× Cookies are disabled! This site requires cookies to be enabled to work properly
SHA256: 2fda24105f432e7ef96fa352096829c6da71d0fa486c2e7ee4056f11e31d2cb0
File name: asz$server.exe
Detection ratio: 46 / 64
Analysis date: 2017-07-27 05:50:49 UTC ( 1 year, 7 months ago ) View latest
Antivirus Result Update
Ad-Aware Dropped:Trojan.AgentWDCR.FYW 20170727
AhnLab-V3 Trojan/Win32.Dorv.R166169 20170726
ALYac Dropped:Trojan.AgentWDCR.FYW 20170727
Antiy-AVL Trojan/Win32.Agent 20170727
Arcabit Trojan.AgentWDCR.FYW 20170727
Avast Win32:Malware-gen 20170727
AVG Win32:Malware-gen 20170727
Avira (no cloud) DR/Delphi.Gen 20170726
Baidu Win32.Trojan.WisdomEyes.16070401.9500.9999 20170727
BitDefender Dropped:Trojan.AgentWDCR.FYW 20170727
Bkav W32.DoratasASV.Trojan 20170726
CAT-QuickHeal Trojan.DorvCS.S20382 20170727
ClamAV Win.Trojan.Agent-1344046 20170727
CrowdStrike Falcon (ML) malicious_confidence_100% (D) 20170710
Cylance Unsafe 20170727
DrWeb Trojan.DownLoader17.23978 20170727
Emsisoft Dropped:Trojan.AgentWDCR.FYW (B) 20170727
Endgame malicious (high confidence) 20170721
ESET-NOD32 Win32/Delf.TAX 20170727
F-Secure Dropped:Trojan.AgentWDCR.FYW 20170727
Fortinet W32/Delf.TAX!tr 20170727
GData Dropped:Trojan.AgentWDCR.FYW 20170727
Ikarus Trojan.Win32.Delf 20170726
Sophos ML heuristic 20170607
Jiangmin Trojan.Delf.ab 20170727
K7AntiVirus Trojan ( 004d29b11 ) 20170727
K7GW Trojan ( 004d29b11 ) 20170727
Kaspersky Trojan.Win32.Delf.eadl 20170727
MAX malware (ai score=88) 20170727
McAfee GenericR-IQJ!3CEB55B012EA 20170727
McAfee-GW-Edition BehavesLike.Win32.SpywareLyndra.kh 20170726
eScan Dropped:Trojan.AgentWDCR.FYW 20170727
NANO-Antivirus Trojan.Win32.Delphi.dxgmks 20170727
Panda Trj/Genetic.gen 20170725
Qihoo-360 HEUR/QVM05.1.C1C7.Malware.Gen 20170727
Rising Malware.Generic.5!tfe (thunder:3MyBHt58z2) 20170727
SentinelOne (Static ML) static engine - malicious 20170718
Sophos AV Mal/Generic-S 20170727
Symantec SMG.Heur!gen 20170727
TrendMicro TROJ_GRAFTOR_EK040495.UVPM 20170727
TrendMicro-HouseCall TROJ_GRAFTOR_EK040495.UVPM 20170727
VBA32 Trojan.Delf 20170725
VIPRE RiskTool.Win32.ProcessPatcher.Sml!cobra (v) (not malicious) 20170727
Webroot W32.Malware.Gen 20170727
Zillya Trojan.HideProc.Win32.135 20170726
ZoneAlarm by Check Point Trojan.Win32.Delf.eadl 20170727
AegisLab 20170727
Alibaba 20170727
AVware 20170721
CMC 20170727
Comodo 20170727
Cyren 20170727
F-Prot 20170727
Kingsoft 20170727
Malwarebytes 20170727
Microsoft 20170727
nProtect 20170726
Palo Alto Networks (Known Signatures) 20170727
SUPERAntiSpyware 20170727
Symantec Mobile Insight 20170727
Tencent 20170727
TheHacker 20170724
TotalDefense 20170727
Trustlook 20170727
ViRobot 20170727
Yandex 20170726
Zoner 20170727
The file being studied is a Portable Executable file! More specifically, it is a Win32 EXE file for the Windows GUI subsystem.
Packers identified
PEiD BobSoft Mini Delphi -> BoB / BobSoft
PE header basic information
Target machine Intel 386 or later processors and compatible processors
Compilation timestamp 2015-09-02 09:24:54
Entry Point 0x0000C194
Number of sections 9
PE sections
PE imports
RegOpenKeyExA
RegQueryValueExA
RegCloseKey
EnumCalendarInfoA
HeapFree
GetStdHandle
lstrlenA
GlobalFree
FreeLibrary
ExitProcess
GetThreadLocale
GetVersionExA
VirtualProtect
GlobalUnlock
GetModuleFileNameA
GlobalHandle
RtlUnwind
LoadLibraryA
GetStartupInfoA
LoadLibraryExA
GetLocaleInfoA
LocalAlloc
LockResource
GlobalReAlloc
UnhandledExceptionFilter
MultiByteToWideChar
GetCPInfo
GetCommandLineA
GetProcAddress
GetProcessHeap
SetFilePointer
RaiseException
WideCharToMultiByte
GetModuleHandleA
FindFirstFileA
WriteFile
GetCurrentProcess
ReadFile
lstrcpynA
GetACP
GetDiskFreeSpaceA
GlobalLock
GlobalAlloc
CreateProcessA
GetEnvironmentVariableA
LoadResource
CreateFileW
VirtualQuery
VirtualFree
FindClose
TlsGetValue
Sleep
IsBadReadPtr
SetEndOfFile
TlsSetValue
HeapAlloc
GetCurrentThreadId
FindResourceA
VirtualAlloc
CloseHandle
SysReAllocStringLen
SysFreeString
SysAllocStringLen
GetSystemMetrics
LoadStringA
CharNextA
MessageBoxA
CharToOemA
GetKeyboardType
DestroyWindow
socket
closesocket
inet_addr
send
WSACleanup
WSAStartup
gethostbyname
connect
shutdown
htons
recv
Number of PE resources by type
RT_RCDATA 1
Number of PE resources by language
NEUTRAL 1
PE resources
ExifTool file metadata
MIMEType
application/octet-stream

