× Cookies are disabled! This site requires cookies to be enabled to work properly
SHA256: 2de24f8fd14f54e0d8abfeddf9905afe72f0bb4e779ff3cedb86c833b5e6ac55
File name: 0cdb513f5714088524868456d247d1bb
Detection ratio: 31 / 57
Analysis date: 2015-01-16 18:01:03 UTC ( 4 years, 2 months ago ) View latest
Antivirus Result Update
Ad-Aware Trojan.Generic.12521243 20150116
AhnLab-V3 Trojan/Win32.HDC 20150116
ALYac Trojan.Generic.12521243 20150116
Avast Win32:Crypt-RQU [Trj] 20150116
AVG Zbot.WUD 20150116
Avira (no cloud) TR/Crypt.ZPACK.Gen4 20150116
AVware Trojan.Win32.Generic!BT 20150116
BitDefender Trojan.Generic.12521243 20150116
CAT-QuickHeal Trojan.Generic.CH4 20150116
Emsisoft Trojan.Generic.12521243 (B) 20150116
ESET-NOD32 Win32/Spy.Zbot.ACB 20150116
F-Secure Trojan.Generic.12521243 20150116
Fortinet W32/Zbot.ACB!tr.spy 20150116
GData Trojan.Generic.12521243 20150116
Ikarus Trojan-Spy.Zbot 20150116
K7AntiVirus Spyware ( 004a08e61 ) 20150116
K7GW DoS-Trojan ( 20074bd51 ) 20150116
Kaspersky Trojan-Spy.Win32.Zbot.uvci 20150116
Malwarebytes Trojan.Agent.ED 20150116
McAfee RDN/Generic PWS.y!bcl 20150116
McAfee-GW-Edition BehavesLike.Win32.Fednu.fc 20150116
Microsoft PWS:Win32/Zbot.gen!VM 20150116
eScan Trojan.Generic.12521243 20150116
NANO-Antivirus Trojan.Win32.Zbot.dmgwab 20150116
nProtect Trojan.Generic.12521243 20150116
Panda Trj/CI.A 20150116
Qihoo-360 Win32/Trojan.38d 20150116
Sophos AV Mal/Generic-S 20150116
Symantec Trojan.Gen.2 20150116
TrendMicro-HouseCall TROJ_GEN.R028H01AC15 20150116
VIPRE Trojan.Win32.Generic!BT 20150116
AegisLab 20150116
Yandex 20150115
Alibaba 20150116
Antiy-AVL 20150116
Baidu-International 20150116
Bkav 20150116
ByteHero 20150116
ClamAV 20150116
CMC 20150116
Comodo 20150116
Cyren 20150116
DrWeb 20150116
F-Prot 20150116
Jiangmin 20150115
Kingsoft 20150116
Norman 20150116
Rising 20150114
SUPERAntiSpyware 20150116
Tencent 20150116
TheHacker 20150115
TotalDefense 20150116
TrendMicro 20150116
VBA32 20150116
ViRobot 20150116
Zillya 20150116
Zoner 20150116
The file being studied is a Portable Executable file! More specifically, it is a Win32 EXE file for the Windows GUI subsystem.
FileVersionInfo properties
Copyright
Engine Copyright © 2004-2013 Indigo Rose Corporation

Product Factory Runtime
Original name suf_launch.exe
Internal name suf_launch
File version 9.1.1.0
Description Application
Comments Created with Factory
PE header basic information
Target machine Intel 386 or later processors and compatible processors
Compilation timestamp 2015-01-10 21:51:35
Entry Point 0x00002590
Number of sections 4
PE sections
PE imports
AVIFileInit
AVIStreamCreate
ImageList_Destroy
SetStretchBltMode
GetObjectA
SetROP2
DeleteDC
SetBkMode
CreateFontA
GetStockObject
CreateFontIndirectA
EnumFontFamiliesA
CombineTransform
SelectObject
SetBkColor
CreateCompatibleDC
DeleteObject
SetTextColor
CreateSolidBrush
GetLastError
InitializeCriticalSectionAndSpinCount
HeapFree
GetSystemTimeAsFileTime
EnterCriticalSection
LCMapStringW
SetHandleCount
LoadLibraryW
GetConsoleCP
GetOEMCP
QueryPerformanceCounter
WaitForSingleObject
GetTickCount
TlsAlloc
GetEnvironmentStringsW
FlushFileBuffers
LoadLibraryA
RtlUnwind
GetModuleFileNameA
GetStdHandle
IsProcessorFeaturePresent
DeleteCriticalSection
GetCurrentProcess
GetStartupInfoW
GetConsoleMode
DecodePointer
GetCurrentProcessId
WideCharToMultiByte
UnhandledExceptionFilter
TlsGetValue
MultiByteToWideChar
HeapSize
FreeEnvironmentStringsW
GetCommandLineA
GetProcAddress
EncodePointer
GetFileType
SetStdHandle
RaiseException
GetCPInfo
GetModuleFileNameW
TlsFree
SetFilePointer
HeapSetInformation
SetUnhandledExceptionFilter
WriteFile
CloseHandle
ResetEvent
GetACP
HeapReAlloc
GetStringTypeW
GetModuleHandleW
IsDebuggerPresent
TerminateProcess
IsValidCodePage
HeapCreate
CreateFileW
CreateEventA
InterlockedDecrement
Sleep
WriteConsoleW
TlsSetValue
HeapAlloc
GetCurrentThreadId
InterlockedIncrement
ExitProcess
SetLastError
LeaveCriticalSection
WNetConnectionDialog
Ord(645)
Ord(644)
EnableWindow
EndDialog
BeginPaint
CreateIconIndirect
PostQuitMessage
DefWindowProcA
ShowWindow
MessageBeep
DlgDirListComboBoxA
SetWindowPos
DestroyIcon
GetWindowRect
EndPaint
MoveWindow
GetDlgItemTextA
MessageBoxA
SetClassLongA
GetWindow
GetSysColor
GetDC
GetCursorPos
DrawTextA
LoadMenuA
GetIconInfo
CheckMenuItem
GetMenu
GetWindowLongA
SendMessageA
GetClientRect
EnableMenuItem
ClientToScreen
InvalidateRect
GetSubMenu
TrackPopupMenu
SetWindowTextA
FillRect
GetMenuState
GetMenuItemInfoA
DestroyWindow
CoInitialize
Number of PE resources by type
RT_CURSOR 38
RT_GROUP_CURSOR 35
RT_DIALOG 5
RT_MANIFEST 1
RT_MENU 1
RT_ACCELERATOR 1
RT_VERSION 1
Number of PE resources by language
ENGLISH US 82
PE resources
Debug information
ExifTool file metadata
LegalTrademarks
Factory is a trademark of Indigo Rose Corporation.

