× Cookies are disabled! This site requires cookies to be enabled to work properly
SHA256: 2e8dfcb80342fa19e9ce63ff62a027d38d86638252724b6bfe3de3d312d02c71
File name: pattern
Detection ratio: 47 / 57
Analysis date: 2016-03-10 00:46:40 UTC ( 1 year, 4 months ago )
Antivirus Result Update
Ad-Aware Gen:Heur.Androm.1 20160310
AegisLab Backdoor.W32.Androm.gznu!c 20160309
Yandex Backdoor.Androm!yV65+nlw1W4 20160308
AhnLab-V3 Trojan/Win32.Ransomlock 20160309
Antiy-AVL Trojan[Backdoor]/Win32.Androm 20160310
Arcabit Trojan.Androm.1 20160310
Avast Win32:Dropper-gen [Drp] 20160310
AVG Inject2.CFKO 20160310
Avira (no cloud) TR/Emotet.A.139 20160310
AVware Trojan.Win32.Generic!BT 20160310
Baidu Win32.Trojan.WisdomEyes.151026.9950.9968 20160225
Baidu-International Backdoor.Win32.Androm.gznu 20160309
BitDefender Gen:Heur.Androm.1 20160310
Bkav W32.Clodc80.Trojan.dff4 20160309
CAT-QuickHeal TrojanPWS.Zbot.A4 20160309
Comodo UnclassifiedMalware 20160310
Cyren W32/VBInject.LVMY-5361 20160310
DrWeb Trojan.DownLoader13.23773 20160310
Emsisoft Gen:Heur.Androm.1 (B) 20160310
ESET-NOD32 a variant of Win32/Injector.CBNZ 20160309
F-Prot W32/VBInject.EB 20160309
F-Secure Gen:Heur.Androm.1 20160309
Fortinet W32/CBNZ.TV!tr 20160309
GData Gen:Heur.Androm.1 20160309
Ikarus Trojan.Win32.Emotet 20160309
Jiangmin Backdoor/Androm.jea 20160309
K7AntiVirus Trojan ( 004c3a221 ) 20160309
K7GW Trojan ( 004c3a221 ) 20160309
Kaspersky Backdoor.Win32.Androm.gznu 20160309
Malwarebytes Trojan.Injector 20160309
McAfee Generic.vy 20160309
McAfee-GW-Edition BehavesLike.Win32.Sality.ch 20160309
Microsoft Trojan:Win32/Bagsu!rfn 20160309
eScan Gen:Heur.Androm.1 20160309
NANO-Antivirus Trojan.Win32.DownLoader13.dsgfgx 20160309
Panda Trj/Chgt.O 20160309
Qihoo-360 Trojan.Generic 20160310
Rising PE:Malware.Generic(Thunder)!1.A1C4 [F] 20160309
Sophos AV Mal/Zbot-TV 20160309
Symantec W32.Cridex.B 20160309
Tencent Win32.Trojan.Inject.Auto 20160310
TrendMicro TSPY_EMOTET.XXRW 20160309
TrendMicro-HouseCall TSPY_EMOTET.XXRW 20160309
VBA32 TrojanSpy.Zbot 20160309
VIPRE Trojan.Win32.Generic!BT 20160310
ViRobot Trojan.Win32.Agent.1224704[h] 20160310
Zillya Backdoor.Androm.Win32.20179 20160309
Alibaba 20160309
ALYac 20160310
ByteHero 20160310
ClamAV 20160310
CMC 20160307
nProtect 20160309
SUPERAntiSpyware 20160309
TheHacker 20160309
TotalDefense 20160308
Zoner 20160309
The file being studied is a Portable Executable file! More specifically, it is a Win32 EXE file for the Windows GUI subsystem.
FileVersionInfo properties
Copyright
(C) 2011

