itself or by any other process launched by the executed file or subjected to code injection by the executed file.
Opened files
Read files
Written files
Copied files
Deleted files
Created processes
Code injections in the following processes
Created mutexes
Opened mutexes
Searched windows
Opened service managers
Opened services
Runtime DLLs
Additional details
The file sends control codes directly to certain device drivers making use of the DeviceIoControl Windows API function.