× Cookies are disabled! This site requires cookies to be enabled to work properly
SHA256: 2feb28724f93463891403236fdbcb2906d5325f69b5b9562e2129e75f4ac1dce
File name: 5FE4E579EE536E38AEC0ADB2E07BA732.@
Detection ratio: 1 / 57
Analysis date: 2015-05-11 11:12:42 UTC ( 3 years, 10 months ago ) View latest
Antivirus Result Update
Tencent Trojan.Win32.Qudamah.Gen.5 20150511
Ad-Aware 20150511
AegisLab 20150511
Yandex 20150511
AhnLab-V3 20150511
Alibaba 20150520
ALYac 20150511
Antiy-AVL 20150511
Avast 20150511
AVG 20150511
Avira (no cloud) 20150511
AVware 20150511
Baidu-International 20150511
BitDefender 20150511
Bkav 20150509
ByteHero 20150511
CAT-QuickHeal 20150511
ClamAV 20150511
CMC 20150508
Comodo 20150511
Cyren 20150511
DrWeb 20150511
Emsisoft 20150511
ESET-NOD32 20150511
F-Prot 20150511
F-Secure 20150510
Fortinet 20150511
GData 20150511
Ikarus 20150511
Jiangmin 20150506
K7AntiVirus 20150511
K7GW 20150511
Kaspersky 20150511
Kingsoft 20150511
Malwarebytes 20150511
McAfee 20150511
McAfee-GW-Edition 20150510
Microsoft 20150511
eScan 20150511
NANO-Antivirus 20150511
Norman 20150511
nProtect 20150508
Panda 20150510
Qihoo-360 20150511
Rising 20150510
Sophos AV 20150511
SUPERAntiSpyware 20150509
Symantec 20150511
TheHacker 20150511
TotalDefense 20150510
TrendMicro 20150511
TrendMicro-HouseCall 20150511
VBA32 20150511
VIPRE 20150511
ViRobot 20150511
Zillya 20150510
Zoner 20150511
The file being studied is a Portable Executable file! More specifically, it is a Win32 EXE file for the Windows GUI subsystem.
PE header basic information
Target machine Intel 386 or later processors and compatible processors
Compilation timestamp 2015-04-27 04:56:29
Entry Point 0x00002914
Number of sections 6
PE sections
Overlays
MD5 102fe5cad3a698d543c49a78923c78a5
File type data
Offset 274432
Size 512
Entropy 7.58
PE imports
DeleteObject
GetStockObject
Rectangle
SetMapMode
LocalFree
GetStartupInfoA
CreateFileA
GetModuleHandleA
CreatePipe
GetVersionExW
VirtualProtect
HeapSize
GetThreadTimes
GetModuleFileNameA
VirtualAlloc
Ord(1775)
Ord(4080)
Ord(2362)
Ord(4710)
Ord(3597)
Ord(3136)
Ord(4524)
Ord(554)
Ord(1842)
Ord(5237)
Ord(5577)
Ord(3350)
Ord(6375)
Ord(540)
Ord(4589)
Ord(3798)
Ord(6052)
Ord(3259)
Ord(1665)
Ord(2446)
Ord(5214)
Ord(5301)
Ord(807)
Ord(4163)
Ord(4964)
Ord(6215)
Ord(6625)
Ord(4529)
Ord(5098)
Ord(4531)
Ord(815)
Ord(2723)
Ord(366)
Ord(641)
Ord(2494)
Ord(5277)
Ord(2514)
Ord(4953)
Ord(4425)
Ord(4619)
Ord(3454)
Ord(3092)
Ord(4441)
Ord(1134)
Ord(4465)
Ord(4108)
Ord(5300)
Ord(6175)
Ord(338)
Ord(4627)
Ord(1168)
Ord(3738)
Ord(4853)
Ord(2982)
Ord(617)
Ord(3172)
Ord(4526)
Ord(4234)
Ord(825)
Ord(3081)
Ord(5199)
Ord(5307)
Ord(796)
Ord(4823)
Ord(2390)
Ord(2542)
Ord(4424)
Ord(4273)
Ord(5260)
Ord(5076)
Ord(4078)
Ord(4464)
Ord(3059)
Ord(2554)
Ord(5252)
Ord(1945)
Ord(6376)
Ord(5282)
Ord(4224)
Ord(4614)
Ord(2294)
Ord(1727)
Ord(823)
Ord(2642)
Ord(813)
Ord(2725)
Ord(4998)
Ord(5472)
Ord(4436)
Ord(4457)
Ord(800)
Ord(3749)
Ord(2512)
Ord(4427)
Ord(4274)
Ord(5261)
Ord(4696)
Ord(4079)
Ord(4467)
Ord(3058)
Ord(1146)
Ord(3147)
Ord(2124)
Ord(4615)
Ord(1726)
Ord(4242)
Ord(4077)
Ord(4508)
Ord(6336)
Ord(4890)
Ord(3262)
Ord(5653)
Ord(674)
Ord(975)
Ord(1576)
Ord(5243)
Ord(4353)
Ord(3748)
Ord(5065)
Ord(5290)
Ord(4407)
Ord(4426)
Ord(6117)
Ord(3346)
Ord(4303)
Ord(2396)
Ord(4159)
Ord(3831)
Ord(520)
Ord(6374)
Ord(5280)
Ord(986)
Ord(4612)
Ord(3825)
Ord(2976)
Ord(2535)
Ord(1089)
Ord(3198)
Ord(2985)
Ord(3922)
Ord(5240)
Ord(6080)
Ord(4151)
Ord(2649)
Ord(2818)
Ord(4376)
Ord(6055)
Ord(1776)
Ord(2621)
Ord(4623)
Ord(324)
Ord(296)
Ord(4238)
Ord(2510)
Ord(3830)
Ord(5103)
Ord(2385)
Ord(4613)
Ord(4349)
Ord(2878)
Ord(3079)
Ord(4899)
Ord(652)
Ord(4387)
Ord(4723)
Ord(4420)
Ord(2055)
Ord(2627)
Ord(4837)
Ord(5241)
Ord(5100)
Ord(2399)
Ord(5012)
Ord(2648)
Ord(3065)
Ord(5714)
Ord(5289)
Ord(4545)
Ord(3403)
Ord(4622)
Ord(561)
Ord(1746)
Ord(4543)
Ord(4610)
Ord(4961)
Ord(2879)
Ord(4486)
Ord(560)
Ord(4341)
Ord(529)
Ord(4698)
Ord(5163)
Ord(2626)
Ord(6199)
Ord(5265)
Ord(4858)
Ord(4432)
Ord(5740)
Ord(5302)
Ord(1825)
Ord(5731)
_except_handler3
__p__fmode
__CxxFrameHandler
_acmdln
_exit
__p__commode
__setusermatherr
_setmbcp
__dllonexit
_onexit
exit
_XcptFilter
__getmainargs
_initterm
_controlfp
rand
_adjust_fdiv
__set_app_type
GetCursorPos
SetTimer
CreatePopupMenu
GetParent
UpdateWindow
GetQueueStatus
SetClipboardData
SetWindowPlacement
KillTimer
SendMessageA
GetClientRect
CreateDialogParamA
GetClipboardOwner
EnableWindow
LoadCursorA
SetCursor
InvalidateRect
PlaySoundA
ExifTool file metadata
MIMEType
application/octet-stream

