× Cookies are disabled! This site requires cookies to be enabled to work properly
SHA256: 2f35f5ff1e9c74a1d660ac122276e42a98f4ff886522b1bea7ab01a7b4beb170
File name: odd.exe
Detection ratio: 3 / 54
Analysis date: 2014-07-17 13:03:57 UTC ( 4 years, 8 months ago ) View latest
Antivirus Result Update
Bkav HW32.CDB.5e5e 20140717
CMC Packed.Win32.Katusha.3!O 20140717
Rising PE:Malware.XPACK-HIE/Heur!1.9C48 20140717
Ad-Aware 20140717
AegisLab 20140717
Yandex 20140716
AhnLab-V3 20140717
AntiVir 20140717
Antiy-AVL 20140717
Avast 20140717
AVG 20140717
Baidu-International 20140717
BitDefender 20140717
ByteHero 20140717
CAT-QuickHeal 20140717
ClamAV 20140717
Commtouch 20140717
Comodo 20140717
DrWeb 20140717
Emsisoft 20140717
ESET-NOD32 20140717
F-Prot 20140717
F-Secure 20140717
Fortinet 20140717
GData 20140717
Ikarus 20140717
Jiangmin 20140717
K7AntiVirus 20140717
K7GW 20140717
Kaspersky 20140717
Kingsoft 20140717
Malwarebytes 20140717
McAfee 20140717
McAfee-GW-Edition 20140716
Microsoft 20140717
eScan 20140717
NANO-Antivirus 20140717
Norman 20140717
nProtect 20140717
Panda 20140717
Qihoo-360 20140717
Sophos AV 20140717
SUPERAntiSpyware 20140717
Symantec 20140717
Tencent 20140717
TheHacker 20140714
TotalDefense 20140717
TrendMicro 20140717
TrendMicro-HouseCall 20140717
VBA32 20140717
VIPRE 20140717
ViRobot 20140717
Zillya 20140716
Zoner 20140714
The file being studied is a Portable Executable file! More specifically, it is a Win32 EXE file for the Windows GUI subsystem.
PE header basic information
Target machine Intel 386 or later processors and compatible processors
Compilation timestamp 2014-04-09 09:18:50
Entry Point 0x000257D3
Number of sections 4
PE sections
PE imports
RegDeleteKeyA
RegCreateKeyExW
RegCloseKey
RegCreateKeyExA
RegQueryValueExA
AccessCheck
RegDeleteKeyW
RegQueryValueExW
GetFileSecurityW
RegOpenKeyExW
RegOpenKeyExA
RegQueryInfoKeyW
CryptReleaseContext
ImpersonateSelf
CryptGenRandom
OpenThreadToken
MapGenericMask
CryptAcquireContextW
RegDeleteValueW
RevertToSelf
RegSetValueExW
FreeSid
AllocateAndInitializeSid
RegSetValueExA
RegDeleteValueA
ImageList_GetImageCount
ImageList_Duplicate
ImageList_GetIconSize
ImageList_Destroy
ImageList_AddMasked
ImageList_ReplaceIcon
ImageList_LoadImageA
ImageList_Replace
ImageList_SetImageCount
ImageList_Create
Ord(6)
ImageList_DrawEx
ImageList_GetIcon
Ord(17)
ImageList_LoadImageW
ImageList_Draw
ImageList_Add
Polygon
TextOutW
CreateFontIndirectW
OffsetRgn
CreatePen
SaveDC
CreateFontIndirectA
GetTextMetricsA
CombineRgn
GetPixel
Rectangle
GetDeviceCaps
ExcludeClipRect
LineTo
DeleteDC
RestoreDC
SetBkMode
RectInRegion
SetPixel
SetWindowOrgEx
DeleteObject
GetObjectW
BitBlt
CreateDIBSection
SetTextColor
GetObjectA
GetCurrentObject
MoveToEx
ExtTextOutW
CreateBitmap
RectVisible
GetStockObject
GetDIBits
SetTextAlign
SelectClipRgn
RoundRect
StretchBlt
CreateCompatibleDC
CreateRectRgn
SelectObject
GetTextExtentPoint32A
GetTextColor
CreateSolidBrush
Polyline
SetBkColor
GetBkColor
CreateCompatibleBitmap
CreateFontA
GetDriveTypeW
ReleaseMutex
FileTimeToSystemTime
GetFileAttributesA
WaitForSingleObject
FindNextFileA
GetFileAttributesW
GetLocalTime
DeleteCriticalSection
GetCurrentProcess
LocalAlloc
ExpandEnvironmentStringsA
SetErrorMode
GetThreadContext
GetLocaleInfoW
GetFileTime
GetTempPathA
WideCharToMultiByte
GetDiskFreeSpaceW
InterlockedExchange
GetTempPathW
FormatMessageW
GetSystemTimeAsFileTime
HeapReAlloc
SetFileAttributesA
