× Cookies are disabled! This site requires cookies to be enabled to work properly
SHA256: 2dcd7788135fb253f54457a33a4838c7ec57a1a0ce0376d9a4c04a5354b12a45
File name: dddscsda.exe
Detection ratio: 3 / 54
Analysis date: 2016-02-23 11:40:13 UTC ( 3 years, 2 months ago ) View latest
Antivirus Result Update
ESET-NOD32 a variant of Win32/Kryptik.EOXC 20160223
Kaspersky UDS:DangerousObject.Multi.Generic 20160223
Qihoo-360 HEUR/QVM07.1.Malware.Gen 20160223
Ad-Aware 20160223
AegisLab 20160223
Yandex 20160221
AhnLab-V3 20160222
Alibaba 20160223
ALYac 20160223
Antiy-AVL 20160223
Arcabit 20160223
Avast 20160223
AVG 20160223
AVware 20160223
Baidu-International 20160223
BitDefender 20160223
Bkav 20160222
ByteHero 20160223
CAT-QuickHeal 20160223
ClamAV 20160223
CMC 20160222
Comodo 20160223
Cyren 20160223
DrWeb 20160223
Emsisoft 20160223
F-Prot 20160223
F-Secure 20160223
Fortinet 20160223
GData 20160223
Ikarus 20160223
Jiangmin 20160223
K7AntiVirus 20160223
K7GW 20160223
Malwarebytes 20160223
McAfee 20160223
McAfee-GW-Edition 20160223
Microsoft 20160223
eScan 20160223
NANO-Antivirus 20160223
nProtect 20160222
Panda 20160222
Rising 20160223
Sophos AV 20160223
SUPERAntiSpyware 20160223
Symantec 20160222
Tencent 20160223
TheHacker 20160222
TrendMicro 20160223
TrendMicro-HouseCall 20160223
VBA32 20160223
VIPRE 20160223
ViRobot 20160223
Zillya 20160222
Zoner 20160223
The file being studied is a Portable Executable file! More specifically, it is a Win32 EXE file for the Windows command line subsystem.
PE header basic information
Target machine Intel 386 or later processors and compatible processors
Compilation timestamp 2006-04-25 08:27:24
Entry Point 0x0003E288
Number of sections 4
PE sections
PE imports
SetServiceObjectSecurity
CreateProcessAsUserA
SetServiceStatus
ImageRvaToVa
SymGetSymFromName
SymGetSymPrev
ImageDirectoryEntryToData
StackWalk
SymGetLineFromName
FindExecutableImage
SymGetOptions
ImageNtHeader
ImageRvaToSection
SymGetModuleBase
CheckSumMappedFile
RemovePrivateCvSymbolic
UnmapDebugInformation
SymGetLineNext
SymGetLinePrev
EnumerateLoadedModules
GetImageUnusedHeaderBytes
SymGetSearchPath
ImageGetDigestStream
SymInitialize
UnMapAndLoad
SymGetSymFromAddr
UnDecorateSymbolName
SymEnumerateSymbols
SymGetModuleInfo
MapFileAndCheckSumA
ImageEnumerateCertificates
SymLoadModule
RemoveRelocations
MapFileAndCheckSumW
GetImageConfigInformation
ReBaseImage
SymGetLineFromAddr
ImagehlpApiVersion
GetTimestampForLoadedLibrary
SymRegisterCallback
ImageGetCertificateData
SymCleanup
UpdateDebugInfoFileEx
FindDebugInfoFile
BindImageEx
BindImage
SymSetSearchPath
ImageUnload
GetStartupInfoA
EnumSystemLocalesA
GetCPInfoExW
GetModuleHandleA
FillConsoleOutputCharacterA
GetVersionExW
CreateTapePartition
GetMailslotInfo
GetPrivateProfileSectionA
GetExpandedNameA
WNetAddConnectionA
WNetConnectionDialog
WNetCancelConnectionA
WNetConnectionDialog1A
WNetDisconnectDialog1A
__p__fmode
getc
_execve
_acmdln
_adjust_fdiv
__setusermatherr
_commode
_controlfp
_eof
_callnewh
__p__commode
__p__iob
__set_app_type
RasEnumConnectionsA
RasGetEntryPropertiesA
RasGetConnectStatusW
RasEnumDevicesW
RasEnumEntriesW
RasEditPhonebookEntryA
RasSetEntryDialParamsA
RasEnumDevicesA
RasGetConnectStatusA
InSendMessage
DdeConnectList
InternetCanonicalizeUrlW
RetrieveUrlCacheEntryFileA
FtpOpenFileW
InternetCanonicalizeUrlA
CreateUrlCacheGroup
InternetConfirmZoneCrossing
InternetQueryOptionW
InternetGetCookieA
InternetQueryOptionA
InternetDial
InternetAttemptConnect
HttpSendRequestExW
FtpGetFileW
GopherGetLocatorTypeW
GopherGetLocatorTypeA
FtpGetFileA
FtpGetCurrentDirectoryA
InternetSetOptionA
GopherGetAttributeW
FindNextUrlCacheEntryA
InternetSetOptionW
InternetCombineUrlW
FindNextUrlCacheEntryW
GopherGetAttributeA
InternetSetStatusCallback
FtpRemoveDirectoryW
FindFirstUrlCacheEntryExW
HttpEndRequestW
InternetUnlockRequestFile
CreateUrlCacheEntryA
FtpRemoveDirectoryA
FtpFindFirstFileW
CreateUrlCacheEntryW
HttpEndRequestA
RetrieveUrlCacheEntryStreamA
GopherCreateLocatorW
InternetQueryDataAvailable
InternetCreateUrlW
InternetGetCookieW
FtpCreateDirectoryA
FindFirstUrlCacheEntryA
FindFirstUrlCacheEntryW
HttpQueryInfoA
InternetGetConnectedState
GetUrlCacheEntryInfoExA
HttpSendRequestExA
SetUrlCacheEntryInfoW
InternetCloseHandle
InternetGetLastResponseInfoA
InternetSetOptionExA
InternetGetLastResponseInfoW
GopherFindFirstFileA
InternetWriteFile
InternetReadFile
HttpSendRequestA
FindNextUrlCacheEntryExW
InternetOpenA
DeleteUrlCacheEntry
InternetOpenW
FindNextUrlCacheEntryExA
InternetSetCookieA
HttpOpenRequestA
InternetGoOnline
SetUrlCacheEntryGroup
HttpOpenRequestW
InternetConnectW
FtpPutFileW
InternetCombineUrlA
FtpDeleteFileW
InternetConnectA
GetUrlCacheEntryInfoW
FtpDeleteFileA
FtpRenameFileW
InternetAutodial
HttpQueryInfoW
InternetFindNextFileW
FtpSetCurrentDirectoryA
CommitUrlCacheEntryW
InternetFindNextFileA
FindFirstUrlCacheEntryExA
InternetSetFilePointer
FtpSetCurrentDirectoryW
FindCloseUrlCache
InternetOpenUrlA
FtpPutFileA
InternetCrackUrlW
InternetAutodialHangup
FtpRenameFileA
InternetCrackUrlA
PrintDlgA
ReplaceTextA
FindTextA
CommDlgExtendedError
GetOpenFileNameW
GetSaveFileNameW
GetOpenFileNameA
FindTextW
PrintDlgW
ChooseFontA
Number of PE resources by type
RT_MENU 3
RT_ACCELERATOR 3
RT_RCDATA 1
RT_BITMAP 1
RT_VERSION 1
qlN0Bs5rx 1
Number of PE resources by language
CHINESE MACAU 10
PE resources
ExifTool file metadata
SubsystemVersion
4.0