Subsystem
Windows GUI

MachineType
Intel 386 or later, and compatibles

FileTypeExtension
exe

TimeStamp
2015:09:02 10:24:54+01:00

FileType
Win32 EXE

PEType
PE32

CodeSize
45568

LinkerVersion
2.25

ImageFileCharacteristics
Executable, No line numbers, No symbols, Bytes reversed lo, 32-bit, Bytes reversed hi

EntryPoint
0xc194

InitializedDataSize
17920

SubsystemVersion
4.0

ImageVersion
0.0

OSVersion
4.0

UninitializedDataSize
0

Execution parents
Compressed bundles
File identification
MD5 3ceb55b012ea51b8ff0b97e899b8b267
SHA1 79e442747fc9b5c87ef39c897ce1c5c257e16364
SHA256 2fda24105f432e7ef96fa352096829c6da71d0fa486c2e7ee4056f11e31d2cb0
ssdeep
768:ZBQoo/ija+1IWh6AxwUp8htszL889ox9AWWi65KIjGiFenX6QdJQGFHSvoBi+o0p:ZBQa5osv8s5K7ZnX6wqoBXogklGd

authentihash 555c1b73897576f79a7e74f269815db14deaaa6257cb634fd95ac82c5cd7ea45
imphash 93f5d7e72241bd2acbfe194d9d2157f6
File size 63.0 KB ( 64512 bytes )
File type Win32 EXE
Magic literal
PE32 executable for MS Windows (GUI) Intel 80386 32-bit

TrID Win32 Executable Delphi generic (42.4%)
Win32 Dynamic Link Library (generic) (19.7%)
Win32 Executable (generic) (13.5%)
Win16/32 Executable Delphi generic (6.2%)
OS/2 Executable (generic) (6.0%)
Tags
bobsoft peexe

VirusTotal metadata
First submission 2017-07-27 05:50:49 UTC ( 1 year, 7 months ago )
Last submission 2018-07-21 13:14:46 UTC ( 8 months ago )
File names 2fda24105f432e7e_asz$server.exe
asz$server.exe
asz$server.exe
server.gxe
server.exe
79e442747fc9b5c87ef39c897ce1c5c257e16364.dropped
asz$server.exe
asz$server.exeasz$server.exe
3ceb55b012ea51b8ff0b97e899b8b267.vir
No comments. No VirusTotal Community member has commented on this item yet, be the first one to do so!

Leave your comment...

?
Post comment

You have not signed in. Only registered users can leave comments, sign in and have a voice!

No votes. No one has voted on this item yet, be the first one to do so!
Condensed report! The following is a condensed report of the behaviour of the file when executed in a controlled environment. The actions and events described were either performed by the file itself or by any other process launched by the executed file or subjected to code injection by the executed file.
Opened files
Written files
Created processes
Runtime DLLs
DNS requests
UDP communications