Product pattern
Original name pattern.exe
Internal name pattern
File version 1, 0, 0, 1
Description pattern
PE header basic information
Target machine Intel 386 or later processors and compatible processors
Compilation timestamp 2015-05-26 17:20:41
Entry Point 0x00004220
Number of sections 6
PE sections
PE imports
CreateRectRgn
SelectObject
MoveToEx
CreateSolidBrush
DeleteObject
PatBlt
SetTextAlign
GetTextExtentPoint32W
Ellipse
Rectangle
GetShortPathNameW
GetModuleFileNameW
GlobalFree
FreeLibrary
HeapDestroy
GetVersionExA
FlushFileBuffers
lstrcmpiW
lstrlenW
DeleteCriticalSection
LocalAlloc
GetCommandLineW
GetStartupInfoW
lstrcatW
lstrcpyW
LoadLibraryW
GetThreadTimes
GetSystemDirectoryA
GetModuleHandleW
InitializeCriticalSection
CreateFileW
FindClose
GetCurrentThreadId
GetProcAddress
VirtualAlloc
GetEnvironmentVariableW
Ord(3820)
Ord(2406)
Ord(3998)
Ord(4621)
Ord(5777)
Ord(5298)
Ord(1634)
Ord(354)
Ord(2478)
Ord(6371)
Ord(2438)
Ord(5237)
Ord(665)
Ord(4073)
Ord(6048)
Ord(2362)
Ord(5257)
Ord(4435)
Ord(755)
Ord(537)
Ord(4523)
Ord(5727)
Ord(5236)
Ord(4616)
Ord(4717)
Ord(4539)
Ord(6370)
Ord(815)
Ord(4525)
Ord(3257)
Ord(5208)
Ord(641)
Ord(3917)
Ord(4583)
Ord(2506)
Ord(2388)
Ord(5256)
Ord(4343)
Ord(567)
Ord(3076)
Ord(609)
Ord(5285)
Ord(3569)
Ord(617)
Ord(825)
Ord(5710)
Ord(5276)
Ord(4401)
Ord(540)
Ord(4335)
Ord(5273)
Ord(4886)
Ord(1767)
Ord(2371)
Ord(4480)
Ord(4229)
Ord(2294)
Ord(823)
Ord(4269)
Ord(4537)
Ord(283)
Ord(6372)
Ord(813)
Ord(3701)
Ord(3142)
Ord(800)
Ord(656)
Ord(1569)
Ord(470)
Ord(6051)
Ord(5261)
Ord(3074)
Ord(2613)
Ord(3592)
Ord(4884)
Ord(2047)
Ord(2281)
Ord(2977)
Ord(2116)
Ord(4418)
Ord(560)
Ord(4268)
Ord(1937)
Ord(4831)
Ord(5070)
Ord(4426)
Ord(4955)
Ord(5783)
Ord(2504)
Ord(4459)
Ord(3743)
Ord(2377)
Ord(4893)
Ord(3825)
Ord(4419)
Ord(4074)
Ord(1719)
Ord(2640)
Ord(1089)
Ord(3744)
Ord(4520)
Ord(3254)
Ord(1165)
Ord(3341)
Ord(2615)
Ord(4390)
Ord(4692)
Ord(4582)
Ord(4847)
Ord(4347)
Ord(2717)
Ord(324)
Ord(296)
Ord(5296)
Ord(5157)
Ord(1768)
Ord(4704)
Ord(3793)
Ord(4667)
Ord(3826)
Ord(5193)
Ord(2971)
Ord(1720)
Ord(4075)
Ord(2854)
Ord(1131)
Ord(4364)
Ord(3733)
Ord(5303)
Ord(2980)
Ord(4518)
Ord(2546)
Ord(861)
Ord(561)
Ord(1143)
Ord(3658)
Ord(4958)
Ord(3131)
Ord(5059)
Ord(3397)
Ord(4103)
Ord(4370)
Ord(4270)
Ord(2567)
Ord(4992)
Ord(3605)
Ord(5286)
Ord(3621)
_except_handler3
__p__fmode
__wgetmainargs
_XcptFilter
__CxxFrameHandler
_ftol
__p__commode
__setusermatherr
__dllonexit
_onexit
_exit
wcscmp
abs
exit
sprintf
memcmp
_initterm
_controlfp
_wcmdln
_adjust_fdiv
__set_app_type
SysAllocString
LoadTypeLib
SysFreeString
RegisterTypeLib
ReleaseDC
GetSystemMetrics
CharNextW
SendMessageW
EnableWindow
IsIconic
DestroyWindow
GetCaretBlinkTime
GetClientRect
GetWindowTextW
DrawIcon
LoadCursorW
LoadIconW
CreateWindowExW
ShowWindow
GetDlgItemTextW
DestroyCaret
GetDC
SetCursor
CoUninitialize
CoCreateInstance
CoRegisterClassObject
CoInitialize
CoRevokeClassObject
ExifTool file metadata
SubsystemVersion
4.0