Subsystem
Windows GUI

MachineType
Intel 386 or later, and compatibles

FileTypeExtension
exe

TimeStamp
2015:04:27 05:56:29+01:00

FileType
Win32 EXE

PEType
PE32

CodeSize
17664

LinkerVersion
6.0

Warning
Error processing PE data dictionary

EntryPoint
0x2914

InitializedDataSize
253952

SubsystemVersion
4.0

ImageVersion
0.0

OSVersion
4.0

UninitializedDataSize
0

File identification
MD5 5fe4e579ee536e38aec0adb2e07ba732
SHA1 a435478f621c68af5b1089917594d6a129c013d2
SHA256 2feb28724f93463891403236fdbcb2906d5325f69b5b9562e2129e75f4ac1dce
ssdeep
6144:tEXefeOwxbp0eEGZa82x3pAVTlEMj6ngsAa1G7:tEXefqL/082x5QZEMGlAaM7

authentihash cc6c3b75495294d00b1bccfbef775e0765d01d786753a22fdba3d3af1454f1b3
imphash f41b10b47762180af07467bb7cad4ad2
File size 268.5 KB ( 274944 bytes )
File type Win32 EXE
Magic literal
PE32 executable for MS Windows (GUI) Intel 80386 32-bit

TrID Win32 Executable MS Visual C++ (generic) (67.3%)
Win32 Dynamic Link Library (generic) (14.2%)
Win32 Executable (generic) (9.7%)
Generic Win/DOS Executable (4.3%)
DOS Executable Generic (4.3%)
Tags
peexe overlay

VirusTotal metadata
First submission 2015-05-11 11:12:42 UTC ( 3 years, 10 months ago )
Last submission 2015-05-11 11:12:42 UTC ( 3 years, 10 months ago )
File names 5FE4E579EE536E38AEC0ADB2E07BA732.@
Advanced heuristic and reputation engines
Symantec reputation Suspicious.Insight
No comments. No VirusTotal Community member has commented on this item yet, be the first one to do so!

Leave your comment...

?
Post comment

You have not signed in. Only registered users can leave comments, sign in and have a voice!

No votes. No one has voted on this item yet, be the first one to do so!
Condensed report! The following is a condensed report of the behaviour of the file when executed in a controlled environment. The actions and events described were either performed by the file itself or by any other process launched by the executed file or subjected to code injection by the executed file.
Opened files
Read files
Written files
Created processes
Code injections in the following processes
Opened mutexes
Runtime DLLs
Additional details
The file sends control codes directly to certain device drivers making use of the DeviceIoControl Windows API function.