SetEvent
LocalFree
MoveFileA
ResumeThread
GetExitCodeProcess
InitializeCriticalSection
LoadResource
FindClose
TlsGetValue
MoveFileW
SetFileAttributesW
GetEnvironmentVariableW
SetLastError
GetSystemTime
DeviceIoControl
GetEnvironmentVariableA
CopyFileW
GetModuleFileNameW
CopyFileA
HeapAlloc
FlushFileBuffers
GetModuleFileNameA
GetVolumeInformationA
GlobalAddAtomW
SetThreadPriority
GetVolumeInformationW
InterlockedDecrement
MultiByteToWideChar
FindNextChangeNotification
CreateMutexA
SetFilePointer
GetFullPathNameW
InterlockedExchangeAdd
CreateThread
MoveFileExW
CreatePipe
SetUnhandledExceptionFilter
CreateMutexW
MulDiv
GetSystemDirectoryA
GlobalMemoryStatus
FindCloseChangeNotification
GlobalAlloc
GetDiskFreeSpaceExW
SetEndOfFile
GetVersion
LeaveCriticalSection
HeapFree
EnterCriticalSection
PeekNamedPipe
LoadLibraryW
GetVersionExW
FreeLibrary
QueryPerformanceCounter
GetTickCount
TlsAlloc
VirtualProtect
GetVersionExA
LoadLibraryA
GetStartupInfoA
GetDateFormatA
GetWindowsDirectoryW
GetFileSize
OpenProcess
CreateDirectoryA
DeleteFileA
CreateDirectoryW
DeleteFileW
WaitForMultipleObjects
GetProcessHeap
GetTempFileNameW
RemoveDirectoryW
ExpandEnvironmentStringsW
FindFirstFileA
FormatMessageA
GetDiskFreeSpaceA
HeapValidate
ResetEvent
GetTempFileNameA
FindFirstFileW
TerminateProcess
DuplicateHandle
GetProcAddress
CreateEventW
CreateFileW
HeapWalk
CreateEventA
TlsSetValue
CreateFileA
ExitProcess
InterlockedIncrement
GetLastError
GetShortPathNameW
FindFirstChangeNotificationA
GlobalFree
GetConsoleCP
FindNextFileW
GlobalUnlock
RemoveDirectoryA
WinExec
FindFirstChangeNotificationW
HeapCompact
FileTimeToLocalFileTime
SizeofResource
GetCurrentDirectoryW
GetCurrentProcessId
LockResource
GetCommandLineW
GetCPInfo
GetShortPathNameA
SetSystemPowerState
InterlockedCompareExchange
GetCurrentThread
OpenMutexA
SuspendThread
GetSystemDefaultLangID
QueryPerformanceFrequency
GetModuleHandleA
ReadFile
CloseHandle
GlobalLock
GetCurrentThreadId
FreeResource
GetFileAttributesExW
CreateProcessA
HeapCreate
WriteFile
CreateProcessW
Sleep
IsBadReadPtr
FindResourceA
VirtualAlloc
GetTimeFormatA
GradientFill
__p__fmode
_CIcos
fclose
strtoul
fflush
strtol
strtok
fwrite
_XcptFilter
isspace
localtime
??3@YAXPAX@Z
ceil
wcsncmp
memcpy
strstr
ctime
memmove
_atoi64
memchr
strncmp
_endthread
memset
wcschr
_stricmp
strchr
_wputenv
??2@YAPAXI@Z
_beginthread
__p__commode
exit
sprintf
strrchr
_acmdln
free
ungetc
__getmainargs
_wstati64
_CIpow
_initterm
_iob
rand
realloc
__dllonexit
isprint
_setjmp3
toupper
printf
fopen
strncpy
_onexit
__setusermatherr
_wcsnicmp
wcsncpy
atoi
atol
_purecall
_wctime
strerror
_strnicmp
_controlfp
malloc
sscanf
srand
_waccess
fprintf
isdigit
strncat
_errno
getc
rewind
wcsrchr
_wcsicmp
longjmp
tolower
_adjust_fdiv
_CIsin
_CIsqrt
_except_handler3
calloc
_exit
difftime
wcsstr
_wtol
__set_app_type
_wtoi
VariantChangeType
SysAllocStringLen
VariantClear
DispGetParam
SafeArrayCreate
VariantCopy
SysAllocString
SysFreeString
SafeArrayPutElement
VariantInit
GetProcessMemoryInfo
SHGetFileInfoA
DragQueryFileW
DragFinish
SHChangeNotify
ShellExecuteW
SHBrowseForFolderA
SHGetFileInfoW
DragQueryFileA
SHGetPathFromIDListA
SHFileOperationA
SHGetMalloc
ShellExecuteA
Shell_NotifyIconA
RedrawWindow
GetMessagePos
UnregisterHotKey
LoadBitmapW
MoveWindow
DestroyMenu
PostQuitMessage
GetForegroundWindow
LoadBitmapA
SetWindowPos
DispatchMessageA
ClientToScreen
SetMenuItemInfoA
WindowFromPoint