LinkerVersion
7.0

ImageVersion
0.0

FileVersionNumber
0.22.235.2

UninitializedDataSize
0

LanguageCode
Neutral

FileFlagsMask
0x003f

CharacterSet
Unicode

InitializedDataSize
151552

EntryPoint
0x3e288

OriginalFileName
Indoctrinates.exe

MIMEType
application/octet-stream

LegalCopyright
Copyright 2015

FileVersion
30, 118, 83, 193

TimeStamp
2006:04:25 09:27:24+01:00

FileType
Win32 EXE

PEType
PE32

InternalName
Dolorous

ProductVersion
109, 213, 243, 64

FileDescription
Integrand

OSVersion
4.0

FileOS
Windows NT 32-bit

Subsystem
Windows command line

MachineType
Intel 386 or later, and compatibles

CompanyName
k23 Productions

CodeSize
253952

FileSubtype
0

ProductVersionNumber
0.86.90.10

FileTypeExtension
exe

ObjectFileType
Executable application

Compressed bundles
File identification
MD5 4cbd7cc8bf145c8f9b8bac17f4c4d696
SHA1 a24c30b597ce91b8aacb853816c89751eaf1bd7b
SHA256 2dcd7788135fb253f54457a33a4838c7ec57a1a0ce0376d9a4c04a5354b12a45
ssdeep
6144:8atLXYIrTqwzlQ0vw97f0EK7cXA3+eqwYwXinhNOLAF:RMIrTqwzxoTkSyIFwXihNEA

authentihash 699c79251b2b75bf73836cccc770d716bf4301635c994227bf53cf788a6993c1
imphash 05c2222fdfda1af3769ff23859a1d241
File size 296.0 KB ( 303104 bytes )
File type Win32 EXE
Magic literal
PE32 executable for MS Windows (console) Intel 80386 32-bit

TrID Win32 Dynamic Link Library (generic) (43.5%)
Win32 Executable (generic) (29.8%)
Generic Win/DOS Executable (13.2%)
DOS Executable Generic (13.2%)
Tags
peexe

VirusTotal metadata
First submission 2016-02-23 09:01:18 UTC ( 3 years, 2 months ago )
Last submission 2016-04-28 05:22:23 UTC ( 2 years, 12 months ago )
File names malware3.exe
dddscsda.exe
4cbd7cc8bf145c8f9b8bac17f4c4d696
2DCD7788135FB253F54457A33A4838C7EC57A1A0CE0376D9A4C04A5354B12A45.exe
4CBD7CC8BF145C8F9B8BAC17F4C4D696.6C172EAF
2dcd7788135fb253f54457a33a4838c7ec57a1a0ce0376d9a4c04a5354b12a45.bin
ololol.exe
dddscsda.exe
dddscsda.exe
dddscsda.exe
solution.exe
4cbd7cc8bf145c8f9b8bac17f4c4d696.exe
dddscsda.exe
dddscsda.exe
dddscsda.exe
No comments. No VirusTotal Community member has commented on this item yet, be the first one to do so!

Leave your comment...

?
Post comment

You have not signed in. Only registered users can leave comments, sign in and have a voice!

No votes. No one has voted on this item yet, be the first one to do so!
Condensed report! The following is a condensed report of the behaviour of the file when executed in a controlled environment. The actions and events described were either performed by the file itself or by any other process launched by the executed file or subjected to code injection by the executed file.
Opened files
Read files
Written files
Deleted files
Code injections in the following processes
Created mutexes
Opened service managers
Opened services
Runtime DLLs
HTTP requests
DNS requests
TCP connections
UDP communications