SubsystemVersion
5.1

Comments
Created with Factory

LinkerVersion
10.0

ImageVersion
0.0

FileSubtype
0

FileVersionNumber
9.1.1.0

LanguageCode
English (U.S.)

FileFlagsMask
0x003f

FileDescription
Application

CharacterSet
Unicode

InitializedDataSize
277504

EntryPoint
0x2590

OriginalFileName
suf_launch.exe

MIMEType
application/octet-stream

LegalCopyright
Engine Copyright 2004-2013 Indigo Rose Corporation

FileVersion
9.1.1.0

TimeStamp
2015:01:10 22:51:35+01:00

FileType
Win32 EXE

PEType
PE32

InternalName
suf_launch

ProductVersion
9.1.1.0

UninitializedDataSize
0

OSVersion
5.1

FileOS
Windows NT 32-bit

Subsystem
Windows GUI

MachineType
Intel 386 or later, and compatibles

CodeSize
54784

ProductName
Factory Runtime

ProductVersionNumber
9.1.1.0

FileTypeExtension
exe

ObjectFileType
Executable application

File identification
MD5 0cdb513f5714088524868456d247d1bb
SHA1 ca4fcd06801cd89fc5ba4d1745887c09d1004991
SHA256 2de24f8fd14f54e0d8abfeddf9905afe72f0bb4e779ff3cedb86c833b5e6ac55
ssdeep
6144:HX2Q/EKxGAOOToShKIz769oUnXDKpr7Fze8z3YYMjNUUk/q6pnQzG:HX2Q/pxGAoSUqanXDK5IaYYuKUonF

authentihash 101581ac4b3591bbb9bd5a9349399f6e3878fb09ee09928f206f4532d701f7bd
imphash 66153317eb285b83794a71db3603e37c
File size 325.5 KB ( 333312 bytes )
File type Win32 EXE
Magic literal
PE32 executable for MS Windows (GUI) Intel 80386 32-bit

TrID Win32 Executable MS Visual C++ (generic) (42.2%)
Win64 Executable (generic) (37.3%)
Win32 Dynamic Link Library (generic) (8.8%)
Win32 Executable (generic) (6.0%)
Generic Win/DOS Executable (2.7%)
Tags
peexe

VirusTotal metadata
First submission 2015-01-16 18:01:03 UTC ( 4 years, 2 months ago )
Last submission 2015-01-16 18:01:03 UTC ( 4 years, 2 months ago )
File names suf_launch.exe
2de24f8fd14f54e0d8abfeddf9905afe72f0bb4e779ff3cedb86c833b5e6ac55.exe
0cdb513f5714088524868456d247d1bb
2de24f8fd14f54e0d8abfeddf9905afe72f0bb4e779ff3cedb86c833b5e6ac55.exe
suf_launch
Advanced heuristic and reputation engines
TrendMicro-HouseCall
TrendMicro's heuristic engine has flagged this file as: TROJ_GEN.R02KC0CAT15.

No comments. No VirusTotal Community member has commented on this item yet, be the first one to do so!

Leave your comment...

?
Post comment

You have not signed in. Only registered users can leave comments, sign in and have a voice!

No votes. No one has voted on this item yet, be the first one to do so!
Condensed report! The following is a condensed report of the behaviour of the file when executed in a controlled environment. The actions and events described were either performed by the file itself or by any other process launched by the executed file or subjected to code injection by the executed file.
Opened files
Read files
Written files
Copied files
Deleted files
Created processes
Code injections in the following processes
Created mutexes
Opened mutexes
Searched windows
Opened service managers
Opened services
Runtime DLLs
Additional details
The file sends control codes directly to certain device drivers making use of the DeviceIoControl Windows API function.