GetMessageTime
SendMessageW
GetMenuItemID
GetAsyncKeyState
MapDialogRect
GetDlgCtrlID
GetMenu
CreateWindowExA
IsClipboardFormatAvailable
SendMessageA
GetClientRect
DefWindowProcW
DrawTextW
GetScrollPos
CallNextHookEx
GetWindowTextLengthA
LoadImageW
GetTopWindow
RegisterHotKey
GetWindowTextW
PostThreadMessageW
LoadImageA
GetWindowTextLengthW
MsgWaitForMultipleObjects
GetActiveWindow
GetWindowTextA
GetKeyState
DestroyWindow
DrawEdge
GetClassInfoExW
GetCursorInfo
SetPropA
GetPropW
EqualRect
SetClassLongW
EnumWindows
CheckRadioButton
GetClassInfoExA
GetMessageW
ShowWindow
SetMenuInfo
GetPropA
SetPropW
GetDesktopWindow
PeekMessageW
InsertMenuItemW
LockWindowUpdate
LoadIconW
CopyImage
TranslateMessage
IsWindowEnabled
GetWindow
GetDlgItemInt
CreatePopupMenu
GetIconInfo
SetParent
SetClipboardData
ScrollWindow
IsWindowVisible
DrawMenuBar
IsIconic
GetMenuItemCount
GetWindowLongA
DrawFrameControl
SetTimer
IsDialogMessageW
FillRect
CopyRect
WaitForInputIdle
DeferWindowPos
CreateWindowExW
ReleaseDC
GetWindowLongW
GetCursorPos
PtInRect
IsDialogMessageA
MapWindowPoints
MapVirtualKeyA
GetMessageA
SetCapture
BeginPaint
OffsetRect
SetFocus
ReleaseCapture
keybd_event
KillTimer
TrackMouseEvent
RegisterWindowMessageA
DefWindowProcA
CheckMenuRadioItem
GetClipboardData
GetParent
GetSystemMetrics
SetWindowLongW
GetWindowRect
InflateRect
UpdateWindow
PostMessageA
DrawIcon
EnumChildWindows
GetScrollRange
SetWindowLongA
SendDlgItemMessageW
PostMessageW
InvalidateRect
GetScrollInfo
SetWindowTextA
CheckMenuItem
DrawIconEx
SetWindowTextW
CreateMenu
GetDlgItem
RemovePropW
ScreenToClient
LoadCursorA
LoadIconA
TrackPopupMenu
SetWindowsHookExA
DialogBoxIndirectParamW
GetMenuItemInfoA
IsDlgButtonChecked
CheckDlgButton
SetDlgItemInt
SetWindowsHookExW
LoadCursorW
GetSystemMenu
DispatchMessageW
SetForegroundWindow
ExitWindowsEx
DialogBoxIndirectParamA
OpenClipboard
EmptyClipboard
EndPaint
CreateDialogIndirectParamW
DrawTextA
IntersectRect
EndDialog
FindWindowW
CreateDialogIndirectParamA
FindWindowA
RemoveMenu
GetWindowThreadProcessId
GetSysColorBrush
ShowScrollBar
MessageBoxW
AppendMenuA
RegisterClassExW
SetMenu
SetRectEmpty
CallWindowProcA
AppendMenuW
GetFocus
GetSysColor
SetDlgItemTextW
SetScrollInfo
RegisterClassExA
EndDeferWindowPos
GetDoubleClickTime
DestroyIcon
GetKeyNameTextA
BeginDeferWindowPos
SystemParametersInfoW
GetDC
FrameRect
SetRect
GetKeyNameTextW
AnimateWindow
SendMessageTimeoutA
CallWindowProcW
GetClassNameW
ValidateRect
IsRectEmpty
GetClassNameA
SendMessageTimeoutW
EnableWindow
CloseClipboard
UnhookWindowsHookEx
SetCursor
htonl
WSARecvFrom
WSARecv
accept
ioctlsocket
WSAStartup
connect
getsockname
WSAAddressToStringA
getservbyport
WSASetLastError
select
htons
gethostname
closesocket
ntohl
inet_addr
WSAWaitForMultipleEvents
WSASend
ntohs
WSAGetLastError
gethostbyaddr
listen
__WSAFDIsSet
WSAStringToAddressA
WSAEventSelect
gethostbyname
getpeername
WSACleanup
recv
WSAIoctl
setsockopt
socket
bind
WSASendTo
recvfrom
WSAEnumNetworkEvents
inet_ntoa
sendto
getservbyname
GetOpenFileNameA
GetSaveFileNameW
CommDlgExtendedError
GetOpenFileNameW
GetSaveFileNameA
OleUninitialize
CoTaskMemAlloc
OleSetContainedObject
OleCreate
StgCreateDocfile
CoTaskMemFree
OleInitialize
Number of PE resources by type
RT_STRING 16
RT_DIALOG 13
RT_MENU 3
RT_ICON 2
RT_GROUP_ICON 2
RT_ACCELERATOR 1
Number of PE resources by language
GERMAN 37
PE resources
ExifTool file metadata
MIMEType
application/octet-stream