LinkerVersion
6.0

ImageVersion
0.0

FileSubtype
0

FileVersionNumber
1.0.0.1

UninitializedDataSize
0

LanguageCode
Icelandic

FileFlagsMask
0x003f

CharacterSet
Unicode

InitializedDataSize
151552

EntryPoint
0x4220

OriginalFileName
pattern.exe

MIMEType
application/octet-stream

LegalCopyright
(C) 2011

FileVersion
1, 0, 0, 1

TimeStamp
2015:05:26 18:20:41+01:00

FileType
Win32 EXE

PEType
PE32

InternalName
pattern

ProductVersion
1, 0, 0, 1

FileDescription
pattern

OSVersion
4.0

FileOS
Windows NT 32-bit

Subsystem
Windows GUI

MachineType
Intel 386 or later, and compatibles

CodeSize
16384

ProductName
pattern

ProductVersionNumber
1.0.0.1

FileTypeExtension
exe

ObjectFileType
Executable application

Compressed bundles
File identification
MD5 3c685512bf5a68cc23a7d0c402026328
SHA1 95e40caa00225ed023e79da2e0108eaeb8dd4dce
SHA256 2e8dfcb80342fa19e9ce63ff62a027d38d86638252724b6bfe3de3d312d02c71
ssdeep
3072:DX75jO4X+7EAlT105NMQzg7p1OBo73p/MHQtxhOauinJGhCV+z:DFy4X+wAx107MWg7pBFsQtK86

authentihash 7302a9b8c791aaaa3368ec78048bf081405a2dba0f64bf73e1067896b695cf75
imphash 499f83e83ddde3ac141cf9f8439cf534
File size 168.0 KB ( 172032 bytes )
File type Win32 EXE
Magic literal
PE32 executable for MS Windows (GUI) Intel 80386 32-bit

TrID Win32 Executable MS Visual C++ (generic) (46.3%)
Win64 Executable (generic) (41.0%)
Win32 Executable (generic) (6.6%)
Generic Win/DOS Executable (2.9%)
DOS Executable Generic (2.9%)
Tags
peexe

VirusTotal metadata
First submission 2015-05-27 23:49:42 UTC ( 2 years, 1 month ago )
Last submission 2015-06-04 06:16:28 UTC ( 2 years, 1 month ago )
File names DHL_Report_9824028086____ID28_DHL_DE_M05___BD28_05_2015___00_14_15___MessageId_938002.exe
pattern.exe
pattern
3C685512BF5A68CC23A7D0C402026328
3C685512BF5A68CC23A7D0C402026328.exe
DHL_Report_0401250278____ID28_DHL_DE_M05___BD28_05_2015___00_14_15___MessageId_938002.exe
ee.exe
2E8DFCB80342FA19E9CE63FF62A027D38D86638252724B6BFE3DE3D312D02C71.EXE
Advanced heuristic and reputation engines
Symantec reputation Suspicious.Insight
No comments. No VirusTotal Community member has commented on this item yet, be the first one to do so!

Leave your comment...

?
Post comment

You have not signed in. Only registered users can leave comments, sign in and have a voice!

No votes. No one has voted on this item yet, be the first one to do so!
Condensed report! The following is a condensed report of the behaviour of the file when executed in a controlled environment. The actions and events described were either performed by the file itself or by any other process launched by the executed file or subjected to code injection by the executed file.
Opened files
Read files
Written files
Created processes
Code injections in the following processes
Opened mutexes
Runtime DLLs
Additional details
The file sends control codes directly to certain device drivers making use of the DeviceIoControl Windows API function.