Subsystem
Windows GUI

MachineType
Intel 386 or later, and compatibles

TimeStamp
2014:04:09 10:18:50+01:00

FileType
Win32 EXE

PEType
PE32

CodeSize
183808

LinkerVersion
8.0

FileAccessDate
2014:07:24 13:35:09+01:00

EntryPoint
0x257d3

InitializedDataSize
92672

SubsystemVersion
4.0

ImageVersion
0.0

OSVersion
4.0

FileCreateDate
2014:07:24 13:35:09+01:00

UninitializedDataSize
0

File identification
MD5 7f6b821fcbafb2567b1695280c222419
SHA1 73076f238538c99c1abada36ff2a1c8c7ce3b720
SHA256 2f35f5ff1e9c74a1d660ac122276e42a98f4ff886522b1bea7ab01a7b4beb170
ssdeep
6144:iYyI6yjsOLQKNGDyueT2guu7XXHvUnOJEkenS5U:36ZOECiKT2guu7HPUOS+U

imphash 63d9b9e91835ce9cc08317a92fbf387c
File size 271.5 KB ( 278016 bytes )
File type Win32 EXE
Magic literal
PE32 executable for MS Windows (GUI) Intel 80386 32-bit

TrID Win32 Executable MS Visual C++ (generic) (67.3%)
Win32 Dynamic Link Library (generic) (14.2%)
Win32 Executable (generic) (9.7%)
Generic Win/DOS Executable (4.3%)
DOS Executable Generic (4.3%)
Tags
peexe

VirusTotal metadata
First submission 2014-07-17 13:03:57 UTC ( 4 years, 8 months ago )
Last submission 2014-07-17 13:03:57 UTC ( 4 years, 8 months ago )
File names odd.exe
Advanced heuristic and reputation engines
Symantec reputation Suspicious.Insight
No comments. No VirusTotal Community member has commented on this item yet, be the first one to do so!

Leave your comment...

?
Post comment

You have not signed in. Only registered users can leave comments, sign in and have a voice!

No votes. No one has voted on this item yet, be the first one to do so!
Condensed report! The following is a condensed report of the behaviour of the file when executed in a controlled environment. The actions and events described were either performed by the file itself or by any other process launched by the executed file or subjected to code injection by the executed file.
Opened files
Read files
Written files
Created processes
Code injections in the following processes
Created mutexes
Opened mutexes
Runtime DLLs
Additional details
The file sends control codes directly to certain device drivers making use of the DeviceIoControl Windows API function.
DNS requests